2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 13
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105 MGMT_OP_GET_ADV_SIZE_INFO,
106 MGMT_OP_START_LIMITED_DISCOVERY,
109 static const u16 mgmt_events[] = {
110 MGMT_EV_CONTROLLER_ERROR,
112 MGMT_EV_INDEX_REMOVED,
113 MGMT_EV_NEW_SETTINGS,
114 MGMT_EV_CLASS_OF_DEV_CHANGED,
115 MGMT_EV_LOCAL_NAME_CHANGED,
116 MGMT_EV_NEW_LINK_KEY,
117 MGMT_EV_NEW_LONG_TERM_KEY,
118 MGMT_EV_DEVICE_CONNECTED,
119 MGMT_EV_DEVICE_DISCONNECTED,
120 MGMT_EV_CONNECT_FAILED,
121 MGMT_EV_PIN_CODE_REQUEST,
122 MGMT_EV_USER_CONFIRM_REQUEST,
123 MGMT_EV_USER_PASSKEY_REQUEST,
125 MGMT_EV_DEVICE_FOUND,
127 MGMT_EV_DEVICE_BLOCKED,
128 MGMT_EV_DEVICE_UNBLOCKED,
129 MGMT_EV_DEVICE_UNPAIRED,
130 MGMT_EV_PASSKEY_NOTIFY,
133 MGMT_EV_DEVICE_ADDED,
134 MGMT_EV_DEVICE_REMOVED,
135 MGMT_EV_NEW_CONN_PARAM,
136 MGMT_EV_UNCONF_INDEX_ADDED,
137 MGMT_EV_UNCONF_INDEX_REMOVED,
138 MGMT_EV_NEW_CONFIG_OPTIONS,
139 MGMT_EV_EXT_INDEX_ADDED,
140 MGMT_EV_EXT_INDEX_REMOVED,
141 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
142 MGMT_EV_ADVERTISING_ADDED,
143 MGMT_EV_ADVERTISING_REMOVED,
146 static const u16 mgmt_untrusted_commands[] = {
147 MGMT_OP_READ_INDEX_LIST,
149 MGMT_OP_READ_UNCONF_INDEX_LIST,
150 MGMT_OP_READ_CONFIG_INFO,
151 MGMT_OP_READ_EXT_INDEX_LIST,
154 static const u16 mgmt_untrusted_events[] = {
156 MGMT_EV_INDEX_REMOVED,
157 MGMT_EV_NEW_SETTINGS,
158 MGMT_EV_CLASS_OF_DEV_CHANGED,
159 MGMT_EV_LOCAL_NAME_CHANGED,
160 MGMT_EV_UNCONF_INDEX_ADDED,
161 MGMT_EV_UNCONF_INDEX_REMOVED,
162 MGMT_EV_NEW_CONFIG_OPTIONS,
163 MGMT_EV_EXT_INDEX_ADDED,
164 MGMT_EV_EXT_INDEX_REMOVED,
167 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
169 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
170 "\x00\x00\x00\x00\x00\x00\x00\x00"
172 /* HCI to MGMT error code conversion table */
173 static u8 mgmt_status_table[] = {
175 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
176 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
177 MGMT_STATUS_FAILED, /* Hardware Failure */
178 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
179 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
180 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
181 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
182 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
183 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
184 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
185 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
186 MGMT_STATUS_BUSY, /* Command Disallowed */
187 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
188 MGMT_STATUS_REJECTED, /* Rejected Security */
189 MGMT_STATUS_REJECTED, /* Rejected Personal */
190 MGMT_STATUS_TIMEOUT, /* Host Timeout */
191 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
192 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
193 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
194 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
195 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
196 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
197 MGMT_STATUS_BUSY, /* Repeated Attempts */
198 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
199 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
200 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
201 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
202 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
203 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
204 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
205 MGMT_STATUS_FAILED, /* Unspecified Error */
206 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
207 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
208 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
209 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
210 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
211 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
212 MGMT_STATUS_FAILED, /* Unit Link Key Used */
213 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
214 MGMT_STATUS_TIMEOUT, /* Instant Passed */
215 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
216 MGMT_STATUS_FAILED, /* Transaction Collision */
217 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
218 MGMT_STATUS_REJECTED, /* QoS Rejected */
219 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
220 MGMT_STATUS_REJECTED, /* Insufficient Security */
221 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
222 MGMT_STATUS_BUSY, /* Role Switch Pending */
223 MGMT_STATUS_FAILED, /* Slot Violation */
224 MGMT_STATUS_FAILED, /* Role Switch Failed */
225 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
226 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
227 MGMT_STATUS_BUSY, /* Host Busy Pairing */
228 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
229 MGMT_STATUS_BUSY, /* Controller Busy */
230 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
231 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
232 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
233 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
234 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
237 static u8 mgmt_status(u8 hci_status)
239 if (hci_status < ARRAY_SIZE(mgmt_status_table))
240 return mgmt_status_table[hci_status];
242 return MGMT_STATUS_FAILED;
245 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
248 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
252 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
253 u16 len, int flag, struct sock *skip_sk)
255 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
259 static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
260 u16 len, struct sock *skip_sk)
262 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
263 HCI_MGMT_GENERIC_EVENTS, skip_sk);
266 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
267 struct sock *skip_sk)
269 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
270 HCI_SOCK_TRUSTED, skip_sk);
273 static u8 le_addr_type(u8 mgmt_addr_type)
275 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
276 return ADDR_LE_DEV_PUBLIC;
278 return ADDR_LE_DEV_RANDOM;
281 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
284 struct mgmt_rp_read_version rp;
286 BT_DBG("sock %p", sk);
288 rp.version = MGMT_VERSION;
289 rp.revision = cpu_to_le16(MGMT_REVISION);
291 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
295 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
298 struct mgmt_rp_read_commands *rp;
299 u16 num_commands, num_events;
303 BT_DBG("sock %p", sk);
305 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
306 num_commands = ARRAY_SIZE(mgmt_commands);
307 num_events = ARRAY_SIZE(mgmt_events);
309 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
310 num_events = ARRAY_SIZE(mgmt_untrusted_events);
313 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
315 rp = kmalloc(rp_size, GFP_KERNEL);
319 rp->num_commands = cpu_to_le16(num_commands);
320 rp->num_events = cpu_to_le16(num_events);
322 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
323 __le16 *opcode = rp->opcodes;
325 for (i = 0; i < num_commands; i++, opcode++)
326 put_unaligned_le16(mgmt_commands[i], opcode);
328 for (i = 0; i < num_events; i++, opcode++)
329 put_unaligned_le16(mgmt_events[i], opcode);
331 __le16 *opcode = rp->opcodes;
333 for (i = 0; i < num_commands; i++, opcode++)
334 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
336 for (i = 0; i < num_events; i++, opcode++)
337 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
340 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
347 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
350 struct mgmt_rp_read_index_list *rp;
356 BT_DBG("sock %p", sk);
358 read_lock(&hci_dev_list_lock);
361 list_for_each_entry(d, &hci_dev_list, list) {
362 if (d->dev_type == HCI_PRIMARY &&
363 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
367 rp_len = sizeof(*rp) + (2 * count);
368 rp = kmalloc(rp_len, GFP_ATOMIC);
370 read_unlock(&hci_dev_list_lock);
375 list_for_each_entry(d, &hci_dev_list, list) {
376 if (hci_dev_test_flag(d, HCI_SETUP) ||
377 hci_dev_test_flag(d, HCI_CONFIG) ||
378 hci_dev_test_flag(d, HCI_USER_CHANNEL))
381 /* Devices marked as raw-only are neither configured
382 * nor unconfigured controllers.
384 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
387 if (d->dev_type == HCI_PRIMARY &&
388 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
389 rp->index[count++] = cpu_to_le16(d->id);
390 BT_DBG("Added hci%u", d->id);
394 rp->num_controllers = cpu_to_le16(count);
395 rp_len = sizeof(*rp) + (2 * count);
397 read_unlock(&hci_dev_list_lock);
399 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
407 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
408 void *data, u16 data_len)
410 struct mgmt_rp_read_unconf_index_list *rp;
416 BT_DBG("sock %p", sk);
418 read_lock(&hci_dev_list_lock);
421 list_for_each_entry(d, &hci_dev_list, list) {
422 if (d->dev_type == HCI_PRIMARY &&
423 hci_dev_test_flag(d, HCI_UNCONFIGURED))
427 rp_len = sizeof(*rp) + (2 * count);
428 rp = kmalloc(rp_len, GFP_ATOMIC);
430 read_unlock(&hci_dev_list_lock);
435 list_for_each_entry(d, &hci_dev_list, list) {
436 if (hci_dev_test_flag(d, HCI_SETUP) ||
437 hci_dev_test_flag(d, HCI_CONFIG) ||
438 hci_dev_test_flag(d, HCI_USER_CHANNEL))
441 /* Devices marked as raw-only are neither configured
442 * nor unconfigured controllers.
444 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
447 if (d->dev_type == HCI_PRIMARY &&
448 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
449 rp->index[count++] = cpu_to_le16(d->id);
450 BT_DBG("Added hci%u", d->id);
454 rp->num_controllers = cpu_to_le16(count);
455 rp_len = sizeof(*rp) + (2 * count);
457 read_unlock(&hci_dev_list_lock);
459 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
460 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
467 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
468 void *data, u16 data_len)
470 struct mgmt_rp_read_ext_index_list *rp;
476 BT_DBG("sock %p", sk);
478 read_lock(&hci_dev_list_lock);
481 list_for_each_entry(d, &hci_dev_list, list) {
482 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
486 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
487 rp = kmalloc(rp_len, GFP_ATOMIC);
489 read_unlock(&hci_dev_list_lock);
494 list_for_each_entry(d, &hci_dev_list, list) {
495 if (hci_dev_test_flag(d, HCI_SETUP) ||
496 hci_dev_test_flag(d, HCI_CONFIG) ||
497 hci_dev_test_flag(d, HCI_USER_CHANNEL))
500 /* Devices marked as raw-only are neither configured
501 * nor unconfigured controllers.
503 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
506 if (d->dev_type == HCI_PRIMARY) {
507 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
508 rp->entry[count].type = 0x01;
510 rp->entry[count].type = 0x00;
511 } else if (d->dev_type == HCI_AMP) {
512 rp->entry[count].type = 0x02;
517 rp->entry[count].bus = d->bus;
518 rp->entry[count++].index = cpu_to_le16(d->id);
519 BT_DBG("Added hci%u", d->id);
522 rp->num_controllers = cpu_to_le16(count);
523 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
525 read_unlock(&hci_dev_list_lock);
527 /* If this command is called at least once, then all the
528 * default index and unconfigured index events are disabled
529 * and from now on only extended index events are used.
531 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
532 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
533 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
535 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
536 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
543 static bool is_configured(struct hci_dev *hdev)
545 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
546 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
549 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
550 !bacmp(&hdev->public_addr, BDADDR_ANY))
556 static __le32 get_missing_options(struct hci_dev *hdev)
560 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
561 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
562 options |= MGMT_OPTION_EXTERNAL_CONFIG;
564 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
565 !bacmp(&hdev->public_addr, BDADDR_ANY))
566 options |= MGMT_OPTION_PUBLIC_ADDRESS;
568 return cpu_to_le32(options);
571 static int new_options(struct hci_dev *hdev, struct sock *skip)
573 __le32 options = get_missing_options(hdev);
575 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
576 sizeof(options), skip);
579 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
581 __le32 options = get_missing_options(hdev);
583 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
587 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
588 void *data, u16 data_len)
590 struct mgmt_rp_read_config_info rp;
593 BT_DBG("sock %p %s", sk, hdev->name);
597 memset(&rp, 0, sizeof(rp));
598 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
600 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
601 options |= MGMT_OPTION_EXTERNAL_CONFIG;
603 if (hdev->set_bdaddr)
604 options |= MGMT_OPTION_PUBLIC_ADDRESS;
606 rp.supported_options = cpu_to_le32(options);
607 rp.missing_options = get_missing_options(hdev);
609 hci_dev_unlock(hdev);
611 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
615 static u32 get_supported_settings(struct hci_dev *hdev)
619 settings |= MGMT_SETTING_POWERED;
620 settings |= MGMT_SETTING_BONDABLE;
621 settings |= MGMT_SETTING_DEBUG_KEYS;
622 settings |= MGMT_SETTING_CONNECTABLE;
623 settings |= MGMT_SETTING_DISCOVERABLE;
625 if (lmp_bredr_capable(hdev)) {
626 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
627 settings |= MGMT_SETTING_FAST_CONNECTABLE;
628 settings |= MGMT_SETTING_BREDR;
629 settings |= MGMT_SETTING_LINK_SECURITY;
631 if (lmp_ssp_capable(hdev)) {
632 settings |= MGMT_SETTING_SSP;
633 settings |= MGMT_SETTING_HS;
636 if (lmp_sc_capable(hdev))
637 settings |= MGMT_SETTING_SECURE_CONN;
640 if (lmp_le_capable(hdev)) {
641 settings |= MGMT_SETTING_LE;
642 settings |= MGMT_SETTING_ADVERTISING;
643 settings |= MGMT_SETTING_SECURE_CONN;
644 settings |= MGMT_SETTING_PRIVACY;
645 settings |= MGMT_SETTING_STATIC_ADDRESS;
648 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
650 settings |= MGMT_SETTING_CONFIGURATION;
655 static u32 get_current_settings(struct hci_dev *hdev)
659 if (hdev_is_powered(hdev))
660 settings |= MGMT_SETTING_POWERED;
662 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
663 settings |= MGMT_SETTING_CONNECTABLE;
665 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
666 settings |= MGMT_SETTING_FAST_CONNECTABLE;
668 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
669 settings |= MGMT_SETTING_DISCOVERABLE;
671 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
672 settings |= MGMT_SETTING_BONDABLE;
674 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
675 settings |= MGMT_SETTING_BREDR;
677 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
678 settings |= MGMT_SETTING_LE;
680 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
681 settings |= MGMT_SETTING_LINK_SECURITY;
683 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
684 settings |= MGMT_SETTING_SSP;
686 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
687 settings |= MGMT_SETTING_HS;
689 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
690 settings |= MGMT_SETTING_ADVERTISING;
692 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
693 settings |= MGMT_SETTING_SECURE_CONN;
695 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
696 settings |= MGMT_SETTING_DEBUG_KEYS;
698 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
699 settings |= MGMT_SETTING_PRIVACY;
701 /* The current setting for static address has two purposes. The
702 * first is to indicate if the static address will be used and
703 * the second is to indicate if it is actually set.
705 * This means if the static address is not configured, this flag
706 * will never be set. If the address is configured, then if the
707 * address is actually used decides if the flag is set or not.
709 * For single mode LE only controllers and dual-mode controllers
710 * with BR/EDR disabled, the existence of the static address will
713 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
714 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
715 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
716 if (bacmp(&hdev->static_addr, BDADDR_ANY))
717 settings |= MGMT_SETTING_STATIC_ADDRESS;
723 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
725 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
728 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
729 struct hci_dev *hdev,
732 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
735 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
737 struct mgmt_pending_cmd *cmd;
739 /* If there's a pending mgmt command the flags will not yet have
740 * their final values, so check for this first.
742 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
744 struct mgmt_mode *cp = cmd->param;
746 return LE_AD_GENERAL;
747 else if (cp->val == 0x02)
748 return LE_AD_LIMITED;
750 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
751 return LE_AD_LIMITED;
752 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
753 return LE_AD_GENERAL;
759 bool mgmt_get_connectable(struct hci_dev *hdev)
761 struct mgmt_pending_cmd *cmd;
763 /* If there's a pending mgmt command the flag will not yet have
764 * it's final value, so check for this first.
