2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 9
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
107 static const u16 mgmt_events[] = {
108 MGMT_EV_CONTROLLER_ERROR,
110 MGMT_EV_INDEX_REMOVED,
111 MGMT_EV_NEW_SETTINGS,
112 MGMT_EV_CLASS_OF_DEV_CHANGED,
113 MGMT_EV_LOCAL_NAME_CHANGED,
114 MGMT_EV_NEW_LINK_KEY,
115 MGMT_EV_NEW_LONG_TERM_KEY,
116 MGMT_EV_DEVICE_CONNECTED,
117 MGMT_EV_DEVICE_DISCONNECTED,
118 MGMT_EV_CONNECT_FAILED,
119 MGMT_EV_PIN_CODE_REQUEST,
120 MGMT_EV_USER_CONFIRM_REQUEST,
121 MGMT_EV_USER_PASSKEY_REQUEST,
123 MGMT_EV_DEVICE_FOUND,
125 MGMT_EV_DEVICE_BLOCKED,
126 MGMT_EV_DEVICE_UNBLOCKED,
127 MGMT_EV_DEVICE_UNPAIRED,
128 MGMT_EV_PASSKEY_NOTIFY,
131 MGMT_EV_DEVICE_ADDED,
132 MGMT_EV_DEVICE_REMOVED,
133 MGMT_EV_NEW_CONN_PARAM,
134 MGMT_EV_UNCONF_INDEX_ADDED,
135 MGMT_EV_UNCONF_INDEX_REMOVED,
136 MGMT_EV_NEW_CONFIG_OPTIONS,
137 MGMT_EV_EXT_INDEX_ADDED,
138 MGMT_EV_EXT_INDEX_REMOVED,
139 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
140 MGMT_EV_ADVERTISING_ADDED,
141 MGMT_EV_ADVERTISING_REMOVED,
144 static const u16 mgmt_untrusted_commands[] = {
145 MGMT_OP_READ_INDEX_LIST,
147 MGMT_OP_READ_UNCONF_INDEX_LIST,
148 MGMT_OP_READ_CONFIG_INFO,
149 MGMT_OP_READ_EXT_INDEX_LIST,
152 static const u16 mgmt_untrusted_events[] = {
154 MGMT_EV_INDEX_REMOVED,
155 MGMT_EV_NEW_SETTINGS,
156 MGMT_EV_CLASS_OF_DEV_CHANGED,
157 MGMT_EV_LOCAL_NAME_CHANGED,
158 MGMT_EV_UNCONF_INDEX_ADDED,
159 MGMT_EV_UNCONF_INDEX_REMOVED,
160 MGMT_EV_NEW_CONFIG_OPTIONS,
161 MGMT_EV_EXT_INDEX_ADDED,
162 MGMT_EV_EXT_INDEX_REMOVED,
165 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
167 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
168 "\x00\x00\x00\x00\x00\x00\x00\x00"
170 /* HCI to MGMT error code conversion table */
171 static u8 mgmt_status_table[] = {
173 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
174 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
175 MGMT_STATUS_FAILED, /* Hardware Failure */
176 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
177 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
178 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
179 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
180 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
181 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
183 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
184 MGMT_STATUS_BUSY, /* Command Disallowed */
185 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
186 MGMT_STATUS_REJECTED, /* Rejected Security */
187 MGMT_STATUS_REJECTED, /* Rejected Personal */
188 MGMT_STATUS_TIMEOUT, /* Host Timeout */
189 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
190 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
191 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
192 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
193 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
194 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
195 MGMT_STATUS_BUSY, /* Repeated Attempts */
196 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
197 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
198 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
199 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
200 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
201 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
202 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
203 MGMT_STATUS_FAILED, /* Unspecified Error */
204 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
205 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
206 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
207 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
208 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
209 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
210 MGMT_STATUS_FAILED, /* Unit Link Key Used */
211 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
212 MGMT_STATUS_TIMEOUT, /* Instant Passed */
213 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
214 MGMT_STATUS_FAILED, /* Transaction Collision */
215 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
216 MGMT_STATUS_REJECTED, /* QoS Rejected */
217 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
218 MGMT_STATUS_REJECTED, /* Insufficient Security */
219 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
220 MGMT_STATUS_BUSY, /* Role Switch Pending */
221 MGMT_STATUS_FAILED, /* Slot Violation */
222 MGMT_STATUS_FAILED, /* Role Switch Failed */
223 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
224 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
225 MGMT_STATUS_BUSY, /* Host Busy Pairing */
226 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
227 MGMT_STATUS_BUSY, /* Controller Busy */
228 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
229 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
230 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
231 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
232 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
235 static u8 mgmt_status(u8 hci_status)
237 if (hci_status < ARRAY_SIZE(mgmt_status_table))
238 return mgmt_status_table[hci_status];
240 return MGMT_STATUS_FAILED;
243 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
246 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
250 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag, struct sock *skip_sk)
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
257 static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, struct sock *skip_sk)
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 HCI_MGMT_GENERIC_EVENTS, skip_sk);
264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
271 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
274 struct mgmt_rp_read_version rp;
276 BT_DBG("sock %p", sk);
278 rp.version = MGMT_VERSION;
279 rp.revision = cpu_to_le16(MGMT_REVISION);
281 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
285 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
288 struct mgmt_rp_read_commands *rp;
289 u16 num_commands, num_events;
293 BT_DBG("sock %p", sk);
295 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
296 num_commands = ARRAY_SIZE(mgmt_commands);
297 num_events = ARRAY_SIZE(mgmt_events);
299 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
300 num_events = ARRAY_SIZE(mgmt_untrusted_events);
303 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
305 rp = kmalloc(rp_size, GFP_KERNEL);
309 rp->num_commands = cpu_to_le16(num_commands);
310 rp->num_events = cpu_to_le16(num_events);
312 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
313 __le16 *opcode = rp->opcodes;
315 for (i = 0; i < num_commands; i++, opcode++)
316 put_unaligned_le16(mgmt_commands[i], opcode);
318 for (i = 0; i < num_events; i++, opcode++)
319 put_unaligned_le16(mgmt_events[i], opcode);
321 __le16 *opcode = rp->opcodes;
323 for (i = 0; i < num_commands; i++, opcode++)
324 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
326 for (i = 0; i < num_events; i++, opcode++)
327 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
330 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
337 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
340 struct mgmt_rp_read_index_list *rp;
346 BT_DBG("sock %p", sk);
348 read_lock(&hci_dev_list_lock);
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (d->dev_type == HCI_BREDR &&
353 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
357 rp_len = sizeof(*rp) + (2 * count);
358 rp = kmalloc(rp_len, GFP_ATOMIC);
360 read_unlock(&hci_dev_list_lock);
365 list_for_each_entry(d, &hci_dev_list, list) {
366 if (hci_dev_test_flag(d, HCI_SETUP) ||
367 hci_dev_test_flag(d, HCI_CONFIG) ||
368 hci_dev_test_flag(d, HCI_USER_CHANNEL))
371 /* Devices marked as raw-only are neither configured
372 * nor unconfigured controllers.
374 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
377 if (d->dev_type == HCI_BREDR &&
378 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
379 rp->index[count++] = cpu_to_le16(d->id);
380 BT_DBG("Added hci%u", d->id);
384 rp->num_controllers = cpu_to_le16(count);
385 rp_len = sizeof(*rp) + (2 * count);
387 read_unlock(&hci_dev_list_lock);
389 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
397 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
398 void *data, u16 data_len)
400 struct mgmt_rp_read_unconf_index_list *rp;
406 BT_DBG("sock %p", sk);
408 read_lock(&hci_dev_list_lock);
411 list_for_each_entry(d, &hci_dev_list, list) {
412 if (d->dev_type == HCI_BREDR &&
413 hci_dev_test_flag(d, HCI_UNCONFIGURED))
417 rp_len = sizeof(*rp) + (2 * count);
418 rp = kmalloc(rp_len, GFP_ATOMIC);
420 read_unlock(&hci_dev_list_lock);
425 list_for_each_entry(d, &hci_dev_list, list) {
426 if (hci_dev_test_flag(d, HCI_SETUP) ||
427 hci_dev_test_flag(d, HCI_CONFIG) ||
428 hci_dev_test_flag(d, HCI_USER_CHANNEL))
431 /* Devices marked as raw-only are neither configured
432 * nor unconfigured controllers.
434 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
437 if (d->dev_type == HCI_BREDR &&
438 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
439 rp->index[count++] = cpu_to_le16(d->id);
440 BT_DBG("Added hci%u", d->id);
444 rp->num_controllers = cpu_to_le16(count);
445 rp_len = sizeof(*rp) + (2 * count);
447 read_unlock(&hci_dev_list_lock);
449 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
450 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
457 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
458 void *data, u16 data_len)
460 struct mgmt_rp_read_ext_index_list *rp;
466 BT_DBG("sock %p", sk);
468 read_lock(&hci_dev_list_lock);
471 list_for_each_entry(d, &hci_dev_list, list) {
472 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
476 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
477 rp = kmalloc(rp_len, GFP_ATOMIC);
479 read_unlock(&hci_dev_list_lock);
484 list_for_each_entry(d, &hci_dev_list, list) {
485 if (hci_dev_test_flag(d, HCI_SETUP) ||
486 hci_dev_test_flag(d, HCI_CONFIG) ||
487 hci_dev_test_flag(d, HCI_USER_CHANNEL))
490 /* Devices marked as raw-only are neither configured
491 * nor unconfigured controllers.
493 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
496 if (d->dev_type == HCI_BREDR) {
497 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
498 rp->entry[count].type = 0x01;
500 rp->entry[count].type = 0x00;
501 } else if (d->dev_type == HCI_AMP) {
502 rp->entry[count].type = 0x02;
507 rp->entry[count].bus = d->bus;
508 rp->entry[count++].index = cpu_to_le16(d->id);
509 BT_DBG("Added hci%u", d->id);
512 rp->num_controllers = cpu_to_le16(count);
513 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
515 read_unlock(&hci_dev_list_lock);
517 /* If this command is called at least once, then all the
518 * default index and unconfigured index events are disabled
519 * and from now on only extended index events are used.
