2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 14
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
105 MGMT_OP_GET_ADV_SIZE_INFO,
106 MGMT_OP_START_LIMITED_DISCOVERY,
107 MGMT_OP_READ_EXT_INFO,
108 MGMT_OP_SET_APPEARANCE,
111 static const u16 mgmt_events[] = {
112 MGMT_EV_CONTROLLER_ERROR,
114 MGMT_EV_INDEX_REMOVED,
115 MGMT_EV_NEW_SETTINGS,
116 MGMT_EV_CLASS_OF_DEV_CHANGED,
117 MGMT_EV_LOCAL_NAME_CHANGED,
118 MGMT_EV_NEW_LINK_KEY,
119 MGMT_EV_NEW_LONG_TERM_KEY,
120 MGMT_EV_DEVICE_CONNECTED,
121 MGMT_EV_DEVICE_DISCONNECTED,
122 MGMT_EV_CONNECT_FAILED,
123 MGMT_EV_PIN_CODE_REQUEST,
124 MGMT_EV_USER_CONFIRM_REQUEST,
125 MGMT_EV_USER_PASSKEY_REQUEST,
127 MGMT_EV_DEVICE_FOUND,
129 MGMT_EV_DEVICE_BLOCKED,
130 MGMT_EV_DEVICE_UNBLOCKED,
131 MGMT_EV_DEVICE_UNPAIRED,
132 MGMT_EV_PASSKEY_NOTIFY,
135 MGMT_EV_DEVICE_ADDED,
136 MGMT_EV_DEVICE_REMOVED,
137 MGMT_EV_NEW_CONN_PARAM,
138 MGMT_EV_UNCONF_INDEX_ADDED,
139 MGMT_EV_UNCONF_INDEX_REMOVED,
140 MGMT_EV_NEW_CONFIG_OPTIONS,
141 MGMT_EV_EXT_INDEX_ADDED,
142 MGMT_EV_EXT_INDEX_REMOVED,
143 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
144 MGMT_EV_ADVERTISING_ADDED,
145 MGMT_EV_ADVERTISING_REMOVED,
146 MGMT_EV_EXT_INFO_CHANGED,
149 static const u16 mgmt_untrusted_commands[] = {
150 MGMT_OP_READ_INDEX_LIST,
152 MGMT_OP_READ_UNCONF_INDEX_LIST,
153 MGMT_OP_READ_CONFIG_INFO,
154 MGMT_OP_READ_EXT_INDEX_LIST,
155 MGMT_OP_READ_EXT_INFO,
158 static const u16 mgmt_untrusted_events[] = {
160 MGMT_EV_INDEX_REMOVED,
161 MGMT_EV_NEW_SETTINGS,
162 MGMT_EV_CLASS_OF_DEV_CHANGED,
163 MGMT_EV_LOCAL_NAME_CHANGED,
164 MGMT_EV_UNCONF_INDEX_ADDED,
165 MGMT_EV_UNCONF_INDEX_REMOVED,
166 MGMT_EV_NEW_CONFIG_OPTIONS,
167 MGMT_EV_EXT_INDEX_ADDED,
168 MGMT_EV_EXT_INDEX_REMOVED,
169 MGMT_EV_EXT_INFO_CHANGED,
172 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
174 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
175 "\x00\x00\x00\x00\x00\x00\x00\x00"
177 /* HCI to MGMT error code conversion table */
178 static u8 mgmt_status_table[] = {
180 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
181 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
182 MGMT_STATUS_FAILED, /* Hardware Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
184 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
185 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
186 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
187 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
188 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
189 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
190 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
191 MGMT_STATUS_BUSY, /* Command Disallowed */
192 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
193 MGMT_STATUS_REJECTED, /* Rejected Security */
194 MGMT_STATUS_REJECTED, /* Rejected Personal */
195 MGMT_STATUS_TIMEOUT, /* Host Timeout */
196 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
197 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
198 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
199 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
200 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
201 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
202 MGMT_STATUS_BUSY, /* Repeated Attempts */
203 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
204 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
206 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
207 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
208 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
209 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
210 MGMT_STATUS_FAILED, /* Unspecified Error */
211 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
212 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
213 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
214 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
215 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
216 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
217 MGMT_STATUS_FAILED, /* Unit Link Key Used */
218 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
219 MGMT_STATUS_TIMEOUT, /* Instant Passed */
220 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
221 MGMT_STATUS_FAILED, /* Transaction Collision */
222 MGMT_STATUS_FAILED, /* Reserved for future use */
223 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
224 MGMT_STATUS_REJECTED, /* QoS Rejected */
225 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
226 MGMT_STATUS_REJECTED, /* Insufficient Security */
227 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
228 MGMT_STATUS_FAILED, /* Reserved for future use */
229 MGMT_STATUS_BUSY, /* Role Switch Pending */
230 MGMT_STATUS_FAILED, /* Reserved for future use */
231 MGMT_STATUS_FAILED, /* Slot Violation */
232 MGMT_STATUS_FAILED, /* Role Switch Failed */
233 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
234 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
235 MGMT_STATUS_BUSY, /* Host Busy Pairing */
236 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
237 MGMT_STATUS_BUSY, /* Controller Busy */
238 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
239 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
240 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
241 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
242 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
245 static u8 mgmt_status(u8 hci_status)
247 if (hci_status < ARRAY_SIZE(mgmt_status_table))
248 return mgmt_status_table[hci_status];
250 return MGMT_STATUS_FAILED;
253 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
256 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
260 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
261 u16 len, int flag, struct sock *skip_sk)
263 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
267 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
268 struct sock *skip_sk)
270 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
271 HCI_SOCK_TRUSTED, skip_sk);
274 static u8 le_addr_type(u8 mgmt_addr_type)
276 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
277 return ADDR_LE_DEV_PUBLIC;
279 return ADDR_LE_DEV_RANDOM;
282 void mgmt_fill_version_info(void *ver)
284 struct mgmt_rp_read_version *rp = ver;
286 rp->version = MGMT_VERSION;
287 rp->revision = cpu_to_le16(MGMT_REVISION);
290 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
293 struct mgmt_rp_read_version rp;
295 BT_DBG("sock %p", sk);
297 mgmt_fill_version_info(&rp);
299 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
303 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
306 struct mgmt_rp_read_commands *rp;
307 u16 num_commands, num_events;
311 BT_DBG("sock %p", sk);
313 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
314 num_commands = ARRAY_SIZE(mgmt_commands);
315 num_events = ARRAY_SIZE(mgmt_events);
317 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
318 num_events = ARRAY_SIZE(mgmt_untrusted_events);
321 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
323 rp = kmalloc(rp_size, GFP_KERNEL);
327 rp->num_commands = cpu_to_le16(num_commands);
328 rp->num_events = cpu_to_le16(num_events);
330 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
331 __le16 *opcode = rp->opcodes;
333 for (i = 0; i < num_commands; i++, opcode++)
334 put_unaligned_le16(mgmt_commands[i], opcode);
336 for (i = 0; i < num_events; i++, opcode++)
337 put_unaligned_le16(mgmt_events[i], opcode);
339 __le16 *opcode = rp->opcodes;
341 for (i = 0; i < num_commands; i++, opcode++)
342 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
344 for (i = 0; i < num_events; i++, opcode++)
345 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
348 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
355 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
358 struct mgmt_rp_read_index_list *rp;
364 BT_DBG("sock %p", sk);
366 read_lock(&hci_dev_list_lock);
369 list_for_each_entry(d, &hci_dev_list, list) {
370 if (d->dev_type == HCI_PRIMARY &&
371 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
375 rp_len = sizeof(*rp) + (2 * count);
376 rp = kmalloc(rp_len, GFP_ATOMIC);
378 read_unlock(&hci_dev_list_lock);
383 list_for_each_entry(d, &hci_dev_list, list) {
384 if (hci_dev_test_flag(d, HCI_SETUP) ||
385 hci_dev_test_flag(d, HCI_CONFIG) ||
386 hci_dev_test_flag(d, HCI_USER_CHANNEL))
389 /* Devices marked as raw-only are neither configured
390 * nor unconfigured controllers.
392 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
395 if (d->dev_type == HCI_PRIMARY &&
396 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
397 rp->index[count++] = cpu_to_le16(d->id);
398 BT_DBG("Added hci%u", d->id);
402 rp->num_controllers = cpu_to_le16(count);
403 rp_len = sizeof(*rp) + (2 * count);
405 read_unlock(&hci_dev_list_lock);
407 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
415 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
416 void *data, u16 data_len)
418 struct mgmt_rp_read_unconf_index_list *rp;
424 BT_DBG("sock %p", sk);
426 read_lock(&hci_dev_list_lock);
429 list_for_each_entry(d, &hci_dev_list, list) {
430 if (d->dev_type == HCI_PRIMARY &&
431 hci_dev_test_flag(d, HCI_UNCONFIGURED))
435 rp_len = sizeof(*rp) + (2 * count);
436 rp = kmalloc(rp_len, GFP_ATOMIC);
438 read_unlock(&hci_dev_list_lock);
443 list_for_each_entry(d, &hci_dev_list, list) {
444 if (hci_dev_test_flag(d, HCI_SETUP) ||
445 hci_dev_test_flag(d, HCI_CONFIG) ||
446 hci_dev_test_flag(d, HCI_USER_CHANNEL))
449 /* Devices marked as raw-only are neither configured
450 * nor unconfigured controllers.
452 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
455 if (d->dev_type == HCI_PRIMARY &&
456 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
457 rp->index[count++] = cpu_to_le16(d->id);
458 BT_DBG("Added hci%u", d->id);
462 rp->num_controllers = cpu_to_le16(count);
463 rp_len = sizeof(*rp) + (2 * count);
465 read_unlock(&hci_dev_list_lock);
467 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
468 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
475 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
476 void *data, u16 data_len)
478 struct mgmt_rp_read_ext_index_list *rp;
484 BT_DBG("sock %p", sk);
486 read_lock(&hci_dev_list_lock);
489 list_for_each_entry(d, &hci_dev_list, list) {
490 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
494 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
495 rp = kmalloc(rp_len, GFP_ATOMIC);
497 read_unlock(&hci_dev_list_lock);
502 list_for_each_entry(d, &hci_dev_list, list) {
503 if (hci_dev_test_flag(d, HCI_SETUP) ||
504 hci_dev_test_flag(d, HCI_CONFIG) ||
505 hci_dev_test_flag(d, HCI_USER_CHANNEL))
508 /* Devices marked as raw-only are neither configured
509 * nor unconfigured controllers.
511 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
514 if (d->dev_type == HCI_PRIMARY) {
515 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
516 rp->entry[count].type = 0x01;
518 rp->entry[count].type = 0x00;
519 } else if (d->dev_type == HCI_AMP) {
520 rp->entry[count].type = 0x02;
525 rp->entry[count].bus = d->bus;
526 rp->entry[count++].index = cpu_to_le16(d->id);
527 BT_DBG("Added hci%u", d->id);
530 rp->num_controllers = cpu_to_le16(count);
531 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
533 read_unlock(&hci_dev_list_lock);
535 /* If this command is called at least once, then all the
536 * default index and unconfigured index events are disabled
537 * and from now on only extended index events are used.
539 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
540 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
541 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
543 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
544 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
551 static bool is_configured(struct hci_dev *hdev)
553 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
554 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
557 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
558 !bacmp(&hdev->public_addr, BDADDR_ANY))
564 static __le32 get_missing_options(struct hci_dev *hdev)
568 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
569 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
570 options |= MGMT_OPTION_EXTERNAL_CONFIG;
572 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
573 !bacmp(&hdev->public_addr, BDADDR_ANY))
574 options |= MGMT_OPTION_PUBLIC_ADDRESS;
576 return cpu_to_le32(options);
579 static int new_options(struct hci_dev *hdev, struct sock *skip)
581 __le32 options = get_missing_options(hdev);
583 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
584 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
587 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
589 __le32 options = get_missing_options(hdev);
591 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
595 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
596 void *data, u16 data_len)
598 struct mgmt_rp_read_config_info rp;
601 BT_DBG("sock %p %s", sk, hdev->name);
605 memset(&rp, 0, sizeof(rp));
606 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
608 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
609 options |= MGMT_OPTION_EXTERNAL_CONFIG;
611 if (hdev->set_bdaddr)
612 options |= MGMT_OPTION_PUBLIC_ADDRESS;
614 rp.supported_options = cpu_to_le32(options);
615 rp.missing_options = get_missing_options(hdev);
617 hci_dev_unlock(hdev);
619 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
623 static u32 get_supported_settings(struct hci_dev *hdev)
627 settings |= MGMT_SETTING_POWERED;
628 settings |= MGMT_SETTING_BONDABLE;
629 settings |= MGMT_SETTING_DEBUG_KEYS;
630 settings |= MGMT_SETTING_CONNECTABLE;
631 settings |= MGMT_SETTING_DISCOVERABLE;
633 if (lmp_bredr_capable(hdev)) {
634 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
635 settings |= MGMT_SETTING_FAST_CONNECTABLE;
636 settings |= MGMT_SETTING_BREDR;
637 settings |= MGMT_SETTING_LINK_SECURITY;
639 if (lmp_ssp_capable(hdev)) {
640 settings |= MGMT_SETTING_SSP;
641 if (IS_ENABLED(CONFIG_BT_HS))
642 settings |= MGMT_SETTING_HS;
645 if (lmp_sc_capable(hdev))
646 settings |= MGMT_SETTING_SECURE_CONN;
649 if (lmp_le_capable(hdev)) {
650 settings |= MGMT_SETTING_LE;
651 settings |= MGMT_SETTING_ADVERTISING;
652 settings |= MGMT_SETTING_SECURE_CONN;
653 settings |= MGMT_SETTING_PRIVACY;
654 settings |= MGMT_SETTING_STATIC_ADDRESS;
657 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
659 settings |= MGMT_SETTING_CONFIGURATION;
664 static u32 get_current_settings(struct hci_dev *hdev)
668 if (hdev_is_powered(hdev))
669 settings |= MGMT_SETTING_POWERED;
671 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
672 settings |= MGMT_SETTING_CONNECTABLE;
674 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
675 settings |= MGMT_SETTING_FAST_CONNECTABLE;
677 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
678 settings |= MGMT_SETTING_DISCOVERABLE;
680 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
681 settings |= MGMT_SETTING_BONDABLE;
683 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
684 settings |= MGMT_SETTING_BREDR;
686 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
687 settings |= MGMT_SETTING_LE;
689 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
690 settings |= MGMT_SETTING_LINK_SECURITY;
692 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
693 settings |= MGMT_SETTING_SSP;
695 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
696 settings |= MGMT_SETTING_HS;
698 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
699 settings |= MGMT_SETTING_ADVERTISING;
701 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
702 settings |= MGMT_SETTING_SECURE_CONN;
704 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
705 settings |= MGMT_SETTING_DEBUG_KEYS;
707 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
708 settings |= MGMT_SETTING_PRIVACY;
710 /* The current setting for static address has two purposes. The
711 * first is to indicate if the static address will be used and
712 * the second is to indicate if it is actually set.
714 * This means if the static address is not configured, this flag
715 * will never be set. If the address is configured, then if the
716 * address is actually used decides if the flag is set or not.
718 * For single mode LE only controllers and dual-mode controllers
719 * with BR/EDR disabled, the existence of the static address will
722 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
723 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
724 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
725 if (bacmp(&hdev->static_addr, BDADDR_ANY))
726 settings |= MGMT_SETTING_STATIC_ADDRESS;
732 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
734 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
737 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
738 struct hci_dev *hdev,
741 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
744 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
746 struct mgmt_pending_cmd *cmd;
748 /* If there's a pending mgmt command the flags will not yet have
749 * their final values, so check for this first.
751 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
753 struct mgmt_mode *cp = cmd->param;
755 return LE_AD_GENERAL;
756 else if (cp->val == 0x02)
757 return LE_AD_LIMITED;
759 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
760 return LE_AD_LIMITED;
761 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
762 return LE_AD_GENERAL;
768 bool mgmt_get_connectable(struct hci_dev *hdev)
770 struct mgmt_pending_cmd *cmd;
772 /* If there's a pending mgmt command the flag will not yet have
773 * it's final value, so check for this first.