766 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
768 struct mgmt_mode *cp = cmd->param;
773 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
776 static void service_cache_off(struct work_struct *work)
778 struct hci_dev *hdev = container_of(work, struct hci_dev,
780 struct hci_request req;
782 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
785 hci_req_init(&req, hdev);
789 __hci_req_update_eir(&req);
790 __hci_req_update_class(&req);
792 hci_dev_unlock(hdev);
794 hci_req_run(&req, NULL);
797 static void rpa_expired(struct work_struct *work)
799 struct hci_dev *hdev = container_of(work, struct hci_dev,
801 struct hci_request req;
805 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
807 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
810 /* The generation of a new RPA and programming it into the
811 * controller happens in the hci_req_enable_advertising()
814 hci_req_init(&req, hdev);
815 __hci_req_enable_advertising(&req);
816 hci_req_run(&req, NULL);
819 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
821 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
824 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
825 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
827 /* Non-mgmt controlled devices get this bit set
828 * implicitly so that pairing works for them, however
829 * for mgmt we require user-space to explicitly enable
832 hci_dev_clear_flag(hdev, HCI_BONDABLE);
835 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
836 void *data, u16 data_len)
838 struct mgmt_rp_read_info rp;
840 BT_DBG("sock %p %s", sk, hdev->name);
844 memset(&rp, 0, sizeof(rp));
846 bacpy(&rp.bdaddr, &hdev->bdaddr);
848 rp.version = hdev->hci_ver;
849 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
851 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
852 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
854 memcpy(rp.dev_class, hdev->dev_class, 3);
856 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
857 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
859 hci_dev_unlock(hdev);
861 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
865 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
867 __le32 settings = cpu_to_le32(get_current_settings(hdev));
869 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
873 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
875 BT_DBG("%s status 0x%02x", hdev->name, status);
877 if (hci_conn_count(hdev) == 0) {
878 cancel_delayed_work(&hdev->power_off);
879 queue_work(hdev->req_workqueue, &hdev->power_off.work);
883 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
885 struct mgmt_ev_advertising_added ev;
887 ev.instance = instance;
889 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
892 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
895 struct mgmt_ev_advertising_removed ev;
897 ev.instance = instance;
899 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
902 static void cancel_adv_timeout(struct hci_dev *hdev)
904 if (hdev->adv_instance_timeout) {
905 hdev->adv_instance_timeout = 0;
906 cancel_delayed_work(&hdev->adv_instance_expire);
910 static int clean_up_hci_state(struct hci_dev *hdev)
912 struct hci_request req;
913 struct hci_conn *conn;
917 hci_req_init(&req, hdev);
919 if (test_bit(HCI_ISCAN, &hdev->flags) ||
920 test_bit(HCI_PSCAN, &hdev->flags)) {
922 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
925 hci_req_clear_adv_instance(hdev, NULL, 0x00, false);
927 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
928 __hci_req_disable_advertising(&req);
930 discov_stopped = hci_req_stop_discovery(&req);
932 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
933 /* 0x15 == Terminated due to Power Off */
934 __hci_abort_conn(&req, conn, 0x15);
937 err = hci_req_run(&req, clean_up_hci_complete);
938 if (!err && discov_stopped)
939 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
944 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
947 struct mgmt_mode *cp = data;
948 struct mgmt_pending_cmd *cmd;
951 BT_DBG("request for %s", hdev->name);
953 if (cp->val != 0x00 && cp->val != 0x01)
954 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
955 MGMT_STATUS_INVALID_PARAMS);
959 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
960 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
965 if (!!cp->val == hdev_is_powered(hdev)) {
966 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
970 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
977 queue_work(hdev->req_workqueue, &hdev->power_on);
980 /* Disconnect connections, stop scans, etc */
981 err = clean_up_hci_state(hdev);
983 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
984 HCI_POWER_OFF_TIMEOUT);
986 /* ENODATA means there were no HCI commands queued */
987 if (err == -ENODATA) {
988 cancel_delayed_work(&hdev->power_off);
989 queue_work(hdev->req_workqueue, &hdev->power_off.work);
995 hci_dev_unlock(hdev);
999 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1001 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1003 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1007 int mgmt_new_settings(struct hci_dev *hdev)
1009 return new_settings(hdev, NULL);
1014 struct hci_dev *hdev;
1018 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1020 struct cmd_lookup *match = data;
1022 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1024 list_del(&cmd->list);
1026 if (match->sk == NULL) {
1027 match->sk = cmd->sk;
1028 sock_hold(match->sk);
1031 mgmt_pending_free(cmd);
1034 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1038 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1039 mgmt_pending_remove(cmd);
1042 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1044 if (cmd->cmd_complete) {
1047 cmd->cmd_complete(cmd, *status);
1048 mgmt_pending_remove(cmd);
1053 cmd_status_rsp(cmd, data);
1056 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1058 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1059 cmd->param, cmd->param_len);
1062 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1064 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1065 cmd->param, sizeof(struct mgmt_addr_info));
1068 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1070 if (!lmp_bredr_capable(hdev))
1071 return MGMT_STATUS_NOT_SUPPORTED;
1072 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1073 return MGMT_STATUS_REJECTED;
1075 return MGMT_STATUS_SUCCESS;
1078 static u8 mgmt_le_support(struct hci_dev *hdev)
1080 if (!lmp_le_capable(hdev))
1081 return MGMT_STATUS_NOT_SUPPORTED;
1082 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1083 return MGMT_STATUS_REJECTED;
1085 return MGMT_STATUS_SUCCESS;
1088 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1090 struct mgmt_pending_cmd *cmd;
1092 BT_DBG("status 0x%02x", status);
1096 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1101 u8 mgmt_err = mgmt_status(status);
1102 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1103 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1107 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1108 hdev->discov_timeout > 0) {
1109 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1110 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1113 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1114 new_settings(hdev, cmd->sk);
1117 mgmt_pending_remove(cmd);
1120 hci_dev_unlock(hdev);
1123 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1126 struct mgmt_cp_set_discoverable *cp = data;
1127 struct mgmt_pending_cmd *cmd;
1131 BT_DBG("request for %s", hdev->name);
1133 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1134 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1135 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1136 MGMT_STATUS_REJECTED);
1138 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1139 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1140 MGMT_STATUS_INVALID_PARAMS);
1142 timeout = __le16_to_cpu(cp->timeout);
1144 /* Disabling discoverable requires that no timeout is set,
1145 * and enabling limited discoverable requires a timeout.
1147 if ((cp->val == 0x00 && timeout > 0) ||
1148 (cp->val == 0x02 && timeout == 0))
1149 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1150 MGMT_STATUS_INVALID_PARAMS);
1154 if (!hdev_is_powered(hdev) && timeout > 0) {
1155 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1156 MGMT_STATUS_NOT_POWERED);
1160 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1161 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1162 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1167 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1168 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1169 MGMT_STATUS_REJECTED);
1173 if (!hdev_is_powered(hdev)) {
1174 bool changed = false;
1176 /* Setting limited discoverable when powered off is
1177 * not a valid operation since it requires a timeout
1178 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1180 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1181 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1185 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1190 err = new_settings(hdev, sk);
1195 /* If the current mode is the same, then just update the timeout
1196 * value with the new value. And if only the timeout gets updated,
1197 * then no need for any HCI transactions.
1199 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1200 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1201 HCI_LIMITED_DISCOVERABLE)) {
1202 cancel_delayed_work(&hdev->discov_off);
1203 hdev->discov_timeout = timeout;
1205 if (cp->val && hdev->discov_timeout > 0) {
1206 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1207 queue_delayed_work(hdev->req_workqueue,
1208 &hdev->discov_off, to);
1211 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1215 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1221 /* Cancel any potential discoverable timeout that might be
1222 * still active and store new timeout value. The arming of
1223 * the timeout happens in the complete handler.
1225 cancel_delayed_work(&hdev->discov_off);
1226 hdev->discov_timeout = timeout;
1229 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1231 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1233 /* Limited discoverable mode */
1234 if (cp->val == 0x02)
1235 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1237 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1239 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1243 hci_dev_unlock(hdev);
1247 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1249 struct mgmt_pending_cmd *cmd;
1251 BT_DBG("status 0x%02x", status);
1255 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1260 u8 mgmt_err = mgmt_status(status);
1261 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1265 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1266 new_settings(hdev, cmd->sk);
1269 mgmt_pending_remove(cmd);
1272 hci_dev_unlock(hdev);
1275 static int set_connectable_update_settings(struct hci_dev *hdev,
1276 struct sock *sk, u8 val)
1278 bool changed = false;
1281 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1285 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1287 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1288 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1291 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1296 hci_req_update_scan(hdev);
1297 hci_update_background_scan(hdev);
1298 return new_settings(hdev, sk);
1304 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1307 struct mgmt_mode *cp = data;
1308 struct mgmt_pending_cmd *cmd;
1311 BT_DBG("request for %s", hdev->name);
1313 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1314 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1315 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1316 MGMT_STATUS_REJECTED);
1318 if (cp->val != 0x00 && cp->val != 0x01)
1319 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1320 MGMT_STATUS_INVALID_PARAMS);
1324 if (!hdev_is_powered(hdev)) {
1325 err = set_connectable_update_settings(hdev, sk, cp->val);
1329 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1330 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1331 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1336 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1343 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1345 if (hdev->discov_timeout > 0)
1346 cancel_delayed_work(&hdev->discov_off);
1348 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1349 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1350 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1353 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1357 hci_dev_unlock(hdev);
1361 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1364 struct mgmt_mode *cp = data;
1368 BT_DBG("request for %s", hdev->name);
1370 if (cp->val != 0x00 && cp->val != 0x01)
1371 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1372 MGMT_STATUS_INVALID_PARAMS);
1377 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1379 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1381 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1386 /* In limited privacy mode the change of bondable mode
1387 * may affect the local advertising address.
1389 if (hdev_is_powered(hdev) &&
1390 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1391 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1392 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1393 queue_work(hdev->req_workqueue,
1394 &hdev->discoverable_update);
1396 err = new_settings(hdev, sk);
1400 hci_dev_unlock(hdev);
1404 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1407 struct mgmt_mode *cp = data;
1408 struct mgmt_pending_cmd *cmd;
1412 BT_DBG("request for %s", hdev->name);
1414 status = mgmt_bredr_support(hdev);
1416 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1419 if (cp->val != 0x00 && cp->val != 0x01)
1420 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1421 MGMT_STATUS_INVALID_PARAMS);
1425 if (!hdev_is_powered(hdev)) {
1426 bool changed = false;
1428 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1429 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1433 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1438 err = new_settings(hdev, sk);
1443 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1444 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1451 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1452 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1456 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1462 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1464 mgmt_pending_remove(cmd);
1469 hci_dev_unlock(hdev);
1473 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1475 struct mgmt_mode *cp = data;
1476 struct mgmt_pending_cmd *cmd;
1480 BT_DBG("request for %s", hdev->name);
1482 status = mgmt_bredr_support(hdev);
1484 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1486 if (!lmp_ssp_capable(hdev))
1487 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1488 MGMT_STATUS_NOT_SUPPORTED);
1490 if (cp->val != 0x00 && cp->val != 0x01)
1491 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1492 MGMT_STATUS_INVALID_PARAMS);
1496 if (!hdev_is_powered(hdev)) {
1500 changed = !hci_dev_test_and_set_flag(hdev,
1503 changed = hci_dev_test_and_clear_flag(hdev,
1506 changed = hci_dev_test_and_clear_flag(hdev,
1509 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1512 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1517 err = new_settings(hdev, sk);
1522 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1523 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1528 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1529 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1533 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1539 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1540 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1541 sizeof(cp->val), &cp->val);
1543 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1545 mgmt_pending_remove(cmd);
1550 hci_dev_unlock(hdev);
1554 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1556 struct mgmt_mode *cp = data;
1561 BT_DBG("request for %s", hdev->name);
1563 status = mgmt_bredr_support(hdev);
1565 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1567 if (!lmp_ssp_capable(hdev))
1568 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1569 MGMT_STATUS_NOT_SUPPORTED);
1571 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1573 MGMT_STATUS_REJECTED);
1575 if (cp->val != 0x00 && cp->val != 0x01)
1576 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1577 MGMT_STATUS_INVALID_PARAMS);
1581 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1582 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1588 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1590 if (hdev_is_powered(hdev)) {
1591 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1592 MGMT_STATUS_REJECTED);
1596 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1599 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1604 err = new_settings(hdev, sk);
1607 hci_dev_unlock(hdev);
1611 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1613 struct cmd_lookup match = { NULL, hdev };
1618 u8 mgmt_err = mgmt_status(status);
1620 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1625 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1627 new_settings(hdev, match.sk);
1632 /* Make sure the controller has a good default for
1633 * advertising data. Restrict the update to when LE
1634 * has actually been enabled. During power on, the
1635 * update in powered_update_hci will take care of it.
1637 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1638 struct hci_request req;
1640 hci_req_init(&req, hdev);
1641 __hci_req_update_adv_data(&req, 0x00);
1642 __hci_req_update_scan_rsp_data(&req, 0x00);
1643 hci_req_run(&req, NULL);
1644 hci_update_background_scan(hdev);
1648 hci_dev_unlock(hdev);
1651 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1653 struct mgmt_mode *cp = data;
1654 struct hci_cp_write_le_host_supported hci_cp;
1655 struct mgmt_pending_cmd *cmd;
1656 struct hci_request req;
1660 BT_DBG("request for %s", hdev->name);
1662 if (!lmp_le_capable(hdev))
1663 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1664 MGMT_STATUS_NOT_SUPPORTED);
1666 if (cp->val != 0x00 && cp->val != 0x01)
1667 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1668 MGMT_STATUS_INVALID_PARAMS);
1670 /* Bluetooth single mode LE only controllers or dual-mode
1671 * controllers configured as LE only devices, do not allow
1672 * switching LE off. These have either LE enabled explicitly
1673 * or BR/EDR has been previously switched off.
1675 * When trying to enable an already enabled LE, then gracefully
1676 * send a positive response. Trying to disable it however will
1677 * result into rejection.
1679 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1680 if (cp->val == 0x01)
1681 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1683 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1684 MGMT_STATUS_REJECTED);
1690 enabled = lmp_host_le_capable(hdev);
1693 hci_req_clear_adv_instance(hdev, NULL, 0x00, true);
1695 if (!hdev_is_powered(hdev) || val == enabled) {
1696 bool changed = false;
1698 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1699 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1703 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1704 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1708 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1713 err = new_settings(hdev, sk);
1718 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1719 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1720 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1725 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1731 hci_req_init(&req, hdev);
1733 memset(&hci_cp, 0, sizeof(hci_cp));
1737 hci_cp.simul = 0x00;
1739 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1740 __hci_req_disable_advertising(&req);
1743 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1746 err = hci_req_run(&req, le_enable_complete);
1748 mgmt_pending_remove(cmd);
1751 hci_dev_unlock(hdev);
1755 /* This is a helper function to test for pending mgmt commands that can
1756 * cause CoD or EIR HCI commands. We can only allow one such pending
1757 * mgmt command at a time since otherwise we cannot easily track what
1758 * the current values are, will be, and based on that calculate if a new
1759 * HCI command needs to be sent and if yes with what value.
1761 static bool pending_eir_or_class(struct hci_dev *hdev)
1763 struct mgmt_pending_cmd *cmd;
1765 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1766 switch (cmd->opcode) {
1767 case MGMT_OP_ADD_UUID:
1768 case MGMT_OP_REMOVE_UUID:
1769 case MGMT_OP_SET_DEV_CLASS:
1770 case MGMT_OP_SET_POWERED:
1778 static const u8 bluetooth_base_uuid[] = {
1779 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1780 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1783 static u8 get_uuid_size(const u8 *uuid)
1787 if (memcmp(uuid, bluetooth_base_uuid, 12))
1790 val = get_unaligned_le32(&uuid[12]);
1797 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1799 struct mgmt_pending_cmd *cmd;
1803 cmd = pending_find(mgmt_op, hdev);
1807 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
1808 mgmt_status(status), hdev->dev_class, 3);
1810 mgmt_pending_remove(cmd);
1813 hci_dev_unlock(hdev);
1816 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1818 BT_DBG("status 0x%02x", status);
1820 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1823 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1825 struct mgmt_cp_add_uuid *cp = data;
1826 struct mgmt_pending_cmd *cmd;
1827 struct hci_request req;
1828 struct bt_uuid *uuid;
1831 BT_DBG("request for %s", hdev->name);
1835 if (pending_eir_or_class(hdev)) {
1836 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1841 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1847 memcpy(uuid->uuid, cp->uuid, 16);
1848 uuid->svc_hint = cp->svc_hint;
1849 uuid->size = get_uuid_size(cp->uuid);
1851 list_add_tail(&uuid->list, &hdev->uuids);
1853 hci_req_init(&req, hdev);
1855 __hci_req_update_class(&req);
1856 __hci_req_update_eir(&req);
1858 err = hci_req_run(&req, add_uuid_complete);
1860 if (err != -ENODATA)
1863 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1864 hdev->dev_class, 3);
1868 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1877 hci_dev_unlock(hdev);
1881 static bool enable_service_cache(struct hci_dev *hdev)
1883 if (!hdev_is_powered(hdev))
1886 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
1887 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1895 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1897 BT_DBG("status 0x%02x", status);
1899 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1902 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1905 struct mgmt_cp_remove_uuid *cp = data;
1906 struct mgmt_pending_cmd *cmd;
1907 struct bt_uuid *match, *tmp;
1908 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1909 struct hci_request req;
1912 BT_DBG("request for %s", hdev->name);
1916 if (pending_eir_or_class(hdev)) {
1917 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1922 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1923 hci_uuids_clear(hdev);
1925 if (enable_service_cache(hdev)) {
1926 err = mgmt_cmd_complete(sk, hdev->id,
1927 MGMT_OP_REMOVE_UUID,
1928 0, hdev->dev_class, 3);
1937 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1938 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1941 list_del(&match->list);
1947 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1948 MGMT_STATUS_INVALID_PARAMS);
1953 hci_req_init(&req, hdev);
1955 __hci_req_update_class(&req);
1956 __hci_req_update_eir(&req);
1958 err = hci_req_run(&req, remove_uuid_complete);
1960 if (err != -ENODATA)
1963 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1964 hdev->dev_class, 3);
1968 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1977 hci_dev_unlock(hdev);
1981 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1983 BT_DBG("status 0x%02x", status);
1985 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1988 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1991 struct mgmt_cp_set_dev_class *cp = data;
1992 struct mgmt_pending_cmd *cmd;
1993 struct hci_request req;
1996 BT_DBG("request for %s", hdev->name);
1998 if (!lmp_bredr_capable(hdev))
1999 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2000 MGMT_STATUS_NOT_SUPPORTED);
2004 if (pending_eir_or_class(hdev)) {
2005 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2010 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2011 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2012 MGMT_STATUS_INVALID_PARAMS);
2016 hdev->major_class = cp->major;
2017 hdev->minor_class = cp->minor;
2019 if (!hdev_is_powered(hdev)) {
2020 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2021 hdev->dev_class, 3);
2025 hci_req_init(&req, hdev);
2027 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2028 hci_dev_unlock(hdev);
2029 cancel_delayed_work_sync(&hdev->service_cache);
2031 __hci_req_update_eir(&req);
2034 __hci_req_update_class(&req);
2036 err = hci_req_run(&req, set_class_complete);
2038 if (err != -ENODATA)
2041 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2042 hdev->dev_class, 3);
2046 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2055 hci_dev_unlock(hdev);
2059 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2062 struct mgmt_cp_load_link_keys *cp = data;
2063 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2064 sizeof(struct mgmt_link_key_info));
2065 u16 key_count, expected_len;
2069 BT_DBG("request for %s", hdev->name);
2071 if (!lmp_bredr_capable(hdev))
2072 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2073 MGMT_STATUS_NOT_SUPPORTED);
2075 key_count = __le16_to_cpu(cp->key_count);
2076 if (key_count > max_key_count) {
2077 BT_ERR("load_link_keys: too big key_count value %u",
2079 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2080 MGMT_STATUS_INVALID_PARAMS);
2083 expected_len = sizeof(*cp) + key_count *
2084 sizeof(struct mgmt_link_key_info);
2085 if (expected_len != len) {
2086 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2088 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2089 MGMT_STATUS_INVALID_PARAMS);
2092 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2093 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2094 MGMT_STATUS_INVALID_PARAMS);
2096 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2099 for (i = 0; i < key_count; i++) {
2100 struct mgmt_link_key_info *key = &cp->keys[i];
2102 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2103 return mgmt_cmd_status(sk, hdev->id,
2104 MGMT_OP_LOAD_LINK_KEYS,
2105 MGMT_STATUS_INVALID_PARAMS);
2110 hci_link_keys_clear(hdev);
2113 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2115 changed = hci_dev_test_and_clear_flag(hdev,
2116 HCI_KEEP_DEBUG_KEYS);
2119 new_settings(hdev, NULL);
2121 for (i = 0; i < key_count; i++) {
2122 struct mgmt_link_key_info *key = &cp->keys[i];
2124 /* Always ignore debug keys and require a new pairing if
2125 * the user wants to use them.