521 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
522 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
523 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
525 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
526 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
533 static bool is_configured(struct hci_dev *hdev)
535 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
536 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
539 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
540 !bacmp(&hdev->public_addr, BDADDR_ANY))
546 static __le32 get_missing_options(struct hci_dev *hdev)
550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
552 options |= MGMT_OPTION_EXTERNAL_CONFIG;
554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
556 options |= MGMT_OPTION_PUBLIC_ADDRESS;
558 return cpu_to_le32(options);
561 static int new_options(struct hci_dev *hdev, struct sock *skip)
563 __le32 options = get_missing_options(hdev);
565 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
566 sizeof(options), skip);
569 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
571 __le32 options = get_missing_options(hdev);
573 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
577 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
578 void *data, u16 data_len)
580 struct mgmt_rp_read_config_info rp;
583 BT_DBG("sock %p %s", sk, hdev->name);
587 memset(&rp, 0, sizeof(rp));
588 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
590 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
591 options |= MGMT_OPTION_EXTERNAL_CONFIG;
593 if (hdev->set_bdaddr)
594 options |= MGMT_OPTION_PUBLIC_ADDRESS;
596 rp.supported_options = cpu_to_le32(options);
597 rp.missing_options = get_missing_options(hdev);
599 hci_dev_unlock(hdev);
601 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
605 static u32 get_supported_settings(struct hci_dev *hdev)
609 settings |= MGMT_SETTING_POWERED;
610 settings |= MGMT_SETTING_BONDABLE;
611 settings |= MGMT_SETTING_DEBUG_KEYS;
612 settings |= MGMT_SETTING_CONNECTABLE;
613 settings |= MGMT_SETTING_DISCOVERABLE;
615 if (lmp_bredr_capable(hdev)) {
616 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
617 settings |= MGMT_SETTING_FAST_CONNECTABLE;
618 settings |= MGMT_SETTING_BREDR;
619 settings |= MGMT_SETTING_LINK_SECURITY;
621 if (lmp_ssp_capable(hdev)) {
622 settings |= MGMT_SETTING_SSP;
623 settings |= MGMT_SETTING_HS;
626 if (lmp_sc_capable(hdev))
627 settings |= MGMT_SETTING_SECURE_CONN;
630 if (lmp_le_capable(hdev)) {
631 settings |= MGMT_SETTING_LE;
632 settings |= MGMT_SETTING_ADVERTISING;
633 settings |= MGMT_SETTING_SECURE_CONN;
634 settings |= MGMT_SETTING_PRIVACY;
635 settings |= MGMT_SETTING_STATIC_ADDRESS;
638 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
640 settings |= MGMT_SETTING_CONFIGURATION;
645 static u32 get_current_settings(struct hci_dev *hdev)
649 if (hdev_is_powered(hdev))
650 settings |= MGMT_SETTING_POWERED;
652 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
653 settings |= MGMT_SETTING_CONNECTABLE;
655 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
656 settings |= MGMT_SETTING_FAST_CONNECTABLE;
658 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
659 settings |= MGMT_SETTING_DISCOVERABLE;
661 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
662 settings |= MGMT_SETTING_BONDABLE;
664 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
665 settings |= MGMT_SETTING_BREDR;
667 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
668 settings |= MGMT_SETTING_LE;
670 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
671 settings |= MGMT_SETTING_LINK_SECURITY;
673 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
674 settings |= MGMT_SETTING_SSP;
676 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
677 settings |= MGMT_SETTING_HS;
679 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
680 settings |= MGMT_SETTING_ADVERTISING;
682 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
683 settings |= MGMT_SETTING_SECURE_CONN;
685 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
686 settings |= MGMT_SETTING_DEBUG_KEYS;
688 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
689 settings |= MGMT_SETTING_PRIVACY;
691 /* The current setting for static address has two purposes. The
692 * first is to indicate if the static address will be used and
693 * the second is to indicate if it is actually set.
695 * This means if the static address is not configured, this flag
696 * will never be set. If the address is configured, then if the
697 * address is actually used decides if the flag is set or not.
699 * For single mode LE only controllers and dual-mode controllers
700 * with BR/EDR disabled, the existence of the static address will
703 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
704 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
705 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
706 if (bacmp(&hdev->static_addr, BDADDR_ANY))
707 settings |= MGMT_SETTING_STATIC_ADDRESS;
713 #define PNP_INFO_SVCLASS_ID 0x1200
715 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
717 u8 *ptr = data, *uuids_start = NULL;
718 struct bt_uuid *uuid;
723 list_for_each_entry(uuid, &hdev->uuids, list) {
726 if (uuid->size != 16)
729 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
733 if (uuid16 == PNP_INFO_SVCLASS_ID)
739 uuids_start[1] = EIR_UUID16_ALL;
743 /* Stop if not enough space to put next UUID */
744 if ((ptr - data) + sizeof(u16) > len) {
745 uuids_start[1] = EIR_UUID16_SOME;
749 *ptr++ = (uuid16 & 0x00ff);
750 *ptr++ = (uuid16 & 0xff00) >> 8;
751 uuids_start[0] += sizeof(uuid16);
757 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
759 u8 *ptr = data, *uuids_start = NULL;
760 struct bt_uuid *uuid;
765 list_for_each_entry(uuid, &hdev->uuids, list) {
766 if (uuid->size != 32)
772 uuids_start[1] = EIR_UUID32_ALL;
776 /* Stop if not enough space to put next UUID */
777 if ((ptr - data) + sizeof(u32) > len) {
778 uuids_start[1] = EIR_UUID32_SOME;
782 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
784 uuids_start[0] += sizeof(u32);
790 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
792 u8 *ptr = data, *uuids_start = NULL;
793 struct bt_uuid *uuid;
798 list_for_each_entry(uuid, &hdev->uuids, list) {
799 if (uuid->size != 128)
805 uuids_start[1] = EIR_UUID128_ALL;
809 /* Stop if not enough space to put next UUID */
810 if ((ptr - data) + 16 > len) {
811 uuids_start[1] = EIR_UUID128_SOME;
815 memcpy(ptr, uuid->uuid, 16);
817 uuids_start[0] += 16;
823 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
825 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
828 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
829 struct hci_dev *hdev,
832 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
835 static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
840 name_len = strlen(hdev->dev_name);
842 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
844 if (name_len > max_len) {
846 ptr[1] = EIR_NAME_SHORT;
848 ptr[1] = EIR_NAME_COMPLETE;
850 ptr[0] = name_len + 1;
852 memcpy(ptr + 2, hdev->dev_name, name_len);
854 ad_len += (name_len + 2);
855 ptr += (name_len + 2);
861 static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
863 /* TODO: Set the appropriate entries based on advertising instance flags
864 * here once flags other than 0 are supported.
866 memcpy(ptr, hdev->adv_instance.scan_rsp_data,
867 hdev->adv_instance.scan_rsp_len);
869 return hdev->adv_instance.scan_rsp_len;
872 static void update_scan_rsp_data_for_instance(struct hci_request *req,
875 struct hci_dev *hdev = req->hdev;
876 struct hci_cp_le_set_scan_rsp_data cp;
879 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
882 memset(&cp, 0, sizeof(cp));
885 len = create_instance_scan_rsp_data(hdev, cp.data);
887 len = create_default_scan_rsp_data(hdev, cp.data);
889 if (hdev->scan_rsp_data_len == len &&
890 !memcmp(cp.data, hdev->scan_rsp_data, len))
893 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
894 hdev->scan_rsp_data_len = len;
898 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
901 static void update_scan_rsp_data(struct hci_request *req)
903 struct hci_dev *hdev = req->hdev;
906 /* The "Set Advertising" setting supersedes the "Add Advertising"
907 * setting. Here we set the scan response data based on which
908 * setting was set. When neither apply, default to the global settings,
909 * represented by instance "0".
911 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
912 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
917 update_scan_rsp_data_for_instance(req, instance);
920 static u8 get_adv_discov_flags(struct hci_dev *hdev)
922 struct mgmt_pending_cmd *cmd;
924 /* If there's a pending mgmt command the flags will not yet have
925 * their final values, so check for this first.
927 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
929 struct mgmt_mode *cp = cmd->param;
931 return LE_AD_GENERAL;
932 else if (cp->val == 0x02)
933 return LE_AD_LIMITED;
935 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
936 return LE_AD_LIMITED;
937 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
938 return LE_AD_GENERAL;
944 static u8 get_current_adv_instance(struct hci_dev *hdev)
946 /* The "Set Advertising" setting supersedes the "Add Advertising"
947 * setting. Here we set the advertising data based on which
948 * setting was set. When neither apply, default to the global settings,
949 * represented by instance "0".
951 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
952 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
958 static bool get_connectable(struct hci_dev *hdev)
960 struct mgmt_pending_cmd *cmd;
962 /* If there's a pending mgmt command the flag will not yet have
963 * it's final value, so check for this first.
965 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
967 struct mgmt_mode *cp = cmd->param;
972 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
975 static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
982 if (instance == 0x01)
983 return hdev->adv_instance.flags;
985 /* Instance 0 always manages the "Tx Power" and "Flags" fields */
986 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
988 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting corresponds
989 * to the "connectable" instance flag.
991 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
992 flags |= MGMT_ADV_FLAG_CONNECTABLE;
997 static u8 get_adv_instance_scan_rsp_len(struct hci_dev *hdev, u8 instance)
999 /* Ignore instance 0 and other unsupported instances */
1000 if (instance != 0x01)
1003 /* TODO: Take into account the "appearance" and "local-name" flags here.
1004 * These are currently being ignored as they are not supported.
1006 return hdev->adv_instance.scan_rsp_len;
1009 static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
1011 u8 ad_len = 0, flags = 0;
1012 u32 instance_flags = get_adv_instance_flags(hdev, instance);
1014 /* The Add Advertising command allows userspace to set both the general
1015 * and limited discoverable flags.
1017 if (instance_flags & MGMT_ADV_FLAG_DISCOV)
1018 flags |= LE_AD_GENERAL;
1020 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
1021 flags |= LE_AD_LIMITED;
1023 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
1024 /* If a discovery flag wasn't provided, simply use the global
1028 flags |= get_adv_discov_flags(hdev);
1030 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1031 flags |= LE_AD_NO_BREDR;
1033 /* If flags would still be empty, then there is no need to
1034 * include the "Flags" AD field".