775 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
777 struct mgmt_mode *cp = cmd->param;
782 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
785 static void service_cache_off(struct work_struct *work)
787 struct hci_dev *hdev = container_of(work, struct hci_dev,
789 struct hci_request req;
791 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
794 hci_req_init(&req, hdev);
798 __hci_req_update_eir(&req);
799 __hci_req_update_class(&req);
801 hci_dev_unlock(hdev);
803 hci_req_run(&req, NULL);
806 static void rpa_expired(struct work_struct *work)
808 struct hci_dev *hdev = container_of(work, struct hci_dev,
810 struct hci_request req;
814 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
816 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
819 /* The generation of a new RPA and programming it into the
820 * controller happens in the hci_req_enable_advertising()
823 hci_req_init(&req, hdev);
824 __hci_req_enable_advertising(&req);
825 hci_req_run(&req, NULL);
828 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
830 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
833 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
834 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
836 /* Non-mgmt controlled devices get this bit set
837 * implicitly so that pairing works for them, however
838 * for mgmt we require user-space to explicitly enable
841 hci_dev_clear_flag(hdev, HCI_BONDABLE);
844 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
845 void *data, u16 data_len)
847 struct mgmt_rp_read_info rp;
849 BT_DBG("sock %p %s", sk, hdev->name);
853 memset(&rp, 0, sizeof(rp));
855 bacpy(&rp.bdaddr, &hdev->bdaddr);
857 rp.version = hdev->hci_ver;
858 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
860 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
861 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
863 memcpy(rp.dev_class, hdev->dev_class, 3);
865 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
866 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
868 hci_dev_unlock(hdev);
870 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
874 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
879 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
880 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
883 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
884 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
887 name_len = strlen(hdev->dev_name);
888 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
889 hdev->dev_name, name_len);
891 name_len = strlen(hdev->short_name);
892 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
893 hdev->short_name, name_len);
898 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
899 void *data, u16 data_len)
902 struct mgmt_rp_read_ext_info *rp = (void *)buf;
905 BT_DBG("sock %p %s", sk, hdev->name);
907 memset(&buf, 0, sizeof(buf));
911 bacpy(&rp->bdaddr, &hdev->bdaddr);
913 rp->version = hdev->hci_ver;
914 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
916 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
917 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
920 eir_len = append_eir_data_to_buf(hdev, rp->eir);
921 rp->eir_len = cpu_to_le16(eir_len);
923 hci_dev_unlock(hdev);
925 /* If this command is called at least once, then the events
926 * for class of device and local name changes are disabled
927 * and only the new extended controller information event
930 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
931 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
932 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
934 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
935 sizeof(*rp) + eir_len);
938 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
941 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
944 memset(buf, 0, sizeof(buf));
946 eir_len = append_eir_data_to_buf(hdev, ev->eir);
947 ev->eir_len = cpu_to_le16(eir_len);
949 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
950 sizeof(*ev) + eir_len,
951 HCI_MGMT_EXT_INFO_EVENTS, skip);
954 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
956 __le32 settings = cpu_to_le32(get_current_settings(hdev));
958 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
962 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
964 BT_DBG("%s status 0x%02x", hdev->name, status);
966 if (hci_conn_count(hdev) == 0) {
967 cancel_delayed_work(&hdev->power_off);
968 queue_work(hdev->req_workqueue, &hdev->power_off.work);
972 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
974 struct mgmt_ev_advertising_added ev;
976 ev.instance = instance;
978 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
981 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
984 struct mgmt_ev_advertising_removed ev;
986 ev.instance = instance;
988 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
991 static void cancel_adv_timeout(struct hci_dev *hdev)
993 if (hdev->adv_instance_timeout) {
994 hdev->adv_instance_timeout = 0;
995 cancel_delayed_work(&hdev->adv_instance_expire);
999 static int clean_up_hci_state(struct hci_dev *hdev)
1001 struct hci_request req;
1002 struct hci_conn *conn;
1003 bool discov_stopped;
1006 hci_req_init(&req, hdev);
1008 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1009 test_bit(HCI_PSCAN, &hdev->flags)) {
1011 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1014 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1016 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1017 __hci_req_disable_advertising(&req);
1019 discov_stopped = hci_req_stop_discovery(&req);
1021 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1022 /* 0x15 == Terminated due to Power Off */
1023 __hci_abort_conn(&req, conn, 0x15);
1026 err = hci_req_run(&req, clean_up_hci_complete);
1027 if (!err && discov_stopped)
1028 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1033 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1036 struct mgmt_mode *cp = data;
1037 struct mgmt_pending_cmd *cmd;
1040 BT_DBG("request for %s", hdev->name);
1042 if (cp->val != 0x00 && cp->val != 0x01)
1043 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1044 MGMT_STATUS_INVALID_PARAMS);
1048 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1049 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1054 if (!!cp->val == hdev_is_powered(hdev)) {
1055 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1059 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1066 queue_work(hdev->req_workqueue, &hdev->power_on);
1069 /* Disconnect connections, stop scans, etc */
1070 err = clean_up_hci_state(hdev);
1072 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1073 HCI_POWER_OFF_TIMEOUT);
1075 /* ENODATA means there were no HCI commands queued */
1076 if (err == -ENODATA) {
1077 cancel_delayed_work(&hdev->power_off);
1078 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1084 hci_dev_unlock(hdev);
1088 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1090 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1092 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1093 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1096 int mgmt_new_settings(struct hci_dev *hdev)
1098 return new_settings(hdev, NULL);
1103 struct hci_dev *hdev;
1107 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1109 struct cmd_lookup *match = data;
1111 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1113 list_del(&cmd->list);
1115 if (match->sk == NULL) {
1116 match->sk = cmd->sk;
1117 sock_hold(match->sk);
1120 mgmt_pending_free(cmd);
1123 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1127 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1128 mgmt_pending_remove(cmd);
1131 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1133 if (cmd->cmd_complete) {
1136 cmd->cmd_complete(cmd, *status);
1137 mgmt_pending_remove(cmd);
1142 cmd_status_rsp(cmd, data);
1145 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1147 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1148 cmd->param, cmd->param_len);
1151 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1153 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1154 cmd->param, sizeof(struct mgmt_addr_info));
1157 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1159 if (!lmp_bredr_capable(hdev))
1160 return MGMT_STATUS_NOT_SUPPORTED;
1161 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1162 return MGMT_STATUS_REJECTED;
1164 return MGMT_STATUS_SUCCESS;
1167 static u8 mgmt_le_support(struct hci_dev *hdev)
1169 if (!lmp_le_capable(hdev))
1170 return MGMT_STATUS_NOT_SUPPORTED;
1171 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1172 return MGMT_STATUS_REJECTED;
1174 return MGMT_STATUS_SUCCESS;
1177 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1179 struct mgmt_pending_cmd *cmd;
1181 BT_DBG("status 0x%02x", status);
1185 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1190 u8 mgmt_err = mgmt_status(status);
1191 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1192 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1196 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1197 hdev->discov_timeout > 0) {
1198 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1199 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1202 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1203 new_settings(hdev, cmd->sk);
1206 mgmt_pending_remove(cmd);
1209 hci_dev_unlock(hdev);
1212 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1215 struct mgmt_cp_set_discoverable *cp = data;
1216 struct mgmt_pending_cmd *cmd;
1220 BT_DBG("request for %s", hdev->name);
1222 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1223 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1224 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1225 MGMT_STATUS_REJECTED);
1227 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1228 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1229 MGMT_STATUS_INVALID_PARAMS);
1231 timeout = __le16_to_cpu(cp->timeout);
1233 /* Disabling discoverable requires that no timeout is set,
1234 * and enabling limited discoverable requires a timeout.
1236 if ((cp->val == 0x00 && timeout > 0) ||
1237 (cp->val == 0x02 && timeout == 0))
1238 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1239 MGMT_STATUS_INVALID_PARAMS);
1243 if (!hdev_is_powered(hdev) && timeout > 0) {
1244 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1245 MGMT_STATUS_NOT_POWERED);
1249 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1250 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1251 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1256 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1257 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1258 MGMT_STATUS_REJECTED);
1262 if (!hdev_is_powered(hdev)) {
1263 bool changed = false;
1265 /* Setting limited discoverable when powered off is
1266 * not a valid operation since it requires a timeout
1267 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1269 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1270 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1274 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1279 err = new_settings(hdev, sk);
1284 /* If the current mode is the same, then just update the timeout
1285 * value with the new value. And if only the timeout gets updated,
1286 * then no need for any HCI transactions.
1288 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1289 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1290 HCI_LIMITED_DISCOVERABLE)) {
1291 cancel_delayed_work(&hdev->discov_off);
1292 hdev->discov_timeout = timeout;
1294 if (cp->val && hdev->discov_timeout > 0) {
1295 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1296 queue_delayed_work(hdev->req_workqueue,
1297 &hdev->discov_off, to);
1300 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1304 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1310 /* Cancel any potential discoverable timeout that might be
1311 * still active and store new timeout value. The arming of
1312 * the timeout happens in the complete handler.
1314 cancel_delayed_work(&hdev->discov_off);
1315 hdev->discov_timeout = timeout;
1318 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1320 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1322 /* Limited discoverable mode */
1323 if (cp->val == 0x02)
1324 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1326 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1328 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1332 hci_dev_unlock(hdev);
1336 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1338 struct mgmt_pending_cmd *cmd;
1340 BT_DBG("status 0x%02x", status);
1344 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1349 u8 mgmt_err = mgmt_status(status);
1350 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1354 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1355 new_settings(hdev, cmd->sk);
1358 mgmt_pending_remove(cmd);
1361 hci_dev_unlock(hdev);
1364 static int set_connectable_update_settings(struct hci_dev *hdev,
1365 struct sock *sk, u8 val)
1367 bool changed = false;
1370 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1374 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1376 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1377 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1380 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1385 hci_req_update_scan(hdev);
1386 hci_update_background_scan(hdev);
1387 return new_settings(hdev, sk);
1393 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1396 struct mgmt_mode *cp = data;
1397 struct mgmt_pending_cmd *cmd;
1400 BT_DBG("request for %s", hdev->name);
1402 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1403 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1405 MGMT_STATUS_REJECTED);
1407 if (cp->val != 0x00 && cp->val != 0x01)
1408 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1409 MGMT_STATUS_INVALID_PARAMS);
1413 if (!hdev_is_powered(hdev)) {
1414 err = set_connectable_update_settings(hdev, sk, cp->val);
1418 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1419 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1420 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1425 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1432 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1434 if (hdev->discov_timeout > 0)
1435 cancel_delayed_work(&hdev->discov_off);
1437 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1438 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1439 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1442 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1446 hci_dev_unlock(hdev);
1450 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1453 struct mgmt_mode *cp = data;
1457 BT_DBG("request for %s", hdev->name);
1459 if (cp->val != 0x00 && cp->val != 0x01)
1460 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1461 MGMT_STATUS_INVALID_PARAMS);
1466 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1468 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1470 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1475 /* In limited privacy mode the change of bondable mode
1476 * may affect the local advertising address.
1478 if (hdev_is_powered(hdev) &&
1479 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1480 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1481 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1482 queue_work(hdev->req_workqueue,
1483 &hdev->discoverable_update);
1485 err = new_settings(hdev, sk);
1489 hci_dev_unlock(hdev);
1493 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1496 struct mgmt_mode *cp = data;
1497 struct mgmt_pending_cmd *cmd;
1501 BT_DBG("request for %s", hdev->name);
1503 status = mgmt_bredr_support(hdev);
1505 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1508 if (cp->val != 0x00 && cp->val != 0x01)
1509 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1510 MGMT_STATUS_INVALID_PARAMS);
1514 if (!hdev_is_powered(hdev)) {
1515 bool changed = false;
1517 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1518 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1522 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1527 err = new_settings(hdev, sk);
1532 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1533 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1540 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1541 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1545 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1551 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1553 mgmt_pending_remove(cmd);
1558 hci_dev_unlock(hdev);
1562 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1564 struct mgmt_mode *cp = data;
1565 struct mgmt_pending_cmd *cmd;
1569 BT_DBG("request for %s", hdev->name);
1571 status = mgmt_bredr_support(hdev);
1573 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1575 if (!lmp_ssp_capable(hdev))
1576 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1577 MGMT_STATUS_NOT_SUPPORTED);
1579 if (cp->val != 0x00 && cp->val != 0x01)
1580 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1581 MGMT_STATUS_INVALID_PARAMS);
1585 if (!hdev_is_powered(hdev)) {
1589 changed = !hci_dev_test_and_set_flag(hdev,
1592 changed = hci_dev_test_and_clear_flag(hdev,
1595 changed = hci_dev_test_and_clear_flag(hdev,
1598 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1601 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1606 err = new_settings(hdev, sk);
1611 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1612 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1617 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1618 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1622 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1628 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1629 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1630 sizeof(cp->val), &cp->val);
1632 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1634 mgmt_pending_remove(cmd);
1639 hci_dev_unlock(hdev);
1643 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1645 struct mgmt_mode *cp = data;
1650 BT_DBG("request for %s", hdev->name);
1652 if (!IS_ENABLED(CONFIG_BT_HS))
1653 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1654 MGMT_STATUS_NOT_SUPPORTED);
1656 status = mgmt_bredr_support(hdev);
1658 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1660 if (!lmp_ssp_capable(hdev))
1661 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1662 MGMT_STATUS_NOT_SUPPORTED);
1664 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1665 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1666 MGMT_STATUS_REJECTED);
1668 if (cp->val != 0x00 && cp->val != 0x01)
1669 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1670 MGMT_STATUS_INVALID_PARAMS);
1674 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1675 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1681 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1683 if (hdev_is_powered(hdev)) {
1684 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1685 MGMT_STATUS_REJECTED);
1689 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1692 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1697 err = new_settings(hdev, sk);
1700 hci_dev_unlock(hdev);
1704 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1706 struct cmd_lookup match = { NULL, hdev };
1711 u8 mgmt_err = mgmt_status(status);
1713 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1718 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1720 new_settings(hdev, match.sk);
1725 /* Make sure the controller has a good default for
1726 * advertising data. Restrict the update to when LE
1727 * has actually been enabled. During power on, the
1728 * update in powered_update_hci will take care of it.
1730 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1731 struct hci_request req;
1733 hci_req_init(&req, hdev);
1734 __hci_req_update_adv_data(&req, 0x00);
1735 __hci_req_update_scan_rsp_data(&req, 0x00);
1736 hci_req_run(&req, NULL);
1737 hci_update_background_scan(hdev);
1741 hci_dev_unlock(hdev);
1744 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1746 struct mgmt_mode *cp = data;
1747 struct hci_cp_write_le_host_supported hci_cp;
1748 struct mgmt_pending_cmd *cmd;
1749 struct hci_request req;
1753 BT_DBG("request for %s", hdev->name);
1755 if (!lmp_le_capable(hdev))
1756 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1757 MGMT_STATUS_NOT_SUPPORTED);
1759 if (cp->val != 0x00 && cp->val != 0x01)
1760 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1761 MGMT_STATUS_INVALID_PARAMS);
1763 /* Bluetooth single mode LE only controllers or dual-mode
1764 * controllers configured as LE only devices, do not allow
1765 * switching LE off. These have either LE enabled explicitly
1766 * or BR/EDR has been previously switched off.
1768 * When trying to enable an already enabled LE, then gracefully
1769 * send a positive response. Trying to disable it however will
1770 * result into rejection.
1772 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1773 if (cp->val == 0x01)
1774 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1776 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1777 MGMT_STATUS_REJECTED);
1783 enabled = lmp_host_le_capable(hdev);
1786 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1788 if (!hdev_is_powered(hdev) || val == enabled) {
1789 bool changed = false;
1791 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1792 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1796 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1797 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1801 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1806 err = new_settings(hdev, sk);
1811 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1812 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1813 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1818 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1824 hci_req_init(&req, hdev);
1826 memset(&hci_cp, 0, sizeof(hci_cp));
1830 hci_cp.simul = 0x00;
1832 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1833 __hci_req_disable_advertising(&req);
1836 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1839 err = hci_req_run(&req, le_enable_complete);
1841 mgmt_pending_remove(cmd);
1844 hci_dev_unlock(hdev);
1848 /* This is a helper function to test for pending mgmt commands that can
1849 * cause CoD or EIR HCI commands. We can only allow one such pending
1850 * mgmt command at a time since otherwise we cannot easily track what
1851 * the current values are, will be, and based on that calculate if a new
1852 * HCI command needs to be sent and if yes with what value.