2127 if (key->type == HCI_LK_DEBUG_COMBINATION)
2130 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2131 key->type, key->pin_len, NULL);
2134 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2136 hci_dev_unlock(hdev);
2141 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2142 u8 addr_type, struct sock *skip_sk)
2144 struct mgmt_ev_device_unpaired ev;
2146 bacpy(&ev.addr.bdaddr, bdaddr);
2147 ev.addr.type = addr_type;
2149 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2153 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2156 struct mgmt_cp_unpair_device *cp = data;
2157 struct mgmt_rp_unpair_device rp;
2158 struct hci_conn_params *params;
2159 struct mgmt_pending_cmd *cmd;
2160 struct hci_conn *conn;
2164 memset(&rp, 0, sizeof(rp));
2165 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2166 rp.addr.type = cp->addr.type;
2168 if (!bdaddr_type_is_valid(cp->addr.type))
2169 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2170 MGMT_STATUS_INVALID_PARAMS,
2173 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2174 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2175 MGMT_STATUS_INVALID_PARAMS,
2180 if (!hdev_is_powered(hdev)) {
2181 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2182 MGMT_STATUS_NOT_POWERED, &rp,
2187 if (cp->addr.type == BDADDR_BREDR) {
2188 /* If disconnection is requested, then look up the
2189 * connection. If the remote device is connected, it
2190 * will be later used to terminate the link.
2192 * Setting it to NULL explicitly will cause no
2193 * termination of the link.
2196 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2201 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2203 err = mgmt_cmd_complete(sk, hdev->id,
2204 MGMT_OP_UNPAIR_DEVICE,
2205 MGMT_STATUS_NOT_PAIRED, &rp,
2213 /* LE address type */
2214 addr_type = le_addr_type(cp->addr.type);
2216 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2218 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2220 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2221 MGMT_STATUS_NOT_PAIRED, &rp,
2226 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2228 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2232 /* Abort any ongoing SMP pairing */
2233 smp_cancel_pairing(conn);
2235 /* Defer clearing up the connection parameters until closing to
2236 * give a chance of keeping them if a repairing happens.
2238 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2240 /* Disable auto-connection parameters if present */
2241 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2243 if (params->explicit_connect)
2244 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2246 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2249 /* If disconnection is not requested, then clear the connection
2250 * variable so that the link is not terminated.
2252 if (!cp->disconnect)
2256 /* If the connection variable is set, then termination of the
2257 * link is requested.
2260 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2262 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2266 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2273 cmd->cmd_complete = addr_cmd_complete;
2275 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2277 mgmt_pending_remove(cmd);
2280 hci_dev_unlock(hdev);
2284 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2287 struct mgmt_cp_disconnect *cp = data;
2288 struct mgmt_rp_disconnect rp;
2289 struct mgmt_pending_cmd *cmd;
2290 struct hci_conn *conn;
2295 memset(&rp, 0, sizeof(rp));
2296 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2297 rp.addr.type = cp->addr.type;
2299 if (!bdaddr_type_is_valid(cp->addr.type))
2300 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2301 MGMT_STATUS_INVALID_PARAMS,
2306 if (!test_bit(HCI_UP, &hdev->flags)) {
2307 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2308 MGMT_STATUS_NOT_POWERED, &rp,
2313 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2314 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2315 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2319 if (cp->addr.type == BDADDR_BREDR)
2320 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2323 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2324 le_addr_type(cp->addr.type));
2326 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2327 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2328 MGMT_STATUS_NOT_CONNECTED, &rp,
2333 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2339 cmd->cmd_complete = generic_cmd_complete;
2341 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2343 mgmt_pending_remove(cmd);
2346 hci_dev_unlock(hdev);
2350 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2352 switch (link_type) {
2354 switch (addr_type) {
2355 case ADDR_LE_DEV_PUBLIC:
2356 return BDADDR_LE_PUBLIC;
2359 /* Fallback to LE Random address type */
2360 return BDADDR_LE_RANDOM;
2364 /* Fallback to BR/EDR type */
2365 return BDADDR_BREDR;
2369 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2372 struct mgmt_rp_get_connections *rp;
2382 if (!hdev_is_powered(hdev)) {
2383 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2384 MGMT_STATUS_NOT_POWERED);
2389 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2390 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2394 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2395 rp = kmalloc(rp_len, GFP_KERNEL);
2402 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2403 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2405 bacpy(&rp->addr[i].bdaddr, &c->dst);
2406 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2407 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2412 rp->conn_count = cpu_to_le16(i);
2414 /* Recalculate length in case of filtered SCO connections, etc */
2415 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2417 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2423 hci_dev_unlock(hdev);
2427 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2428 struct mgmt_cp_pin_code_neg_reply *cp)
2430 struct mgmt_pending_cmd *cmd;
2433 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2438 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2439 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2441 mgmt_pending_remove(cmd);
2446 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2449 struct hci_conn *conn;
2450 struct mgmt_cp_pin_code_reply *cp = data;
2451 struct hci_cp_pin_code_reply reply;
2452 struct mgmt_pending_cmd *cmd;
2459 if (!hdev_is_powered(hdev)) {
2460 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2461 MGMT_STATUS_NOT_POWERED);
2465 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2467 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2468 MGMT_STATUS_NOT_CONNECTED);
2472 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2473 struct mgmt_cp_pin_code_neg_reply ncp;
2475 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2477 BT_ERR("PIN code is not 16 bytes long");
2479 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2481 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2482 MGMT_STATUS_INVALID_PARAMS);
2487 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2493 cmd->cmd_complete = addr_cmd_complete;
2495 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2496 reply.pin_len = cp->pin_len;
2497 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2499 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2501 mgmt_pending_remove(cmd);
2504 hci_dev_unlock(hdev);
2508 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2511 struct mgmt_cp_set_io_capability *cp = data;
2515 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2516 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2517 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
2521 hdev->io_capability = cp->io_capability;
2523 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2524 hdev->io_capability);
2526 hci_dev_unlock(hdev);
2528 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2532 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2534 struct hci_dev *hdev = conn->hdev;
2535 struct mgmt_pending_cmd *cmd;
2537 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2538 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2541 if (cmd->user_data != conn)
2550 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2552 struct mgmt_rp_pair_device rp;
2553 struct hci_conn *conn = cmd->user_data;
2556 bacpy(&rp.addr.bdaddr, &conn->dst);
2557 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2559 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2560 status, &rp, sizeof(rp));
2562 /* So we don't get further callbacks for this connection */
2563 conn->connect_cfm_cb = NULL;
2564 conn->security_cfm_cb = NULL;
2565 conn->disconn_cfm_cb = NULL;
2567 hci_conn_drop(conn);
2569 /* The device is paired so there is no need to remove
2570 * its connection parameters anymore.
2572 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2579 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2581 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2582 struct mgmt_pending_cmd *cmd;
2584 cmd = find_pairing(conn);
2586 cmd->cmd_complete(cmd, status);
2587 mgmt_pending_remove(cmd);
2591 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2593 struct mgmt_pending_cmd *cmd;
2595 BT_DBG("status %u", status);
2597 cmd = find_pairing(conn);
2599 BT_DBG("Unable to find a pending command");
2603 cmd->cmd_complete(cmd, mgmt_status(status));
2604 mgmt_pending_remove(cmd);
2607 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2609 struct mgmt_pending_cmd *cmd;
2611 BT_DBG("status %u", status);
2616 cmd = find_pairing(conn);
2618 BT_DBG("Unable to find a pending command");
2622 cmd->cmd_complete(cmd, mgmt_status(status));
2623 mgmt_pending_remove(cmd);
2626 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2629 struct mgmt_cp_pair_device *cp = data;
2630 struct mgmt_rp_pair_device rp;
2631 struct mgmt_pending_cmd *cmd;
2632 u8 sec_level, auth_type;
2633 struct hci_conn *conn;
2638 memset(&rp, 0, sizeof(rp));
2639 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2640 rp.addr.type = cp->addr.type;
2642 if (!bdaddr_type_is_valid(cp->addr.type))
2643 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2644 MGMT_STATUS_INVALID_PARAMS,
2647 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2648 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2649 MGMT_STATUS_INVALID_PARAMS,
2654 if (!hdev_is_powered(hdev)) {
2655 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2656 MGMT_STATUS_NOT_POWERED, &rp,
2661 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2662 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2663 MGMT_STATUS_ALREADY_PAIRED, &rp,
2668 sec_level = BT_SECURITY_MEDIUM;
2669 auth_type = HCI_AT_DEDICATED_BONDING;
2671 if (cp->addr.type == BDADDR_BREDR) {
2672 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2675 u8 addr_type = le_addr_type(cp->addr.type);
2676 struct hci_conn_params *p;
2678 /* When pairing a new device, it is expected to remember
2679 * this device for future connections. Adding the connection
2680 * parameter information ahead of time allows tracking
2681 * of the slave preferred values and will speed up any
2682 * further connection establishment.
2684 * If connection parameters already exist, then they
2685 * will be kept and this function does nothing.
2687 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2689 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2690 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2692 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2693 addr_type, sec_level,
2694 HCI_LE_CONN_TIMEOUT);
2700 if (PTR_ERR(conn) == -EBUSY)
2701 status = MGMT_STATUS_BUSY;
2702 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2703 status = MGMT_STATUS_NOT_SUPPORTED;
2704 else if (PTR_ERR(conn) == -ECONNREFUSED)
2705 status = MGMT_STATUS_REJECTED;
2707 status = MGMT_STATUS_CONNECT_FAILED;
2709 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2710 status, &rp, sizeof(rp));
2714 if (conn->connect_cfm_cb) {
2715 hci_conn_drop(conn);
2716 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2717 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2721 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2724 hci_conn_drop(conn);
2728 cmd->cmd_complete = pairing_complete;
2730 /* For LE, just connecting isn't a proof that the pairing finished */
2731 if (cp->addr.type == BDADDR_BREDR) {
2732 conn->connect_cfm_cb = pairing_complete_cb;
2733 conn->security_cfm_cb = pairing_complete_cb;
2734 conn->disconn_cfm_cb = pairing_complete_cb;
2736 conn->connect_cfm_cb = le_pairing_complete_cb;
2737 conn->security_cfm_cb = le_pairing_complete_cb;
2738 conn->disconn_cfm_cb = le_pairing_complete_cb;
2741 conn->io_capability = cp->io_cap;
2742 cmd->user_data = hci_conn_get(conn);
2744 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2745 hci_conn_security(conn, sec_level, auth_type, true)) {
2746 cmd->cmd_complete(cmd, 0);
2747 mgmt_pending_remove(cmd);
2753 hci_dev_unlock(hdev);
2757 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2760 struct mgmt_addr_info *addr = data;
2761 struct mgmt_pending_cmd *cmd;
2762 struct hci_conn *conn;
2769 if (!hdev_is_powered(hdev)) {
2770 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2771 MGMT_STATUS_NOT_POWERED);
2775 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2777 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2778 MGMT_STATUS_INVALID_PARAMS);
2782 conn = cmd->user_data;
2784 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2785 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2786 MGMT_STATUS_INVALID_PARAMS);
2790 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
2791 mgmt_pending_remove(cmd);
2793 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2794 addr, sizeof(*addr));
2796 hci_dev_unlock(hdev);
2800 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2801 struct mgmt_addr_info *addr, u16 mgmt_op,
2802 u16 hci_op, __le32 passkey)
2804 struct mgmt_pending_cmd *cmd;
2805 struct hci_conn *conn;
2810 if (!hdev_is_powered(hdev)) {
2811 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2812 MGMT_STATUS_NOT_POWERED, addr,
2817 if (addr->type == BDADDR_BREDR)
2818 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2820 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
2821 le_addr_type(addr->type));
2824 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2825 MGMT_STATUS_NOT_CONNECTED, addr,
2830 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2831 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2833 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2834 MGMT_STATUS_SUCCESS, addr,
2837 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2838 MGMT_STATUS_FAILED, addr,
2844 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2850 cmd->cmd_complete = addr_cmd_complete;
2852 /* Continue with pairing via HCI */
2853 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2854 struct hci_cp_user_passkey_reply cp;
2856 bacpy(&cp.bdaddr, &addr->bdaddr);
2857 cp.passkey = passkey;
2858 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2860 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2864 mgmt_pending_remove(cmd);
2867 hci_dev_unlock(hdev);
2871 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2872 void *data, u16 len)
2874 struct mgmt_cp_pin_code_neg_reply *cp = data;
2878 return user_pairing_resp(sk, hdev, &cp->addr,
2879 MGMT_OP_PIN_CODE_NEG_REPLY,
2880 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2883 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2886 struct mgmt_cp_user_confirm_reply *cp = data;
2890 if (len != sizeof(*cp))
2891 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2892 MGMT_STATUS_INVALID_PARAMS);
2894 return user_pairing_resp(sk, hdev, &cp->addr,
2895 MGMT_OP_USER_CONFIRM_REPLY,
2896 HCI_OP_USER_CONFIRM_REPLY, 0);
2899 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2900 void *data, u16 len)
2902 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2906 return user_pairing_resp(sk, hdev, &cp->addr,
2907 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2908 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2911 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2914 struct mgmt_cp_user_passkey_reply *cp = data;
2918 return user_pairing_resp(sk, hdev, &cp->addr,
2919 MGMT_OP_USER_PASSKEY_REPLY,
2920 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2923 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2924 void *data, u16 len)
2926 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2930 return user_pairing_resp(sk, hdev, &cp->addr,
2931 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2932 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2935 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2937 struct mgmt_cp_set_local_name *cp;
2938 struct mgmt_pending_cmd *cmd;
2940 BT_DBG("status 0x%02x", status);
2944 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2951 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2952 mgmt_status(status));
2954 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2957 mgmt_pending_remove(cmd);
2960 hci_dev_unlock(hdev);
2963 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2966 struct mgmt_cp_set_local_name *cp = data;
2967 struct mgmt_pending_cmd *cmd;
2968 struct hci_request req;
2975 /* If the old values are the same as the new ones just return a
2976 * direct command complete event.