1047 memcpy(ptr, hdev->adv_instance.adv_data,
1048 hdev->adv_instance.adv_data_len);
1050 ad_len += hdev->adv_instance.adv_data_len;
1051 ptr += hdev->adv_instance.adv_data_len;
1054 /* Provide Tx Power only if we can provide a valid value for it */
1055 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID &&
1056 (instance_flags & MGMT_ADV_FLAG_TX_POWER)) {
1058 ptr[1] = EIR_TX_POWER;
1059 ptr[2] = (u8)hdev->adv_tx_power;
1068 static void update_adv_data_for_instance(struct hci_request *req, u8 instance)
1070 struct hci_dev *hdev = req->hdev;
1071 struct hci_cp_le_set_adv_data cp;
1074 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1077 memset(&cp, 0, sizeof(cp));
1079 len = create_instance_adv_data(hdev, instance, cp.data);
1081 /* There's nothing to do if the data hasn't changed */
1082 if (hdev->adv_data_len == len &&
1083 memcmp(cp.data, hdev->adv_data, len) == 0)
1086 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1087 hdev->adv_data_len = len;
1091 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1094 static void update_adv_data(struct hci_request *req)
1096 struct hci_dev *hdev = req->hdev;
1097 u8 instance = get_current_adv_instance(hdev);
1099 update_adv_data_for_instance(req, instance);
1102 int mgmt_update_adv_data(struct hci_dev *hdev)
1104 struct hci_request req;
1106 hci_req_init(&req, hdev);
1107 update_adv_data(&req);
1109 return hci_req_run(&req, NULL);
1112 static void create_eir(struct hci_dev *hdev, u8 *data)
1117 name_len = strlen(hdev->dev_name);
1121 if (name_len > 48) {
1123 ptr[1] = EIR_NAME_SHORT;
1125 ptr[1] = EIR_NAME_COMPLETE;
1127 /* EIR Data length */
1128 ptr[0] = name_len + 1;
1130 memcpy(ptr + 2, hdev->dev_name, name_len);
1132 ptr += (name_len + 2);
1135 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
1137 ptr[1] = EIR_TX_POWER;
1138 ptr[2] = (u8) hdev->inq_tx_power;
1143 if (hdev->devid_source > 0) {
1145 ptr[1] = EIR_DEVICE_ID;
1147 put_unaligned_le16(hdev->devid_source, ptr + 2);
1148 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1149 put_unaligned_le16(hdev->devid_product, ptr + 6);
1150 put_unaligned_le16(hdev->devid_version, ptr + 8);
1155 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1156 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1157 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1160 static void update_eir(struct hci_request *req)
1162 struct hci_dev *hdev = req->hdev;
1163 struct hci_cp_write_eir cp;
1165 if (!hdev_is_powered(hdev))
1168 if (!lmp_ext_inq_capable(hdev))
1171 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1174 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1177 memset(&cp, 0, sizeof(cp));
1179 create_eir(hdev, cp.data);
1181 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
1184 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1186 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1189 static u8 get_service_classes(struct hci_dev *hdev)
1191 struct bt_uuid *uuid;
1194 list_for_each_entry(uuid, &hdev->uuids, list)
1195 val |= uuid->svc_hint;
1200 static void update_class(struct hci_request *req)
1202 struct hci_dev *hdev = req->hdev;
1205 BT_DBG("%s", hdev->name);
1207 if (!hdev_is_powered(hdev))
1210 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1213 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1216 cod[0] = hdev->minor_class;
1217 cod[1] = hdev->major_class;
1218 cod[2] = get_service_classes(hdev);
1220 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
1223 if (memcmp(cod, hdev->dev_class, 3) == 0)
1226 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1229 static void disable_advertising(struct hci_request *req)
1233 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1236 static void enable_advertising(struct hci_request *req)
1238 struct hci_dev *hdev = req->hdev;
1239 struct hci_cp_le_set_adv_param cp;
1240 u8 own_addr_type, enable = 0x01;
1245 if (hci_conn_num(hdev, LE_LINK) > 0)
1248 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1249 disable_advertising(req);
1251 /* Clear the HCI_LE_ADV bit temporarily so that the
1252 * hci_update_random_address knows that it's safe to go ahead
1253 * and write a new random address. The flag will be set back on
1254 * as soon as the SET_ADV_ENABLE HCI command completes.
1256 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1258 instance = get_current_adv_instance(hdev);
1259 flags = get_adv_instance_flags(hdev, instance);
1261 /* If the "connectable" instance flag was not set, then choose between
1262 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
1264 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1265 get_connectable(hdev);
1267 /* Set require_privacy to true only when non-connectable
1268 * advertising is used. In that case it is fine to use a
1269 * non-resolvable private address.
1271 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1274 memset(&cp, 0, sizeof(cp));
1275 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1276 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1279 cp.type = LE_ADV_IND;
1280 else if (get_adv_instance_scan_rsp_len(hdev, instance))
1281 cp.type = LE_ADV_SCAN_IND;
1283 cp.type = LE_ADV_NONCONN_IND;
1285 cp.own_address_type = own_addr_type;
1286 cp.channel_map = hdev->le_adv_channel_map;
1288 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1290 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1293 static void service_cache_off(struct work_struct *work)
1295 struct hci_dev *hdev = container_of(work, struct hci_dev,
1296 service_cache.work);
1297 struct hci_request req;
1299 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1302 hci_req_init(&req, hdev);
1309 hci_dev_unlock(hdev);
1311 hci_req_run(&req, NULL);
1314 static void rpa_expired(struct work_struct *work)
1316 struct hci_dev *hdev = container_of(work, struct hci_dev,
1318 struct hci_request req;
1322 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1324 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
1327 /* The generation of a new RPA and programming it into the
1328 * controller happens in the enable_advertising() function.
1330 hci_req_init(&req, hdev);
1331 enable_advertising(&req);
1332 hci_req_run(&req, NULL);
1335 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1337 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
1340 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1341 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1343 /* Non-mgmt controlled devices get this bit set
1344 * implicitly so that pairing works for them, however
1345 * for mgmt we require user-space to explicitly enable
1348 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1351 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1352 void *data, u16 data_len)
1354 struct mgmt_rp_read_info rp;
1356 BT_DBG("sock %p %s", sk, hdev->name);
1360 memset(&rp, 0, sizeof(rp));
1362 bacpy(&rp.bdaddr, &hdev->bdaddr);
1364 rp.version = hdev->hci_ver;
1365 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1367 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1368 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1370 memcpy(rp.dev_class, hdev->dev_class, 3);
1372 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1373 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1375 hci_dev_unlock(hdev);
1377 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1381 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1383 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1385 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1389 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1391 BT_DBG("%s status 0x%02x", hdev->name, status);
1393 if (hci_conn_count(hdev) == 0) {
1394 cancel_delayed_work(&hdev->power_off);
1395 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1399 static bool hci_stop_discovery(struct hci_request *req)
1401 struct hci_dev *hdev = req->hdev;
1402 struct hci_cp_remote_name_req_cancel cp;
1403 struct inquiry_entry *e;
1405 switch (hdev->discovery.state) {
1406 case DISCOVERY_FINDING:
1407 if (test_bit(HCI_INQUIRY, &hdev->flags))
1408 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1410 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1411 cancel_delayed_work(&hdev->le_scan_disable);
1412 hci_req_add_le_scan_disable(req);
1417 case DISCOVERY_RESOLVING:
1418 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1423 bacpy(&cp.bdaddr, &e->data.bdaddr);
1424 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1430 /* Passive scanning */
1431 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1432 hci_req_add_le_scan_disable(req);
1442 static void advertising_added(struct sock *sk, struct hci_dev *hdev,
1445 struct mgmt_ev_advertising_added ev;
1447 ev.instance = instance;
1449 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1452 static void advertising_removed(struct sock *sk, struct hci_dev *hdev,
1455 struct mgmt_ev_advertising_removed ev;
1457 ev.instance = instance;
1459 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1462 static void clear_adv_instance(struct hci_dev *hdev)
1464 struct hci_request req;
1466 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1469 if (hdev->adv_instance.timeout)
1470 cancel_delayed_work(&hdev->adv_instance.timeout_exp);
1472 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
1473 advertising_removed(NULL, hdev, 1);
1474 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
1476 if (!hdev_is_powered(hdev) ||
1477 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1480 hci_req_init(&req, hdev);
1481 disable_advertising(&req);
1482 hci_req_run(&req, NULL);
1485 static int clean_up_hci_state(struct hci_dev *hdev)
1487 struct hci_request req;
1488 struct hci_conn *conn;
1489 bool discov_stopped;
1492 hci_req_init(&req, hdev);
1494 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1495 test_bit(HCI_PSCAN, &hdev->flags)) {
1497 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1500 if (hdev->adv_instance.timeout)
1501 clear_adv_instance(hdev);
1503 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1504 disable_advertising(&req);
1506 discov_stopped = hci_stop_discovery(&req);
1508 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1509 struct hci_cp_disconnect dc;
1510 struct hci_cp_reject_conn_req rej;
1512 switch (conn->state) {
1515 dc.handle = cpu_to_le16(conn->handle);
1516 dc.reason = 0x15; /* Terminated due to Power Off */
1517 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1520 if (conn->type == LE_LINK)
1521 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1523 else if (conn->type == ACL_LINK)
1524 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1528 bacpy(&rej.bdaddr, &conn->dst);
1529 rej.reason = 0x15; /* Terminated due to Power Off */
1530 if (conn->type == ACL_LINK)
1531 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1533 else if (conn->type == SCO_LINK)
1534 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1540 err = hci_req_run(&req, clean_up_hci_complete);
1541 if (!err && discov_stopped)
1542 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1547 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1550 struct mgmt_mode *cp = data;
1551 struct mgmt_pending_cmd *cmd;
1554 BT_DBG("request for %s", hdev->name);
1556 if (cp->val != 0x00 && cp->val != 0x01)
1557 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1558 MGMT_STATUS_INVALID_PARAMS);
1562 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1563 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1568 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
1569 cancel_delayed_work(&hdev->power_off);
1572 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1574 err = mgmt_powered(hdev, 1);
1579 if (!!cp->val == hdev_is_powered(hdev)) {
1580 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1584 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1591 queue_work(hdev->req_workqueue, &hdev->power_on);
1594 /* Disconnect connections, stop scans, etc */
1595 err = clean_up_hci_state(hdev);
1597 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1598 HCI_POWER_OFF_TIMEOUT);
1600 /* ENODATA means there were no HCI commands queued */
1601 if (err == -ENODATA) {
1602 cancel_delayed_work(&hdev->power_off);
1603 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1609 hci_dev_unlock(hdev);
1613 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1615 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1617 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1621 int mgmt_new_settings(struct hci_dev *hdev)
1623 return new_settings(hdev, NULL);
1628 struct hci_dev *hdev;
1632 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1634 struct cmd_lookup *match = data;
1636 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1638 list_del(&cmd->list);
1640 if (match->sk == NULL) {
1641 match->sk = cmd->sk;
1642 sock_hold(match->sk);
1645 mgmt_pending_free(cmd);
1648 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1652 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1653 mgmt_pending_remove(cmd);
1656 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1658 if (cmd->cmd_complete) {
1661 cmd->cmd_complete(cmd, *status);
1662 mgmt_pending_remove(cmd);
1667 cmd_status_rsp(cmd, data);
1670 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1672 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1673 cmd->param, cmd->param_len);
1676 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1678 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1679 cmd->param, sizeof(struct mgmt_addr_info));
1682 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1684 if (!lmp_bredr_capable(hdev))
1685 return MGMT_STATUS_NOT_SUPPORTED;
1686 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1687 return MGMT_STATUS_REJECTED;
1689 return MGMT_STATUS_SUCCESS;
1692 static u8 mgmt_le_support(struct hci_dev *hdev)
1694 if (!lmp_le_capable(hdev))
1695 return MGMT_STATUS_NOT_SUPPORTED;
1696 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1697 return MGMT_STATUS_REJECTED;
1699 return MGMT_STATUS_SUCCESS;
1702 static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1705 struct mgmt_pending_cmd *cmd;
1706 struct mgmt_mode *cp;
1707 struct hci_request req;
1710 BT_DBG("status 0x%02x", status);
1714 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1719 u8 mgmt_err = mgmt_status(status);
1720 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1721 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1727 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
1729 if (hdev->discov_timeout > 0) {
1730 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1731 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1735 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
1738 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1741 new_settings(hdev, cmd->sk);
1743 /* When the discoverable mode gets changed, make sure
1744 * that class of device has the limited discoverable
1745 * bit correctly set. Also update page scan based on whitelist
1748 hci_req_init(&req, hdev);
1749 __hci_update_page_scan(&req);
1751 hci_req_run(&req, NULL);
1754 mgmt_pending_remove(cmd);
1757 hci_dev_unlock(hdev);
1760 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1763 struct mgmt_cp_set_discoverable *cp = data;
1764 struct mgmt_pending_cmd *cmd;
1765 struct hci_request req;
1770 BT_DBG("request for %s", hdev->name);
1772 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1773 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1774 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1775 MGMT_STATUS_REJECTED);
1777 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1778 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1779 MGMT_STATUS_INVALID_PARAMS);
1781 timeout = __le16_to_cpu(cp->timeout);
1783 /* Disabling discoverable requires that no timeout is set,
1784 * and enabling limited discoverable requires a timeout.