1854 static bool pending_eir_or_class(struct hci_dev *hdev)
1856 struct mgmt_pending_cmd *cmd;
1858 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1859 switch (cmd->opcode) {
1860 case MGMT_OP_ADD_UUID:
1861 case MGMT_OP_REMOVE_UUID:
1862 case MGMT_OP_SET_DEV_CLASS:
1863 case MGMT_OP_SET_POWERED:
1871 static const u8 bluetooth_base_uuid[] = {
1872 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1873 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1876 static u8 get_uuid_size(const u8 *uuid)
1880 if (memcmp(uuid, bluetooth_base_uuid, 12))
1883 val = get_unaligned_le32(&uuid[12]);
1890 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1892 struct mgmt_pending_cmd *cmd;
1896 cmd = pending_find(mgmt_op, hdev);
1900 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
1901 mgmt_status(status), hdev->dev_class, 3);
1903 mgmt_pending_remove(cmd);
1906 hci_dev_unlock(hdev);
1909 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1911 BT_DBG("status 0x%02x", status);
1913 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1916 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1918 struct mgmt_cp_add_uuid *cp = data;
1919 struct mgmt_pending_cmd *cmd;
1920 struct hci_request req;
1921 struct bt_uuid *uuid;
1924 BT_DBG("request for %s", hdev->name);
1928 if (pending_eir_or_class(hdev)) {
1929 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1934 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1940 memcpy(uuid->uuid, cp->uuid, 16);
1941 uuid->svc_hint = cp->svc_hint;
1942 uuid->size = get_uuid_size(cp->uuid);
1944 list_add_tail(&uuid->list, &hdev->uuids);
1946 hci_req_init(&req, hdev);
1948 __hci_req_update_class(&req);
1949 __hci_req_update_eir(&req);
1951 err = hci_req_run(&req, add_uuid_complete);
1953 if (err != -ENODATA)
1956 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1957 hdev->dev_class, 3);
1961 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1970 hci_dev_unlock(hdev);
1974 static bool enable_service_cache(struct hci_dev *hdev)
1976 if (!hdev_is_powered(hdev))
1979 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
1980 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1988 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1990 BT_DBG("status 0x%02x", status);
1992 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1995 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1998 struct mgmt_cp_remove_uuid *cp = data;
1999 struct mgmt_pending_cmd *cmd;
2000 struct bt_uuid *match, *tmp;
2001 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2002 struct hci_request req;
2005 BT_DBG("request for %s", hdev->name);
2009 if (pending_eir_or_class(hdev)) {
2010 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2015 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2016 hci_uuids_clear(hdev);
2018 if (enable_service_cache(hdev)) {
2019 err = mgmt_cmd_complete(sk, hdev->id,
2020 MGMT_OP_REMOVE_UUID,
2021 0, hdev->dev_class, 3);
2030 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2031 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2034 list_del(&match->list);
2040 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2041 MGMT_STATUS_INVALID_PARAMS);
2046 hci_req_init(&req, hdev);
2048 __hci_req_update_class(&req);
2049 __hci_req_update_eir(&req);
2051 err = hci_req_run(&req, remove_uuid_complete);
2053 if (err != -ENODATA)
2056 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2057 hdev->dev_class, 3);
2061 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2070 hci_dev_unlock(hdev);
2074 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2076 BT_DBG("status 0x%02x", status);
2078 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2081 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2084 struct mgmt_cp_set_dev_class *cp = data;
2085 struct mgmt_pending_cmd *cmd;
2086 struct hci_request req;
2089 BT_DBG("request for %s", hdev->name);
2091 if (!lmp_bredr_capable(hdev))
2092 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2093 MGMT_STATUS_NOT_SUPPORTED);
2097 if (pending_eir_or_class(hdev)) {
2098 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2103 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2104 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2105 MGMT_STATUS_INVALID_PARAMS);
2109 hdev->major_class = cp->major;
2110 hdev->minor_class = cp->minor;
2112 if (!hdev_is_powered(hdev)) {
2113 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2114 hdev->dev_class, 3);
2118 hci_req_init(&req, hdev);
2120 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2121 hci_dev_unlock(hdev);
2122 cancel_delayed_work_sync(&hdev->service_cache);
2124 __hci_req_update_eir(&req);
2127 __hci_req_update_class(&req);
2129 err = hci_req_run(&req, set_class_complete);
2131 if (err != -ENODATA)
2134 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2135 hdev->dev_class, 3);
2139 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2148 hci_dev_unlock(hdev);
2152 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2155 struct mgmt_cp_load_link_keys *cp = data;
2156 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2157 sizeof(struct mgmt_link_key_info));
2158 u16 key_count, expected_len;
2162 BT_DBG("request for %s", hdev->name);
2164 if (!lmp_bredr_capable(hdev))
2165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2166 MGMT_STATUS_NOT_SUPPORTED);
2168 key_count = __le16_to_cpu(cp->key_count);
2169 if (key_count > max_key_count) {
2170 BT_ERR("load_link_keys: too big key_count value %u",
2172 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2173 MGMT_STATUS_INVALID_PARAMS);
2176 expected_len = sizeof(*cp) + key_count *
2177 sizeof(struct mgmt_link_key_info);
2178 if (expected_len != len) {
2179 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2181 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2182 MGMT_STATUS_INVALID_PARAMS);
2185 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2186 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2187 MGMT_STATUS_INVALID_PARAMS);
2189 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2192 for (i = 0; i < key_count; i++) {
2193 struct mgmt_link_key_info *key = &cp->keys[i];
2195 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2196 return mgmt_cmd_status(sk, hdev->id,
2197 MGMT_OP_LOAD_LINK_KEYS,
2198 MGMT_STATUS_INVALID_PARAMS);
2203 hci_link_keys_clear(hdev);
2206 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2208 changed = hci_dev_test_and_clear_flag(hdev,
2209 HCI_KEEP_DEBUG_KEYS);
2212 new_settings(hdev, NULL);
2214 for (i = 0; i < key_count; i++) {
2215 struct mgmt_link_key_info *key = &cp->keys[i];
2217 /* Always ignore debug keys and require a new pairing if
2218 * the user wants to use them.
2220 if (key->type == HCI_LK_DEBUG_COMBINATION)
2223 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2224 key->type, key->pin_len, NULL);
2227 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2229 hci_dev_unlock(hdev);
2234 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2235 u8 addr_type, struct sock *skip_sk)
2237 struct mgmt_ev_device_unpaired ev;
2239 bacpy(&ev.addr.bdaddr, bdaddr);
2240 ev.addr.type = addr_type;
2242 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2246 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2249 struct mgmt_cp_unpair_device *cp = data;
2250 struct mgmt_rp_unpair_device rp;
2251 struct hci_conn_params *params;
2252 struct mgmt_pending_cmd *cmd;
2253 struct hci_conn *conn;
2257 memset(&rp, 0, sizeof(rp));
2258 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2259 rp.addr.type = cp->addr.type;
2261 if (!bdaddr_type_is_valid(cp->addr.type))
2262 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2263 MGMT_STATUS_INVALID_PARAMS,
2266 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2267 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2268 MGMT_STATUS_INVALID_PARAMS,
2273 if (!hdev_is_powered(hdev)) {
2274 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2275 MGMT_STATUS_NOT_POWERED, &rp,
2280 if (cp->addr.type == BDADDR_BREDR) {
2281 /* If disconnection is requested, then look up the
2282 * connection. If the remote device is connected, it
2283 * will be later used to terminate the link.
2285 * Setting it to NULL explicitly will cause no
2286 * termination of the link.
2289 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2294 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2296 err = mgmt_cmd_complete(sk, hdev->id,
2297 MGMT_OP_UNPAIR_DEVICE,
2298 MGMT_STATUS_NOT_PAIRED, &rp,
2306 /* LE address type */
2307 addr_type = le_addr_type(cp->addr.type);
2309 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2310 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
2312 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2313 MGMT_STATUS_NOT_PAIRED, &rp,
2318 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2320 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2325 /* Defer clearing up the connection parameters until closing to
2326 * give a chance of keeping them if a repairing happens.
2328 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2330 /* Disable auto-connection parameters if present */
2331 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2333 if (params->explicit_connect)
2334 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2336 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2339 /* If disconnection is not requested, then clear the connection
2340 * variable so that the link is not terminated.
2342 if (!cp->disconnect)
2346 /* If the connection variable is set, then termination of the
2347 * link is requested.
2350 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2352 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2356 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2363 cmd->cmd_complete = addr_cmd_complete;
2365 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2367 mgmt_pending_remove(cmd);
2370 hci_dev_unlock(hdev);
2374 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2377 struct mgmt_cp_disconnect *cp = data;
2378 struct mgmt_rp_disconnect rp;
2379 struct mgmt_pending_cmd *cmd;
2380 struct hci_conn *conn;
2385 memset(&rp, 0, sizeof(rp));
2386 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2387 rp.addr.type = cp->addr.type;
2389 if (!bdaddr_type_is_valid(cp->addr.type))
2390 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2391 MGMT_STATUS_INVALID_PARAMS,
2396 if (!test_bit(HCI_UP, &hdev->flags)) {
2397 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2398 MGMT_STATUS_NOT_POWERED, &rp,
2403 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2404 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2405 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2409 if (cp->addr.type == BDADDR_BREDR)
2410 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2413 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2414 le_addr_type(cp->addr.type));
2416 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2417 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2418 MGMT_STATUS_NOT_CONNECTED, &rp,
2423 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2429 cmd->cmd_complete = generic_cmd_complete;
2431 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2433 mgmt_pending_remove(cmd);
2436 hci_dev_unlock(hdev);
2440 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2442 switch (link_type) {
2444 switch (addr_type) {
2445 case ADDR_LE_DEV_PUBLIC:
2446 return BDADDR_LE_PUBLIC;
2449 /* Fallback to LE Random address type */
2450 return BDADDR_LE_RANDOM;
2454 /* Fallback to BR/EDR type */
2455 return BDADDR_BREDR;
2459 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2462 struct mgmt_rp_get_connections *rp;
2472 if (!hdev_is_powered(hdev)) {
2473 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2474 MGMT_STATUS_NOT_POWERED);
2479 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2480 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2484 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2485 rp = kmalloc(rp_len, GFP_KERNEL);
2492 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2493 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2495 bacpy(&rp->addr[i].bdaddr, &c->dst);
2496 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2497 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2502 rp->conn_count = cpu_to_le16(i);
2504 /* Recalculate length in case of filtered SCO connections, etc */
2505 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2507 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2513 hci_dev_unlock(hdev);
2517 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2518 struct mgmt_cp_pin_code_neg_reply *cp)
2520 struct mgmt_pending_cmd *cmd;
2523 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2528 cmd->cmd_complete = addr_cmd_complete;
2530 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2531 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2533 mgmt_pending_remove(cmd);
2538 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2541 struct hci_conn *conn;
2542 struct mgmt_cp_pin_code_reply *cp = data;
2543 struct hci_cp_pin_code_reply reply;
2544 struct mgmt_pending_cmd *cmd;
2551 if (!hdev_is_powered(hdev)) {
2552 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2553 MGMT_STATUS_NOT_POWERED);
2557 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2559 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2560 MGMT_STATUS_NOT_CONNECTED);
2564 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2565 struct mgmt_cp_pin_code_neg_reply ncp;
2567 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2569 BT_ERR("PIN code is not 16 bytes long");
2571 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2573 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2574 MGMT_STATUS_INVALID_PARAMS);
2579 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2585 cmd->cmd_complete = addr_cmd_complete;
2587 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2588 reply.pin_len = cp->pin_len;
2589 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2591 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2593 mgmt_pending_remove(cmd);
2596 hci_dev_unlock(hdev);
2600 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2603 struct mgmt_cp_set_io_capability *cp = data;
2607 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2608 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2609 MGMT_STATUS_INVALID_PARAMS);
2613 hdev->io_capability = cp->io_capability;
2615 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2616 hdev->io_capability);
2618 hci_dev_unlock(hdev);
2620 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2624 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2626 struct hci_dev *hdev = conn->hdev;
2627 struct mgmt_pending_cmd *cmd;
2629 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2630 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2633 if (cmd->user_data != conn)
2642 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2644 struct mgmt_rp_pair_device rp;
2645 struct hci_conn *conn = cmd->user_data;
2648 bacpy(&rp.addr.bdaddr, &conn->dst);
2649 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2651 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2652 status, &rp, sizeof(rp));
2654 /* So we don't get further callbacks for this connection */
2655 conn->connect_cfm_cb = NULL;
2656 conn->security_cfm_cb = NULL;
2657 conn->disconn_cfm_cb = NULL;
2659 hci_conn_drop(conn);
2661 /* The device is paired so there is no need to remove
2662 * its connection parameters anymore.
2664 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2671 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2673 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2674 struct mgmt_pending_cmd *cmd;
2676 cmd = find_pairing(conn);
2678 cmd->cmd_complete(cmd, status);
2679 mgmt_pending_remove(cmd);
2683 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2685 struct mgmt_pending_cmd *cmd;
2687 BT_DBG("status %u", status);
2689 cmd = find_pairing(conn);
2691 BT_DBG("Unable to find a pending command");
2695 cmd->cmd_complete(cmd, mgmt_status(status));
2696 mgmt_pending_remove(cmd);
2699 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2701 struct mgmt_pending_cmd *cmd;
2703 BT_DBG("status %u", status);
2708 cmd = find_pairing(conn);
2710 BT_DBG("Unable to find a pending command");
2714 cmd->cmd_complete(cmd, mgmt_status(status));
2715 mgmt_pending_remove(cmd);
2718 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2721 struct mgmt_cp_pair_device *cp = data;
2722 struct mgmt_rp_pair_device rp;
2723 struct mgmt_pending_cmd *cmd;
2724 u8 sec_level, auth_type;
2725 struct hci_conn *conn;
2730 memset(&rp, 0, sizeof(rp));
2731 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2732 rp.addr.type = cp->addr.type;
2734 if (!bdaddr_type_is_valid(cp->addr.type))
2735 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2736 MGMT_STATUS_INVALID_PARAMS,
2739 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2740 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2741 MGMT_STATUS_INVALID_PARAMS,
2746 if (!hdev_is_powered(hdev)) {
2747 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2748 MGMT_STATUS_NOT_POWERED, &rp,
2753 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2754 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2755 MGMT_STATUS_ALREADY_PAIRED, &rp,
2760 sec_level = BT_SECURITY_MEDIUM;
2761 auth_type = HCI_AT_DEDICATED_BONDING;
2763 if (cp->addr.type == BDADDR_BREDR) {
2764 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2767 u8 addr_type = le_addr_type(cp->addr.type);
2768 struct hci_conn_params *p;
2770 /* When pairing a new device, it is expected to remember
2771 * this device for future connections. Adding the connection
2772 * parameter information ahead of time allows tracking
2773 * of the slave preferred values and will speed up any
2774 * further connection establishment.
2776 * If connection parameters already exist, then they
2777 * will be kept and this function does nothing.
2779 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2781 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2782 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2784 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2785 addr_type, sec_level,
2786 HCI_LE_CONN_TIMEOUT);
2792 if (PTR_ERR(conn) == -EBUSY)
2793 status = MGMT_STATUS_BUSY;
2794 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2795 status = MGMT_STATUS_NOT_SUPPORTED;
2796 else if (PTR_ERR(conn) == -ECONNREFUSED)
2797 status = MGMT_STATUS_REJECTED;
2799 status = MGMT_STATUS_CONNECT_FAILED;
2801 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2802 status, &rp, sizeof(rp));
2806 if (conn->connect_cfm_cb) {
2807 hci_conn_drop(conn);
2808 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2809 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2813 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2816 hci_conn_drop(conn);
2820 cmd->cmd_complete = pairing_complete;
2822 /* For LE, just connecting isn't a proof that the pairing finished */
2823 if (cp->addr.type == BDADDR_BREDR) {
2824 conn->connect_cfm_cb = pairing_complete_cb;
2825 conn->security_cfm_cb = pairing_complete_cb;
2826 conn->disconn_cfm_cb = pairing_complete_cb;
2828 conn->connect_cfm_cb = le_pairing_complete_cb;
2829 conn->security_cfm_cb = le_pairing_complete_cb;
2830 conn->disconn_cfm_cb = le_pairing_complete_cb;
2833 conn->io_capability = cp->io_cap;
2834 cmd->user_data = hci_conn_get(conn);
2836 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2837 hci_conn_security(conn, sec_level, auth_type, true)) {
2838 cmd->cmd_complete(cmd, 0);
2839 mgmt_pending_remove(cmd);
2845 hci_dev_unlock(hdev);
2849 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2852 struct mgmt_addr_info *addr = data;
2853 struct mgmt_pending_cmd *cmd;
2854 struct hci_conn *conn;
2861 if (!hdev_is_powered(hdev)) {
2862 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2863 MGMT_STATUS_NOT_POWERED);
2867 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2869 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2870 MGMT_STATUS_INVALID_PARAMS);
2874 conn = cmd->user_data;
2876 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2877 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2878 MGMT_STATUS_INVALID_PARAMS);
2882 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
2883 mgmt_pending_remove(cmd);
2885 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2886 addr, sizeof(*addr));
2888 hci_dev_unlock(hdev);
2892 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2893 struct mgmt_addr_info *addr, u16 mgmt_op,
2894 u16 hci_op, __le32 passkey)
2896 struct mgmt_pending_cmd *cmd;
2897 struct hci_conn *conn;
2902 if (!hdev_is_powered(hdev)) {
2903 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2904 MGMT_STATUS_NOT_POWERED, addr,
2909 if (addr->type == BDADDR_BREDR)
2910 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2912 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
2913 le_addr_type(addr->type));
2916 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2917 MGMT_STATUS_NOT_CONNECTED, addr,
2922 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2923 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2925 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2926 MGMT_STATUS_SUCCESS, addr,
2929 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2930 MGMT_STATUS_FAILED, addr,
2936 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2942 cmd->cmd_complete = addr_cmd_complete;
2944 /* Continue with pairing via HCI */
2945 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2946 struct hci_cp_user_passkey_reply cp;
2948 bacpy(&cp.bdaddr, &addr->bdaddr);
2949 cp.passkey = passkey;
2950 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2952 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2956 mgmt_pending_remove(cmd);
2959 hci_dev_unlock(hdev);
2963 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2964 void *data, u16 len)
2966 struct mgmt_cp_pin_code_neg_reply *cp = data;
2970 return user_pairing_resp(sk, hdev, &cp->addr,
2971 MGMT_OP_PIN_CODE_NEG_REPLY,
2972 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2975 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2978 struct mgmt_cp_user_confirm_reply *cp = data;
2982 if (len != sizeof(*cp))
2983 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2984 MGMT_STATUS_INVALID_PARAMS);
2986 return user_pairing_resp(sk, hdev, &cp->addr,
2987 MGMT_OP_USER_CONFIRM_REPLY,
2988 HCI_OP_USER_CONFIRM_REPLY, 0);
2991 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2992 void *data, u16 len)
2994 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2998 return user_pairing_resp(sk, hdev, &cp->addr,
2999 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3000 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3003 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3006 struct mgmt_cp_user_passkey_reply *cp = data;
3010 return user_pairing_resp(sk, hdev, &cp->addr,
3011 MGMT_OP_USER_PASSKEY_REPLY,
3012 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3015 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3016 void *data, u16 len)
3018 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3022 return user_pairing_resp(sk, hdev, &cp->addr,
3023 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3024 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3027 static void adv_expire(struct hci_dev *hdev, u32 flags)
3029 struct adv_info *adv_instance;
3030 struct hci_request req;
3033 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3037 /* stop if current instance doesn't need to be changed */
3038 if (!(adv_instance->flags & flags))
3041 cancel_adv_timeout(hdev);
3043 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3047 hci_req_init(&req, hdev);
3048 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3053 hci_req_run(&req, NULL);
3056 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3058 struct mgmt_cp_set_local_name *cp;
3059 struct mgmt_pending_cmd *cmd;
3061 BT_DBG("status 0x%02x", status);
3065 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3072 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3073 mgmt_status(status));
3075 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3078 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3079 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3082 mgmt_pending_remove(cmd);
3085 hci_dev_unlock(hdev);
3088 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3091 struct mgmt_cp_set_local_name *cp = data;
3092 struct mgmt_pending_cmd *cmd;
3093 struct hci_request req;
3100 /* If the old values are the same as the new ones just return a
3101 * direct command complete event.