2978 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2979 !memcmp(hdev->short_name, cp->short_name,
2980 sizeof(hdev->short_name))) {
2981 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2986 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2988 if (!hdev_is_powered(hdev)) {
2989 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2991 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2996 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3002 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3008 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3010 hci_req_init(&req, hdev);
3012 if (lmp_bredr_capable(hdev)) {
3013 __hci_req_update_name(&req);
3014 __hci_req_update_eir(&req);
3017 /* The name is stored in the scan response data and so
3018 * no need to udpate the advertising data here.
3020 if (lmp_le_capable(hdev))
3021 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3023 err = hci_req_run(&req, set_name_complete);
3025 mgmt_pending_remove(cmd);
3028 hci_dev_unlock(hdev);
3032 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3033 u16 opcode, struct sk_buff *skb)
3035 struct mgmt_rp_read_local_oob_data mgmt_rp;
3036 size_t rp_size = sizeof(mgmt_rp);
3037 struct mgmt_pending_cmd *cmd;
3039 BT_DBG("%s status %u", hdev->name, status);
3041 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3045 if (status || !skb) {
3046 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3047 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3051 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3053 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3054 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3056 if (skb->len < sizeof(*rp)) {
3057 mgmt_cmd_status(cmd->sk, hdev->id,
3058 MGMT_OP_READ_LOCAL_OOB_DATA,
3059 MGMT_STATUS_FAILED);
3063 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3064 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3066 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3068 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3070 if (skb->len < sizeof(*rp)) {
3071 mgmt_cmd_status(cmd->sk, hdev->id,
3072 MGMT_OP_READ_LOCAL_OOB_DATA,
3073 MGMT_STATUS_FAILED);
3077 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3078 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3080 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3081 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3084 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3085 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3088 mgmt_pending_remove(cmd);
3091 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3092 void *data, u16 data_len)
3094 struct mgmt_pending_cmd *cmd;
3095 struct hci_request req;
3098 BT_DBG("%s", hdev->name);
3102 if (!hdev_is_powered(hdev)) {
3103 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3104 MGMT_STATUS_NOT_POWERED);
3108 if (!lmp_ssp_capable(hdev)) {
3109 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3110 MGMT_STATUS_NOT_SUPPORTED);
3114 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3115 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3120 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3126 hci_req_init(&req, hdev);
3128 if (bredr_sc_enabled(hdev))
3129 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3131 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3133 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3135 mgmt_pending_remove(cmd);
3138 hci_dev_unlock(hdev);
3142 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3143 void *data, u16 len)
3145 struct mgmt_addr_info *addr = data;
3148 BT_DBG("%s ", hdev->name);
3150 if (!bdaddr_type_is_valid(addr->type))
3151 return mgmt_cmd_complete(sk, hdev->id,
3152 MGMT_OP_ADD_REMOTE_OOB_DATA,
3153 MGMT_STATUS_INVALID_PARAMS,
3154 addr, sizeof(*addr));
3158 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3159 struct mgmt_cp_add_remote_oob_data *cp = data;
3162 if (cp->addr.type != BDADDR_BREDR) {
3163 err = mgmt_cmd_complete(sk, hdev->id,
3164 MGMT_OP_ADD_REMOTE_OOB_DATA,
3165 MGMT_STATUS_INVALID_PARAMS,
3166 &cp->addr, sizeof(cp->addr));
3170 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3171 cp->addr.type, cp->hash,
3172 cp->rand, NULL, NULL);
3174 status = MGMT_STATUS_FAILED;
3176 status = MGMT_STATUS_SUCCESS;
3178 err = mgmt_cmd_complete(sk, hdev->id,
3179 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3180 &cp->addr, sizeof(cp->addr));
3181 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3182 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3183 u8 *rand192, *hash192, *rand256, *hash256;
3186 if (bdaddr_type_is_le(cp->addr.type)) {
3187 /* Enforce zero-valued 192-bit parameters as
3188 * long as legacy SMP OOB isn't implemented.
3190 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3191 memcmp(cp->hash192, ZERO_KEY, 16)) {
3192 err = mgmt_cmd_complete(sk, hdev->id,
3193 MGMT_OP_ADD_REMOTE_OOB_DATA,
3194 MGMT_STATUS_INVALID_PARAMS,
3195 addr, sizeof(*addr));
3202 /* In case one of the P-192 values is set to zero,
3203 * then just disable OOB data for P-192.
3205 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3206 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3210 rand192 = cp->rand192;
3211 hash192 = cp->hash192;
3215 /* In case one of the P-256 values is set to zero, then just
3216 * disable OOB data for P-256.
3218 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3219 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3223 rand256 = cp->rand256;
3224 hash256 = cp->hash256;
3227 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3228 cp->addr.type, hash192, rand192,
3231 status = MGMT_STATUS_FAILED;
3233 status = MGMT_STATUS_SUCCESS;
3235 err = mgmt_cmd_complete(sk, hdev->id,
3236 MGMT_OP_ADD_REMOTE_OOB_DATA,
3237 status, &cp->addr, sizeof(cp->addr));
3239 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3240 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3241 MGMT_STATUS_INVALID_PARAMS);
3245 hci_dev_unlock(hdev);
3249 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3250 void *data, u16 len)
3252 struct mgmt_cp_remove_remote_oob_data *cp = data;
3256 BT_DBG("%s", hdev->name);
3258 if (cp->addr.type != BDADDR_BREDR)
3259 return mgmt_cmd_complete(sk, hdev->id,
3260 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3261 MGMT_STATUS_INVALID_PARAMS,
3262 &cp->addr, sizeof(cp->addr));
3266 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3267 hci_remote_oob_data_clear(hdev);
3268 status = MGMT_STATUS_SUCCESS;
3272 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3274 status = MGMT_STATUS_INVALID_PARAMS;
3276 status = MGMT_STATUS_SUCCESS;
3279 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3280 status, &cp->addr, sizeof(cp->addr));
3282 hci_dev_unlock(hdev);
3286 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
3288 struct mgmt_pending_cmd *cmd;
3290 BT_DBG("status %d", status);
3294 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3296 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3299 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3302 cmd->cmd_complete(cmd, mgmt_status(status));
3303 mgmt_pending_remove(cmd);
3306 hci_dev_unlock(hdev);
3309 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3310 uint8_t *mgmt_status)
3313 case DISCOV_TYPE_LE:
3314 *mgmt_status = mgmt_le_support(hdev);
3318 case DISCOV_TYPE_INTERLEAVED:
3319 *mgmt_status = mgmt_le_support(hdev);
3322 /* Intentional fall-through */
3323 case DISCOV_TYPE_BREDR:
3324 *mgmt_status = mgmt_bredr_support(hdev);
3329 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3336 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3337 u16 op, void *data, u16 len)
3339 struct mgmt_cp_start_discovery *cp = data;
3340 struct mgmt_pending_cmd *cmd;
3344 BT_DBG("%s", hdev->name);
3348 if (!hdev_is_powered(hdev)) {
3349 err = mgmt_cmd_complete(sk, hdev->id, op,
3350 MGMT_STATUS_NOT_POWERED,
3351 &cp->type, sizeof(cp->type));
3355 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3356 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3357 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3358 &cp->type, sizeof(cp->type));
3362 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3363 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3364 &cp->type, sizeof(cp->type));
3368 /* Clear the discovery filter first to free any previously
3369 * allocated memory for the UUID list.
3371 hci_discovery_filter_clear(hdev);
3373 hdev->discovery.type = cp->type;
3374 hdev->discovery.report_invalid_rssi = false;
3375 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3376 hdev->discovery.limited = true;
3378 hdev->discovery.limited = false;
3380 cmd = mgmt_pending_add(sk, op, hdev, data, len);
3386 cmd->cmd_complete = generic_cmd_complete;
3388 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3389 queue_work(hdev->req_workqueue, &hdev->discov_update);
3393 hci_dev_unlock(hdev);
3397 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3398 void *data, u16 len)
3400 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3404 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3405 void *data, u16 len)
3407 return start_discovery_internal(sk, hdev,
3408 MGMT_OP_START_LIMITED_DISCOVERY,
3412 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3415 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3419 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3420 void *data, u16 len)
3422 struct mgmt_cp_start_service_discovery *cp = data;
3423 struct mgmt_pending_cmd *cmd;
3424 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3425 u16 uuid_count, expected_len;
3429 BT_DBG("%s", hdev->name);
3433 if (!hdev_is_powered(hdev)) {
3434 err = mgmt_cmd_complete(sk, hdev->id,
3435 MGMT_OP_START_SERVICE_DISCOVERY,
3436 MGMT_STATUS_NOT_POWERED,
3437 &cp->type, sizeof(cp->type));
3441 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3442 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3443 err = mgmt_cmd_complete(sk, hdev->id,
3444 MGMT_OP_START_SERVICE_DISCOVERY,
3445 MGMT_STATUS_BUSY, &cp->type,
3450 uuid_count = __le16_to_cpu(cp->uuid_count);
3451 if (uuid_count > max_uuid_count) {
3452 BT_ERR("service_discovery: too big uuid_count value %u",
3454 err = mgmt_cmd_complete(sk, hdev->id,
3455 MGMT_OP_START_SERVICE_DISCOVERY,
3456 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3461 expected_len = sizeof(*cp) + uuid_count * 16;
3462 if (expected_len != len) {
3463 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3465 err = mgmt_cmd_complete(sk, hdev->id,
3466 MGMT_OP_START_SERVICE_DISCOVERY,
3467 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3472 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3473 err = mgmt_cmd_complete(sk, hdev->id,
3474 MGMT_OP_START_SERVICE_DISCOVERY,
3475 status, &cp->type, sizeof(cp->type));
3479 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
3486 cmd->cmd_complete = service_discovery_cmd_complete;
3488 /* Clear the discovery filter first to free any previously
3489 * allocated memory for the UUID list.
3491 hci_discovery_filter_clear(hdev);
3493 hdev->discovery.result_filtering = true;
3494 hdev->discovery.type = cp->type;
3495 hdev->discovery.rssi = cp->rssi;
3496 hdev->discovery.uuid_count = uuid_count;
3498 if (uuid_count > 0) {
3499 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3501 if (!hdev->discovery.uuids) {
3502 err = mgmt_cmd_complete(sk, hdev->id,
3503 MGMT_OP_START_SERVICE_DISCOVERY,
3505 &cp->type, sizeof(cp->type));
3506 mgmt_pending_remove(cmd);
3511 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3512 queue_work(hdev->req_workqueue, &hdev->discov_update);
3516 hci_dev_unlock(hdev);
3520 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
3522 struct mgmt_pending_cmd *cmd;
3524 BT_DBG("status %d", status);
3528 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3530 cmd->cmd_complete(cmd, mgmt_status(status));
3531 mgmt_pending_remove(cmd);
3534 hci_dev_unlock(hdev);
3537 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3540 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3541 struct mgmt_pending_cmd *cmd;
3544 BT_DBG("%s", hdev->name);
3548 if (!hci_discovery_active(hdev)) {
3549 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3550 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3551 sizeof(mgmt_cp->type));
3555 if (hdev->discovery.type != mgmt_cp->type) {
3556 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3557 MGMT_STATUS_INVALID_PARAMS,
3558 &mgmt_cp->type, sizeof(mgmt_cp->type));
3562 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
3568 cmd->cmd_complete = generic_cmd_complete;
3570 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3571 queue_work(hdev->req_workqueue, &hdev->discov_update);
3575 hci_dev_unlock(hdev);
3579 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3582 struct mgmt_cp_confirm_name *cp = data;
3583 struct inquiry_entry *e;
3586 BT_DBG("%s", hdev->name);
3590 if (!hci_discovery_active(hdev)) {
3591 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3592 MGMT_STATUS_FAILED, &cp->addr,
3597 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3599 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3600 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3605 if (cp->name_known) {
3606 e->name_state = NAME_KNOWN;
3609 e->name_state = NAME_NEEDED;
3610 hci_inquiry_cache_update_resolve(hdev, e);
3613 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
3614 &cp->addr, sizeof(cp->addr));
3617 hci_dev_unlock(hdev);
3621 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3624 struct mgmt_cp_block_device *cp = data;
3628 BT_DBG("%s", hdev->name);
3630 if (!bdaddr_type_is_valid(cp->addr.type))
3631 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3632 MGMT_STATUS_INVALID_PARAMS,
3633 &cp->addr, sizeof(cp->addr));
3637 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3640 status = MGMT_STATUS_FAILED;
3644 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3646 status = MGMT_STATUS_SUCCESS;
3649 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3650 &cp->addr, sizeof(cp->addr));
3652 hci_dev_unlock(hdev);
3657 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3660 struct mgmt_cp_unblock_device *cp = data;
3664 BT_DBG("%s", hdev->name);
3666 if (!bdaddr_type_is_valid(cp->addr.type))
3667 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3668 MGMT_STATUS_INVALID_PARAMS,
3669 &cp->addr, sizeof(cp->addr));
3673 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3676 status = MGMT_STATUS_INVALID_PARAMS;
3680 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3682 status = MGMT_STATUS_SUCCESS;
3685 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3686 &cp->addr, sizeof(cp->addr));
3688 hci_dev_unlock(hdev);
3693 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3696 struct mgmt_cp_set_device_id *cp = data;
3697 struct hci_request req;
3701 BT_DBG("%s", hdev->name);
3703 source = __le16_to_cpu(cp->source);
3705 if (source > 0x0002)
3706 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3707 MGMT_STATUS_INVALID_PARAMS);
3711 hdev->devid_source = source;
3712 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3713 hdev->devid_product = __le16_to_cpu(cp->product);
3714 hdev->devid_version = __le16_to_cpu(cp->version);
3716 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
3719 hci_req_init(&req, hdev);
3720 __hci_req_update_eir(&req);
3721 hci_req_run(&req, NULL);
3723 hci_dev_unlock(hdev);
3728 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
3731 BT_DBG("status %d", status);
3734 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
3737 struct cmd_lookup match = { NULL, hdev };
3738 struct hci_request req;
3740 struct adv_info *adv_instance;
3746 u8 mgmt_err = mgmt_status(status);
3748 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3749 cmd_status_rsp, &mgmt_err);
3753 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3754 hci_dev_set_flag(hdev, HCI_ADVERTISING);
3756 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
3758 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3761 new_settings(hdev, match.sk);
3766 /* If "Set Advertising" was just disabled and instance advertising was
3767 * set up earlier, then re-enable multi-instance advertising.
3769 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
3770 list_empty(&hdev->adv_instances))
3773 instance = hdev->cur_adv_instance;
3775 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
3776 struct adv_info, list);
3780 instance = adv_instance->instance;
3783 hci_req_init(&req, hdev);
3785 err = __hci_req_schedule_adv_instance(&req, instance, true);
3788 err = hci_req_run(&req, enable_advertising_instance);
3791 BT_ERR("Failed to re-configure advertising");
3794 hci_dev_unlock(hdev);
3797 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3800 struct mgmt_mode *cp = data;
3801 struct mgmt_pending_cmd *cmd;
3802 struct hci_request req;
3806 BT_DBG("request for %s", hdev->name);
3808 status = mgmt_le_support(hdev);
3810 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3813 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
3814 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3815 MGMT_STATUS_INVALID_PARAMS);
3821 /* The following conditions are ones which mean that we should
3822 * not do any HCI communication but directly send a mgmt
3823 * response to user space (after toggling the flag if
3826 if (!hdev_is_powered(hdev) ||
3827 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
3828 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
3829 hci_conn_num(hdev, LE_LINK) > 0 ||
3830 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
3831 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
3835 hdev->cur_adv_instance = 0x00;
3836 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
3837 if (cp->val == 0x02)
3838 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3840 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3842 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
3843 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3846 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3851 err = new_settings(hdev, sk);
3856 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3857 pending_find(MGMT_OP_SET_LE, hdev)) {
3858 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3863 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3869 hci_req_init(&req, hdev);
3871 if (cp->val == 0x02)
3872 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3874 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
3876 cancel_adv_timeout(hdev);
3879 /* Switch to instance "0" for the Set Advertising setting.
3880 * We cannot use update_[adv|scan_rsp]_data() here as the
3881 * HCI_ADVERTISING flag is not yet set.