1786 if ((cp->val == 0x00 && timeout > 0) ||
1787 (cp->val == 0x02 && timeout == 0))
1788 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1789 MGMT_STATUS_INVALID_PARAMS);
1793 if (!hdev_is_powered(hdev) && timeout > 0) {
1794 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1795 MGMT_STATUS_NOT_POWERED);
1799 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1800 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1801 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1806 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1807 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1808 MGMT_STATUS_REJECTED);
1812 if (!hdev_is_powered(hdev)) {
1813 bool changed = false;
1815 /* Setting limited discoverable when powered off is
1816 * not a valid operation since it requires a timeout
1817 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1819 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1820 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1824 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1829 err = new_settings(hdev, sk);
1834 /* If the current mode is the same, then just update the timeout
1835 * value with the new value. And if only the timeout gets updated,
1836 * then no need for any HCI transactions.
1838 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1839 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1840 HCI_LIMITED_DISCOVERABLE)) {
1841 cancel_delayed_work(&hdev->discov_off);
1842 hdev->discov_timeout = timeout;
1844 if (cp->val && hdev->discov_timeout > 0) {
1845 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1846 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1850 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1854 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1860 /* Cancel any potential discoverable timeout that might be
1861 * still active and store new timeout value. The arming of
1862 * the timeout happens in the complete handler.
1864 cancel_delayed_work(&hdev->discov_off);
1865 hdev->discov_timeout = timeout;
1867 /* Limited discoverable mode */
1868 if (cp->val == 0x02)
1869 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1871 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1873 hci_req_init(&req, hdev);
1875 /* The procedure for LE-only controllers is much simpler - just
1876 * update the advertising data.
1878 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1884 struct hci_cp_write_current_iac_lap hci_cp;
1886 if (cp->val == 0x02) {
1887 /* Limited discoverable mode */
1888 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1889 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1890 hci_cp.iac_lap[1] = 0x8b;
1891 hci_cp.iac_lap[2] = 0x9e;
1892 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1893 hci_cp.iac_lap[4] = 0x8b;
1894 hci_cp.iac_lap[5] = 0x9e;
1896 /* General discoverable mode */
1898 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1899 hci_cp.iac_lap[1] = 0x8b;
1900 hci_cp.iac_lap[2] = 0x9e;
1903 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1904 (hci_cp.num_iac * 3) + 1, &hci_cp);
1906 scan |= SCAN_INQUIRY;
1908 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1911 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1914 update_adv_data(&req);
1916 err = hci_req_run(&req, set_discoverable_complete);
1918 mgmt_pending_remove(cmd);
1921 hci_dev_unlock(hdev);
1925 static void write_fast_connectable(struct hci_request *req, bool enable)
1927 struct hci_dev *hdev = req->hdev;
1928 struct hci_cp_write_page_scan_activity acp;
1931 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1934 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1938 type = PAGE_SCAN_TYPE_INTERLACED;
1940 /* 160 msec page scan interval */
1941 acp.interval = cpu_to_le16(0x0100);
1943 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1945 /* default 1.28 sec page scan */
1946 acp.interval = cpu_to_le16(0x0800);
1949 acp.window = cpu_to_le16(0x0012);
1951 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1952 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1953 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1956 if (hdev->page_scan_type != type)
1957 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1960 static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1963 struct mgmt_pending_cmd *cmd;
1964 struct mgmt_mode *cp;
1965 bool conn_changed, discov_changed;
1967 BT_DBG("status 0x%02x", status);
1971 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1976 u8 mgmt_err = mgmt_status(status);
1977 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1983 conn_changed = !hci_dev_test_and_set_flag(hdev,
1985 discov_changed = false;
1987 conn_changed = hci_dev_test_and_clear_flag(hdev,
1989 discov_changed = hci_dev_test_and_clear_flag(hdev,
1993 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1995 if (conn_changed || discov_changed) {
1996 new_settings(hdev, cmd->sk);
1997 hci_update_page_scan(hdev);
1999 mgmt_update_adv_data(hdev);
2000 hci_update_background_scan(hdev);
2004 mgmt_pending_remove(cmd);
2007 hci_dev_unlock(hdev);
2010 static int set_connectable_update_settings(struct hci_dev *hdev,
2011 struct sock *sk, u8 val)
2013 bool changed = false;
2016 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
2020 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
2022 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
2023 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2026 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
2031 hci_update_page_scan(hdev);
2032 hci_update_background_scan(hdev);
2033 return new_settings(hdev, sk);
2039 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
2042 struct mgmt_mode *cp = data;
2043 struct mgmt_pending_cmd *cmd;
2044 struct hci_request req;
2048 BT_DBG("request for %s", hdev->name);
2050 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2051 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2052 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2053 MGMT_STATUS_REJECTED);
2055 if (cp->val != 0x00 && cp->val != 0x01)
2056 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2057 MGMT_STATUS_INVALID_PARAMS);
2061 if (!hdev_is_powered(hdev)) {
2062 err = set_connectable_update_settings(hdev, sk, cp->val);
2066 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
2067 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
2068 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2073 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
2079 hci_req_init(&req, hdev);
2081 /* If BR/EDR is not enabled and we disable advertising as a
2082 * by-product of disabling connectable, we need to update the
2083 * advertising flags.
2085 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2087 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2088 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2090 update_adv_data(&req);
2091 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
2095 /* If we don't have any whitelist entries just
2096 * disable all scanning. If there are entries
2097 * and we had both page and inquiry scanning
2098 * enabled then fall back to only page scanning.
2099 * Otherwise no changes are needed.
2101 if (list_empty(&hdev->whitelist))
2102 scan = SCAN_DISABLED;
2103 else if (test_bit(HCI_ISCAN, &hdev->flags))
2106 goto no_scan_update;
2108 if (test_bit(HCI_ISCAN, &hdev->flags) &&
2109 hdev->discov_timeout > 0)
2110 cancel_delayed_work(&hdev->discov_off);
2113 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2117 /* Update the advertising parameters if necessary */
2118 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2119 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
2120 enable_advertising(&req);
2122 err = hci_req_run(&req, set_connectable_complete);
2124 mgmt_pending_remove(cmd);
2125 if (err == -ENODATA)
2126 err = set_connectable_update_settings(hdev, sk,
2132 hci_dev_unlock(hdev);
2136 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
2139 struct mgmt_mode *cp = data;
2143 BT_DBG("request for %s", hdev->name);
2145 if (cp->val != 0x00 && cp->val != 0x01)
2146 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2147 MGMT_STATUS_INVALID_PARAMS);
2152 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
2154 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
2156 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
2161 err = new_settings(hdev, sk);
2164 hci_dev_unlock(hdev);
2168 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2171 struct mgmt_mode *cp = data;
2172 struct mgmt_pending_cmd *cmd;
2176 BT_DBG("request for %s", hdev->name);
2178 status = mgmt_bredr_support(hdev);
2180 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2183 if (cp->val != 0x00 && cp->val != 0x01)
2184 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2185 MGMT_STATUS_INVALID_PARAMS);
2189 if (!hdev_is_powered(hdev)) {
2190 bool changed = false;
2192 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
2193 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
2197 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2202 err = new_settings(hdev, sk);
2207 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2208 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2215 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2216 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2220 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2226 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2228 mgmt_pending_remove(cmd);
2233 hci_dev_unlock(hdev);
2237 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2239 struct mgmt_mode *cp = data;
2240 struct mgmt_pending_cmd *cmd;
2244 BT_DBG("request for %s", hdev->name);
2246 status = mgmt_bredr_support(hdev);
2248 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2250 if (!lmp_ssp_capable(hdev))
2251 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2252 MGMT_STATUS_NOT_SUPPORTED);
2254 if (cp->val != 0x00 && cp->val != 0x01)
2255 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2256 MGMT_STATUS_INVALID_PARAMS);
2260 if (!hdev_is_powered(hdev)) {
2264 changed = !hci_dev_test_and_set_flag(hdev,
2267 changed = hci_dev_test_and_clear_flag(hdev,
2270 changed = hci_dev_test_and_clear_flag(hdev,
2273 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
2276 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2281 err = new_settings(hdev, sk);
2286 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2287 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2292 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
2293 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2297 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2303 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
2304 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2305 sizeof(cp->val), &cp->val);
2307 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2309 mgmt_pending_remove(cmd);
2314 hci_dev_unlock(hdev);
2318 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2320 struct mgmt_mode *cp = data;
2325 BT_DBG("request for %s", hdev->name);
2327 status = mgmt_bredr_support(hdev);
2329 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2331 if (!lmp_ssp_capable(hdev))
2332 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2333 MGMT_STATUS_NOT_SUPPORTED);
2335 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
2336 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2337 MGMT_STATUS_REJECTED);
2339 if (cp->val != 0x00 && cp->val != 0x01)
2340 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2341 MGMT_STATUS_INVALID_PARAMS);
2345 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2346 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2352 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
2354 if (hdev_is_powered(hdev)) {
2355 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2356 MGMT_STATUS_REJECTED);
2360 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
2363 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2368 err = new_settings(hdev, sk);
2371 hci_dev_unlock(hdev);
2375 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2377 struct cmd_lookup match = { NULL, hdev };
2382 u8 mgmt_err = mgmt_status(status);
2384 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2389 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2391 new_settings(hdev, match.sk);
2396 /* Make sure the controller has a good default for
2397 * advertising data. Restrict the update to when LE
2398 * has actually been enabled. During power on, the
2399 * update in powered_update_hci will take care of it.