3103 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3104 !memcmp(hdev->short_name, cp->short_name,
3105 sizeof(hdev->short_name))) {
3106 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3111 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3113 if (!hdev_is_powered(hdev)) {
3114 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3116 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3121 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3122 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3123 ext_info_changed(hdev, sk);
3128 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3134 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3136 hci_req_init(&req, hdev);
3138 if (lmp_bredr_capable(hdev)) {
3139 __hci_req_update_name(&req);
3140 __hci_req_update_eir(&req);
3143 /* The name is stored in the scan response data and so
3144 * no need to udpate the advertising data here.
3146 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3147 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3149 err = hci_req_run(&req, set_name_complete);
3151 mgmt_pending_remove(cmd);
3154 hci_dev_unlock(hdev);
3158 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3161 struct mgmt_cp_set_appearance *cp = data;
3167 if (!lmp_le_capable(hdev))
3168 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3169 MGMT_STATUS_NOT_SUPPORTED);
3171 apperance = le16_to_cpu(cp->appearance);
3175 if (hdev->appearance != apperance) {
3176 hdev->appearance = apperance;
3178 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3179 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3181 ext_info_changed(hdev, sk);
3184 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3187 hci_dev_unlock(hdev);
3192 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3193 u16 opcode, struct sk_buff *skb)
3195 struct mgmt_rp_read_local_oob_data mgmt_rp;
3196 size_t rp_size = sizeof(mgmt_rp);
3197 struct mgmt_pending_cmd *cmd;
3199 BT_DBG("%s status %u", hdev->name, status);
3201 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3205 if (status || !skb) {
3206 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3207 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3211 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3213 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3214 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3216 if (skb->len < sizeof(*rp)) {
3217 mgmt_cmd_status(cmd->sk, hdev->id,
3218 MGMT_OP_READ_LOCAL_OOB_DATA,
3219 MGMT_STATUS_FAILED);
3223 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3224 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3226 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3228 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3230 if (skb->len < sizeof(*rp)) {
3231 mgmt_cmd_status(cmd->sk, hdev->id,
3232 MGMT_OP_READ_LOCAL_OOB_DATA,
3233 MGMT_STATUS_FAILED);
3237 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3238 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3240 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3241 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3244 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3245 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3248 mgmt_pending_remove(cmd);
3251 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3252 void *data, u16 data_len)
3254 struct mgmt_pending_cmd *cmd;
3255 struct hci_request req;
3258 BT_DBG("%s", hdev->name);
3262 if (!hdev_is_powered(hdev)) {
3263 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3264 MGMT_STATUS_NOT_POWERED);
3268 if (!lmp_ssp_capable(hdev)) {
3269 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3270 MGMT_STATUS_NOT_SUPPORTED);
3274 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3275 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3280 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3286 hci_req_init(&req, hdev);
3288 if (bredr_sc_enabled(hdev))
3289 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3291 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3293 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3295 mgmt_pending_remove(cmd);
3298 hci_dev_unlock(hdev);
3302 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3303 void *data, u16 len)
3305 struct mgmt_addr_info *addr = data;
3308 BT_DBG("%s ", hdev->name);
3310 if (!bdaddr_type_is_valid(addr->type))
3311 return mgmt_cmd_complete(sk, hdev->id,
3312 MGMT_OP_ADD_REMOTE_OOB_DATA,
3313 MGMT_STATUS_INVALID_PARAMS,
3314 addr, sizeof(*addr));
3318 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3319 struct mgmt_cp_add_remote_oob_data *cp = data;
3322 if (cp->addr.type != BDADDR_BREDR) {
3323 err = mgmt_cmd_complete(sk, hdev->id,
3324 MGMT_OP_ADD_REMOTE_OOB_DATA,
3325 MGMT_STATUS_INVALID_PARAMS,
3326 &cp->addr, sizeof(cp->addr));
3330 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3331 cp->addr.type, cp->hash,
3332 cp->rand, NULL, NULL);
3334 status = MGMT_STATUS_FAILED;
3336 status = MGMT_STATUS_SUCCESS;
3338 err = mgmt_cmd_complete(sk, hdev->id,
3339 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3340 &cp->addr, sizeof(cp->addr));
3341 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3342 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3343 u8 *rand192, *hash192, *rand256, *hash256;
3346 if (bdaddr_type_is_le(cp->addr.type)) {
3347 /* Enforce zero-valued 192-bit parameters as
3348 * long as legacy SMP OOB isn't implemented.
3350 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3351 memcmp(cp->hash192, ZERO_KEY, 16)) {
3352 err = mgmt_cmd_complete(sk, hdev->id,
3353 MGMT_OP_ADD_REMOTE_OOB_DATA,
3354 MGMT_STATUS_INVALID_PARAMS,
3355 addr, sizeof(*addr));
3362 /* In case one of the P-192 values is set to zero,
3363 * then just disable OOB data for P-192.
3365 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3366 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3370 rand192 = cp->rand192;
3371 hash192 = cp->hash192;
3375 /* In case one of the P-256 values is set to zero, then just
3376 * disable OOB data for P-256.
3378 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3379 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3383 rand256 = cp->rand256;
3384 hash256 = cp->hash256;
3387 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3388 cp->addr.type, hash192, rand192,
3391 status = MGMT_STATUS_FAILED;
3393 status = MGMT_STATUS_SUCCESS;
3395 err = mgmt_cmd_complete(sk, hdev->id,
3396 MGMT_OP_ADD_REMOTE_OOB_DATA,
3397 status, &cp->addr, sizeof(cp->addr));
3399 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3400 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3401 MGMT_STATUS_INVALID_PARAMS);
3405 hci_dev_unlock(hdev);
3409 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3410 void *data, u16 len)
3412 struct mgmt_cp_remove_remote_oob_data *cp = data;
3416 BT_DBG("%s", hdev->name);
3418 if (cp->addr.type != BDADDR_BREDR)
3419 return mgmt_cmd_complete(sk, hdev->id,
3420 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3421 MGMT_STATUS_INVALID_PARAMS,
3422 &cp->addr, sizeof(cp->addr));
3426 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3427 hci_remote_oob_data_clear(hdev);
3428 status = MGMT_STATUS_SUCCESS;
3432 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3434 status = MGMT_STATUS_INVALID_PARAMS;
3436 status = MGMT_STATUS_SUCCESS;
3439 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3440 status, &cp->addr, sizeof(cp->addr));
3442 hci_dev_unlock(hdev);
3446 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
3448 struct mgmt_pending_cmd *cmd;
3450 BT_DBG("status %d", status);
3454 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3456 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3459 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3462 cmd->cmd_complete(cmd, mgmt_status(status));
3463 mgmt_pending_remove(cmd);
3466 hci_dev_unlock(hdev);
3469 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3470 uint8_t *mgmt_status)
3473 case DISCOV_TYPE_LE:
3474 *mgmt_status = mgmt_le_support(hdev);
3478 case DISCOV_TYPE_INTERLEAVED:
3479 *mgmt_status = mgmt_le_support(hdev);
3482 /* Intentional fall-through */
3483 case DISCOV_TYPE_BREDR:
3484 *mgmt_status = mgmt_bredr_support(hdev);
3489 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3496 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3497 u16 op, void *data, u16 len)
3499 struct mgmt_cp_start_discovery *cp = data;
3500 struct mgmt_pending_cmd *cmd;
3504 BT_DBG("%s", hdev->name);
3508 if (!hdev_is_powered(hdev)) {
3509 err = mgmt_cmd_complete(sk, hdev->id, op,
3510 MGMT_STATUS_NOT_POWERED,
3511 &cp->type, sizeof(cp->type));
3515 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3516 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3517 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3518 &cp->type, sizeof(cp->type));
3522 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3523 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3524 &cp->type, sizeof(cp->type));
3528 /* Clear the discovery filter first to free any previously
3529 * allocated memory for the UUID list.
3531 hci_discovery_filter_clear(hdev);
3533 hdev->discovery.type = cp->type;
3534 hdev->discovery.report_invalid_rssi = false;
3535 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3536 hdev->discovery.limited = true;
3538 hdev->discovery.limited = false;
3540 cmd = mgmt_pending_add(sk, op, hdev, data, len);
3546 cmd->cmd_complete = generic_cmd_complete;
3548 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3549 queue_work(hdev->req_workqueue, &hdev->discov_update);
3553 hci_dev_unlock(hdev);
3557 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3558 void *data, u16 len)
3560 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3564 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3565 void *data, u16 len)
3567 return start_discovery_internal(sk, hdev,
3568 MGMT_OP_START_LIMITED_DISCOVERY,
3572 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3575 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3579 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3580 void *data, u16 len)
3582 struct mgmt_cp_start_service_discovery *cp = data;
3583 struct mgmt_pending_cmd *cmd;
3584 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3585 u16 uuid_count, expected_len;
3589 BT_DBG("%s", hdev->name);
3593 if (!hdev_is_powered(hdev)) {
3594 err = mgmt_cmd_complete(sk, hdev->id,
3595 MGMT_OP_START_SERVICE_DISCOVERY,
3596 MGMT_STATUS_NOT_POWERED,
3597 &cp->type, sizeof(cp->type));
3601 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3602 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3603 err = mgmt_cmd_complete(sk, hdev->id,
3604 MGMT_OP_START_SERVICE_DISCOVERY,
3605 MGMT_STATUS_BUSY, &cp->type,
3610 uuid_count = __le16_to_cpu(cp->uuid_count);
3611 if (uuid_count > max_uuid_count) {
3612 BT_ERR("service_discovery: too big uuid_count value %u",
3614 err = mgmt_cmd_complete(sk, hdev->id,
3615 MGMT_OP_START_SERVICE_DISCOVERY,
3616 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3621 expected_len = sizeof(*cp) + uuid_count * 16;
3622 if (expected_len != len) {
3623 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3625 err = mgmt_cmd_complete(sk, hdev->id,
3626 MGMT_OP_START_SERVICE_DISCOVERY,
3627 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3632 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3633 err = mgmt_cmd_complete(sk, hdev->id,
3634 MGMT_OP_START_SERVICE_DISCOVERY,
3635 status, &cp->type, sizeof(cp->type));
3639 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
3646 cmd->cmd_complete = service_discovery_cmd_complete;
3648 /* Clear the discovery filter first to free any previously
3649 * allocated memory for the UUID list.
3651 hci_discovery_filter_clear(hdev);
3653 hdev->discovery.result_filtering = true;
3654 hdev->discovery.type = cp->type;
3655 hdev->discovery.rssi = cp->rssi;
3656 hdev->discovery.uuid_count = uuid_count;
3658 if (uuid_count > 0) {
3659 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3661 if (!hdev->discovery.uuids) {
3662 err = mgmt_cmd_complete(sk, hdev->id,
3663 MGMT_OP_START_SERVICE_DISCOVERY,
3665 &cp->type, sizeof(cp->type));
3666 mgmt_pending_remove(cmd);
3671 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3672 queue_work(hdev->req_workqueue, &hdev->discov_update);
3676 hci_dev_unlock(hdev);
3680 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
3682 struct mgmt_pending_cmd *cmd;
3684 BT_DBG("status %d", status);
3688 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3690 cmd->cmd_complete(cmd, mgmt_status(status));
3691 mgmt_pending_remove(cmd);
3694 hci_dev_unlock(hdev);
3697 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3700 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3701 struct mgmt_pending_cmd *cmd;
3704 BT_DBG("%s", hdev->name);
3708 if (!hci_discovery_active(hdev)) {
3709 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3710 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3711 sizeof(mgmt_cp->type));
3715 if (hdev->discovery.type != mgmt_cp->type) {
3716 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3717 MGMT_STATUS_INVALID_PARAMS,
3718 &mgmt_cp->type, sizeof(mgmt_cp->type));
3722 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
3728 cmd->cmd_complete = generic_cmd_complete;
3730 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3731 queue_work(hdev->req_workqueue, &hdev->discov_update);
3735 hci_dev_unlock(hdev);
3739 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3742 struct mgmt_cp_confirm_name *cp = data;
3743 struct inquiry_entry *e;
3746 BT_DBG("%s", hdev->name);
3750 if (!hci_discovery_active(hdev)) {
3751 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3752 MGMT_STATUS_FAILED, &cp->addr,
3757 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3759 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3760 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3765 if (cp->name_known) {
3766 e->name_state = NAME_KNOWN;
3769 e->name_state = NAME_NEEDED;
3770 hci_inquiry_cache_update_resolve(hdev, e);
3773 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
3774 &cp->addr, sizeof(cp->addr));
3777 hci_dev_unlock(hdev);
3781 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3784 struct mgmt_cp_block_device *cp = data;
3788 BT_DBG("%s", hdev->name);
3790 if (!bdaddr_type_is_valid(cp->addr.type))
3791 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3792 MGMT_STATUS_INVALID_PARAMS,
3793 &cp->addr, sizeof(cp->addr));
3797 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3800 status = MGMT_STATUS_FAILED;
3804 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3806 status = MGMT_STATUS_SUCCESS;
3809 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3810 &cp->addr, sizeof(cp->addr));
3812 hci_dev_unlock(hdev);
3817 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3820 struct mgmt_cp_unblock_device *cp = data;
3824 BT_DBG("%s", hdev->name);
3826 if (!bdaddr_type_is_valid(cp->addr.type))
3827 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3828 MGMT_STATUS_INVALID_PARAMS,
3829 &cp->addr, sizeof(cp->addr));
3833 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3836 status = MGMT_STATUS_INVALID_PARAMS;
3840 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3842 status = MGMT_STATUS_SUCCESS;
3845 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3846 &cp->addr, sizeof(cp->addr));
3848 hci_dev_unlock(hdev);
3853 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3856 struct mgmt_cp_set_device_id *cp = data;
3857 struct hci_request req;
3861 BT_DBG("%s", hdev->name);
3863 source = __le16_to_cpu(cp->source);
3865 if (source > 0x0002)
3866 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3867 MGMT_STATUS_INVALID_PARAMS);
3871 hdev->devid_source = source;
3872 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3873 hdev->devid_product = __le16_to_cpu(cp->product);
3874 hdev->devid_version = __le16_to_cpu(cp->version);
3876 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
3879 hci_req_init(&req, hdev);
3880 __hci_req_update_eir(&req);
3881 hci_req_run(&req, NULL);
3883 hci_dev_unlock(hdev);
3888 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
3891 BT_DBG("status %d", status);
3894 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
3897 struct cmd_lookup match = { NULL, hdev };
3898 struct hci_request req;
3900 struct adv_info *adv_instance;
3906 u8 mgmt_err = mgmt_status(status);
3908 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3909 cmd_status_rsp, &mgmt_err);
3913 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3914 hci_dev_set_flag(hdev, HCI_ADVERTISING);
3916 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
3918 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3921 new_settings(hdev, match.sk);
3926 /* If "Set Advertising" was just disabled and instance advertising was
3927 * set up earlier, then re-enable multi-instance advertising.
3929 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
3930 list_empty(&hdev->adv_instances))
3933 instance = hdev->cur_adv_instance;
3935 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
3936 struct adv_info, list);
3940 instance = adv_instance->instance;
3943 hci_req_init(&req, hdev);
3945 err = __hci_req_schedule_adv_instance(&req, instance, true);
3948 err = hci_req_run(&req, enable_advertising_instance);
3951 BT_ERR("Failed to re-configure advertising");
3954 hci_dev_unlock(hdev);
3957 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3960 struct mgmt_mode *cp = data;
3961 struct mgmt_pending_cmd *cmd;
3962 struct hci_request req;
3966 BT_DBG("request for %s", hdev->name);
3968 status = mgmt_le_support(hdev);
3970 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3973 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
3974 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3975 MGMT_STATUS_INVALID_PARAMS);
3981 /* The following conditions are ones which mean that we should
3982 * not do any HCI communication but directly send a mgmt
3983 * response to user space (after toggling the flag if
3986 if (!hdev_is_powered(hdev) ||
3987 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
3988 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
3989 hci_conn_num(hdev, LE_LINK) > 0 ||
3990 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
3991 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
3995 hdev->cur_adv_instance = 0x00;
3996 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
3997 if (cp->val == 0x02)
3998 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4000 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4002 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4003 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4006 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4011 err = new_settings(hdev, sk);
4016 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4017 pending_find(MGMT_OP_SET_LE, hdev)) {
4018 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4023 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4029 hci_req_init(&req, hdev);
4031 if (cp->val == 0x02)
4032 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4034 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4036 cancel_adv_timeout(hdev);
4039 /* Switch to instance "0" for the Set Advertising setting.