3883 hdev->cur_adv_instance = 0x00;
3884 __hci_req_update_adv_data(&req, 0x00);
3885 __hci_req_update_scan_rsp_data(&req, 0x00);
3886 __hci_req_enable_advertising(&req);
3888 __hci_req_disable_advertising(&req);
3891 err = hci_req_run(&req, set_advertising_complete);
3893 mgmt_pending_remove(cmd);
3896 hci_dev_unlock(hdev);
3900 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3901 void *data, u16 len)
3903 struct mgmt_cp_set_static_address *cp = data;
3906 BT_DBG("%s", hdev->name);
3908 if (!lmp_le_capable(hdev))
3909 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3910 MGMT_STATUS_NOT_SUPPORTED);
3912 if (hdev_is_powered(hdev))
3913 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3914 MGMT_STATUS_REJECTED);
3916 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3917 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3918 return mgmt_cmd_status(sk, hdev->id,
3919 MGMT_OP_SET_STATIC_ADDRESS,
3920 MGMT_STATUS_INVALID_PARAMS);
3922 /* Two most significant bits shall be set */
3923 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3924 return mgmt_cmd_status(sk, hdev->id,
3925 MGMT_OP_SET_STATIC_ADDRESS,
3926 MGMT_STATUS_INVALID_PARAMS);
3931 bacpy(&hdev->static_addr, &cp->bdaddr);
3933 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
3937 err = new_settings(hdev, sk);
3940 hci_dev_unlock(hdev);
3944 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3945 void *data, u16 len)
3947 struct mgmt_cp_set_scan_params *cp = data;
3948 __u16 interval, window;
3951 BT_DBG("%s", hdev->name);
3953 if (!lmp_le_capable(hdev))
3954 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3955 MGMT_STATUS_NOT_SUPPORTED);
3957 interval = __le16_to_cpu(cp->interval);
3959 if (interval < 0x0004 || interval > 0x4000)
3960 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3961 MGMT_STATUS_INVALID_PARAMS);
3963 window = __le16_to_cpu(cp->window);
3965 if (window < 0x0004 || window > 0x4000)
3966 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3967 MGMT_STATUS_INVALID_PARAMS);
3969 if (window > interval)
3970 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3971 MGMT_STATUS_INVALID_PARAMS);
3975 hdev->le_scan_interval = interval;
3976 hdev->le_scan_window = window;
3978 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
3981 /* If background scan is running, restart it so new parameters are
3984 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
3985 hdev->discovery.state == DISCOVERY_STOPPED) {
3986 struct hci_request req;
3988 hci_req_init(&req, hdev);
3990 hci_req_add_le_scan_disable(&req);
3991 hci_req_add_le_passive_scan(&req);
3993 hci_req_run(&req, NULL);
3996 hci_dev_unlock(hdev);
4001 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4004 struct mgmt_pending_cmd *cmd;
4006 BT_DBG("status 0x%02x", status);
4010 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4015 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4016 mgmt_status(status));
4018 struct mgmt_mode *cp = cmd->param;
4021 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4023 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4025 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4026 new_settings(hdev, cmd->sk);
4029 mgmt_pending_remove(cmd);
4032 hci_dev_unlock(hdev);
4035 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4036 void *data, u16 len)
4038 struct mgmt_mode *cp = data;
4039 struct mgmt_pending_cmd *cmd;
4040 struct hci_request req;
4043 BT_DBG("%s", hdev->name);
4045 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4046 hdev->hci_ver < BLUETOOTH_VER_1_2)
4047 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4048 MGMT_STATUS_NOT_SUPPORTED);
4050 if (cp->val != 0x00 && cp->val != 0x01)
4051 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4052 MGMT_STATUS_INVALID_PARAMS);
4056 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4057 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4062 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4063 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4068 if (!hdev_is_powered(hdev)) {
4069 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4070 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4072 new_settings(hdev, sk);
4076 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4083 hci_req_init(&req, hdev);
4085 __hci_req_write_fast_connectable(&req, cp->val);
4087 err = hci_req_run(&req, fast_connectable_complete);
4089 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4090 MGMT_STATUS_FAILED);
4091 mgmt_pending_remove(cmd);
4095 hci_dev_unlock(hdev);
4100 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4102 struct mgmt_pending_cmd *cmd;
4104 BT_DBG("status 0x%02x", status);
4108 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4113 u8 mgmt_err = mgmt_status(status);
4115 /* We need to restore the flag if related HCI commands
4118 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4120 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4122 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4123 new_settings(hdev, cmd->sk);
4126 mgmt_pending_remove(cmd);
4129 hci_dev_unlock(hdev);
4132 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4134 struct mgmt_mode *cp = data;
4135 struct mgmt_pending_cmd *cmd;
4136 struct hci_request req;
4139 BT_DBG("request for %s", hdev->name);
4141 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4142 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4143 MGMT_STATUS_NOT_SUPPORTED);
4145 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4146 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4147 MGMT_STATUS_REJECTED);
4149 if (cp->val != 0x00 && cp->val != 0x01)
4150 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4151 MGMT_STATUS_INVALID_PARAMS);
4155 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4156 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4160 if (!hdev_is_powered(hdev)) {
4162 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4163 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4164 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4165 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4166 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4169 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4171 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4175 err = new_settings(hdev, sk);
4179 /* Reject disabling when powered on */
4181 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4182 MGMT_STATUS_REJECTED);
4185 /* When configuring a dual-mode controller to operate
4186 * with LE only and using a static address, then switching
4187 * BR/EDR back on is not allowed.
4189 * Dual-mode controllers shall operate with the public
4190 * address as its identity address for BR/EDR and LE. So
4191 * reject the attempt to create an invalid configuration.
4193 * The same restrictions applies when secure connections
4194 * has been enabled. For BR/EDR this is a controller feature
4195 * while for LE it is a host stack feature. This means that
4196 * switching BR/EDR back on when secure connections has been
4197 * enabled is not a supported transaction.
4199 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4200 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4201 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4202 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4203 MGMT_STATUS_REJECTED);
4208 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4209 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4214 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4220 /* We need to flip the bit already here so that
4221 * hci_req_update_adv_data generates the correct flags.
4223 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4225 hci_req_init(&req, hdev);
4227 __hci_req_write_fast_connectable(&req, false);
4228 __hci_req_update_scan(&req);
4230 /* Since only the advertising data flags will change, there
4231 * is no need to update the scan response data.
4233 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
4235 err = hci_req_run(&req, set_bredr_complete);
4237 mgmt_pending_remove(cmd);
4240 hci_dev_unlock(hdev);
4244 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4246 struct mgmt_pending_cmd *cmd;
4247 struct mgmt_mode *cp;
4249 BT_DBG("%s status %u", hdev->name, status);
4253 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4258 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4259 mgmt_status(status));
4267 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4268 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4271 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4272 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4275 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4276 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4280 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4281 new_settings(hdev, cmd->sk);
4284 mgmt_pending_remove(cmd);
4286 hci_dev_unlock(hdev);
4289 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4290 void *data, u16 len)
4292 struct mgmt_mode *cp = data;
4293 struct mgmt_pending_cmd *cmd;
4294 struct hci_request req;
4298 BT_DBG("request for %s", hdev->name);
4300 if (!lmp_sc_capable(hdev) &&
4301 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4302 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4303 MGMT_STATUS_NOT_SUPPORTED);
4305 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4306 lmp_sc_capable(hdev) &&
4307 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4308 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4309 MGMT_STATUS_REJECTED);
4311 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4312 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4313 MGMT_STATUS_INVALID_PARAMS);
4317 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4318 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4322 changed = !hci_dev_test_and_set_flag(hdev,
4324 if (cp->val == 0x02)
4325 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4327 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4329 changed = hci_dev_test_and_clear_flag(hdev,
4331 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4334 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4339 err = new_settings(hdev, sk);
4344 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4345 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4352 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4353 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4354 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4358 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4364 hci_req_init(&req, hdev);
4365 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4366 err = hci_req_run(&req, sc_enable_complete);
4368 mgmt_pending_remove(cmd);
4373 hci_dev_unlock(hdev);
4377 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4378 void *data, u16 len)
4380 struct mgmt_mode *cp = data;
4381 bool changed, use_changed;
4384 BT_DBG("request for %s", hdev->name);
4386 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4387 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4388 MGMT_STATUS_INVALID_PARAMS);
4393 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4395 changed = hci_dev_test_and_clear_flag(hdev,
4396 HCI_KEEP_DEBUG_KEYS);
4398 if (cp->val == 0x02)
4399 use_changed = !hci_dev_test_and_set_flag(hdev,
4400 HCI_USE_DEBUG_KEYS);
4402 use_changed = hci_dev_test_and_clear_flag(hdev,
4403 HCI_USE_DEBUG_KEYS);
4405 if (hdev_is_powered(hdev) && use_changed &&
4406 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
4407 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4408 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4409 sizeof(mode), &mode);
4412 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4417 err = new_settings(hdev, sk);
4420 hci_dev_unlock(hdev);
4424 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4427 struct mgmt_cp_set_privacy *cp = cp_data;
4431 BT_DBG("request for %s", hdev->name);
4433 if (!lmp_le_capable(hdev))
4434 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4435 MGMT_STATUS_NOT_SUPPORTED);
4437 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
4438 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4439 MGMT_STATUS_INVALID_PARAMS);
4441 if (hdev_is_powered(hdev))
4442 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4443 MGMT_STATUS_REJECTED);
4447 /* If user space supports this command it is also expected to
4448 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4450 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4453 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
4454 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4455 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
4456 if (cp->privacy == 0x02)
4457 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4459 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4461 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
4462 memset(hdev->irk, 0, sizeof(hdev->irk));
4463 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
4464 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4467 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4472 err = new_settings(hdev, sk);
4475 hci_dev_unlock(hdev);
4479 static bool irk_is_valid(struct mgmt_irk_info *irk)
4481 switch (irk->addr.type) {
4482 case BDADDR_LE_PUBLIC:
4485 case BDADDR_LE_RANDOM:
4486 /* Two most significant bits shall be set */
4487 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4495 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4498 struct mgmt_cp_load_irks *cp = cp_data;
4499 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4500 sizeof(struct mgmt_irk_info));
4501 u16 irk_count, expected_len;
4504 BT_DBG("request for %s", hdev->name);
4506 if (!lmp_le_capable(hdev))
4507 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4508 MGMT_STATUS_NOT_SUPPORTED);
4510 irk_count = __le16_to_cpu(cp->irk_count);
4511 if (irk_count > max_irk_count) {
4512 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4513 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4514 MGMT_STATUS_INVALID_PARAMS);
4517 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4518 if (expected_len != len) {
4519 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4521 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4522 MGMT_STATUS_INVALID_PARAMS);
4525 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4527 for (i = 0; i < irk_count; i++) {
4528 struct mgmt_irk_info *key = &cp->irks[i];
4530 if (!irk_is_valid(key))
4531 return mgmt_cmd_status(sk, hdev->id,
4533 MGMT_STATUS_INVALID_PARAMS);
4538 hci_smp_irks_clear(hdev);
4540 for (i = 0; i < irk_count; i++) {
4541 struct mgmt_irk_info *irk = &cp->irks[i];
4543 hci_add_irk(hdev, &irk->addr.bdaddr,
4544 le_addr_type(irk->addr.type), irk->val,
4548 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4550 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4552 hci_dev_unlock(hdev);
4557 static bool ltk_is_valid(struct mgmt_ltk_info *key)
4559 if (key->master != 0x00 && key->master != 0x01)
4562 switch (key->addr.type) {
4563 case BDADDR_LE_PUBLIC:
4566 case BDADDR_LE_RANDOM:
4567 /* Two most significant bits shall be set */
4568 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4576 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4577 void *cp_data, u16 len)
4579 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4580 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4581 sizeof(struct mgmt_ltk_info));
4582 u16 key_count, expected_len;
4585 BT_DBG("request for %s", hdev->name);
4587 if (!lmp_le_capable(hdev))
4588 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4589 MGMT_STATUS_NOT_SUPPORTED);
4591 key_count = __le16_to_cpu(cp->key_count);
4592 if (key_count > max_key_count) {
4593 BT_ERR("load_ltks: too big key_count value %u", key_count);
4594 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4595 MGMT_STATUS_INVALID_PARAMS);
4598 expected_len = sizeof(*cp) + key_count *
4599 sizeof(struct mgmt_ltk_info);
4600 if (expected_len != len) {
4601 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4603 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4604 MGMT_STATUS_INVALID_PARAMS);
4607 BT_DBG("%s key_count %u", hdev->name, key_count);
4609 for (i = 0; i < key_count; i++) {
4610 struct mgmt_ltk_info *key = &cp->keys[i];
4612 if (!ltk_is_valid(key))
4613 return mgmt_cmd_status(sk, hdev->id,
4614 MGMT_OP_LOAD_LONG_TERM_KEYS,
4615 MGMT_STATUS_INVALID_PARAMS);
4620 hci_smp_ltks_clear(hdev);
4622 for (i = 0; i < key_count; i++) {
4623 struct mgmt_ltk_info *key = &cp->keys[i];
4624 u8 type, authenticated;
4626 switch (key->type) {
4627 case MGMT_LTK_UNAUTHENTICATED:
4628 authenticated = 0x00;
4629 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4631 case MGMT_LTK_AUTHENTICATED:
4632 authenticated = 0x01;
4633 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4635 case MGMT_LTK_P256_UNAUTH:
4636 authenticated = 0x00;
4637 type = SMP_LTK_P256;
4639 case MGMT_LTK_P256_AUTH:
4640 authenticated = 0x01;
4641 type = SMP_LTK_P256;
4643 case MGMT_LTK_P256_DEBUG:
4644 authenticated = 0x00;
4645 type = SMP_LTK_P256_DEBUG;
4650 hci_add_ltk(hdev, &key->addr.bdaddr,
4651 le_addr_type(key->addr.type), type, authenticated,
4652 key->val, key->enc_size, key->ediv, key->rand);
4655 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4658 hci_dev_unlock(hdev);
4663 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
4665 struct hci_conn *conn = cmd->user_data;
4666 struct mgmt_rp_get_conn_info rp;
4669 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
4671 if (status == MGMT_STATUS_SUCCESS) {
4672 rp.rssi = conn->rssi;
4673 rp.tx_power = conn->tx_power;
4674 rp.max_tx_power = conn->max_tx_power;
4676 rp.rssi = HCI_RSSI_INVALID;
4677 rp.tx_power = HCI_TX_POWER_INVALID;
4678 rp.max_tx_power = HCI_TX_POWER_INVALID;
4681 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4682 status, &rp, sizeof(rp));
4684 hci_conn_drop(conn);
4690 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
4693 struct hci_cp_read_rssi *cp;
4694 struct mgmt_pending_cmd *cmd;
4695 struct hci_conn *conn;
4699 BT_DBG("status 0x%02x", hci_status);
4703 /* Commands sent in request are either Read RSSI or Read Transmit Power
4704 * Level so we check which one was last sent to retrieve connection
4705 * handle. Both commands have handle as first parameter so it's safe to
4706 * cast data on the same command struct.
4708 * First command sent is always Read RSSI and we fail only if it fails.
4709 * In other case we simply override error to indicate success as we
4710 * already remembered if TX power value is actually valid.
4712 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4714 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4715 status = MGMT_STATUS_SUCCESS;
4717 status = mgmt_status(hci_status);
4721 BT_ERR("invalid sent_cmd in conn_info response");
4725 handle = __le16_to_cpu(cp->handle);
4726 conn = hci_conn_hash_lookup_handle(hdev, handle);
4728 BT_ERR("unknown handle (%d) in conn_info response", handle);
4732 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
4736 cmd->cmd_complete(cmd, status);
4737 mgmt_pending_remove(cmd);
4740 hci_dev_unlock(hdev);
4743 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4746 struct mgmt_cp_get_conn_info *cp = data;
4747 struct mgmt_rp_get_conn_info rp;
4748 struct hci_conn *conn;
4749 unsigned long conn_info_age;
4752 BT_DBG("%s", hdev->name);
4754 memset(&rp, 0, sizeof(rp));
4755 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4756 rp.addr.type = cp->addr.type;
4758 if (!bdaddr_type_is_valid(cp->addr.type))
4759 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4760 MGMT_STATUS_INVALID_PARAMS,
4765 if (!hdev_is_powered(hdev)) {
4766 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4767 MGMT_STATUS_NOT_POWERED, &rp,
4772 if (cp->addr.type == BDADDR_BREDR)
4773 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4776 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4778 if (!conn || conn->state != BT_CONNECTED) {
4779 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4780 MGMT_STATUS_NOT_CONNECTED, &rp,
4785 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
4786 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4787 MGMT_STATUS_BUSY, &rp, sizeof(rp));
4791 /* To avoid client trying to guess when to poll again for information we
4792 * calculate conn info age as random value between min/max set in hdev.
4794 conn_info_age = hdev->conn_info_min_age +
4795 prandom_u32_max(hdev->conn_info_max_age -
4796 hdev->conn_info_min_age);
4798 /* Query controller to refresh cached values if they are too old or were
4801 if (time_after(jiffies, conn->conn_info_timestamp +
4802 msecs_to_jiffies(conn_info_age)) ||
4803 !conn->conn_info_timestamp) {
4804 struct hci_request req;
4805 struct hci_cp_read_tx_power req_txp_cp;
4806 struct hci_cp_read_rssi req_rssi_cp;
4807 struct mgmt_pending_cmd *cmd;
4809 hci_req_init(&req, hdev);
4810 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4811 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4814 /* For LE links TX power does not change thus we don't need to
4815 * query for it once value is known.