2401 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2402 struct hci_request req;
2404 hci_req_init(&req, hdev);
2405 update_adv_data(&req);
2406 update_scan_rsp_data(&req);
2407 __hci_update_background_scan(&req);
2408 hci_req_run(&req, NULL);
2412 hci_dev_unlock(hdev);
2415 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2417 struct mgmt_mode *cp = data;
2418 struct hci_cp_write_le_host_supported hci_cp;
2419 struct mgmt_pending_cmd *cmd;
2420 struct hci_request req;
2424 BT_DBG("request for %s", hdev->name);
2426 if (!lmp_le_capable(hdev))
2427 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2428 MGMT_STATUS_NOT_SUPPORTED);
2430 if (cp->val != 0x00 && cp->val != 0x01)
2431 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2432 MGMT_STATUS_INVALID_PARAMS);
2434 /* Bluetooth single mode LE only controllers or dual-mode
2435 * controllers configured as LE only devices, do not allow
2436 * switching LE off. These have either LE enabled explicitly
2437 * or BR/EDR has been previously switched off.
2439 * When trying to enable an already enabled LE, then gracefully
2440 * send a positive response. Trying to disable it however will
2441 * result into rejection.
2443 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2444 if (cp->val == 0x01)
2445 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2447 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2448 MGMT_STATUS_REJECTED);
2454 enabled = lmp_host_le_capable(hdev);
2456 if (!hdev_is_powered(hdev) || val == enabled) {
2457 bool changed = false;
2459 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2460 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
2464 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2465 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
2469 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2474 err = new_settings(hdev, sk);
2479 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2480 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2481 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2486 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2492 hci_req_init(&req, hdev);
2494 memset(&hci_cp, 0, sizeof(hci_cp));
2498 hci_cp.simul = 0x00;
2500 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2501 disable_advertising(&req);
2504 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2507 err = hci_req_run(&req, le_enable_complete);
2509 mgmt_pending_remove(cmd);
2512 hci_dev_unlock(hdev);
2516 /* This is a helper function to test for pending mgmt commands that can
2517 * cause CoD or EIR HCI commands. We can only allow one such pending
2518 * mgmt command at a time since otherwise we cannot easily track what
2519 * the current values are, will be, and based on that calculate if a new
2520 * HCI command needs to be sent and if yes with what value.
2522 static bool pending_eir_or_class(struct hci_dev *hdev)
2524 struct mgmt_pending_cmd *cmd;
2526 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2527 switch (cmd->opcode) {
2528 case MGMT_OP_ADD_UUID:
2529 case MGMT_OP_REMOVE_UUID:
2530 case MGMT_OP_SET_DEV_CLASS:
2531 case MGMT_OP_SET_POWERED:
2539 static const u8 bluetooth_base_uuid[] = {
2540 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2541 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2544 static u8 get_uuid_size(const u8 *uuid)
2548 if (memcmp(uuid, bluetooth_base_uuid, 12))
2551 val = get_unaligned_le32(&uuid[12]);
2558 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2560 struct mgmt_pending_cmd *cmd;
2564 cmd = pending_find(mgmt_op, hdev);
2568 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2569 mgmt_status(status), hdev->dev_class, 3);
2571 mgmt_pending_remove(cmd);
2574 hci_dev_unlock(hdev);
2577 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2579 BT_DBG("status 0x%02x", status);
2581 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2584 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2586 struct mgmt_cp_add_uuid *cp = data;
2587 struct mgmt_pending_cmd *cmd;
2588 struct hci_request req;
2589 struct bt_uuid *uuid;
2592 BT_DBG("request for %s", hdev->name);
2596 if (pending_eir_or_class(hdev)) {
2597 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2602 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2608 memcpy(uuid->uuid, cp->uuid, 16);
2609 uuid->svc_hint = cp->svc_hint;
2610 uuid->size = get_uuid_size(cp->uuid);
2612 list_add_tail(&uuid->list, &hdev->uuids);
2614 hci_req_init(&req, hdev);
2619 err = hci_req_run(&req, add_uuid_complete);
2621 if (err != -ENODATA)
2624 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2625 hdev->dev_class, 3);
2629 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2638 hci_dev_unlock(hdev);
2642 static bool enable_service_cache(struct hci_dev *hdev)
2644 if (!hdev_is_powered(hdev))
2647 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2648 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2656 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2658 BT_DBG("status 0x%02x", status);
2660 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2663 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2666 struct mgmt_cp_remove_uuid *cp = data;
2667 struct mgmt_pending_cmd *cmd;
2668 struct bt_uuid *match, *tmp;
2669 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2670 struct hci_request req;
2673 BT_DBG("request for %s", hdev->name);
2677 if (pending_eir_or_class(hdev)) {
2678 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2683 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2684 hci_uuids_clear(hdev);
2686 if (enable_service_cache(hdev)) {
2687 err = mgmt_cmd_complete(sk, hdev->id,
2688 MGMT_OP_REMOVE_UUID,
2689 0, hdev->dev_class, 3);
2698 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2699 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2702 list_del(&match->list);
2708 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2709 MGMT_STATUS_INVALID_PARAMS);
2714 hci_req_init(&req, hdev);
2719 err = hci_req_run(&req, remove_uuid_complete);
2721 if (err != -ENODATA)
2724 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2725 hdev->dev_class, 3);
2729 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2738 hci_dev_unlock(hdev);
2742 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2744 BT_DBG("status 0x%02x", status);
2746 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2749 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2752 struct mgmt_cp_set_dev_class *cp = data;
2753 struct mgmt_pending_cmd *cmd;
2754 struct hci_request req;
2757 BT_DBG("request for %s", hdev->name);
2759 if (!lmp_bredr_capable(hdev))
2760 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2761 MGMT_STATUS_NOT_SUPPORTED);
2765 if (pending_eir_or_class(hdev)) {
2766 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2771 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2772 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2773 MGMT_STATUS_INVALID_PARAMS);
2777 hdev->major_class = cp->major;
2778 hdev->minor_class = cp->minor;
2780 if (!hdev_is_powered(hdev)) {
2781 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2782 hdev->dev_class, 3);
2786 hci_req_init(&req, hdev);
2788 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2789 hci_dev_unlock(hdev);
2790 cancel_delayed_work_sync(&hdev->service_cache);
2797 err = hci_req_run(&req, set_class_complete);
2799 if (err != -ENODATA)
2802 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2803 hdev->dev_class, 3);
2807 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2816 hci_dev_unlock(hdev);
2820 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2823 struct mgmt_cp_load_link_keys *cp = data;
2824 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2825 sizeof(struct mgmt_link_key_info));
2826 u16 key_count, expected_len;
2830 BT_DBG("request for %s", hdev->name);
2832 if (!lmp_bredr_capable(hdev))
2833 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2834 MGMT_STATUS_NOT_SUPPORTED);
2836 key_count = __le16_to_cpu(cp->key_count);
2837 if (key_count > max_key_count) {
2838 BT_ERR("load_link_keys: too big key_count value %u",
2840 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2841 MGMT_STATUS_INVALID_PARAMS);
2844 expected_len = sizeof(*cp) + key_count *
2845 sizeof(struct mgmt_link_key_info);
2846 if (expected_len != len) {
2847 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2849 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2850 MGMT_STATUS_INVALID_PARAMS);
2853 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2854 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2855 MGMT_STATUS_INVALID_PARAMS);
2857 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2860 for (i = 0; i < key_count; i++) {
2861 struct mgmt_link_key_info *key = &cp->keys[i];
2863 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2864 return mgmt_cmd_status(sk, hdev->id,
2865 MGMT_OP_LOAD_LINK_KEYS,
2866 MGMT_STATUS_INVALID_PARAMS);
2871 hci_link_keys_clear(hdev);
2874 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2876 changed = hci_dev_test_and_clear_flag(hdev,
2877 HCI_KEEP_DEBUG_KEYS);
2880 new_settings(hdev, NULL);
2882 for (i = 0; i < key_count; i++) {
2883 struct mgmt_link_key_info *key = &cp->keys[i];
2885 /* Always ignore debug keys and require a new pairing if
2886 * the user wants to use them.
2888 if (key->type == HCI_LK_DEBUG_COMBINATION)
2891 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2892 key->type, key->pin_len, NULL);
2895 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2897 hci_dev_unlock(hdev);
2902 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2903 u8 addr_type, struct sock *skip_sk)
2905 struct mgmt_ev_device_unpaired ev;
2907 bacpy(&ev.addr.bdaddr, bdaddr);
2908 ev.addr.type = addr_type;
2910 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2914 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2917 struct mgmt_cp_unpair_device *cp = data;
2918 struct mgmt_rp_unpair_device rp;
2919 struct hci_cp_disconnect dc;
2920 struct mgmt_pending_cmd *cmd;
2921 struct hci_conn *conn;
2924 memset(&rp, 0, sizeof(rp));
2925 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2926 rp.addr.type = cp->addr.type;
2928 if (!bdaddr_type_is_valid(cp->addr.type))
2929 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2930 MGMT_STATUS_INVALID_PARAMS,
2933 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2934 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2935 MGMT_STATUS_INVALID_PARAMS,
2940 if (!hdev_is_powered(hdev)) {
2941 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2942 MGMT_STATUS_NOT_POWERED, &rp,
2947 if (cp->addr.type == BDADDR_BREDR) {
2948 /* If disconnection is requested, then look up the
2949 * connection. If the remote device is connected, it
2950 * will be later used to terminate the link.
2952 * Setting it to NULL explicitly will cause no
2953 * termination of the link.
2956 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2961 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2965 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2968 /* Defer clearing up the connection parameters
2969 * until closing to give a chance of keeping
2970 * them if a repairing happens.
2972 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2974 /* If disconnection is not requested, then
2975 * clear the connection variable so that the
2976 * link is not terminated.
2978 if (!cp->disconnect)
2982 if (cp->addr.type == BDADDR_LE_PUBLIC)
2983 addr_type = ADDR_LE_DEV_PUBLIC;
2985 addr_type = ADDR_LE_DEV_RANDOM;
2987 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2989 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2993 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2994 MGMT_STATUS_NOT_PAIRED, &rp,
2999 /* If the connection variable is set, then termination of the
3000 * link is requested.