4040 * We cannot use update_[adv|scan_rsp]_data() here as the
4041 * HCI_ADVERTISING flag is not yet set.
4043 hdev->cur_adv_instance = 0x00;
4044 __hci_req_update_adv_data(&req, 0x00);
4045 __hci_req_update_scan_rsp_data(&req, 0x00);
4046 __hci_req_enable_advertising(&req);
4048 __hci_req_disable_advertising(&req);
4051 err = hci_req_run(&req, set_advertising_complete);
4053 mgmt_pending_remove(cmd);
4056 hci_dev_unlock(hdev);
4060 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4061 void *data, u16 len)
4063 struct mgmt_cp_set_static_address *cp = data;
4066 BT_DBG("%s", hdev->name);
4068 if (!lmp_le_capable(hdev))
4069 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4070 MGMT_STATUS_NOT_SUPPORTED);
4072 if (hdev_is_powered(hdev))
4073 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4074 MGMT_STATUS_REJECTED);
4076 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4077 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4078 return mgmt_cmd_status(sk, hdev->id,
4079 MGMT_OP_SET_STATIC_ADDRESS,
4080 MGMT_STATUS_INVALID_PARAMS);
4082 /* Two most significant bits shall be set */
4083 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4084 return mgmt_cmd_status(sk, hdev->id,
4085 MGMT_OP_SET_STATIC_ADDRESS,
4086 MGMT_STATUS_INVALID_PARAMS);
4091 bacpy(&hdev->static_addr, &cp->bdaddr);
4093 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4097 err = new_settings(hdev, sk);
4100 hci_dev_unlock(hdev);
4104 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4105 void *data, u16 len)
4107 struct mgmt_cp_set_scan_params *cp = data;
4108 __u16 interval, window;
4111 BT_DBG("%s", hdev->name);
4113 if (!lmp_le_capable(hdev))
4114 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4115 MGMT_STATUS_NOT_SUPPORTED);
4117 interval = __le16_to_cpu(cp->interval);
4119 if (interval < 0x0004 || interval > 0x4000)
4120 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4121 MGMT_STATUS_INVALID_PARAMS);
4123 window = __le16_to_cpu(cp->window);
4125 if (window < 0x0004 || window > 0x4000)
4126 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4127 MGMT_STATUS_INVALID_PARAMS);
4129 if (window > interval)
4130 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4131 MGMT_STATUS_INVALID_PARAMS);
4135 hdev->le_scan_interval = interval;
4136 hdev->le_scan_window = window;
4138 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4141 /* If background scan is running, restart it so new parameters are
4144 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4145 hdev->discovery.state == DISCOVERY_STOPPED) {
4146 struct hci_request req;
4148 hci_req_init(&req, hdev);
4150 hci_req_add_le_scan_disable(&req);
4151 hci_req_add_le_passive_scan(&req);
4153 hci_req_run(&req, NULL);
4156 hci_dev_unlock(hdev);
4161 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4164 struct mgmt_pending_cmd *cmd;
4166 BT_DBG("status 0x%02x", status);
4170 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4175 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4176 mgmt_status(status));
4178 struct mgmt_mode *cp = cmd->param;
4181 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4183 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4185 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4186 new_settings(hdev, cmd->sk);
4189 mgmt_pending_remove(cmd);
4192 hci_dev_unlock(hdev);
4195 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4196 void *data, u16 len)
4198 struct mgmt_mode *cp = data;
4199 struct mgmt_pending_cmd *cmd;
4200 struct hci_request req;
4203 BT_DBG("%s", hdev->name);
4205 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4206 hdev->hci_ver < BLUETOOTH_VER_1_2)
4207 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4208 MGMT_STATUS_NOT_SUPPORTED);
4210 if (cp->val != 0x00 && cp->val != 0x01)
4211 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4212 MGMT_STATUS_INVALID_PARAMS);
4216 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4217 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4222 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4223 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4228 if (!hdev_is_powered(hdev)) {
4229 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4230 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4232 new_settings(hdev, sk);
4236 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4243 hci_req_init(&req, hdev);
4245 __hci_req_write_fast_connectable(&req, cp->val);
4247 err = hci_req_run(&req, fast_connectable_complete);
4249 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4250 MGMT_STATUS_FAILED);
4251 mgmt_pending_remove(cmd);
4255 hci_dev_unlock(hdev);
4260 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4262 struct mgmt_pending_cmd *cmd;
4264 BT_DBG("status 0x%02x", status);
4268 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4273 u8 mgmt_err = mgmt_status(status);
4275 /* We need to restore the flag if related HCI commands
4278 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4280 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4282 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4283 new_settings(hdev, cmd->sk);
4286 mgmt_pending_remove(cmd);
4289 hci_dev_unlock(hdev);
4292 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4294 struct mgmt_mode *cp = data;
4295 struct mgmt_pending_cmd *cmd;
4296 struct hci_request req;
4299 BT_DBG("request for %s", hdev->name);
4301 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4302 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4303 MGMT_STATUS_NOT_SUPPORTED);
4305 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4306 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4307 MGMT_STATUS_REJECTED);
4309 if (cp->val != 0x00 && cp->val != 0x01)
4310 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4311 MGMT_STATUS_INVALID_PARAMS);
4315 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4316 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4320 if (!hdev_is_powered(hdev)) {
4322 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4323 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4324 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4325 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4326 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4329 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4331 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4335 err = new_settings(hdev, sk);
4339 /* Reject disabling when powered on */
4341 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4342 MGMT_STATUS_REJECTED);
4345 /* When configuring a dual-mode controller to operate
4346 * with LE only and using a static address, then switching
4347 * BR/EDR back on is not allowed.
4349 * Dual-mode controllers shall operate with the public
4350 * address as its identity address for BR/EDR and LE. So
4351 * reject the attempt to create an invalid configuration.
4353 * The same restrictions applies when secure connections
4354 * has been enabled. For BR/EDR this is a controller feature
4355 * while for LE it is a host stack feature. This means that
4356 * switching BR/EDR back on when secure connections has been
4357 * enabled is not a supported transaction.
4359 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4360 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4361 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4362 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4363 MGMT_STATUS_REJECTED);
4368 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4369 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4374 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4380 /* We need to flip the bit already here so that
4381 * hci_req_update_adv_data generates the correct flags.
4383 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4385 hci_req_init(&req, hdev);
4387 __hci_req_write_fast_connectable(&req, false);
4388 __hci_req_update_scan(&req);
4390 /* Since only the advertising data flags will change, there
4391 * is no need to update the scan response data.
4393 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
4395 err = hci_req_run(&req, set_bredr_complete);
4397 mgmt_pending_remove(cmd);
4400 hci_dev_unlock(hdev);
4404 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4406 struct mgmt_pending_cmd *cmd;
4407 struct mgmt_mode *cp;
4409 BT_DBG("%s status %u", hdev->name, status);
4413 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4418 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4419 mgmt_status(status));
4427 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4428 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4431 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4432 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4435 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4436 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4440 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4441 new_settings(hdev, cmd->sk);
4444 mgmt_pending_remove(cmd);
4446 hci_dev_unlock(hdev);
4449 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4450 void *data, u16 len)
4452 struct mgmt_mode *cp = data;
4453 struct mgmt_pending_cmd *cmd;
4454 struct hci_request req;
4458 BT_DBG("request for %s", hdev->name);
4460 if (!lmp_sc_capable(hdev) &&
4461 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4462 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4463 MGMT_STATUS_NOT_SUPPORTED);
4465 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4466 lmp_sc_capable(hdev) &&
4467 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4468 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4469 MGMT_STATUS_REJECTED);
4471 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4472 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4473 MGMT_STATUS_INVALID_PARAMS);
4477 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4478 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4482 changed = !hci_dev_test_and_set_flag(hdev,
4484 if (cp->val == 0x02)
4485 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4487 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4489 changed = hci_dev_test_and_clear_flag(hdev,
4491 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4494 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4499 err = new_settings(hdev, sk);
4504 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4505 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4512 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4513 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4514 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4518 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4524 hci_req_init(&req, hdev);
4525 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4526 err = hci_req_run(&req, sc_enable_complete);
4528 mgmt_pending_remove(cmd);
4533 hci_dev_unlock(hdev);
4537 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4538 void *data, u16 len)
4540 struct mgmt_mode *cp = data;
4541 bool changed, use_changed;
4544 BT_DBG("request for %s", hdev->name);
4546 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4547 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4548 MGMT_STATUS_INVALID_PARAMS);
4553 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4555 changed = hci_dev_test_and_clear_flag(hdev,
4556 HCI_KEEP_DEBUG_KEYS);
4558 if (cp->val == 0x02)
4559 use_changed = !hci_dev_test_and_set_flag(hdev,
4560 HCI_USE_DEBUG_KEYS);
4562 use_changed = hci_dev_test_and_clear_flag(hdev,
4563 HCI_USE_DEBUG_KEYS);
4565 if (hdev_is_powered(hdev) && use_changed &&
4566 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
4567 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4568 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4569 sizeof(mode), &mode);
4572 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4577 err = new_settings(hdev, sk);
4580 hci_dev_unlock(hdev);
4584 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4587 struct mgmt_cp_set_privacy *cp = cp_data;
4591 BT_DBG("request for %s", hdev->name);
4593 if (!lmp_le_capable(hdev))
4594 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4595 MGMT_STATUS_NOT_SUPPORTED);
4597 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
4598 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4599 MGMT_STATUS_INVALID_PARAMS);
4601 if (hdev_is_powered(hdev))
4602 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4603 MGMT_STATUS_REJECTED);
4607 /* If user space supports this command it is also expected to
4608 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4610 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4613 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
4614 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4615 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
4616 if (cp->privacy == 0x02)
4617 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4619 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4621 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
4622 memset(hdev->irk, 0, sizeof(hdev->irk));
4623 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
4624 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4627 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4632 err = new_settings(hdev, sk);
4635 hci_dev_unlock(hdev);
4639 static bool irk_is_valid(struct mgmt_irk_info *irk)
4641 switch (irk->addr.type) {
4642 case BDADDR_LE_PUBLIC:
4645 case BDADDR_LE_RANDOM:
4646 /* Two most significant bits shall be set */
4647 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4655 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4658 struct mgmt_cp_load_irks *cp = cp_data;
4659 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4660 sizeof(struct mgmt_irk_info));
4661 u16 irk_count, expected_len;
4664 BT_DBG("request for %s", hdev->name);
4666 if (!lmp_le_capable(hdev))
4667 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4668 MGMT_STATUS_NOT_SUPPORTED);
4670 irk_count = __le16_to_cpu(cp->irk_count);
4671 if (irk_count > max_irk_count) {
4672 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4673 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4674 MGMT_STATUS_INVALID_PARAMS);
4677 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4678 if (expected_len != len) {
4679 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4681 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4682 MGMT_STATUS_INVALID_PARAMS);
4685 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4687 for (i = 0; i < irk_count; i++) {
4688 struct mgmt_irk_info *key = &cp->irks[i];
4690 if (!irk_is_valid(key))
4691 return mgmt_cmd_status(sk, hdev->id,
4693 MGMT_STATUS_INVALID_PARAMS);
4698 hci_smp_irks_clear(hdev);
4700 for (i = 0; i < irk_count; i++) {
4701 struct mgmt_irk_info *irk = &cp->irks[i];
4703 hci_add_irk(hdev, &irk->addr.bdaddr,
4704 le_addr_type(irk->addr.type), irk->val,
4708 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4710 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4712 hci_dev_unlock(hdev);
4717 static bool ltk_is_valid(struct mgmt_ltk_info *key)
4719 if (key->master != 0x00 && key->master != 0x01)
4722 switch (key->addr.type) {
4723 case BDADDR_LE_PUBLIC:
4726 case BDADDR_LE_RANDOM:
4727 /* Two most significant bits shall be set */
4728 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4736 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4737 void *cp_data, u16 len)
4739 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4740 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4741 sizeof(struct mgmt_ltk_info));
4742 u16 key_count, expected_len;
4745 BT_DBG("request for %s", hdev->name);
4747 if (!lmp_le_capable(hdev))
4748 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4749 MGMT_STATUS_NOT_SUPPORTED);
4751 key_count = __le16_to_cpu(cp->key_count);
4752 if (key_count > max_key_count) {
4753 BT_ERR("load_ltks: too big key_count value %u", key_count);
4754 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4755 MGMT_STATUS_INVALID_PARAMS);
4758 expected_len = sizeof(*cp) + key_count *
4759 sizeof(struct mgmt_ltk_info);
4760 if (expected_len != len) {
4761 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4763 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4764 MGMT_STATUS_INVALID_PARAMS);
4767 BT_DBG("%s key_count %u", hdev->name, key_count);
4769 for (i = 0; i < key_count; i++) {
4770 struct mgmt_ltk_info *key = &cp->keys[i];
4772 if (!ltk_is_valid(key))
4773 return mgmt_cmd_status(sk, hdev->id,
4774 MGMT_OP_LOAD_LONG_TERM_KEYS,
4775 MGMT_STATUS_INVALID_PARAMS);
4780 hci_smp_ltks_clear(hdev);
4782 for (i = 0; i < key_count; i++) {
4783 struct mgmt_ltk_info *key = &cp->keys[i];
4784 u8 type, authenticated;
4786 switch (key->type) {
4787 case MGMT_LTK_UNAUTHENTICATED:
4788 authenticated = 0x00;
4789 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4791 case MGMT_LTK_AUTHENTICATED:
4792 authenticated = 0x01;
4793 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4795 case MGMT_LTK_P256_UNAUTH:
4796 authenticated = 0x00;
4797 type = SMP_LTK_P256;
4799 case MGMT_LTK_P256_AUTH:
4800 authenticated = 0x01;
4801 type = SMP_LTK_P256;
4803 case MGMT_LTK_P256_DEBUG:
4804 authenticated = 0x00;
4805 type = SMP_LTK_P256_DEBUG;
4810 hci_add_ltk(hdev, &key->addr.bdaddr,
4811 le_addr_type(key->addr.type), type, authenticated,
4812 key->val, key->enc_size, key->ediv, key->rand);
4815 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4818 hci_dev_unlock(hdev);
4823 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
4825 struct hci_conn *conn = cmd->user_data;
4826 struct mgmt_rp_get_conn_info rp;
4829 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
4831 if (status == MGMT_STATUS_SUCCESS) {
4832 rp.rssi = conn->rssi;
4833 rp.tx_power = conn->tx_power;
4834 rp.max_tx_power = conn->max_tx_power;
4836 rp.rssi = HCI_RSSI_INVALID;
4837 rp.tx_power = HCI_TX_POWER_INVALID;
4838 rp.max_tx_power = HCI_TX_POWER_INVALID;
4841 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4842 status, &rp, sizeof(rp));
4844 hci_conn_drop(conn);
4850 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
4853 struct hci_cp_read_rssi *cp;
4854 struct mgmt_pending_cmd *cmd;
4855 struct hci_conn *conn;
4859 BT_DBG("status 0x%02x", hci_status);
4863 /* Commands sent in request are either Read RSSI or Read Transmit Power
4864 * Level so we check which one was last sent to retrieve connection
4865 * handle. Both commands have handle as first parameter so it's safe to
4866 * cast data on the same command struct.
4868 * First command sent is always Read RSSI and we fail only if it fails.
4869 * In other case we simply override error to indicate success as we
4870 * already remembered if TX power value is actually valid.
4872 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4874 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4875 status = MGMT_STATUS_SUCCESS;
4877 status = mgmt_status(hci_status);
4881 BT_ERR("invalid sent_cmd in conn_info response");
4885 handle = __le16_to_cpu(cp->handle);
4886 conn = hci_conn_hash_lookup_handle(hdev, handle);
4888 BT_ERR("unknown handle (%d) in conn_info response", handle);
4892 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
4896 cmd->cmd_complete(cmd, status);
4897 mgmt_pending_remove(cmd);
4900 hci_dev_unlock(hdev);
4903 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4906 struct mgmt_cp_get_conn_info *cp = data;
4907 struct mgmt_rp_get_conn_info rp;
4908 struct hci_conn *conn;
4909 unsigned long conn_info_age;
4912 BT_DBG("%s", hdev->name);
4914 memset(&rp, 0, sizeof(rp));
4915 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4916 rp.addr.type = cp->addr.type;
4918 if (!bdaddr_type_is_valid(cp->addr.type))
4919 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4920 MGMT_STATUS_INVALID_PARAMS,
4925 if (!hdev_is_powered(hdev)) {
4926 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4927 MGMT_STATUS_NOT_POWERED, &rp,
4932 if (cp->addr.type == BDADDR_BREDR)
4933 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4936 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4938 if (!conn || conn->state != BT_CONNECTED) {
4939 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4940 MGMT_STATUS_NOT_CONNECTED, &rp,
4945 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
4946 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4947 MGMT_STATUS_BUSY, &rp, sizeof(rp));
4951 /* To avoid client trying to guess when to poll again for information we
4952 * calculate conn info age as random value between min/max set in hdev.