4817 if (!bdaddr_type_is_le(cp->addr.type) ||
4818 conn->tx_power == HCI_TX_POWER_INVALID) {
4819 req_txp_cp.handle = cpu_to_le16(conn->handle);
4820 req_txp_cp.type = 0x00;
4821 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4822 sizeof(req_txp_cp), &req_txp_cp);
4825 /* Max TX power needs to be read only once per connection */
4826 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4827 req_txp_cp.handle = cpu_to_le16(conn->handle);
4828 req_txp_cp.type = 0x01;
4829 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4830 sizeof(req_txp_cp), &req_txp_cp);
4833 err = hci_req_run(&req, conn_info_refresh_complete);
4837 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4844 hci_conn_hold(conn);
4845 cmd->user_data = hci_conn_get(conn);
4846 cmd->cmd_complete = conn_info_cmd_complete;
4848 conn->conn_info_timestamp = jiffies;
4850 /* Cache is valid, just reply with values cached in hci_conn */
4851 rp.rssi = conn->rssi;
4852 rp.tx_power = conn->tx_power;
4853 rp.max_tx_power = conn->max_tx_power;
4855 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4856 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4860 hci_dev_unlock(hdev);
4864 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
4866 struct hci_conn *conn = cmd->user_data;
4867 struct mgmt_rp_get_clock_info rp;
4868 struct hci_dev *hdev;
4871 memset(&rp, 0, sizeof(rp));
4872 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
4877 hdev = hci_dev_get(cmd->index);
4879 rp.local_clock = cpu_to_le32(hdev->clock);
4884 rp.piconet_clock = cpu_to_le32(conn->clock);
4885 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
4889 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
4893 hci_conn_drop(conn);
4900 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4902 struct hci_cp_read_clock *hci_cp;
4903 struct mgmt_pending_cmd *cmd;
4904 struct hci_conn *conn;
4906 BT_DBG("%s status %u", hdev->name, status);
4910 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
4914 if (hci_cp->which) {
4915 u16 handle = __le16_to_cpu(hci_cp->handle);
4916 conn = hci_conn_hash_lookup_handle(hdev, handle);
4921 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
4925 cmd->cmd_complete(cmd, mgmt_status(status));
4926 mgmt_pending_remove(cmd);
4929 hci_dev_unlock(hdev);
4932 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
4935 struct mgmt_cp_get_clock_info *cp = data;
4936 struct mgmt_rp_get_clock_info rp;
4937 struct hci_cp_read_clock hci_cp;
4938 struct mgmt_pending_cmd *cmd;
4939 struct hci_request req;
4940 struct hci_conn *conn;
4943 BT_DBG("%s", hdev->name);
4945 memset(&rp, 0, sizeof(rp));
4946 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4947 rp.addr.type = cp->addr.type;
4949 if (cp->addr.type != BDADDR_BREDR)
4950 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4951 MGMT_STATUS_INVALID_PARAMS,
4956 if (!hdev_is_powered(hdev)) {
4957 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4958 MGMT_STATUS_NOT_POWERED, &rp,
4963 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4964 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4966 if (!conn || conn->state != BT_CONNECTED) {
4967 err = mgmt_cmd_complete(sk, hdev->id,
4968 MGMT_OP_GET_CLOCK_INFO,
4969 MGMT_STATUS_NOT_CONNECTED,
4977 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
4983 cmd->cmd_complete = clock_info_cmd_complete;
4985 hci_req_init(&req, hdev);
4987 memset(&hci_cp, 0, sizeof(hci_cp));
4988 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4991 hci_conn_hold(conn);
4992 cmd->user_data = hci_conn_get(conn);
4994 hci_cp.handle = cpu_to_le16(conn->handle);
4995 hci_cp.which = 0x01; /* Piconet clock */
4996 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4999 err = hci_req_run(&req, get_clock_info_complete);
5001 mgmt_pending_remove(cmd);
5004 hci_dev_unlock(hdev);
5008 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5010 struct hci_conn *conn;
5012 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5016 if (conn->dst_type != type)
5019 if (conn->state != BT_CONNECTED)
5025 /* This function requires the caller holds hdev->lock */
5026 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5027 u8 addr_type, u8 auto_connect)
5029 struct hci_conn_params *params;
5031 params = hci_conn_params_add(hdev, addr, addr_type);
5035 if (params->auto_connect == auto_connect)
5038 list_del_init(¶ms->action);
5040 switch (auto_connect) {
5041 case HCI_AUTO_CONN_DISABLED:
5042 case HCI_AUTO_CONN_LINK_LOSS:
5043 /* If auto connect is being disabled when we're trying to
5044 * connect to device, keep connecting.
5046 if (params->explicit_connect)
5047 list_add(¶ms->action, &hdev->pend_le_conns);
5049 case HCI_AUTO_CONN_REPORT:
5050 if (params->explicit_connect)
5051 list_add(¶ms->action, &hdev->pend_le_conns);
5053 list_add(¶ms->action, &hdev->pend_le_reports);
5055 case HCI_AUTO_CONN_DIRECT:
5056 case HCI_AUTO_CONN_ALWAYS:
5057 if (!is_connected(hdev, addr, addr_type))
5058 list_add(¶ms->action, &hdev->pend_le_conns);
5062 params->auto_connect = auto_connect;
5064 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5070 static void device_added(struct sock *sk, struct hci_dev *hdev,
5071 bdaddr_t *bdaddr, u8 type, u8 action)
5073 struct mgmt_ev_device_added ev;
5075 bacpy(&ev.addr.bdaddr, bdaddr);
5076 ev.addr.type = type;
5079 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5082 static int add_device(struct sock *sk, struct hci_dev *hdev,
5083 void *data, u16 len)
5085 struct mgmt_cp_add_device *cp = data;
5086 u8 auto_conn, addr_type;
5089 BT_DBG("%s", hdev->name);
5091 if (!bdaddr_type_is_valid(cp->addr.type) ||
5092 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5093 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5094 MGMT_STATUS_INVALID_PARAMS,
5095 &cp->addr, sizeof(cp->addr));
5097 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5098 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5099 MGMT_STATUS_INVALID_PARAMS,
5100 &cp->addr, sizeof(cp->addr));
5104 if (cp->addr.type == BDADDR_BREDR) {
5105 /* Only incoming connections action is supported for now */
5106 if (cp->action != 0x01) {
5107 err = mgmt_cmd_complete(sk, hdev->id,
5109 MGMT_STATUS_INVALID_PARAMS,
5110 &cp->addr, sizeof(cp->addr));
5114 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5119 hci_req_update_scan(hdev);
5124 addr_type = le_addr_type(cp->addr.type);
5126 if (cp->action == 0x02)
5127 auto_conn = HCI_AUTO_CONN_ALWAYS;
5128 else if (cp->action == 0x01)
5129 auto_conn = HCI_AUTO_CONN_DIRECT;
5131 auto_conn = HCI_AUTO_CONN_REPORT;
5133 /* Kernel internally uses conn_params with resolvable private
5134 * address, but Add Device allows only identity addresses.
5135 * Make sure it is enforced before calling
5136 * hci_conn_params_lookup.
5138 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5139 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5140 MGMT_STATUS_INVALID_PARAMS,
5141 &cp->addr, sizeof(cp->addr));
5145 /* If the connection parameters don't exist for this device,
5146 * they will be created and configured with defaults.
5148 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5150 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5151 MGMT_STATUS_FAILED, &cp->addr,
5156 hci_update_background_scan(hdev);
5159 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5161 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5162 MGMT_STATUS_SUCCESS, &cp->addr,
5166 hci_dev_unlock(hdev);
5170 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5171 bdaddr_t *bdaddr, u8 type)
5173 struct mgmt_ev_device_removed ev;
5175 bacpy(&ev.addr.bdaddr, bdaddr);
5176 ev.addr.type = type;
5178 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5181 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5182 void *data, u16 len)
5184 struct mgmt_cp_remove_device *cp = data;
5187 BT_DBG("%s", hdev->name);
5191 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5192 struct hci_conn_params *params;
5195 if (!bdaddr_type_is_valid(cp->addr.type)) {
5196 err = mgmt_cmd_complete(sk, hdev->id,
5197 MGMT_OP_REMOVE_DEVICE,
5198 MGMT_STATUS_INVALID_PARAMS,
5199 &cp->addr, sizeof(cp->addr));
5203 if (cp->addr.type == BDADDR_BREDR) {
5204 err = hci_bdaddr_list_del(&hdev->whitelist,
5208 err = mgmt_cmd_complete(sk, hdev->id,
5209 MGMT_OP_REMOVE_DEVICE,
5210 MGMT_STATUS_INVALID_PARAMS,
5216 hci_req_update_scan(hdev);
5218 device_removed(sk, hdev, &cp->addr.bdaddr,
5223 addr_type = le_addr_type(cp->addr.type);
5225 /* Kernel internally uses conn_params with resolvable private
5226 * address, but Remove Device allows only identity addresses.
5227 * Make sure it is enforced before calling
5228 * hci_conn_params_lookup.
5230 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5231 err = mgmt_cmd_complete(sk, hdev->id,
5232 MGMT_OP_REMOVE_DEVICE,
5233 MGMT_STATUS_INVALID_PARAMS,
5234 &cp->addr, sizeof(cp->addr));
5238 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5241 err = mgmt_cmd_complete(sk, hdev->id,
5242 MGMT_OP_REMOVE_DEVICE,
5243 MGMT_STATUS_INVALID_PARAMS,
5244 &cp->addr, sizeof(cp->addr));
5248 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5249 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
5250 err = mgmt_cmd_complete(sk, hdev->id,
5251 MGMT_OP_REMOVE_DEVICE,
5252 MGMT_STATUS_INVALID_PARAMS,
5253 &cp->addr, sizeof(cp->addr));
5257 list_del(¶ms->action);
5258 list_del(¶ms->list);
5260 hci_update_background_scan(hdev);
5262 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5264 struct hci_conn_params *p, *tmp;
5265 struct bdaddr_list *b, *btmp;
5267 if (cp->addr.type) {
5268 err = mgmt_cmd_complete(sk, hdev->id,
5269 MGMT_OP_REMOVE_DEVICE,
5270 MGMT_STATUS_INVALID_PARAMS,
5271 &cp->addr, sizeof(cp->addr));
5275 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5276 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5281 hci_req_update_scan(hdev);
5283 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5284 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5286 device_removed(sk, hdev, &p->addr, p->addr_type);
5287 if (p->explicit_connect) {
5288 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5291 list_del(&p->action);
5296 BT_DBG("All LE connection parameters were removed");
5298 hci_update_background_scan(hdev);
5302 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5303 MGMT_STATUS_SUCCESS, &cp->addr,
5306 hci_dev_unlock(hdev);
5310 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5313 struct mgmt_cp_load_conn_param *cp = data;
5314 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5315 sizeof(struct mgmt_conn_param));
5316 u16 param_count, expected_len;
5319 if (!lmp_le_capable(hdev))
5320 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5321 MGMT_STATUS_NOT_SUPPORTED);
5323 param_count = __le16_to_cpu(cp->param_count);
5324 if (param_count > max_param_count) {
5325 BT_ERR("load_conn_param: too big param_count value %u",
5327 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5328 MGMT_STATUS_INVALID_PARAMS);
5331 expected_len = sizeof(*cp) + param_count *
5332 sizeof(struct mgmt_conn_param);
5333 if (expected_len != len) {
5334 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5336 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5337 MGMT_STATUS_INVALID_PARAMS);
5340 BT_DBG("%s param_count %u", hdev->name, param_count);
5344 hci_conn_params_clear_disabled(hdev);
5346 for (i = 0; i < param_count; i++) {
5347 struct mgmt_conn_param *param = &cp->params[i];
5348 struct hci_conn_params *hci_param;
5349 u16 min, max, latency, timeout;
5352 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5355 if (param->addr.type == BDADDR_LE_PUBLIC) {
5356 addr_type = ADDR_LE_DEV_PUBLIC;
5357 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5358 addr_type = ADDR_LE_DEV_RANDOM;
5360 BT_ERR("Ignoring invalid connection parameters");
5364 min = le16_to_cpu(param->min_interval);
5365 max = le16_to_cpu(param->max_interval);
5366 latency = le16_to_cpu(param->latency);
5367 timeout = le16_to_cpu(param->timeout);
5369 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5370 min, max, latency, timeout);
5372 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5373 BT_ERR("Ignoring invalid connection parameters");
5377 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5380 BT_ERR("Failed to add connection parameters");
5384 hci_param->conn_min_interval = min;
5385 hci_param->conn_max_interval = max;
5386 hci_param->conn_latency = latency;
5387 hci_param->supervision_timeout = timeout;
5390 hci_dev_unlock(hdev);
5392 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5396 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5397 void *data, u16 len)
5399 struct mgmt_cp_set_external_config *cp = data;
5403 BT_DBG("%s", hdev->name);
5405 if (hdev_is_powered(hdev))
5406 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5407 MGMT_STATUS_REJECTED);
5409 if (cp->config != 0x00 && cp->config != 0x01)
5410 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5411 MGMT_STATUS_INVALID_PARAMS);
5413 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5414 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5415 MGMT_STATUS_NOT_SUPPORTED);
5420 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
5422 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
5424 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5431 err = new_options(hdev, sk);
5433 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
5434 mgmt_index_removed(hdev);
5436 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
5437 hci_dev_set_flag(hdev, HCI_CONFIG);
5438 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5440 queue_work(hdev->req_workqueue, &hdev->power_on);
5442 set_bit(HCI_RAW, &hdev->flags);
5443 mgmt_index_added(hdev);
5448 hci_dev_unlock(hdev);
5452 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5453 void *data, u16 len)
5455 struct mgmt_cp_set_public_address *cp = data;
5459 BT_DBG("%s", hdev->name);
5461 if (hdev_is_powered(hdev))
5462 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5463 MGMT_STATUS_REJECTED);
5465 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5466 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5467 MGMT_STATUS_INVALID_PARAMS);
5469 if (!hdev->set_bdaddr)
5470 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5471 MGMT_STATUS_NOT_SUPPORTED);
5475 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5476 bacpy(&hdev->public_addr, &cp->bdaddr);
5478 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5485 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
5486 err = new_options(hdev, sk);
5488 if (is_configured(hdev)) {
5489 mgmt_index_removed(hdev);
5491 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
5493 hci_dev_set_flag(hdev, HCI_CONFIG);
5494 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5496 queue_work(hdev->req_workqueue, &hdev->power_on);
5500 hci_dev_unlock(hdev);
5504 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5507 eir[eir_len++] = sizeof(type) + data_len;
5508 eir[eir_len++] = type;
5509 memcpy(&eir[eir_len], data, data_len);
5510 eir_len += data_len;
5515 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
5516 u16 opcode, struct sk_buff *skb)
5518 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
5519 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
5520 u8 *h192, *r192, *h256, *r256;
5521 struct mgmt_pending_cmd *cmd;
5525 BT_DBG("%s status %u", hdev->name, status);
5527 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
5531 mgmt_cp = cmd->param;
5534 status = mgmt_status(status);
5541 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
5542 struct hci_rp_read_local_oob_data *rp;
5544 if (skb->len != sizeof(*rp)) {
5545 status = MGMT_STATUS_FAILED;
5548 status = MGMT_STATUS_SUCCESS;
5549 rp = (void *)skb->data;
5551 eir_len = 5 + 18 + 18;
5558 struct hci_rp_read_local_oob_ext_data *rp;
5560 if (skb->len != sizeof(*rp)) {
5561 status = MGMT_STATUS_FAILED;
5564 status = MGMT_STATUS_SUCCESS;
5565 rp = (void *)skb->data;
5567 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5568 eir_len = 5 + 18 + 18;
5572 eir_len = 5 + 18 + 18 + 18 + 18;
5582 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
5589 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
5590 hdev->dev_class, 3);
5593 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5594 EIR_SSP_HASH_C192, h192, 16);
5595 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5596 EIR_SSP_RAND_R192, r192, 16);
5600 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5601 EIR_SSP_HASH_C256, h256, 16);
5602 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5603 EIR_SSP_RAND_R256, r256, 16);
5607 mgmt_rp->type = mgmt_cp->type;
5608 mgmt_rp->eir_len = cpu_to_le16(eir_len);
5610 err = mgmt_cmd_complete(cmd->sk, hdev->id,
5611 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
5612 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
5613 if (err < 0 || status)
5616 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
5618 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5619 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
5620 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
5623 mgmt_pending_remove(cmd);
5626 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
5627 struct mgmt_cp_read_local_oob_ext_data *cp)
5629 struct mgmt_pending_cmd *cmd;
5630 struct hci_request req;
5633 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
5638 hci_req_init(&req, hdev);
5640 if (bredr_sc_enabled(hdev))
5641 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
5643 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
5645 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
5647 mgmt_pending_remove(cmd);
5654 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
5655 void *data, u16 data_len)
5657 struct mgmt_cp_read_local_oob_ext_data *cp = data;
5658 struct mgmt_rp_read_local_oob_ext_data *rp;
5661 u8 status, flags, role, addr[7], hash[16], rand[16];
5664 BT_DBG("%s", hdev->name);
5666 if (hdev_is_powered(hdev)) {
5668 case BIT(BDADDR_BREDR):
5669 status = mgmt_bredr_support(hdev);
5675 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5676 status = mgmt_le_support(hdev);
5680 eir_len = 9 + 3 + 18 + 18 + 3;
5683 status = MGMT_STATUS_INVALID_PARAMS;
5688 status = MGMT_STATUS_NOT_POWERED;
5692 rp_len = sizeof(*rp) + eir_len;
5693 rp = kmalloc(rp_len, GFP_ATOMIC);
5704 case BIT(BDADDR_BREDR):
5705 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5706 err = read_local_ssp_oob_req(hdev, sk, cp);
5707 hci_dev_unlock(hdev);
5711 status = MGMT_STATUS_FAILED;
5714 eir_len = eir_append_data(rp->eir, eir_len,
5716 hdev->dev_class, 3);
5719 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5720 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5721 smp_generate_oob(hdev, hash, rand) < 0) {
5722 hci_dev_unlock(hdev);
5723 status = MGMT_STATUS_FAILED;
5727 /* This should return the active RPA, but since the RPA
5728 * is only programmed on demand, it is really hard to fill
5729 * this in at the moment. For now disallow retrieving
5730 * local out-of-band data when privacy is in use.