3003 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
3005 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
3009 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
3016 cmd->cmd_complete = addr_cmd_complete;
3018 dc.handle = cpu_to_le16(conn->handle);
3019 dc.reason = 0x13; /* Remote User Terminated Connection */
3020 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
3022 mgmt_pending_remove(cmd);
3025 hci_dev_unlock(hdev);
3029 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
3032 struct mgmt_cp_disconnect *cp = data;
3033 struct mgmt_rp_disconnect rp;
3034 struct mgmt_pending_cmd *cmd;
3035 struct hci_conn *conn;
3040 memset(&rp, 0, sizeof(rp));
3041 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3042 rp.addr.type = cp->addr.type;
3044 if (!bdaddr_type_is_valid(cp->addr.type))
3045 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3046 MGMT_STATUS_INVALID_PARAMS,
3051 if (!test_bit(HCI_UP, &hdev->flags)) {
3052 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3053 MGMT_STATUS_NOT_POWERED, &rp,
3058 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
3059 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3060 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3064 if (cp->addr.type == BDADDR_BREDR)
3065 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3068 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
3070 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
3071 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3072 MGMT_STATUS_NOT_CONNECTED, &rp,
3077 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
3083 cmd->cmd_complete = generic_cmd_complete;
3085 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
3087 mgmt_pending_remove(cmd);
3090 hci_dev_unlock(hdev);
3094 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
3096 switch (link_type) {
3098 switch (addr_type) {
3099 case ADDR_LE_DEV_PUBLIC:
3100 return BDADDR_LE_PUBLIC;
3103 /* Fallback to LE Random address type */
3104 return BDADDR_LE_RANDOM;
3108 /* Fallback to BR/EDR type */
3109 return BDADDR_BREDR;
3113 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3116 struct mgmt_rp_get_connections *rp;
3126 if (!hdev_is_powered(hdev)) {
3127 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3128 MGMT_STATUS_NOT_POWERED);
3133 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3134 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3138 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3139 rp = kmalloc(rp_len, GFP_KERNEL);
3146 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3147 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3149 bacpy(&rp->addr[i].bdaddr, &c->dst);
3150 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
3151 if (c->type == SCO_LINK || c->type == ESCO_LINK)
3156 rp->conn_count = cpu_to_le16(i);
3158 /* Recalculate length in case of filtered SCO connections, etc */
3159 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3161 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3167 hci_dev_unlock(hdev);
3171 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3172 struct mgmt_cp_pin_code_neg_reply *cp)
3174 struct mgmt_pending_cmd *cmd;
3177 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3182 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3183 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3185 mgmt_pending_remove(cmd);
3190 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3193 struct hci_conn *conn;
3194 struct mgmt_cp_pin_code_reply *cp = data;
3195 struct hci_cp_pin_code_reply reply;
3196 struct mgmt_pending_cmd *cmd;
3203 if (!hdev_is_powered(hdev)) {
3204 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3205 MGMT_STATUS_NOT_POWERED);
3209 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3211 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3212 MGMT_STATUS_NOT_CONNECTED);
3216 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3217 struct mgmt_cp_pin_code_neg_reply ncp;
3219 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3221 BT_ERR("PIN code is not 16 bytes long");
3223 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3225 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3226 MGMT_STATUS_INVALID_PARAMS);
3231 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3237 cmd->cmd_complete = addr_cmd_complete;
3239 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3240 reply.pin_len = cp->pin_len;
3241 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3243 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3245 mgmt_pending_remove(cmd);
3248 hci_dev_unlock(hdev);
3252 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3255 struct mgmt_cp_set_io_capability *cp = data;
3259 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3260 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3261 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3265 hdev->io_capability = cp->io_capability;
3267 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3268 hdev->io_capability);
3270 hci_dev_unlock(hdev);
3272 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3276 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
3278 struct hci_dev *hdev = conn->hdev;
3279 struct mgmt_pending_cmd *cmd;
3281 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3282 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3285 if (cmd->user_data != conn)
3294 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
3296 struct mgmt_rp_pair_device rp;
3297 struct hci_conn *conn = cmd->user_data;
3300 bacpy(&rp.addr.bdaddr, &conn->dst);
3301 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3303 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3304 status, &rp, sizeof(rp));
3306 /* So we don't get further callbacks for this connection */
3307 conn->connect_cfm_cb = NULL;
3308 conn->security_cfm_cb = NULL;
3309 conn->disconn_cfm_cb = NULL;
3311 hci_conn_drop(conn);
3313 /* The device is paired so there is no need to remove
3314 * its connection parameters anymore.
3316 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3323 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3325 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3326 struct mgmt_pending_cmd *cmd;
3328 cmd = find_pairing(conn);
3330 cmd->cmd_complete(cmd, status);
3331 mgmt_pending_remove(cmd);
3335 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3337 struct mgmt_pending_cmd *cmd;
3339 BT_DBG("status %u", status);
3341 cmd = find_pairing(conn);
3343 BT_DBG("Unable to find a pending command");
3347 cmd->cmd_complete(cmd, mgmt_status(status));
3348 mgmt_pending_remove(cmd);
3351 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3353 struct mgmt_pending_cmd *cmd;
3355 BT_DBG("status %u", status);
3360 cmd = find_pairing(conn);
3362 BT_DBG("Unable to find a pending command");
3366 cmd->cmd_complete(cmd, mgmt_status(status));
3367 mgmt_pending_remove(cmd);
3370 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3373 struct mgmt_cp_pair_device *cp = data;
3374 struct mgmt_rp_pair_device rp;
3375 struct mgmt_pending_cmd *cmd;
3376 u8 sec_level, auth_type;
3377 struct hci_conn *conn;
3382 memset(&rp, 0, sizeof(rp));
3383 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3384 rp.addr.type = cp->addr.type;
3386 if (!bdaddr_type_is_valid(cp->addr.type))
3387 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3388 MGMT_STATUS_INVALID_PARAMS,
3391 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3392 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3393 MGMT_STATUS_INVALID_PARAMS,
3398 if (!hdev_is_powered(hdev)) {
3399 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3400 MGMT_STATUS_NOT_POWERED, &rp,
3405 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3406 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3407 MGMT_STATUS_ALREADY_PAIRED, &rp,
3412 sec_level = BT_SECURITY_MEDIUM;
3413 auth_type = HCI_AT_DEDICATED_BONDING;
3415 if (cp->addr.type == BDADDR_BREDR) {
3416 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3421 /* Convert from L2CAP channel address type to HCI address type
3423 if (cp->addr.type == BDADDR_LE_PUBLIC)
3424 addr_type = ADDR_LE_DEV_PUBLIC;
3426 addr_type = ADDR_LE_DEV_RANDOM;
3428 /* When pairing a new device, it is expected to remember
3429 * this device for future connections. Adding the connection
3430 * parameter information ahead of time allows tracking
3431 * of the slave preferred values and will speed up any
3432 * further connection establishment.
3434 * If connection parameters already exist, then they
3435 * will be kept and this function does nothing.
3437 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3439 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3440 sec_level, HCI_LE_CONN_TIMEOUT,
3447 if (PTR_ERR(conn) == -EBUSY)
3448 status = MGMT_STATUS_BUSY;
3449 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3450 status = MGMT_STATUS_NOT_SUPPORTED;
3451 else if (PTR_ERR(conn) == -ECONNREFUSED)
3452 status = MGMT_STATUS_REJECTED;
3454 status = MGMT_STATUS_CONNECT_FAILED;
3456 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3457 status, &rp, sizeof(rp));
3461 if (conn->connect_cfm_cb) {
3462 hci_conn_drop(conn);
3463 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3464 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3468 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3471 hci_conn_drop(conn);
3475 cmd->cmd_complete = pairing_complete;
3477 /* For LE, just connecting isn't a proof that the pairing finished */
3478 if (cp->addr.type == BDADDR_BREDR) {
3479 conn->connect_cfm_cb = pairing_complete_cb;
3480 conn->security_cfm_cb = pairing_complete_cb;
3481 conn->disconn_cfm_cb = pairing_complete_cb;
3483 conn->connect_cfm_cb = le_pairing_complete_cb;
3484 conn->security_cfm_cb = le_pairing_complete_cb;
3485 conn->disconn_cfm_cb = le_pairing_complete_cb;
3488 conn->io_capability = cp->io_cap;
3489 cmd->user_data = hci_conn_get(conn);
3491 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3492 hci_conn_security(conn, sec_level, auth_type, true)) {
3493 cmd->cmd_complete(cmd, 0);
3494 mgmt_pending_remove(cmd);
3500 hci_dev_unlock(hdev);
3504 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3507 struct mgmt_addr_info *addr = data;
3508 struct mgmt_pending_cmd *cmd;
3509 struct hci_conn *conn;
3516 if (!hdev_is_powered(hdev)) {
3517 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3518 MGMT_STATUS_NOT_POWERED);
3522 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3524 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3525 MGMT_STATUS_INVALID_PARAMS);
3529 conn = cmd->user_data;
3531 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3532 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3533 MGMT_STATUS_INVALID_PARAMS);
3537 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3538 mgmt_pending_remove(cmd);
3540 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3541 addr, sizeof(*addr));
3543 hci_dev_unlock(hdev);
3547 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3548 struct mgmt_addr_info *addr, u16 mgmt_op,
3549 u16 hci_op, __le32 passkey)
3551 struct mgmt_pending_cmd *cmd;
3552 struct hci_conn *conn;
3557 if (!hdev_is_powered(hdev)) {
3558 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3559 MGMT_STATUS_NOT_POWERED, addr,
3564 if (addr->type == BDADDR_BREDR)
3565 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3567 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3570 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3571 MGMT_STATUS_NOT_CONNECTED, addr,
3576 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3577 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3579 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3580 MGMT_STATUS_SUCCESS, addr,
3583 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3584 MGMT_STATUS_FAILED, addr,
3590 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3596 cmd->cmd_complete = addr_cmd_complete;
3598 /* Continue with pairing via HCI */
3599 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3600 struct hci_cp_user_passkey_reply cp;
3602 bacpy(&cp.bdaddr, &addr->bdaddr);
3603 cp.passkey = passkey;
3604 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3606 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3610 mgmt_pending_remove(cmd);
3613 hci_dev_unlock(hdev);
3617 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3618 void *data, u16 len)
3620 struct mgmt_cp_pin_code_neg_reply *cp = data;
3624 return user_pairing_resp(sk, hdev, &cp->addr,
3625 MGMT_OP_PIN_CODE_NEG_REPLY,
3626 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3629 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3632 struct mgmt_cp_user_confirm_reply *cp = data;
3636 if (len != sizeof(*cp))
3637 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3638 MGMT_STATUS_INVALID_PARAMS);
3640 return user_pairing_resp(sk, hdev, &cp->addr,
3641 MGMT_OP_USER_CONFIRM_REPLY,
3642 HCI_OP_USER_CONFIRM_REPLY, 0);
3645 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3646 void *data, u16 len)
3648 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3652 return user_pairing_resp(sk, hdev, &cp->addr,
3653 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3654 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3657 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3660 struct mgmt_cp_user_passkey_reply *cp = data;
3664 return user_pairing_resp(sk, hdev, &cp->addr,
3665 MGMT_OP_USER_PASSKEY_REPLY,
3666 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3669 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3670 void *data, u16 len)
3672 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3676 return user_pairing_resp(sk, hdev, &cp->addr,
3677 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3678 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3681 static void update_name(struct hci_request *req)
3683 struct hci_dev *hdev = req->hdev;
3684 struct hci_cp_write_local_name cp;
3686 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3688 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3691 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3693 struct mgmt_cp_set_local_name *cp;
3694 struct mgmt_pending_cmd *cmd;
3696 BT_DBG("status 0x%02x", status);
3700 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3707 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3708 mgmt_status(status));
3710 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3713 mgmt_pending_remove(cmd);
3716 hci_dev_unlock(hdev);
3719 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3722 struct mgmt_cp_set_local_name *cp = data;
3723 struct mgmt_pending_cmd *cmd;
3724 struct hci_request req;
3731 /* If the old values are the same as the new ones just return a
3732 * direct command complete event.