4954 conn_info_age = hdev->conn_info_min_age +
4955 prandom_u32_max(hdev->conn_info_max_age -
4956 hdev->conn_info_min_age);
4958 /* Query controller to refresh cached values if they are too old or were
4961 if (time_after(jiffies, conn->conn_info_timestamp +
4962 msecs_to_jiffies(conn_info_age)) ||
4963 !conn->conn_info_timestamp) {
4964 struct hci_request req;
4965 struct hci_cp_read_tx_power req_txp_cp;
4966 struct hci_cp_read_rssi req_rssi_cp;
4967 struct mgmt_pending_cmd *cmd;
4969 hci_req_init(&req, hdev);
4970 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4971 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4974 /* For LE links TX power does not change thus we don't need to
4975 * query for it once value is known.
4977 if (!bdaddr_type_is_le(cp->addr.type) ||
4978 conn->tx_power == HCI_TX_POWER_INVALID) {
4979 req_txp_cp.handle = cpu_to_le16(conn->handle);
4980 req_txp_cp.type = 0x00;
4981 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4982 sizeof(req_txp_cp), &req_txp_cp);
4985 /* Max TX power needs to be read only once per connection */
4986 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4987 req_txp_cp.handle = cpu_to_le16(conn->handle);
4988 req_txp_cp.type = 0x01;
4989 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4990 sizeof(req_txp_cp), &req_txp_cp);
4993 err = hci_req_run(&req, conn_info_refresh_complete);
4997 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5004 hci_conn_hold(conn);
5005 cmd->user_data = hci_conn_get(conn);
5006 cmd->cmd_complete = conn_info_cmd_complete;
5008 conn->conn_info_timestamp = jiffies;
5010 /* Cache is valid, just reply with values cached in hci_conn */
5011 rp.rssi = conn->rssi;
5012 rp.tx_power = conn->tx_power;
5013 rp.max_tx_power = conn->max_tx_power;
5015 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5016 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5020 hci_dev_unlock(hdev);
5024 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5026 struct hci_conn *conn = cmd->user_data;
5027 struct mgmt_rp_get_clock_info rp;
5028 struct hci_dev *hdev;
5031 memset(&rp, 0, sizeof(rp));
5032 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5037 hdev = hci_dev_get(cmd->index);
5039 rp.local_clock = cpu_to_le32(hdev->clock);
5044 rp.piconet_clock = cpu_to_le32(conn->clock);
5045 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5049 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5053 hci_conn_drop(conn);
5060 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5062 struct hci_cp_read_clock *hci_cp;
5063 struct mgmt_pending_cmd *cmd;
5064 struct hci_conn *conn;
5066 BT_DBG("%s status %u", hdev->name, status);
5070 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5074 if (hci_cp->which) {
5075 u16 handle = __le16_to_cpu(hci_cp->handle);
5076 conn = hci_conn_hash_lookup_handle(hdev, handle);
5081 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5085 cmd->cmd_complete(cmd, mgmt_status(status));
5086 mgmt_pending_remove(cmd);
5089 hci_dev_unlock(hdev);
5092 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5095 struct mgmt_cp_get_clock_info *cp = data;
5096 struct mgmt_rp_get_clock_info rp;
5097 struct hci_cp_read_clock hci_cp;
5098 struct mgmt_pending_cmd *cmd;
5099 struct hci_request req;
5100 struct hci_conn *conn;
5103 BT_DBG("%s", hdev->name);
5105 memset(&rp, 0, sizeof(rp));
5106 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5107 rp.addr.type = cp->addr.type;
5109 if (cp->addr.type != BDADDR_BREDR)
5110 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5111 MGMT_STATUS_INVALID_PARAMS,
5116 if (!hdev_is_powered(hdev)) {
5117 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5118 MGMT_STATUS_NOT_POWERED, &rp,
5123 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5124 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5126 if (!conn || conn->state != BT_CONNECTED) {
5127 err = mgmt_cmd_complete(sk, hdev->id,
5128 MGMT_OP_GET_CLOCK_INFO,
5129 MGMT_STATUS_NOT_CONNECTED,
5137 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5143 cmd->cmd_complete = clock_info_cmd_complete;
5145 hci_req_init(&req, hdev);
5147 memset(&hci_cp, 0, sizeof(hci_cp));
5148 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5151 hci_conn_hold(conn);
5152 cmd->user_data = hci_conn_get(conn);
5154 hci_cp.handle = cpu_to_le16(conn->handle);
5155 hci_cp.which = 0x01; /* Piconet clock */
5156 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5159 err = hci_req_run(&req, get_clock_info_complete);
5161 mgmt_pending_remove(cmd);
5164 hci_dev_unlock(hdev);
5168 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5170 struct hci_conn *conn;
5172 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5176 if (conn->dst_type != type)
5179 if (conn->state != BT_CONNECTED)
5185 /* This function requires the caller holds hdev->lock */
5186 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5187 u8 addr_type, u8 auto_connect)
5189 struct hci_conn_params *params;
5191 params = hci_conn_params_add(hdev, addr, addr_type);
5195 if (params->auto_connect == auto_connect)
5198 list_del_init(¶ms->action);
5200 switch (auto_connect) {
5201 case HCI_AUTO_CONN_DISABLED:
5202 case HCI_AUTO_CONN_LINK_LOSS:
5203 /* If auto connect is being disabled when we're trying to
5204 * connect to device, keep connecting.
5206 if (params->explicit_connect)
5207 list_add(¶ms->action, &hdev->pend_le_conns);
5209 case HCI_AUTO_CONN_REPORT:
5210 if (params->explicit_connect)
5211 list_add(¶ms->action, &hdev->pend_le_conns);
5213 list_add(¶ms->action, &hdev->pend_le_reports);
5215 case HCI_AUTO_CONN_DIRECT:
5216 case HCI_AUTO_CONN_ALWAYS:
5217 if (!is_connected(hdev, addr, addr_type))
5218 list_add(¶ms->action, &hdev->pend_le_conns);
5222 params->auto_connect = auto_connect;
5224 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5230 static void device_added(struct sock *sk, struct hci_dev *hdev,
5231 bdaddr_t *bdaddr, u8 type, u8 action)
5233 struct mgmt_ev_device_added ev;
5235 bacpy(&ev.addr.bdaddr, bdaddr);
5236 ev.addr.type = type;
5239 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5242 static int add_device(struct sock *sk, struct hci_dev *hdev,
5243 void *data, u16 len)
5245 struct mgmt_cp_add_device *cp = data;
5246 u8 auto_conn, addr_type;
5249 BT_DBG("%s", hdev->name);
5251 if (!bdaddr_type_is_valid(cp->addr.type) ||
5252 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5253 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5254 MGMT_STATUS_INVALID_PARAMS,
5255 &cp->addr, sizeof(cp->addr));
5257 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5258 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5259 MGMT_STATUS_INVALID_PARAMS,
5260 &cp->addr, sizeof(cp->addr));
5264 if (cp->addr.type == BDADDR_BREDR) {
5265 /* Only incoming connections action is supported for now */
5266 if (cp->action != 0x01) {
5267 err = mgmt_cmd_complete(sk, hdev->id,
5269 MGMT_STATUS_INVALID_PARAMS,
5270 &cp->addr, sizeof(cp->addr));
5274 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5279 hci_req_update_scan(hdev);
5284 addr_type = le_addr_type(cp->addr.type);
5286 if (cp->action == 0x02)
5287 auto_conn = HCI_AUTO_CONN_ALWAYS;
5288 else if (cp->action == 0x01)
5289 auto_conn = HCI_AUTO_CONN_DIRECT;
5291 auto_conn = HCI_AUTO_CONN_REPORT;
5293 /* Kernel internally uses conn_params with resolvable private
5294 * address, but Add Device allows only identity addresses.
5295 * Make sure it is enforced before calling
5296 * hci_conn_params_lookup.
5298 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5299 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5300 MGMT_STATUS_INVALID_PARAMS,
5301 &cp->addr, sizeof(cp->addr));
5305 /* If the connection parameters don't exist for this device,
5306 * they will be created and configured with defaults.
5308 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5310 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5311 MGMT_STATUS_FAILED, &cp->addr,
5316 hci_update_background_scan(hdev);
5319 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5321 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5322 MGMT_STATUS_SUCCESS, &cp->addr,
5326 hci_dev_unlock(hdev);
5330 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5331 bdaddr_t *bdaddr, u8 type)
5333 struct mgmt_ev_device_removed ev;
5335 bacpy(&ev.addr.bdaddr, bdaddr);
5336 ev.addr.type = type;
5338 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5341 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5342 void *data, u16 len)
5344 struct mgmt_cp_remove_device *cp = data;
5347 BT_DBG("%s", hdev->name);
5351 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5352 struct hci_conn_params *params;
5355 if (!bdaddr_type_is_valid(cp->addr.type)) {
5356 err = mgmt_cmd_complete(sk, hdev->id,
5357 MGMT_OP_REMOVE_DEVICE,
5358 MGMT_STATUS_INVALID_PARAMS,
5359 &cp->addr, sizeof(cp->addr));
5363 if (cp->addr.type == BDADDR_BREDR) {
5364 err = hci_bdaddr_list_del(&hdev->whitelist,
5368 err = mgmt_cmd_complete(sk, hdev->id,
5369 MGMT_OP_REMOVE_DEVICE,
5370 MGMT_STATUS_INVALID_PARAMS,
5376 hci_req_update_scan(hdev);
5378 device_removed(sk, hdev, &cp->addr.bdaddr,
5383 addr_type = le_addr_type(cp->addr.type);
5385 /* Kernel internally uses conn_params with resolvable private
5386 * address, but Remove Device allows only identity addresses.
5387 * Make sure it is enforced before calling
5388 * hci_conn_params_lookup.
5390 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5391 err = mgmt_cmd_complete(sk, hdev->id,
5392 MGMT_OP_REMOVE_DEVICE,
5393 MGMT_STATUS_INVALID_PARAMS,
5394 &cp->addr, sizeof(cp->addr));
5398 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5401 err = mgmt_cmd_complete(sk, hdev->id,
5402 MGMT_OP_REMOVE_DEVICE,
5403 MGMT_STATUS_INVALID_PARAMS,
5404 &cp->addr, sizeof(cp->addr));
5408 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5409 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
5410 err = mgmt_cmd_complete(sk, hdev->id,
5411 MGMT_OP_REMOVE_DEVICE,
5412 MGMT_STATUS_INVALID_PARAMS,
5413 &cp->addr, sizeof(cp->addr));
5417 list_del(¶ms->action);
5418 list_del(¶ms->list);
5420 hci_update_background_scan(hdev);
5422 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5424 struct hci_conn_params *p, *tmp;
5425 struct bdaddr_list *b, *btmp;
5427 if (cp->addr.type) {
5428 err = mgmt_cmd_complete(sk, hdev->id,
5429 MGMT_OP_REMOVE_DEVICE,
5430 MGMT_STATUS_INVALID_PARAMS,
5431 &cp->addr, sizeof(cp->addr));
5435 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5436 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5441 hci_req_update_scan(hdev);
5443 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5444 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5446 device_removed(sk, hdev, &p->addr, p->addr_type);
5447 if (p->explicit_connect) {
5448 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5451 list_del(&p->action);
5456 BT_DBG("All LE connection parameters were removed");
5458 hci_update_background_scan(hdev);
5462 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5463 MGMT_STATUS_SUCCESS, &cp->addr,
5466 hci_dev_unlock(hdev);
5470 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5473 struct mgmt_cp_load_conn_param *cp = data;
5474 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5475 sizeof(struct mgmt_conn_param));
5476 u16 param_count, expected_len;
5479 if (!lmp_le_capable(hdev))
5480 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5481 MGMT_STATUS_NOT_SUPPORTED);
5483 param_count = __le16_to_cpu(cp->param_count);
5484 if (param_count > max_param_count) {
5485 BT_ERR("load_conn_param: too big param_count value %u",
5487 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5488 MGMT_STATUS_INVALID_PARAMS);
5491 expected_len = sizeof(*cp) + param_count *
5492 sizeof(struct mgmt_conn_param);
5493 if (expected_len != len) {
5494 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5496 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5497 MGMT_STATUS_INVALID_PARAMS);
5500 BT_DBG("%s param_count %u", hdev->name, param_count);
5504 hci_conn_params_clear_disabled(hdev);
5506 for (i = 0; i < param_count; i++) {
5507 struct mgmt_conn_param *param = &cp->params[i];
5508 struct hci_conn_params *hci_param;
5509 u16 min, max, latency, timeout;
5512 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5515 if (param->addr.type == BDADDR_LE_PUBLIC) {
5516 addr_type = ADDR_LE_DEV_PUBLIC;
5517 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5518 addr_type = ADDR_LE_DEV_RANDOM;
5520 BT_ERR("Ignoring invalid connection parameters");
5524 min = le16_to_cpu(param->min_interval);
5525 max = le16_to_cpu(param->max_interval);
5526 latency = le16_to_cpu(param->latency);
5527 timeout = le16_to_cpu(param->timeout);
5529 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5530 min, max, latency, timeout);
5532 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5533 BT_ERR("Ignoring invalid connection parameters");
5537 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5540 BT_ERR("Failed to add connection parameters");
5544 hci_param->conn_min_interval = min;
5545 hci_param->conn_max_interval = max;
5546 hci_param->conn_latency = latency;
5547 hci_param->supervision_timeout = timeout;
5550 hci_dev_unlock(hdev);
5552 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5556 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5557 void *data, u16 len)
5559 struct mgmt_cp_set_external_config *cp = data;
5563 BT_DBG("%s", hdev->name);
5565 if (hdev_is_powered(hdev))
5566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5567 MGMT_STATUS_REJECTED);
5569 if (cp->config != 0x00 && cp->config != 0x01)
5570 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5571 MGMT_STATUS_INVALID_PARAMS);
5573 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5574 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5575 MGMT_STATUS_NOT_SUPPORTED);
5580 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
5582 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
5584 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5591 err = new_options(hdev, sk);
5593 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
5594 mgmt_index_removed(hdev);
5596 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
5597 hci_dev_set_flag(hdev, HCI_CONFIG);
5598 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5600 queue_work(hdev->req_workqueue, &hdev->power_on);
5602 set_bit(HCI_RAW, &hdev->flags);
5603 mgmt_index_added(hdev);
5608 hci_dev_unlock(hdev);
5612 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5613 void *data, u16 len)
5615 struct mgmt_cp_set_public_address *cp = data;
5619 BT_DBG("%s", hdev->name);
5621 if (hdev_is_powered(hdev))
5622 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5623 MGMT_STATUS_REJECTED);
5625 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5626 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5627 MGMT_STATUS_INVALID_PARAMS);
5629 if (!hdev->set_bdaddr)
5630 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5631 MGMT_STATUS_NOT_SUPPORTED);
5635 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5636 bacpy(&hdev->public_addr, &cp->bdaddr);
5638 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5645 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
5646 err = new_options(hdev, sk);
5648 if (is_configured(hdev)) {
5649 mgmt_index_removed(hdev);
5651 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
5653 hci_dev_set_flag(hdev, HCI_CONFIG);
5654 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
5656 queue_work(hdev->req_workqueue, &hdev->power_on);
5660 hci_dev_unlock(hdev);
5664 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
5665 u16 opcode, struct sk_buff *skb)
5667 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
5668 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
5669 u8 *h192, *r192, *h256, *r256;
5670 struct mgmt_pending_cmd *cmd;
5674 BT_DBG("%s status %u", hdev->name, status);
5676 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
5680 mgmt_cp = cmd->param;
5683 status = mgmt_status(status);
5690 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
5691 struct hci_rp_read_local_oob_data *rp;
5693 if (skb->len != sizeof(*rp)) {
5694 status = MGMT_STATUS_FAILED;
5697 status = MGMT_STATUS_SUCCESS;
5698 rp = (void *)skb->data;
5700 eir_len = 5 + 18 + 18;
5707 struct hci_rp_read_local_oob_ext_data *rp;
5709 if (skb->len != sizeof(*rp)) {
5710 status = MGMT_STATUS_FAILED;
5713 status = MGMT_STATUS_SUCCESS;
5714 rp = (void *)skb->data;
5716 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5717 eir_len = 5 + 18 + 18;
5721 eir_len = 5 + 18 + 18 + 18 + 18;
5731 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
5738 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
5739 hdev->dev_class, 3);
5742 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5743 EIR_SSP_HASH_C192, h192, 16);
5744 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5745 EIR_SSP_RAND_R192, r192, 16);
5749 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5750 EIR_SSP_HASH_C256, h256, 16);
5751 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5752 EIR_SSP_RAND_R256, r256, 16);
5756 mgmt_rp->type = mgmt_cp->type;
5757 mgmt_rp->eir_len = cpu_to_le16(eir_len);
5759 err = mgmt_cmd_complete(cmd->sk, hdev->id,
5760 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
5761 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
5762 if (err < 0 || status)
5765 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
5767 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5768 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
5769 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
5772 mgmt_pending_remove(cmd);
5775 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
5776 struct mgmt_cp_read_local_oob_ext_data *cp)
5778 struct mgmt_pending_cmd *cmd;
5779 struct hci_request req;
5782 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
5787 hci_req_init(&req, hdev);
5789 if (bredr_sc_enabled(hdev))
5790 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
5792 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
5794 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
5796 mgmt_pending_remove(cmd);
5803 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
5804 void *data, u16 data_len)
5806 struct mgmt_cp_read_local_oob_ext_data *cp = data;
5807 struct mgmt_rp_read_local_oob_ext_data *rp;
5810 u8 status, flags, role, addr[7], hash[16], rand[16];
5813 BT_DBG("%s", hdev->name);
5815 if (hdev_is_powered(hdev)) {
5817 case BIT(BDADDR_BREDR):
5818 status = mgmt_bredr_support(hdev);
5824 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5825 status = mgmt_le_support(hdev);
5829 eir_len = 9 + 3 + 18 + 18 + 3;
5832 status = MGMT_STATUS_INVALID_PARAMS;
5837 status = MGMT_STATUS_NOT_POWERED;
5841 rp_len = sizeof(*rp) + eir_len;
5842 rp = kmalloc(rp_len, GFP_ATOMIC);
5853 case BIT(BDADDR_BREDR):
5854 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5855 err = read_local_ssp_oob_req(hdev, sk, cp);
5856 hci_dev_unlock(hdev);
5860 status = MGMT_STATUS_FAILED;
5863 eir_len = eir_append_data(rp->eir, eir_len,
5865 hdev->dev_class, 3);
5868 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5869 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5870 smp_generate_oob(hdev, hash, rand) < 0) {
5871 hci_dev_unlock(hdev);
5872 status = MGMT_STATUS_FAILED;
5876 /* This should return the active RPA, but since the RPA
5877 * is only programmed on demand, it is really hard to fill
5878 * this in at the moment. For now disallow retrieving
5879 * local out-of-band data when privacy is in use.