5732 * Returning the identity address will not help here since
5733 * pairing happens before the identity resolving key is
5734 * known and thus the connection establishment happens
5735 * based on the RPA and not the identity address.
5737 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
5738 hci_dev_unlock(hdev);
5739 status = MGMT_STATUS_REJECTED;
5743 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
5744 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
5745 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5746 bacmp(&hdev->static_addr, BDADDR_ANY))) {
5747 memcpy(addr, &hdev->static_addr, 6);
5750 memcpy(addr, &hdev->bdaddr, 6);
5754 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
5755 addr, sizeof(addr));
5757 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
5762 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
5763 &role, sizeof(role));
5765 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
5766 eir_len = eir_append_data(rp->eir, eir_len,
5768 hash, sizeof(hash));
5770 eir_len = eir_append_data(rp->eir, eir_len,
5772 rand, sizeof(rand));
5775 flags = mgmt_get_adv_discov_flags(hdev);
5777 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
5778 flags |= LE_AD_NO_BREDR;
5780 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
5781 &flags, sizeof(flags));
5785 hci_dev_unlock(hdev);
5787 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
5789 status = MGMT_STATUS_SUCCESS;
5792 rp->type = cp->type;
5793 rp->eir_len = cpu_to_le16(eir_len);
5795 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
5796 status, rp, sizeof(*rp) + eir_len);
5797 if (err < 0 || status)
5800 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5801 rp, sizeof(*rp) + eir_len,
5802 HCI_MGMT_OOB_DATA_EVENTS, sk);
5810 static u32 get_supported_adv_flags(struct hci_dev *hdev)
5814 flags |= MGMT_ADV_FLAG_CONNECTABLE;
5815 flags |= MGMT_ADV_FLAG_DISCOV;
5816 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
5817 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
5819 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
5820 flags |= MGMT_ADV_FLAG_TX_POWER;
5825 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
5826 void *data, u16 data_len)
5828 struct mgmt_rp_read_adv_features *rp;
5831 struct adv_info *adv_instance;
5832 u32 supported_flags;
5835 BT_DBG("%s", hdev->name);
5837 if (!lmp_le_capable(hdev))
5838 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5839 MGMT_STATUS_REJECTED);
5843 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
5844 rp = kmalloc(rp_len, GFP_ATOMIC);
5846 hci_dev_unlock(hdev);
5850 supported_flags = get_supported_adv_flags(hdev);
5852 rp->supported_flags = cpu_to_le32(supported_flags);
5853 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
5854 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
5855 rp->max_instances = HCI_MAX_ADV_INSTANCES;
5856 rp->num_instances = hdev->adv_instance_cnt;
5858 instance = rp->instance;
5859 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
5860 *instance = adv_instance->instance;
5864 hci_dev_unlock(hdev);
5866 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5867 MGMT_STATUS_SUCCESS, rp, rp_len);
5874 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
5875 u8 len, bool is_adv_data)
5877 u8 max_len = HCI_MAX_AD_LENGTH;
5879 bool flags_managed = false;
5880 bool tx_power_managed = false;
5883 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
5884 MGMT_ADV_FLAG_LIMITED_DISCOV |
5885 MGMT_ADV_FLAG_MANAGED_FLAGS)) {
5886 flags_managed = true;
5890 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) {
5891 tx_power_managed = true;
5899 /* Make sure that the data is correctly formatted. */
5900 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
5903 if (flags_managed && data[i + 1] == EIR_FLAGS)
5906 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
5909 /* If the current field length would exceed the total data
5910 * length, then it's invalid.
5912 if (i + cur_len >= len)
5919 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
5922 struct mgmt_pending_cmd *cmd;
5923 struct mgmt_cp_add_advertising *cp;
5924 struct mgmt_rp_add_advertising rp;
5925 struct adv_info *adv_instance, *n;
5928 BT_DBG("status %d", status);
5932 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
5934 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
5935 if (!adv_instance->pending)
5939 adv_instance->pending = false;
5943 instance = adv_instance->instance;
5945 if (hdev->cur_adv_instance == instance)
5946 cancel_adv_timeout(hdev);
5948 hci_remove_adv_instance(hdev, instance);
5949 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
5956 rp.instance = cp->instance;
5959 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5960 mgmt_status(status));
5962 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5963 mgmt_status(status), &rp, sizeof(rp));
5965 mgmt_pending_remove(cmd);
5968 hci_dev_unlock(hdev);
5971 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
5972 void *data, u16 data_len)
5974 struct mgmt_cp_add_advertising *cp = data;
5975 struct mgmt_rp_add_advertising rp;
5977 u32 supported_flags;
5979 u16 timeout, duration;
5980 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
5981 u8 schedule_instance = 0;
5982 struct adv_info *next_instance;
5984 struct mgmt_pending_cmd *cmd;
5985 struct hci_request req;
5987 BT_DBG("%s", hdev->name);
5989 status = mgmt_le_support(hdev);
5991 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
5994 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
5995 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
5996 MGMT_STATUS_INVALID_PARAMS);
5998 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
5999 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6000 MGMT_STATUS_INVALID_PARAMS);
6002 flags = __le32_to_cpu(cp->flags);
6003 timeout = __le16_to_cpu(cp->timeout);
6004 duration = __le16_to_cpu(cp->duration);
6006 /* The current implementation only supports a subset of the specified
6009 supported_flags = get_supported_adv_flags(hdev);
6010 if (flags & ~supported_flags)
6011 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6012 MGMT_STATUS_INVALID_PARAMS);
6016 if (timeout && !hdev_is_powered(hdev)) {
6017 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6018 MGMT_STATUS_REJECTED);
6022 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6023 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6024 pending_find(MGMT_OP_SET_LE, hdev)) {
6025 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6030 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6031 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6032 cp->scan_rsp_len, false)) {
6033 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6034 MGMT_STATUS_INVALID_PARAMS);
6038 err = hci_add_adv_instance(hdev, cp->instance, flags,
6039 cp->adv_data_len, cp->data,
6041 cp->data + cp->adv_data_len,
6044 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6045 MGMT_STATUS_FAILED);
6049 /* Only trigger an advertising added event if a new instance was
6052 if (hdev->adv_instance_cnt > prev_instance_cnt)
6053 mgmt_advertising_added(sk, hdev, cp->instance);
6055 if (hdev->cur_adv_instance == cp->instance) {
6056 /* If the currently advertised instance is being changed then
6057 * cancel the current advertising and schedule the next
6058 * instance. If there is only one instance then the overridden
6059 * advertising data will be visible right away.
6061 cancel_adv_timeout(hdev);
6063 next_instance = hci_get_next_instance(hdev, cp->instance);
6065 schedule_instance = next_instance->instance;
6066 } else if (!hdev->adv_instance_timeout) {
6067 /* Immediately advertise the new instance if no other
6068 * instance is currently being advertised.
6070 schedule_instance = cp->instance;
6073 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6074 * there is no instance to be advertised then we have no HCI
6075 * communication to make. Simply return.
6077 if (!hdev_is_powered(hdev) ||
6078 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6079 !schedule_instance) {
6080 rp.instance = cp->instance;
6081 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6082 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6086 /* We're good to go, update advertising data, parameters, and start
6089 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6096 hci_req_init(&req, hdev);
6098 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
6101 err = hci_req_run(&req, add_advertising_complete);
6104 mgmt_pending_remove(cmd);
6107 hci_dev_unlock(hdev);
6112 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6115 struct mgmt_pending_cmd *cmd;
6116 struct mgmt_cp_remove_advertising *cp;
6117 struct mgmt_rp_remove_advertising rp;
6119 BT_DBG("status %d", status);
6123 /* A failure status here only means that we failed to disable
6124 * advertising. Otherwise, the advertising instance has been removed,
6125 * so report success.
6127 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6132 rp.instance = cp->instance;
6134 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6136 mgmt_pending_remove(cmd);
6139 hci_dev_unlock(hdev);
6142 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6143 void *data, u16 data_len)
6145 struct mgmt_cp_remove_advertising *cp = data;
6146 struct mgmt_rp_remove_advertising rp;
6147 struct mgmt_pending_cmd *cmd;
6148 struct hci_request req;
6151 BT_DBG("%s", hdev->name);
6155 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
6156 err = mgmt_cmd_status(sk, hdev->id,
6157 MGMT_OP_REMOVE_ADVERTISING,
6158 MGMT_STATUS_INVALID_PARAMS);
6162 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6163 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6164 pending_find(MGMT_OP_SET_LE, hdev)) {
6165 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6170 if (list_empty(&hdev->adv_instances)) {
6171 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6172 MGMT_STATUS_INVALID_PARAMS);
6176 hci_req_init(&req, hdev);
6178 hci_req_clear_adv_instance(hdev, &req, cp->instance, true);
6180 if (list_empty(&hdev->adv_instances))
6181 __hci_req_disable_advertising(&req);
6183 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6184 * flag is set or the device isn't powered then we have no HCI
6185 * communication to make. Simply return.
6187 if (skb_queue_empty(&req.cmd_q) ||
6188 !hdev_is_powered(hdev) ||
6189 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6190 rp.instance = cp->instance;
6191 err = mgmt_cmd_complete(sk, hdev->id,
6192 MGMT_OP_REMOVE_ADVERTISING,
6193 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6197 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6204 err = hci_req_run(&req, remove_advertising_complete);
6206 mgmt_pending_remove(cmd);
6209 hci_dev_unlock(hdev);
6214 static u8 tlv_data_max_len(u32 adv_flags, bool is_adv_data)
6216 u8 max_len = HCI_MAX_AD_LENGTH;
6219 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6220 MGMT_ADV_FLAG_LIMITED_DISCOV |
6221 MGMT_ADV_FLAG_MANAGED_FLAGS))
6224 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6231 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6232 void *data, u16 data_len)
6234 struct mgmt_cp_get_adv_size_info *cp = data;
6235 struct mgmt_rp_get_adv_size_info rp;
6236 u32 flags, supported_flags;
6239 BT_DBG("%s", hdev->name);
6241 if (!lmp_le_capable(hdev))
6242 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6243 MGMT_STATUS_REJECTED);
6245 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6246 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6247 MGMT_STATUS_INVALID_PARAMS);
6249 flags = __le32_to_cpu(cp->flags);
6251 /* The current implementation only supports a subset of the specified
6254 supported_flags = get_supported_adv_flags(hdev);
6255 if (flags & ~supported_flags)
6256 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6257 MGMT_STATUS_INVALID_PARAMS);
6259 rp.instance = cp->instance;
6260 rp.flags = cp->flags;
6261 rp.max_adv_data_len = tlv_data_max_len(flags, true);
6262 rp.max_scan_rsp_len = tlv_data_max_len(flags, false);
6264 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6265 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6270 static const struct hci_mgmt_handler mgmt_handlers[] = {
6271 { NULL }, /* 0x0000 (no command) */
6272 { read_version, MGMT_READ_VERSION_SIZE,
6274 HCI_MGMT_UNTRUSTED },
6275 { read_commands, MGMT_READ_COMMANDS_SIZE,
6277 HCI_MGMT_UNTRUSTED },
6278 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6280 HCI_MGMT_UNTRUSTED },
6281 { read_controller_info, MGMT_READ_INFO_SIZE,
6282 HCI_MGMT_UNTRUSTED },
6283 { set_powered, MGMT_SETTING_SIZE },
6284 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6285 { set_connectable, MGMT_SETTING_SIZE },
6286 { set_fast_connectable, MGMT_SETTING_SIZE },
6287 { set_bondable, MGMT_SETTING_SIZE },
6288 { set_link_security, MGMT_SETTING_SIZE },
6289 { set_ssp, MGMT_SETTING_SIZE },
6290 { set_hs, MGMT_SETTING_SIZE },
6291 { set_le, MGMT_SETTING_SIZE },
6292 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6293 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6294 { add_uuid, MGMT_ADD_UUID_SIZE },
6295 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6296 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6298 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6300 { disconnect, MGMT_DISCONNECT_SIZE },
6301 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6302 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6303 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6304 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6305 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6306 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6307 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6308 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6309 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6310 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6311 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6312 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6313 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6315 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6316 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6317 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6318 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6319 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6320 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6321 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6322 { set_advertising, MGMT_SETTING_SIZE },
6323 { set_bredr, MGMT_SETTING_SIZE },
6324 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6325 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6326 { set_secure_conn, MGMT_SETTING_SIZE },
6327 { set_debug_keys, MGMT_SETTING_SIZE },
6328 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6329 { load_irks, MGMT_LOAD_IRKS_SIZE,
6331 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6332 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6333 { add_device, MGMT_ADD_DEVICE_SIZE },
6334 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6335 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6337 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6339 HCI_MGMT_UNTRUSTED },
6340 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6341 HCI_MGMT_UNCONFIGURED |
6342 HCI_MGMT_UNTRUSTED },
6343 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6344 HCI_MGMT_UNCONFIGURED },
6345 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6346 HCI_MGMT_UNCONFIGURED },
6347 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6349 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6350 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6352 HCI_MGMT_UNTRUSTED },
6353 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6354 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6356 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
6357 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
6358 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
6361 void mgmt_index_added(struct hci_dev *hdev)
6363 struct mgmt_ev_ext_index ev;
6365 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6368 switch (hdev->dev_type) {
6370 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6371 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6372 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6375 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6376 HCI_MGMT_INDEX_EVENTS);
6389 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6390 HCI_MGMT_EXT_INDEX_EVENTS);
6393 void mgmt_index_removed(struct hci_dev *hdev)
6395 struct mgmt_ev_ext_index ev;
6396 u8 status = MGMT_STATUS_INVALID_INDEX;
6398 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6401 switch (hdev->dev_type) {
6403 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6405 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6406 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6407 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6410 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6411 HCI_MGMT_INDEX_EVENTS);
6424 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6425 HCI_MGMT_EXT_INDEX_EVENTS);
6428 /* This function requires the caller holds hdev->lock */
6429 static void restart_le_actions(struct hci_dev *hdev)
6431 struct hci_conn_params *p;
6433 list_for_each_entry(p, &hdev->le_conn_params, list) {
6434 /* Needed for AUTO_OFF case where might not "really"
6435 * have been powered off.
6437 list_del_init(&p->action);
6439 switch (p->auto_connect) {
6440 case HCI_AUTO_CONN_DIRECT:
6441 case HCI_AUTO_CONN_ALWAYS:
6442 list_add(&p->action, &hdev->pend_le_conns);
6444 case HCI_AUTO_CONN_REPORT:
6445 list_add(&p->action, &hdev->pend_le_reports);
6453 void mgmt_power_on(struct hci_dev *hdev, int err)
6455 struct cmd_lookup match = { NULL, hdev };
6457 BT_DBG("err %d", err);
6462 restart_le_actions(hdev);
6463 hci_update_background_scan(hdev);
6466 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6468 new_settings(hdev, match.sk);
6473 hci_dev_unlock(hdev);
6476 void __mgmt_power_off(struct hci_dev *hdev)
6478 struct cmd_lookup match = { NULL, hdev };
6479 u8 status, zero_cod[] = { 0, 0, 0 };
6481 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6483 /* If the power off is because of hdev unregistration let
6484 * use the appropriate INVALID_INDEX status. Otherwise use
6485 * NOT_POWERED. We cover both scenarios here since later in
6486 * mgmt_index_removed() any hci_conn callbacks will have already
6487 * been triggered, potentially causing misleading DISCONNECTED
6490 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
6491 status = MGMT_STATUS_INVALID_INDEX;
6493 status = MGMT_STATUS_NOT_POWERED;
6495 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6497 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6498 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6499 zero_cod, sizeof(zero_cod), NULL);
6501 new_settings(hdev, match.sk);
6507 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
6509 struct mgmt_pending_cmd *cmd;
6512 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6516 if (err == -ERFKILL)
6517 status = MGMT_STATUS_RFKILLED;
6519 status = MGMT_STATUS_FAILED;
6521 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
6523 mgmt_pending_remove(cmd);
6526 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6529 struct mgmt_ev_new_link_key ev;
6531 memset(&ev, 0, sizeof(ev));
6533 ev.store_hint = persistent;
6534 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6535 ev.key.addr.type = BDADDR_BREDR;
6536 ev.key.type = key->type;
6537 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
6538 ev.key.pin_len = key->pin_len;
6540 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
6543 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6545 switch (ltk->type) {
6548 if (ltk->authenticated)
6549 return MGMT_LTK_AUTHENTICATED;
6550 return MGMT_LTK_UNAUTHENTICATED;
6552 if (ltk->authenticated)
6553 return MGMT_LTK_P256_AUTH;
6554 return MGMT_LTK_P256_UNAUTH;
6555 case SMP_LTK_P256_DEBUG:
6556 return MGMT_LTK_P256_DEBUG;
6559 return MGMT_LTK_UNAUTHENTICATED;
6562 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
6564 struct mgmt_ev_new_long_term_key ev;
6566 memset(&ev, 0, sizeof(ev));
6568 /* Devices using resolvable or non-resolvable random addresses
6569 * without providing an identity resolving key don't require
6570 * to store long term keys. Their addresses will change the
6573 * Only when a remote device provides an identity address
6574 * make sure the long term key is stored. If the remote
6575 * identity is known, the long term keys are internally
6576 * mapped to the identity address. So allow static random
6577 * and public addresses here.