3734 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3735 !memcmp(hdev->short_name, cp->short_name,
3736 sizeof(hdev->short_name))) {
3737 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3742 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3744 if (!hdev_is_powered(hdev)) {
3745 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3747 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3752 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3758 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3764 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3766 hci_req_init(&req, hdev);
3768 if (lmp_bredr_capable(hdev)) {
3773 /* The name is stored in the scan response data and so
3774 * no need to udpate the advertising data here.
3776 if (lmp_le_capable(hdev))
3777 update_scan_rsp_data(&req);
3779 err = hci_req_run(&req, set_name_complete);
3781 mgmt_pending_remove(cmd);
3784 hci_dev_unlock(hdev);
3788 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3789 u16 opcode, struct sk_buff *skb)
3791 struct mgmt_rp_read_local_oob_data mgmt_rp;
3792 size_t rp_size = sizeof(mgmt_rp);
3793 struct mgmt_pending_cmd *cmd;
3795 BT_DBG("%s status %u", hdev->name, status);
3797 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3801 if (status || !skb) {
3802 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3803 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3807 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3809 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3810 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3812 if (skb->len < sizeof(*rp)) {
3813 mgmt_cmd_status(cmd->sk, hdev->id,
3814 MGMT_OP_READ_LOCAL_OOB_DATA,
3815 MGMT_STATUS_FAILED);
3819 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3820 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3822 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3824 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3826 if (skb->len < sizeof(*rp)) {
3827 mgmt_cmd_status(cmd->sk, hdev->id,
3828 MGMT_OP_READ_LOCAL_OOB_DATA,
3829 MGMT_STATUS_FAILED);
3833 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3834 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3836 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3837 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3840 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3841 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3844 mgmt_pending_remove(cmd);
3847 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3848 void *data, u16 data_len)
3850 struct mgmt_pending_cmd *cmd;
3851 struct hci_request req;
3854 BT_DBG("%s", hdev->name);
3858 if (!hdev_is_powered(hdev)) {
3859 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3860 MGMT_STATUS_NOT_POWERED);
3864 if (!lmp_ssp_capable(hdev)) {
3865 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3866 MGMT_STATUS_NOT_SUPPORTED);
3870 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3871 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3876 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3882 hci_req_init(&req, hdev);
3884 if (bredr_sc_enabled(hdev))
3885 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3887 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3889 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3891 mgmt_pending_remove(cmd);
3894 hci_dev_unlock(hdev);
3898 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3899 void *data, u16 len)
3901 struct mgmt_addr_info *addr = data;
3904 BT_DBG("%s ", hdev->name);
3906 if (!bdaddr_type_is_valid(addr->type))
3907 return mgmt_cmd_complete(sk, hdev->id,
3908 MGMT_OP_ADD_REMOTE_OOB_DATA,
3909 MGMT_STATUS_INVALID_PARAMS,
3910 addr, sizeof(*addr));
3914 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3915 struct mgmt_cp_add_remote_oob_data *cp = data;
3918 if (cp->addr.type != BDADDR_BREDR) {
3919 err = mgmt_cmd_complete(sk, hdev->id,
3920 MGMT_OP_ADD_REMOTE_OOB_DATA,
3921 MGMT_STATUS_INVALID_PARAMS,
3922 &cp->addr, sizeof(cp->addr));
3926 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3927 cp->addr.type, cp->hash,
3928 cp->rand, NULL, NULL);
3930 status = MGMT_STATUS_FAILED;
3932 status = MGMT_STATUS_SUCCESS;
3934 err = mgmt_cmd_complete(sk, hdev->id,
3935 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3936 &cp->addr, sizeof(cp->addr));
3937 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3938 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3939 u8 *rand192, *hash192, *rand256, *hash256;
3942 if (bdaddr_type_is_le(cp->addr.type)) {
3943 /* Enforce zero-valued 192-bit parameters as
3944 * long as legacy SMP OOB isn't implemented.
3946 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3947 memcmp(cp->hash192, ZERO_KEY, 16)) {
3948 err = mgmt_cmd_complete(sk, hdev->id,
3949 MGMT_OP_ADD_REMOTE_OOB_DATA,
3950 MGMT_STATUS_INVALID_PARAMS,
3951 addr, sizeof(*addr));
3958 /* In case one of the P-192 values is set to zero,
3959 * then just disable OOB data for P-192.
3961 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3962 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3966 rand192 = cp->rand192;
3967 hash192 = cp->hash192;
3971 /* In case one of the P-256 values is set to zero, then just
3972 * disable OOB data for P-256.
3974 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3975 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3979 rand256 = cp->rand256;
3980 hash256 = cp->hash256;
3983 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3984 cp->addr.type, hash192, rand192,
3987 status = MGMT_STATUS_FAILED;
3989 status = MGMT_STATUS_SUCCESS;
3991 err = mgmt_cmd_complete(sk, hdev->id,
3992 MGMT_OP_ADD_REMOTE_OOB_DATA,
3993 status, &cp->addr, sizeof(cp->addr));
3995 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3996 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3997 MGMT_STATUS_INVALID_PARAMS);
4001 hci_dev_unlock(hdev);
4005 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4006 void *data, u16 len)
4008 struct mgmt_cp_remove_remote_oob_data *cp = data;
4012 BT_DBG("%s", hdev->name);
4014 if (cp->addr.type != BDADDR_BREDR)
4015 return mgmt_cmd_complete(sk, hdev->id,
4016 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4017 MGMT_STATUS_INVALID_PARAMS,
4018 &cp->addr, sizeof(cp->addr));
4022 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4023 hci_remote_oob_data_clear(hdev);
4024 status = MGMT_STATUS_SUCCESS;
4028 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
4030 status = MGMT_STATUS_INVALID_PARAMS;
4032 status = MGMT_STATUS_SUCCESS;
4035 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4036 status, &cp->addr, sizeof(cp->addr));
4038 hci_dev_unlock(hdev);
4042 static bool trigger_bredr_inquiry(struct hci_request *req, u8 *status)
4044 struct hci_dev *hdev = req->hdev;
4045 struct hci_cp_inquiry cp;
4046 /* General inquiry access code (GIAC) */
4047 u8 lap[3] = { 0x33, 0x8b, 0x9e };
4049 *status = mgmt_bredr_support(hdev);
4053 if (hci_dev_test_flag(hdev, HCI_INQUIRY)) {
4054 *status = MGMT_STATUS_BUSY;
4058 hci_inquiry_cache_flush(hdev);
4060 memset(&cp, 0, sizeof(cp));
4061 memcpy(&cp.lap, lap, sizeof(cp.lap));
4062 cp.length = DISCOV_BREDR_INQUIRY_LEN;
4064 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
4069 static bool trigger_le_scan(struct hci_request *req, u16 interval, u8 *status)
4071 struct hci_dev *hdev = req->hdev;
4072 struct hci_cp_le_set_scan_param param_cp;
4073 struct hci_cp_le_set_scan_enable enable_cp;
4077 *status = mgmt_le_support(hdev);
4081 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
4082 /* Don't let discovery abort an outgoing connection attempt
4083 * that's using directed advertising.
4085 if (hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
4086 *status = MGMT_STATUS_REJECTED;
4090 disable_advertising(req);
4093 /* If controller is scanning, it means the background scanning is
4094 * running. Thus, we should temporarily stop it in order to set the
4095 * discovery scanning parameters.
4097 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
4098 hci_req_add_le_scan_disable(req);
4100 /* All active scans will be done with either a resolvable private
4101 * address (when privacy feature has been enabled) or non-resolvable
4104 err = hci_update_random_address(req, true, &own_addr_type);
4106 *status = MGMT_STATUS_FAILED;
4110 memset(¶m_cp, 0, sizeof(param_cp));
4111 param_cp.type = LE_SCAN_ACTIVE;
4112 param_cp.interval = cpu_to_le16(interval);
4113 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
4114 param_cp.own_address_type = own_addr_type;
4116 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
4119 memset(&enable_cp, 0, sizeof(enable_cp));
4120 enable_cp.enable = LE_SCAN_ENABLE;
4121 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
4123 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
4129 static bool trigger_discovery(struct hci_request *req, u8 *status)
4131 struct hci_dev *hdev = req->hdev;
4133 switch (hdev->discovery.type) {
4134 case DISCOV_TYPE_BREDR:
4135 if (!trigger_bredr_inquiry(req, status))
4139 case DISCOV_TYPE_INTERLEAVED:
4140 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
4142 /* During simultaneous discovery, we double LE scan
4143 * interval. We must leave some time for the controller
4144 * to do BR/EDR inquiry.
4146 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT * 2,
4150 if (!trigger_bredr_inquiry(req, status))
4156 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4157 *status = MGMT_STATUS_NOT_SUPPORTED;
4162 case DISCOV_TYPE_LE:
4163 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT, status))
4168 *status = MGMT_STATUS_INVALID_PARAMS;
4175 static void start_discovery_complete(struct hci_dev *hdev, u8 status,
4178 struct mgmt_pending_cmd *cmd;
4179 unsigned long timeout;
4181 BT_DBG("status %d", status);
4185 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
4187 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
4190 cmd->cmd_complete(cmd, mgmt_status(status));
4191 mgmt_pending_remove(cmd);
4195 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4199 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
4201 /* If the scan involves LE scan, pick proper timeout to schedule
4202 * hdev->le_scan_disable that will stop it.
4204 switch (hdev->discovery.type) {
4205 case DISCOV_TYPE_LE:
4206 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4208 case DISCOV_TYPE_INTERLEAVED:
4209 /* When running simultaneous discovery, the LE scanning time
4210 * should occupy the whole discovery time sine BR/EDR inquiry
4211 * and LE scanning are scheduled by the controller.
4213 * For interleaving discovery in comparison, BR/EDR inquiry
4214 * and LE scanning are done sequentially with separate
4217 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
4218 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4220 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
4222 case DISCOV_TYPE_BREDR:
4226 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
4232 /* When service discovery is used and the controller has
4233 * a strict duplicate filter, it is important to remember
4234 * the start and duration of the scan. This is required
4235 * for restarting scanning during the discovery phase.