5881 * Returning the identity address will not help here since
5882 * pairing happens before the identity resolving key is
5883 * known and thus the connection establishment happens
5884 * based on the RPA and not the identity address.
5886 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
5887 hci_dev_unlock(hdev);
5888 status = MGMT_STATUS_REJECTED;
5892 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
5893 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
5894 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5895 bacmp(&hdev->static_addr, BDADDR_ANY))) {
5896 memcpy(addr, &hdev->static_addr, 6);
5899 memcpy(addr, &hdev->bdaddr, 6);
5903 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
5904 addr, sizeof(addr));
5906 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
5911 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
5912 &role, sizeof(role));
5914 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
5915 eir_len = eir_append_data(rp->eir, eir_len,
5917 hash, sizeof(hash));
5919 eir_len = eir_append_data(rp->eir, eir_len,
5921 rand, sizeof(rand));
5924 flags = mgmt_get_adv_discov_flags(hdev);
5926 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
5927 flags |= LE_AD_NO_BREDR;
5929 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
5930 &flags, sizeof(flags));
5934 hci_dev_unlock(hdev);
5936 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
5938 status = MGMT_STATUS_SUCCESS;
5941 rp->type = cp->type;
5942 rp->eir_len = cpu_to_le16(eir_len);
5944 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
5945 status, rp, sizeof(*rp) + eir_len);
5946 if (err < 0 || status)
5949 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5950 rp, sizeof(*rp) + eir_len,
5951 HCI_MGMT_OOB_DATA_EVENTS, sk);
5959 static u32 get_supported_adv_flags(struct hci_dev *hdev)
5963 flags |= MGMT_ADV_FLAG_CONNECTABLE;
5964 flags |= MGMT_ADV_FLAG_DISCOV;
5965 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
5966 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
5967 flags |= MGMT_ADV_FLAG_APPEARANCE;
5968 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
5970 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
5971 flags |= MGMT_ADV_FLAG_TX_POWER;
5976 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
5977 void *data, u16 data_len)
5979 struct mgmt_rp_read_adv_features *rp;
5982 struct adv_info *adv_instance;
5983 u32 supported_flags;
5986 BT_DBG("%s", hdev->name);
5988 if (!lmp_le_capable(hdev))
5989 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5990 MGMT_STATUS_REJECTED);
5994 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
5995 rp = kmalloc(rp_len, GFP_ATOMIC);
5997 hci_dev_unlock(hdev);
6001 supported_flags = get_supported_adv_flags(hdev);
6003 rp->supported_flags = cpu_to_le32(supported_flags);
6004 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6005 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6006 rp->max_instances = HCI_MAX_ADV_INSTANCES;
6007 rp->num_instances = hdev->adv_instance_cnt;
6009 instance = rp->instance;
6010 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6011 *instance = adv_instance->instance;
6015 hci_dev_unlock(hdev);
6017 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6018 MGMT_STATUS_SUCCESS, rp, rp_len);
6025 static u8 calculate_name_len(struct hci_dev *hdev)
6027 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
6029 return append_local_name(hdev, buf, 0);
6032 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
6035 u8 max_len = HCI_MAX_AD_LENGTH;
6038 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6039 MGMT_ADV_FLAG_LIMITED_DISCOV |
6040 MGMT_ADV_FLAG_MANAGED_FLAGS))
6043 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6046 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6047 max_len -= calculate_name_len(hdev);
6049 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
6056 static bool flags_managed(u32 adv_flags)
6058 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6059 MGMT_ADV_FLAG_LIMITED_DISCOV |
6060 MGMT_ADV_FLAG_MANAGED_FLAGS);
6063 static bool tx_power_managed(u32 adv_flags)
6065 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6068 static bool name_managed(u32 adv_flags)
6070 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6073 static bool appearance_managed(u32 adv_flags)
6075 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6078 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6079 u8 len, bool is_adv_data)
6084 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
6089 /* Make sure that the data is correctly formatted. */
6090 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6096 if (data[i + 1] == EIR_FLAGS &&
6097 (!is_adv_data || flags_managed(adv_flags)))
6100 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6103 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6106 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
6109 if (data[i + 1] == EIR_APPEARANCE &&
6110 appearance_managed(adv_flags))
6113 /* If the current field length would exceed the total data
6114 * length, then it's invalid.
6116 if (i + cur_len >= len)
6123 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6126 struct mgmt_pending_cmd *cmd;
6127 struct mgmt_cp_add_advertising *cp;
6128 struct mgmt_rp_add_advertising rp;
6129 struct adv_info *adv_instance, *n;
6132 BT_DBG("status %d", status);
6136 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6138 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6139 if (!adv_instance->pending)
6143 adv_instance->pending = false;
6147 instance = adv_instance->instance;
6149 if (hdev->cur_adv_instance == instance)
6150 cancel_adv_timeout(hdev);
6152 hci_remove_adv_instance(hdev, instance);
6153 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
6160 rp.instance = cp->instance;
6163 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6164 mgmt_status(status));
6166 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6167 mgmt_status(status), &rp, sizeof(rp));
6169 mgmt_pending_remove(cmd);
6172 hci_dev_unlock(hdev);
6175 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6176 void *data, u16 data_len)
6178 struct mgmt_cp_add_advertising *cp = data;
6179 struct mgmt_rp_add_advertising rp;
6181 u32 supported_flags;
6183 u16 timeout, duration;
6184 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6185 u8 schedule_instance = 0;
6186 struct adv_info *next_instance;
6188 struct mgmt_pending_cmd *cmd;
6189 struct hci_request req;
6191 BT_DBG("%s", hdev->name);
6193 status = mgmt_le_support(hdev);
6195 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6198 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6199 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6200 MGMT_STATUS_INVALID_PARAMS);
6202 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
6203 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6204 MGMT_STATUS_INVALID_PARAMS);
6206 flags = __le32_to_cpu(cp->flags);
6207 timeout = __le16_to_cpu(cp->timeout);
6208 duration = __le16_to_cpu(cp->duration);
6210 /* The current implementation only supports a subset of the specified
6213 supported_flags = get_supported_adv_flags(hdev);
6214 if (flags & ~supported_flags)
6215 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6216 MGMT_STATUS_INVALID_PARAMS);
6220 if (timeout && !hdev_is_powered(hdev)) {
6221 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6222 MGMT_STATUS_REJECTED);
6226 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6227 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6228 pending_find(MGMT_OP_SET_LE, hdev)) {
6229 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6234 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6235 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6236 cp->scan_rsp_len, false)) {
6237 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6238 MGMT_STATUS_INVALID_PARAMS);
6242 err = hci_add_adv_instance(hdev, cp->instance, flags,
6243 cp->adv_data_len, cp->data,
6245 cp->data + cp->adv_data_len,
6248 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6249 MGMT_STATUS_FAILED);
6253 /* Only trigger an advertising added event if a new instance was
6256 if (hdev->adv_instance_cnt > prev_instance_cnt)
6257 mgmt_advertising_added(sk, hdev, cp->instance);
6259 if (hdev->cur_adv_instance == cp->instance) {
6260 /* If the currently advertised instance is being changed then
6261 * cancel the current advertising and schedule the next
6262 * instance. If there is only one instance then the overridden
6263 * advertising data will be visible right away.
6265 cancel_adv_timeout(hdev);
6267 next_instance = hci_get_next_instance(hdev, cp->instance);
6269 schedule_instance = next_instance->instance;
6270 } else if (!hdev->adv_instance_timeout) {
6271 /* Immediately advertise the new instance if no other
6272 * instance is currently being advertised.
6274 schedule_instance = cp->instance;
6277 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6278 * there is no instance to be advertised then we have no HCI
6279 * communication to make. Simply return.
6281 if (!hdev_is_powered(hdev) ||
6282 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6283 !schedule_instance) {
6284 rp.instance = cp->instance;
6285 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6286 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6290 /* We're good to go, update advertising data, parameters, and start
6293 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6300 hci_req_init(&req, hdev);
6302 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
6305 err = hci_req_run(&req, add_advertising_complete);
6308 mgmt_pending_remove(cmd);
6311 hci_dev_unlock(hdev);
6316 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6319 struct mgmt_pending_cmd *cmd;
6320 struct mgmt_cp_remove_advertising *cp;
6321 struct mgmt_rp_remove_advertising rp;
6323 BT_DBG("status %d", status);
6327 /* A failure status here only means that we failed to disable
6328 * advertising. Otherwise, the advertising instance has been removed,
6329 * so report success.
6331 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6336 rp.instance = cp->instance;
6338 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6340 mgmt_pending_remove(cmd);
6343 hci_dev_unlock(hdev);
6346 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6347 void *data, u16 data_len)
6349 struct mgmt_cp_remove_advertising *cp = data;
6350 struct mgmt_rp_remove_advertising rp;
6351 struct mgmt_pending_cmd *cmd;
6352 struct hci_request req;
6355 BT_DBG("%s", hdev->name);
6359 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
6360 err = mgmt_cmd_status(sk, hdev->id,
6361 MGMT_OP_REMOVE_ADVERTISING,
6362 MGMT_STATUS_INVALID_PARAMS);
6366 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6367 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6368 pending_find(MGMT_OP_SET_LE, hdev)) {
6369 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6374 if (list_empty(&hdev->adv_instances)) {
6375 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6376 MGMT_STATUS_INVALID_PARAMS);
6380 hci_req_init(&req, hdev);
6382 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
6384 if (list_empty(&hdev->adv_instances))
6385 __hci_req_disable_advertising(&req);
6387 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6388 * flag is set or the device isn't powered then we have no HCI
6389 * communication to make. Simply return.
6391 if (skb_queue_empty(&req.cmd_q) ||
6392 !hdev_is_powered(hdev) ||
6393 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6394 rp.instance = cp->instance;
6395 err = mgmt_cmd_complete(sk, hdev->id,
6396 MGMT_OP_REMOVE_ADVERTISING,
6397 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6401 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6408 err = hci_req_run(&req, remove_advertising_complete);
6410 mgmt_pending_remove(cmd);
6413 hci_dev_unlock(hdev);
6418 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6419 void *data, u16 data_len)
6421 struct mgmt_cp_get_adv_size_info *cp = data;
6422 struct mgmt_rp_get_adv_size_info rp;
6423 u32 flags, supported_flags;
6426 BT_DBG("%s", hdev->name);
6428 if (!lmp_le_capable(hdev))
6429 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6430 MGMT_STATUS_REJECTED);
6432 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6433 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6434 MGMT_STATUS_INVALID_PARAMS);
6436 flags = __le32_to_cpu(cp->flags);
6438 /* The current implementation only supports a subset of the specified
6441 supported_flags = get_supported_adv_flags(hdev);
6442 if (flags & ~supported_flags)
6443 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6444 MGMT_STATUS_INVALID_PARAMS);
6446 rp.instance = cp->instance;
6447 rp.flags = cp->flags;
6448 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
6449 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
6451 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6452 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6457 static const struct hci_mgmt_handler mgmt_handlers[] = {
6458 { NULL }, /* 0x0000 (no command) */
6459 { read_version, MGMT_READ_VERSION_SIZE,
6461 HCI_MGMT_UNTRUSTED },
6462 { read_commands, MGMT_READ_COMMANDS_SIZE,
6464 HCI_MGMT_UNTRUSTED },
6465 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6467 HCI_MGMT_UNTRUSTED },
6468 { read_controller_info, MGMT_READ_INFO_SIZE,
6469 HCI_MGMT_UNTRUSTED },
6470 { set_powered, MGMT_SETTING_SIZE },
6471 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6472 { set_connectable, MGMT_SETTING_SIZE },
6473 { set_fast_connectable, MGMT_SETTING_SIZE },
6474 { set_bondable, MGMT_SETTING_SIZE },
6475 { set_link_security, MGMT_SETTING_SIZE },
6476 { set_ssp, MGMT_SETTING_SIZE },
6477 { set_hs, MGMT_SETTING_SIZE },
6478 { set_le, MGMT_SETTING_SIZE },
6479 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6480 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6481 { add_uuid, MGMT_ADD_UUID_SIZE },
6482 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6483 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6485 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6487 { disconnect, MGMT_DISCONNECT_SIZE },
6488 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6489 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6490 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6491 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6492 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6493 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6494 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6495 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6496 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6497 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6498 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6499 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6500 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6502 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6503 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6504 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6505 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6506 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6507 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6508 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6509 { set_advertising, MGMT_SETTING_SIZE },
6510 { set_bredr, MGMT_SETTING_SIZE },
6511 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6512 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6513 { set_secure_conn, MGMT_SETTING_SIZE },
6514 { set_debug_keys, MGMT_SETTING_SIZE },
6515 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6516 { load_irks, MGMT_LOAD_IRKS_SIZE,
6518 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6519 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6520 { add_device, MGMT_ADD_DEVICE_SIZE },
6521 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6522 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6524 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6526 HCI_MGMT_UNTRUSTED },
6527 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6528 HCI_MGMT_UNCONFIGURED |
6529 HCI_MGMT_UNTRUSTED },
6530 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6531 HCI_MGMT_UNCONFIGURED },
6532 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6533 HCI_MGMT_UNCONFIGURED },
6534 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6536 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6537 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6539 HCI_MGMT_UNTRUSTED },
6540 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6541 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6543 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
6544 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
6545 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
6546 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6547 HCI_MGMT_UNTRUSTED },
6548 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6551 void mgmt_index_added(struct hci_dev *hdev)
6553 struct mgmt_ev_ext_index ev;
6555 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6558 switch (hdev->dev_type) {
6560 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6561 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6562 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6565 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6566 HCI_MGMT_INDEX_EVENTS);
6579 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6580 HCI_MGMT_EXT_INDEX_EVENTS);
6583 void mgmt_index_removed(struct hci_dev *hdev)
6585 struct mgmt_ev_ext_index ev;
6586 u8 status = MGMT_STATUS_INVALID_INDEX;
6588 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6591 switch (hdev->dev_type) {
6593 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6595 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6596 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6597 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6600 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6601 HCI_MGMT_INDEX_EVENTS);
6614 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6615 HCI_MGMT_EXT_INDEX_EVENTS);
6618 /* This function requires the caller holds hdev->lock */
6619 static void restart_le_actions(struct hci_dev *hdev)
6621 struct hci_conn_params *p;
6623 list_for_each_entry(p, &hdev->le_conn_params, list) {
6624 /* Needed for AUTO_OFF case where might not "really"
6625 * have been powered off.