6579 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6580 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6581 ev.store_hint = 0x00;
6583 ev.store_hint = persistent;
6585 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6586 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
6587 ev.key.type = mgmt_ltk_type(key);
6588 ev.key.enc_size = key->enc_size;
6589 ev.key.ediv = key->ediv;
6590 ev.key.rand = key->rand;
6592 if (key->type == SMP_LTK)
6595 /* Make sure we copy only the significant bytes based on the
6596 * encryption key size, and set the rest of the value to zeroes.
6598 memcpy(ev.key.val, key->val, key->enc_size);
6599 memset(ev.key.val + key->enc_size, 0,
6600 sizeof(ev.key.val) - key->enc_size);
6602 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
6605 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
6607 struct mgmt_ev_new_irk ev;
6609 memset(&ev, 0, sizeof(ev));
6611 ev.store_hint = persistent;
6613 bacpy(&ev.rpa, &irk->rpa);
6614 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6615 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6616 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6618 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6621 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6624 struct mgmt_ev_new_csrk ev;
6626 memset(&ev, 0, sizeof(ev));
6628 /* Devices using resolvable or non-resolvable random addresses
6629 * without providing an identity resolving key don't require
6630 * to store signature resolving keys. Their addresses will change
6631 * the next time around.
6633 * Only when a remote device provides an identity address
6634 * make sure the signature resolving key is stored. So allow
6635 * static random and public addresses here.
6637 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6638 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6639 ev.store_hint = 0x00;
6641 ev.store_hint = persistent;
6643 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6644 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6645 ev.key.type = csrk->type;
6646 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6648 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6651 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
6652 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6653 u16 max_interval, u16 latency, u16 timeout)
6655 struct mgmt_ev_new_conn_param ev;
6657 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6660 memset(&ev, 0, sizeof(ev));
6661 bacpy(&ev.addr.bdaddr, bdaddr);
6662 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
6663 ev.store_hint = store_hint;
6664 ev.min_interval = cpu_to_le16(min_interval);
6665 ev.max_interval = cpu_to_le16(max_interval);
6666 ev.latency = cpu_to_le16(latency);
6667 ev.timeout = cpu_to_le16(timeout);
6669 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6672 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6673 u32 flags, u8 *name, u8 name_len)
6676 struct mgmt_ev_device_connected *ev = (void *) buf;
6679 bacpy(&ev->addr.bdaddr, &conn->dst);
6680 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6682 ev->flags = __cpu_to_le32(flags);
6684 /* We must ensure that the EIR Data fields are ordered and
6685 * unique. Keep it simple for now and avoid the problem by not
6686 * adding any BR/EDR data to the LE adv.
6688 if (conn->le_adv_data_len > 0) {
6689 memcpy(&ev->eir[eir_len],
6690 conn->le_adv_data, conn->le_adv_data_len);
6691 eir_len = conn->le_adv_data_len;
6694 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6697 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
6698 eir_len = eir_append_data(ev->eir, eir_len,
6700 conn->dev_class, 3);
6703 ev->eir_len = cpu_to_le16(eir_len);
6705 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6706 sizeof(*ev) + eir_len, NULL);
6709 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
6711 struct sock **sk = data;
6713 cmd->cmd_complete(cmd, 0);
6718 mgmt_pending_remove(cmd);
6721 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
6723 struct hci_dev *hdev = data;
6724 struct mgmt_cp_unpair_device *cp = cmd->param;
6726 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6728 cmd->cmd_complete(cmd, 0);
6729 mgmt_pending_remove(cmd);
6732 bool mgmt_powering_down(struct hci_dev *hdev)
6734 struct mgmt_pending_cmd *cmd;
6735 struct mgmt_mode *cp;
6737 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6748 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
6749 u8 link_type, u8 addr_type, u8 reason,
6750 bool mgmt_connected)
6752 struct mgmt_ev_device_disconnected ev;
6753 struct sock *sk = NULL;
6755 /* The connection is still in hci_conn_hash so test for 1
6756 * instead of 0 to know if this is the last one.
6758 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6759 cancel_delayed_work(&hdev->power_off);
6760 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6763 if (!mgmt_connected)
6766 if (link_type != ACL_LINK && link_type != LE_LINK)
6769 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
6771 bacpy(&ev.addr.bdaddr, bdaddr);
6772 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6775 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
6780 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6784 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6785 u8 link_type, u8 addr_type, u8 status)
6787 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6788 struct mgmt_cp_disconnect *cp;
6789 struct mgmt_pending_cmd *cmd;
6791 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6794 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
6800 if (bacmp(bdaddr, &cp->addr.bdaddr))
6803 if (cp->addr.type != bdaddr_type)
6806 cmd->cmd_complete(cmd, mgmt_status(status));
6807 mgmt_pending_remove(cmd);
6810 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6811 u8 addr_type, u8 status)
6813 struct mgmt_ev_connect_failed ev;
6815 /* The connection is still in hci_conn_hash so test for 1
6816 * instead of 0 to know if this is the last one.
6818 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6819 cancel_delayed_work(&hdev->power_off);
6820 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6823 bacpy(&ev.addr.bdaddr, bdaddr);
6824 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6825 ev.status = mgmt_status(status);
6827 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
6830 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
6832 struct mgmt_ev_pin_code_request ev;
6834 bacpy(&ev.addr.bdaddr, bdaddr);
6835 ev.addr.type = BDADDR_BREDR;
6838 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
6841 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6844 struct mgmt_pending_cmd *cmd;
6846 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
6850 cmd->cmd_complete(cmd, mgmt_status(status));
6851 mgmt_pending_remove(cmd);
6854 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6857 struct mgmt_pending_cmd *cmd;
6859 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
6863 cmd->cmd_complete(cmd, mgmt_status(status));
6864 mgmt_pending_remove(cmd);
6867 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
6868 u8 link_type, u8 addr_type, u32 value,
6871 struct mgmt_ev_user_confirm_request ev;
6873 BT_DBG("%s", hdev->name);
6875 bacpy(&ev.addr.bdaddr, bdaddr);
6876 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6877 ev.confirm_hint = confirm_hint;
6878 ev.value = cpu_to_le32(value);
6880 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
6884 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
6885 u8 link_type, u8 addr_type)
6887 struct mgmt_ev_user_passkey_request ev;
6889 BT_DBG("%s", hdev->name);
6891 bacpy(&ev.addr.bdaddr, bdaddr);
6892 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6894 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
6898 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6899 u8 link_type, u8 addr_type, u8 status,
6902 struct mgmt_pending_cmd *cmd;
6904 cmd = pending_find(opcode, hdev);
6908 cmd->cmd_complete(cmd, mgmt_status(status));
6909 mgmt_pending_remove(cmd);
6914 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6915 u8 link_type, u8 addr_type, u8 status)
6917 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6918 status, MGMT_OP_USER_CONFIRM_REPLY);
6921 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6922 u8 link_type, u8 addr_type, u8 status)
6924 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6926 MGMT_OP_USER_CONFIRM_NEG_REPLY);
6929 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6930 u8 link_type, u8 addr_type, u8 status)
6932 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6933 status, MGMT_OP_USER_PASSKEY_REPLY);
6936 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6937 u8 link_type, u8 addr_type, u8 status)
6939 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6941 MGMT_OP_USER_PASSKEY_NEG_REPLY);
6944 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6945 u8 link_type, u8 addr_type, u32 passkey,
6948 struct mgmt_ev_passkey_notify ev;
6950 BT_DBG("%s", hdev->name);
6952 bacpy(&ev.addr.bdaddr, bdaddr);
6953 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6954 ev.passkey = __cpu_to_le32(passkey);
6955 ev.entered = entered;
6957 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6960 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
6962 struct mgmt_ev_auth_failed ev;
6963 struct mgmt_pending_cmd *cmd;
6964 u8 status = mgmt_status(hci_status);
6966 bacpy(&ev.addr.bdaddr, &conn->dst);
6967 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6970 cmd = find_pairing(conn);
6972 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
6973 cmd ? cmd->sk : NULL);
6976 cmd->cmd_complete(cmd, status);
6977 mgmt_pending_remove(cmd);
6981 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
6983 struct cmd_lookup match = { NULL, hdev };
6987 u8 mgmt_err = mgmt_status(status);
6988 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
6989 cmd_status_rsp, &mgmt_err);
6993 if (test_bit(HCI_AUTH, &hdev->flags))
6994 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
6996 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
6998 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7002 new_settings(hdev, match.sk);
7008 static void clear_eir(struct hci_request *req)
7010 struct hci_dev *hdev = req->hdev;
7011 struct hci_cp_write_eir cp;
7013 if (!lmp_ext_inq_capable(hdev))
7016 memset(hdev->eir, 0, sizeof(hdev->eir));
7018 memset(&cp, 0, sizeof(cp));
7020 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7023 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7025 struct cmd_lookup match = { NULL, hdev };
7026 struct hci_request req;
7027 bool changed = false;
7030 u8 mgmt_err = mgmt_status(status);
7032 if (enable && hci_dev_test_and_clear_flag(hdev,
7034 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7035 new_settings(hdev, NULL);
7038 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7044 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7046 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7048 changed = hci_dev_test_and_clear_flag(hdev,
7051 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7054 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7057 new_settings(hdev, match.sk);
7062 hci_req_init(&req, hdev);
7064 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7065 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7066 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7067 sizeof(enable), &enable);
7068 __hci_req_update_eir(&req);
7073 hci_req_run(&req, NULL);
7076 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7078 struct cmd_lookup *match = data;
7080 if (match->sk == NULL) {
7081 match->sk = cmd->sk;
7082 sock_hold(match->sk);
7086 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7089 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7091 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7092 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7093 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7096 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7097 dev_class, 3, NULL);
7103 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7105 struct mgmt_cp_set_local_name ev;
7106 struct mgmt_pending_cmd *cmd;
7111 memset(&ev, 0, sizeof(ev));
7112 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7113 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7115 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7117 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7119 /* If this is a HCI command related to powering on the
7120 * HCI dev don't send any mgmt signals.
7122 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7126 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7127 cmd ? cmd->sk : NULL);
7130 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7134 for (i = 0; i < uuid_count; i++) {
7135 if (!memcmp(uuid, uuids[i], 16))
7142 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7146 while (parsed < eir_len) {
7147 u8 field_len = eir[0];
7154 if (eir_len - parsed < field_len + 1)
7158 case EIR_UUID16_ALL:
7159 case EIR_UUID16_SOME:
7160 for (i = 0; i + 3 <= field_len; i += 2) {
7161 memcpy(uuid, bluetooth_base_uuid, 16);
7162 uuid[13] = eir[i + 3];
7163 uuid[12] = eir[i + 2];
7164 if (has_uuid(uuid, uuid_count, uuids))
7168 case EIR_UUID32_ALL:
7169 case EIR_UUID32_SOME:
7170 for (i = 0; i + 5 <= field_len; i += 4) {
7171 memcpy(uuid, bluetooth_base_uuid, 16);
7172 uuid[15] = eir[i + 5];
7173 uuid[14] = eir[i + 4];
7174 uuid[13] = eir[i + 3];
7175 uuid[12] = eir[i + 2];
7176 if (has_uuid(uuid, uuid_count, uuids))
7180 case EIR_UUID128_ALL:
7181 case EIR_UUID128_SOME:
7182 for (i = 0; i + 17 <= field_len; i += 16) {
7183 memcpy(uuid, eir + i + 2, 16);
7184 if (has_uuid(uuid, uuid_count, uuids))
7190 parsed += field_len + 1;
7191 eir += field_len + 1;
7197 static void restart_le_scan(struct hci_dev *hdev)
7199 /* If controller is not scanning we are done. */
7200 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7203 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7204 hdev->discovery.scan_start +
7205 hdev->discovery.scan_duration))
7208 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
7209 DISCOV_LE_RESTART_DELAY);
7212 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7213 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7215 /* If a RSSI threshold has been specified, and
7216 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7217 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7218 * is set, let it through for further processing, as we might need to
7221 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7222 * the results are also dropped.
7224 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7225 (rssi == HCI_RSSI_INVALID ||
7226 (rssi < hdev->discovery.rssi &&
7227 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7230 if (hdev->discovery.uuid_count != 0) {
7231 /* If a list of UUIDs is provided in filter, results with no
7232 * matching UUID should be dropped.
7234 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7235 hdev->discovery.uuids) &&
7236 !eir_has_uuids(scan_rsp, scan_rsp_len,
7237 hdev->discovery.uuid_count,
7238 hdev->discovery.uuids))
7242 /* If duplicate filtering does not report RSSI changes, then restart
7243 * scanning to ensure updated result with updated RSSI values.
7245 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7246 restart_le_scan(hdev);
7248 /* Validate RSSI value against the RSSI threshold once more. */
7249 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7250 rssi < hdev->discovery.rssi)
7257 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7258 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7259 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7262 struct mgmt_ev_device_found *ev = (void *)buf;
7265 /* Don't send events for a non-kernel initiated discovery. With
7266 * LE one exception is if we have pend_le_reports > 0 in which
7267 * case we're doing passive scanning and want these events.
7269 if (!hci_discovery_active(hdev)) {
7270 if (link_type == ACL_LINK)
7272 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7276 if (hdev->discovery.result_filtering) {
7277 /* We are using service discovery */
7278 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7283 if (hdev->discovery.limited) {
7284 /* Check for limited discoverable bit */
7286 if (!(dev_class[1] & 0x20))
7289 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7290 if (!flags || !(flags[0] & LE_AD_LIMITED))
7295 /* Make sure that the buffer is big enough. The 5 extra bytes
7296 * are for the potential CoD field.
7298 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7301 memset(buf, 0, sizeof(buf));
7303 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7304 * RSSI value was reported as 0 when not available. This behavior
7305 * is kept when using device discovery. This is required for full
7306 * backwards compatibility with the API.
7308 * However when using service discovery, the value 127 will be
7309 * returned when the RSSI is not available.
7311 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7312 link_type == ACL_LINK)
7315 bacpy(&ev->addr.bdaddr, bdaddr);
7316 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7318 ev->flags = cpu_to_le32(flags);
7321 /* Copy EIR or advertising data into event */
7322 memcpy(ev->eir, eir, eir_len);
7324 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7326 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7329 if (scan_rsp_len > 0)
7330 /* Append scan response data to event */
7331 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7333 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7334 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7336 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7339 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7340 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7342 struct mgmt_ev_device_found *ev;
7343 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7346 ev = (struct mgmt_ev_device_found *) buf;
7348 memset(buf, 0, sizeof(buf));
7350 bacpy(&ev->addr.bdaddr, bdaddr);
7351 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7354 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7357 ev->eir_len = cpu_to_le16(eir_len);
7359 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7362 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7364 struct mgmt_ev_discovering ev;
7366 BT_DBG("%s discovering %u", hdev->name, discovering);
7368 memset(&ev, 0, sizeof(ev));
7369 ev.type = hdev->discovery.type;
7370 ev.discovering = discovering;
7372 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7375 static struct hci_mgmt_chan chan = {
7376 .channel = HCI_CHANNEL_CONTROL,
7377 .handler_count = ARRAY_SIZE(mgmt_handlers),
7378 .handlers = mgmt_handlers,
7379 .hdev_init = mgmt_init_hdev,
7384 return hci_mgmt_chan_register(&chan);
7387 void mgmt_exit(void)
7389 hci_mgmt_chan_unregister(&chan);
projects / cascardo / linux.git / blob