6627 list_del_init(&p->action);
6629 switch (p->auto_connect) {
6630 case HCI_AUTO_CONN_DIRECT:
6631 case HCI_AUTO_CONN_ALWAYS:
6632 list_add(&p->action, &hdev->pend_le_conns);
6634 case HCI_AUTO_CONN_REPORT:
6635 list_add(&p->action, &hdev->pend_le_reports);
6643 void mgmt_power_on(struct hci_dev *hdev, int err)
6645 struct cmd_lookup match = { NULL, hdev };
6647 BT_DBG("err %d", err);
6652 restart_le_actions(hdev);
6653 hci_update_background_scan(hdev);
6656 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6658 new_settings(hdev, match.sk);
6663 hci_dev_unlock(hdev);
6666 void __mgmt_power_off(struct hci_dev *hdev)
6668 struct cmd_lookup match = { NULL, hdev };
6669 u8 status, zero_cod[] = { 0, 0, 0 };
6671 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6673 /* If the power off is because of hdev unregistration let
6674 * use the appropriate INVALID_INDEX status. Otherwise use
6675 * NOT_POWERED. We cover both scenarios here since later in
6676 * mgmt_index_removed() any hci_conn callbacks will have already
6677 * been triggered, potentially causing misleading DISCONNECTED
6680 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
6681 status = MGMT_STATUS_INVALID_INDEX;
6683 status = MGMT_STATUS_NOT_POWERED;
6685 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6687 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
6688 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6689 zero_cod, sizeof(zero_cod),
6690 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
6691 ext_info_changed(hdev, NULL);
6694 new_settings(hdev, match.sk);
6700 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
6702 struct mgmt_pending_cmd *cmd;
6705 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6709 if (err == -ERFKILL)
6710 status = MGMT_STATUS_RFKILLED;
6712 status = MGMT_STATUS_FAILED;
6714 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
6716 mgmt_pending_remove(cmd);
6719 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6722 struct mgmt_ev_new_link_key ev;
6724 memset(&ev, 0, sizeof(ev));
6726 ev.store_hint = persistent;
6727 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6728 ev.key.addr.type = BDADDR_BREDR;
6729 ev.key.type = key->type;
6730 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
6731 ev.key.pin_len = key->pin_len;
6733 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
6736 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6738 switch (ltk->type) {
6741 if (ltk->authenticated)
6742 return MGMT_LTK_AUTHENTICATED;
6743 return MGMT_LTK_UNAUTHENTICATED;
6745 if (ltk->authenticated)
6746 return MGMT_LTK_P256_AUTH;
6747 return MGMT_LTK_P256_UNAUTH;
6748 case SMP_LTK_P256_DEBUG:
6749 return MGMT_LTK_P256_DEBUG;
6752 return MGMT_LTK_UNAUTHENTICATED;
6755 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
6757 struct mgmt_ev_new_long_term_key ev;
6759 memset(&ev, 0, sizeof(ev));
6761 /* Devices using resolvable or non-resolvable random addresses
6762 * without providing an identity resolving key don't require
6763 * to store long term keys. Their addresses will change the
6766 * Only when a remote device provides an identity address
6767 * make sure the long term key is stored. If the remote
6768 * identity is known, the long term keys are internally
6769 * mapped to the identity address. So allow static random
6770 * and public addresses here.
6772 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6773 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6774 ev.store_hint = 0x00;
6776 ev.store_hint = persistent;
6778 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6779 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
6780 ev.key.type = mgmt_ltk_type(key);
6781 ev.key.enc_size = key->enc_size;
6782 ev.key.ediv = key->ediv;
6783 ev.key.rand = key->rand;
6785 if (key->type == SMP_LTK)
6788 /* Make sure we copy only the significant bytes based on the
6789 * encryption key size, and set the rest of the value to zeroes.
6791 memcpy(ev.key.val, key->val, key->enc_size);
6792 memset(ev.key.val + key->enc_size, 0,
6793 sizeof(ev.key.val) - key->enc_size);
6795 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
6798 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
6800 struct mgmt_ev_new_irk ev;
6802 memset(&ev, 0, sizeof(ev));
6804 ev.store_hint = persistent;
6806 bacpy(&ev.rpa, &irk->rpa);
6807 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6808 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6809 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6811 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6814 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6817 struct mgmt_ev_new_csrk ev;
6819 memset(&ev, 0, sizeof(ev));
6821 /* Devices using resolvable or non-resolvable random addresses
6822 * without providing an identity resolving key don't require
6823 * to store signature resolving keys. Their addresses will change
6824 * the next time around.
6826 * Only when a remote device provides an identity address
6827 * make sure the signature resolving key is stored. So allow
6828 * static random and public addresses here.
6830 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6831 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6832 ev.store_hint = 0x00;
6834 ev.store_hint = persistent;
6836 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6837 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6838 ev.key.type = csrk->type;
6839 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6841 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6844 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
6845 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6846 u16 max_interval, u16 latency, u16 timeout)
6848 struct mgmt_ev_new_conn_param ev;
6850 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6853 memset(&ev, 0, sizeof(ev));
6854 bacpy(&ev.addr.bdaddr, bdaddr);
6855 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
6856 ev.store_hint = store_hint;
6857 ev.min_interval = cpu_to_le16(min_interval);
6858 ev.max_interval = cpu_to_le16(max_interval);
6859 ev.latency = cpu_to_le16(latency);
6860 ev.timeout = cpu_to_le16(timeout);
6862 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6865 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6866 u32 flags, u8 *name, u8 name_len)
6869 struct mgmt_ev_device_connected *ev = (void *) buf;
6872 bacpy(&ev->addr.bdaddr, &conn->dst);
6873 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6875 ev->flags = __cpu_to_le32(flags);
6877 /* We must ensure that the EIR Data fields are ordered and
6878 * unique. Keep it simple for now and avoid the problem by not
6879 * adding any BR/EDR data to the LE adv.
6881 if (conn->le_adv_data_len > 0) {
6882 memcpy(&ev->eir[eir_len],
6883 conn->le_adv_data, conn->le_adv_data_len);
6884 eir_len = conn->le_adv_data_len;
6887 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6890 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
6891 eir_len = eir_append_data(ev->eir, eir_len,
6893 conn->dev_class, 3);
6896 ev->eir_len = cpu_to_le16(eir_len);
6898 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6899 sizeof(*ev) + eir_len, NULL);
6902 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
6904 struct sock **sk = data;
6906 cmd->cmd_complete(cmd, 0);
6911 mgmt_pending_remove(cmd);
6914 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
6916 struct hci_dev *hdev = data;
6917 struct mgmt_cp_unpair_device *cp = cmd->param;
6919 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6921 cmd->cmd_complete(cmd, 0);
6922 mgmt_pending_remove(cmd);
6925 bool mgmt_powering_down(struct hci_dev *hdev)
6927 struct mgmt_pending_cmd *cmd;
6928 struct mgmt_mode *cp;
6930 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6941 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
6942 u8 link_type, u8 addr_type, u8 reason,
6943 bool mgmt_connected)
6945 struct mgmt_ev_device_disconnected ev;
6946 struct sock *sk = NULL;
6948 /* The connection is still in hci_conn_hash so test for 1
6949 * instead of 0 to know if this is the last one.
6951 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6952 cancel_delayed_work(&hdev->power_off);
6953 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6956 if (!mgmt_connected)
6959 if (link_type != ACL_LINK && link_type != LE_LINK)
6962 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
6964 bacpy(&ev.addr.bdaddr, bdaddr);
6965 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6968 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
6973 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6977 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6978 u8 link_type, u8 addr_type, u8 status)
6980 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6981 struct mgmt_cp_disconnect *cp;
6982 struct mgmt_pending_cmd *cmd;
6984 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6987 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
6993 if (bacmp(bdaddr, &cp->addr.bdaddr))
6996 if (cp->addr.type != bdaddr_type)
6999 cmd->cmd_complete(cmd, mgmt_status(status));
7000 mgmt_pending_remove(cmd);
7003 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7004 u8 addr_type, u8 status)
7006 struct mgmt_ev_connect_failed ev;
7008 /* The connection is still in hci_conn_hash so test for 1
7009 * instead of 0 to know if this is the last one.
7011 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7012 cancel_delayed_work(&hdev->power_off);
7013 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7016 bacpy(&ev.addr.bdaddr, bdaddr);
7017 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7018 ev.status = mgmt_status(status);
7020 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7023 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7025 struct mgmt_ev_pin_code_request ev;
7027 bacpy(&ev.addr.bdaddr, bdaddr);
7028 ev.addr.type = BDADDR_BREDR;
7031 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7034 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7037 struct mgmt_pending_cmd *cmd;
7039 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7043 cmd->cmd_complete(cmd, mgmt_status(status));
7044 mgmt_pending_remove(cmd);
7047 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7050 struct mgmt_pending_cmd *cmd;
7052 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7056 cmd->cmd_complete(cmd, mgmt_status(status));
7057 mgmt_pending_remove(cmd);
7060 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7061 u8 link_type, u8 addr_type, u32 value,
7064 struct mgmt_ev_user_confirm_request ev;
7066 BT_DBG("%s", hdev->name);
7068 bacpy(&ev.addr.bdaddr, bdaddr);
7069 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7070 ev.confirm_hint = confirm_hint;
7071 ev.value = cpu_to_le32(value);
7073 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7077 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7078 u8 link_type, u8 addr_type)
7080 struct mgmt_ev_user_passkey_request ev;
7082 BT_DBG("%s", hdev->name);
7084 bacpy(&ev.addr.bdaddr, bdaddr);
7085 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7087 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7091 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7092 u8 link_type, u8 addr_type, u8 status,
7095 struct mgmt_pending_cmd *cmd;
7097 cmd = pending_find(opcode, hdev);
7101 cmd->cmd_complete(cmd, mgmt_status(status));
7102 mgmt_pending_remove(cmd);
7107 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7108 u8 link_type, u8 addr_type, u8 status)
7110 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7111 status, MGMT_OP_USER_CONFIRM_REPLY);
7114 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7115 u8 link_type, u8 addr_type, u8 status)
7117 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7119 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7122 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7123 u8 link_type, u8 addr_type, u8 status)
7125 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7126 status, MGMT_OP_USER_PASSKEY_REPLY);
7129 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7130 u8 link_type, u8 addr_type, u8 status)
7132 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7134 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7137 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7138 u8 link_type, u8 addr_type, u32 passkey,
7141 struct mgmt_ev_passkey_notify ev;
7143 BT_DBG("%s", hdev->name);
7145 bacpy(&ev.addr.bdaddr, bdaddr);
7146 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7147 ev.passkey = __cpu_to_le32(passkey);
7148 ev.entered = entered;
7150 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7153 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7155 struct mgmt_ev_auth_failed ev;
7156 struct mgmt_pending_cmd *cmd;
7157 u8 status = mgmt_status(hci_status);
7159 bacpy(&ev.addr.bdaddr, &conn->dst);
7160 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7163 cmd = find_pairing(conn);
7165 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7166 cmd ? cmd->sk : NULL);
7169 cmd->cmd_complete(cmd, status);
7170 mgmt_pending_remove(cmd);
7174 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7176 struct cmd_lookup match = { NULL, hdev };
7180 u8 mgmt_err = mgmt_status(status);
7181 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7182 cmd_status_rsp, &mgmt_err);
7186 if (test_bit(HCI_AUTH, &hdev->flags))
7187 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7189 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7191 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7195 new_settings(hdev, match.sk);
7201 static void clear_eir(struct hci_request *req)
7203 struct hci_dev *hdev = req->hdev;
7204 struct hci_cp_write_eir cp;
7206 if (!lmp_ext_inq_capable(hdev))
7209 memset(hdev->eir, 0, sizeof(hdev->eir));
7211 memset(&cp, 0, sizeof(cp));
7213 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7216 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7218 struct cmd_lookup match = { NULL, hdev };
7219 struct hci_request req;
7220 bool changed = false;
7223 u8 mgmt_err = mgmt_status(status);
7225 if (enable && hci_dev_test_and_clear_flag(hdev,
7227 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7228 new_settings(hdev, NULL);
7231 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7237 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7239 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7241 changed = hci_dev_test_and_clear_flag(hdev,
7244 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7247 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7250 new_settings(hdev, match.sk);
7255 hci_req_init(&req, hdev);
7257 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7258 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7259 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7260 sizeof(enable), &enable);
7261 __hci_req_update_eir(&req);
7266 hci_req_run(&req, NULL);
7269 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7271 struct cmd_lookup *match = data;
7273 if (match->sk == NULL) {
7274 match->sk = cmd->sk;
7275 sock_hold(match->sk);
7279 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7282 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7284 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7285 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7286 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7289 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7290 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7291 ext_info_changed(hdev, NULL);
7298 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7300 struct mgmt_cp_set_local_name ev;
7301 struct mgmt_pending_cmd *cmd;
7306 memset(&ev, 0, sizeof(ev));
7307 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7308 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7310 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7312 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7314 /* If this is a HCI command related to powering on the
7315 * HCI dev don't send any mgmt signals.
7317 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7321 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7322 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
7323 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
7326 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7330 for (i = 0; i < uuid_count; i++) {
7331 if (!memcmp(uuid, uuids[i], 16))
7338 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7342 while (parsed < eir_len) {
7343 u8 field_len = eir[0];
7350 if (eir_len - parsed < field_len + 1)
7354 case EIR_UUID16_ALL:
7355 case EIR_UUID16_SOME:
7356 for (i = 0; i + 3 <= field_len; i += 2) {
7357 memcpy(uuid, bluetooth_base_uuid, 16);
7358 uuid[13] = eir[i + 3];
7359 uuid[12] = eir[i + 2];
7360 if (has_uuid(uuid, uuid_count, uuids))
7364 case EIR_UUID32_ALL:
7365 case EIR_UUID32_SOME:
7366 for (i = 0; i + 5 <= field_len; i += 4) {
7367 memcpy(uuid, bluetooth_base_uuid, 16);
7368 uuid[15] = eir[i + 5];
7369 uuid[14] = eir[i + 4];
7370 uuid[13] = eir[i + 3];
7371 uuid[12] = eir[i + 2];
7372 if (has_uuid(uuid, uuid_count, uuids))
7376 case EIR_UUID128_ALL:
7377 case EIR_UUID128_SOME:
7378 for (i = 0; i + 17 <= field_len; i += 16) {
7379 memcpy(uuid, eir + i + 2, 16);
7380 if (has_uuid(uuid, uuid_count, uuids))
7386 parsed += field_len + 1;
7387 eir += field_len + 1;
7393 static void restart_le_scan(struct hci_dev *hdev)
7395 /* If controller is not scanning we are done. */
7396 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7399 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7400 hdev->discovery.scan_start +
7401 hdev->discovery.scan_duration))
7404 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
7405 DISCOV_LE_RESTART_DELAY);
7408 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7409 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7411 /* If a RSSI threshold has been specified, and
7412 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7413 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7414 * is set, let it through for further processing, as we might need to
7417 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7418 * the results are also dropped.
7420 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7421 (rssi == HCI_RSSI_INVALID ||
7422 (rssi < hdev->discovery.rssi &&
7423 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7426 if (hdev->discovery.uuid_count != 0) {
7427 /* If a list of UUIDs is provided in filter, results with no
7428 * matching UUID should be dropped.
7430 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7431 hdev->discovery.uuids) &&
7432 !eir_has_uuids(scan_rsp, scan_rsp_len,
7433 hdev->discovery.uuid_count,
7434 hdev->discovery.uuids))
7438 /* If duplicate filtering does not report RSSI changes, then restart
7439 * scanning to ensure updated result with updated RSSI values.
7441 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7442 restart_le_scan(hdev);
7444 /* Validate RSSI value against the RSSI threshold once more. */
7445 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7446 rssi < hdev->discovery.rssi)
7453 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7454 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7455 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7458 struct mgmt_ev_device_found *ev = (void *)buf;
7461 /* Don't send events for a non-kernel initiated discovery. With
7462 * LE one exception is if we have pend_le_reports > 0 in which
7463 * case we're doing passive scanning and want these events.
7465 if (!hci_discovery_active(hdev)) {
7466 if (link_type == ACL_LINK)
7468 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7472 if (hdev->discovery.result_filtering) {
7473 /* We are using service discovery */
7474 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7479 if (hdev->discovery.limited) {
7480 /* Check for limited discoverable bit */
7482 if (!(dev_class[1] & 0x20))
7485 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7486 if (!flags || !(flags[0] & LE_AD_LIMITED))
7491 /* Make sure that the buffer is big enough. The 5 extra bytes
7492 * are for the potential CoD field.
7494 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7497 memset(buf, 0, sizeof(buf));
7499 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7500 * RSSI value was reported as 0 when not available. This behavior
7501 * is kept when using device discovery. This is required for full
7502 * backwards compatibility with the API.
7504 * However when using service discovery, the value 127 will be
7505 * returned when the RSSI is not available.
7507 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7508 link_type == ACL_LINK)
7511 bacpy(&ev->addr.bdaddr, bdaddr);
7512 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7514 ev->flags = cpu_to_le32(flags);
7517 /* Copy EIR or advertising data into event */
7518 memcpy(ev->eir, eir, eir_len);
7520 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7522 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7525 if (scan_rsp_len > 0)
7526 /* Append scan response data to event */
7527 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7529 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7530 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7532 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7535 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7536 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7538 struct mgmt_ev_device_found *ev;
7539 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7542 ev = (struct mgmt_ev_device_found *) buf;
7544 memset(buf, 0, sizeof(buf));
7546 bacpy(&ev->addr.bdaddr, bdaddr);
7547 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7550 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7553 ev->eir_len = cpu_to_le16(eir_len);
7555 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7558 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7560 struct mgmt_ev_discovering ev;
7562 BT_DBG("%s discovering %u", hdev->name, discovering);
7564 memset(&ev, 0, sizeof(ev));
7565 ev.type = hdev->discovery.type;
7566 ev.discovering = discovering;
7568 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7571 static struct hci_mgmt_chan chan = {
7572 .channel = HCI_CHANNEL_CONTROL,
7573 .handler_count = ARRAY_SIZE(mgmt_handlers),
7574 .handlers = mgmt_handlers,
7575 .hdev_init = mgmt_init_hdev,
7580 return hci_mgmt_chan_register(&chan);
7583 void mgmt_exit(void)
7585 hci_mgmt_chan_unregister(&chan);
projects / releases.git / blob