4237 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
4239 hdev->discovery.result_filtering) {
4240 hdev->discovery.scan_start = jiffies;
4241 hdev->discovery.scan_duration = timeout;
4244 queue_delayed_work(hdev->workqueue,
4245 &hdev->le_scan_disable, timeout);
4249 hci_dev_unlock(hdev);
4252 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4253 void *data, u16 len)
4255 struct mgmt_cp_start_discovery *cp = data;
4256 struct mgmt_pending_cmd *cmd;
4257 struct hci_request req;
4261 BT_DBG("%s", hdev->name);
4265 if (!hdev_is_powered(hdev)) {
4266 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4267 MGMT_STATUS_NOT_POWERED,
4268 &cp->type, sizeof(cp->type));
4272 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4273 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4274 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4275 MGMT_STATUS_BUSY, &cp->type,
4280 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4286 cmd->cmd_complete = generic_cmd_complete;
4288 /* Clear the discovery filter first to free any previously
4289 * allocated memory for the UUID list.
4291 hci_discovery_filter_clear(hdev);
4293 hdev->discovery.type = cp->type;
4294 hdev->discovery.report_invalid_rssi = false;
4296 hci_req_init(&req, hdev);
4298 if (!trigger_discovery(&req, &status)) {
4299 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4300 status, &cp->type, sizeof(cp->type));
4301 mgmt_pending_remove(cmd);
4305 err = hci_req_run(&req, start_discovery_complete);
4307 mgmt_pending_remove(cmd);
4311 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4314 hci_dev_unlock(hdev);
4318 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4321 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4325 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4326 void *data, u16 len)
4328 struct mgmt_cp_start_service_discovery *cp = data;
4329 struct mgmt_pending_cmd *cmd;
4330 struct hci_request req;
4331 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4332 u16 uuid_count, expected_len;
4336 BT_DBG("%s", hdev->name);
4340 if (!hdev_is_powered(hdev)) {
4341 err = mgmt_cmd_complete(sk, hdev->id,
4342 MGMT_OP_START_SERVICE_DISCOVERY,
4343 MGMT_STATUS_NOT_POWERED,
4344 &cp->type, sizeof(cp->type));
4348 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4349 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4350 err = mgmt_cmd_complete(sk, hdev->id,
4351 MGMT_OP_START_SERVICE_DISCOVERY,
4352 MGMT_STATUS_BUSY, &cp->type,
4357 uuid_count = __le16_to_cpu(cp->uuid_count);
4358 if (uuid_count > max_uuid_count) {
4359 BT_ERR("service_discovery: too big uuid_count value %u",
4361 err = mgmt_cmd_complete(sk, hdev->id,
4362 MGMT_OP_START_SERVICE_DISCOVERY,
4363 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4368 expected_len = sizeof(*cp) + uuid_count * 16;
4369 if (expected_len != len) {
4370 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4372 err = mgmt_cmd_complete(sk, hdev->id,
4373 MGMT_OP_START_SERVICE_DISCOVERY,
4374 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4379 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4386 cmd->cmd_complete = service_discovery_cmd_complete;
4388 /* Clear the discovery filter first to free any previously
4389 * allocated memory for the UUID list.
4391 hci_discovery_filter_clear(hdev);
4393 hdev->discovery.result_filtering = true;
4394 hdev->discovery.type = cp->type;
4395 hdev->discovery.rssi = cp->rssi;
4396 hdev->discovery.uuid_count = uuid_count;
4398 if (uuid_count > 0) {
4399 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4401 if (!hdev->discovery.uuids) {
4402 err = mgmt_cmd_complete(sk, hdev->id,
4403 MGMT_OP_START_SERVICE_DISCOVERY,
4405 &cp->type, sizeof(cp->type));
4406 mgmt_pending_remove(cmd);
4411 hci_req_init(&req, hdev);
4413 if (!trigger_discovery(&req, &status)) {
4414 err = mgmt_cmd_complete(sk, hdev->id,
4415 MGMT_OP_START_SERVICE_DISCOVERY,
4416 status, &cp->type, sizeof(cp->type));
4417 mgmt_pending_remove(cmd);
4421 err = hci_req_run(&req, start_discovery_complete);
4423 mgmt_pending_remove(cmd);
4427 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4430 hci_dev_unlock(hdev);
4434 static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4436 struct mgmt_pending_cmd *cmd;
4438 BT_DBG("status %d", status);
4442 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4444 cmd->cmd_complete(cmd, mgmt_status(status));
4445 mgmt_pending_remove(cmd);
4449 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4451 hci_dev_unlock(hdev);
4454 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4457 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4458 struct mgmt_pending_cmd *cmd;
4459 struct hci_request req;
4462 BT_DBG("%s", hdev->name);
4466 if (!hci_discovery_active(hdev)) {
4467 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4468 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4469 sizeof(mgmt_cp->type));
4473 if (hdev->discovery.type != mgmt_cp->type) {
4474 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4475 MGMT_STATUS_INVALID_PARAMS,
4476 &mgmt_cp->type, sizeof(mgmt_cp->type));
4480 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4486 cmd->cmd_complete = generic_cmd_complete;
4488 hci_req_init(&req, hdev);
4490 hci_stop_discovery(&req);
4492 err = hci_req_run(&req, stop_discovery_complete);
4494 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4498 mgmt_pending_remove(cmd);
4500 /* If no HCI commands were sent we're done */
4501 if (err == -ENODATA) {
4502 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4503 &mgmt_cp->type, sizeof(mgmt_cp->type));
4504 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4508 hci_dev_unlock(hdev);
4512 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4515 struct mgmt_cp_confirm_name *cp = data;
4516 struct inquiry_entry *e;
4519 BT_DBG("%s", hdev->name);
4523 if (!hci_discovery_active(hdev)) {
4524 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4525 MGMT_STATUS_FAILED, &cp->addr,
4530 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4532 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4533 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4538 if (cp->name_known) {
4539 e->name_state = NAME_KNOWN;
4542 e->name_state = NAME_NEEDED;
4543 hci_inquiry_cache_update_resolve(hdev, e);
4546 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4547 &cp->addr, sizeof(cp->addr));
4550 hci_dev_unlock(hdev);
4554 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4557 struct mgmt_cp_block_device *cp = data;
4561 BT_DBG("%s", hdev->name);
4563 if (!bdaddr_type_is_valid(cp->addr.type))
4564 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4565 MGMT_STATUS_INVALID_PARAMS,
4566 &cp->addr, sizeof(cp->addr));
4570 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4573 status = MGMT_STATUS_FAILED;
4577 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4579 status = MGMT_STATUS_SUCCESS;
4582 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4583 &cp->addr, sizeof(cp->addr));
4585 hci_dev_unlock(hdev);
4590 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4593 struct mgmt_cp_unblock_device *cp = data;
4597 BT_DBG("%s", hdev->name);
4599 if (!bdaddr_type_is_valid(cp->addr.type))
4600 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4601 MGMT_STATUS_INVALID_PARAMS,
4602 &cp->addr, sizeof(cp->addr));
4606 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4609 status = MGMT_STATUS_INVALID_PARAMS;
4613 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4615 status = MGMT_STATUS_SUCCESS;
4618 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4619 &cp->addr, sizeof(cp->addr));
4621 hci_dev_unlock(hdev);
4626 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4629 struct mgmt_cp_set_device_id *cp = data;
4630 struct hci_request req;
4634 BT_DBG("%s", hdev->name);
4636 source = __le16_to_cpu(cp->source);
4638 if (source > 0x0002)
4639 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4640 MGMT_STATUS_INVALID_PARAMS);
4644 hdev->devid_source = source;
4645 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4646 hdev->devid_product = __le16_to_cpu(cp->product);
4647 hdev->devid_version = __le16_to_cpu(cp->version);
4649 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4652 hci_req_init(&req, hdev);
4654 hci_req_run(&req, NULL);
4656 hci_dev_unlock(hdev);
4661 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4664 BT_DBG("status %d", status);
4667 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4670 struct cmd_lookup match = { NULL, hdev };
4671 struct hci_request req;
4676 u8 mgmt_err = mgmt_status(status);
4678 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4679 cmd_status_rsp, &mgmt_err);
4683 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4684 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4686 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4688 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4691 new_settings(hdev, match.sk);
4696 /* If "Set Advertising" was just disabled and instance advertising was
4697 * set up earlier, then enable the advertising instance.
4699 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4700 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
4703 hci_req_init(&req, hdev);
4705 update_adv_data(&req);
4706 enable_advertising(&req);
4708 if (hci_req_run(&req, enable_advertising_instance) < 0)
4709 BT_ERR("Failed to re-configure advertising");
4712 hci_dev_unlock(hdev);
4715 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4718 struct mgmt_mode *cp = data;
4719 struct mgmt_pending_cmd *cmd;
4720 struct hci_request req;
4724 BT_DBG("request for %s", hdev->name);
4726 status = mgmt_le_support(hdev);
4728 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4731 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4732 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4733 MGMT_STATUS_INVALID_PARAMS);
4739 /* The following conditions are ones which mean that we should
4740 * not do any HCI communication but directly send a mgmt
4741 * response to user space (after toggling the flag if
4744 if (!hdev_is_powered(hdev) ||
4745 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4746 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4747 hci_conn_num(hdev, LE_LINK) > 0 ||
4748 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4749 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4753 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4754 if (cp->val == 0x02)
4755 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4757 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4759 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4760 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4763 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4768 err = new_settings(hdev, sk);
4773 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4774 pending_find(MGMT_OP_SET_LE, hdev)) {
4775 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4786 hci_req_init(&req, hdev);
4788 if (cp->val == 0x02)
4789 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4791 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4794 /* Switch to instance "0" for the Set Advertising setting. */
4795 update_adv_data_for_instance(&req, 0);
4796 update_scan_rsp_data_for_instance(&req, 0);
4797 enable_advertising(&req);
4799 disable_advertising(&req);
4802 err = hci_req_run(&req, set_advertising_complete);
4804 mgmt_pending_remove(cmd);
4807 hci_dev_unlock(hdev);
4811 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4812 void *data, u16 len)
4814 struct mgmt_cp_set_static_address *cp = data;
4817 BT_DBG("%s", hdev->name);
4819 if (!lmp_le_capable(hdev))
4820 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4821 MGMT_STATUS_NOT_SUPPORTED);
4823 if (hdev_is_powered(hdev))
4824 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4825 MGMT_STATUS_REJECTED);
4827 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4828 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4829 return mgmt_cmd_status(sk, hdev->id,
4830 MGMT_OP_SET_STATIC_ADDRESS,
4831 MGMT_STATUS_INVALID_PARAMS);
4833 /* Two most significant bits shall be set */
4834 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4835 return mgmt_cmd_status(sk, hdev->id,
4836 MGMT_OP_SET_STATIC_ADDRESS,
4837 MGMT_STATUS_INVALID_PARAMS);
4842 bacpy(&hdev->static_addr, &cp->bdaddr);
4844 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4848 err = new_settings(hdev, sk);
4851 hci_dev_unlock(hdev);
4855 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4856 void *data, u16 len)
4858 struct mgmt_cp_set_scan_params *cp = data;
4859 __u16 interval, window;
4862 BT_DBG("%s", hdev->name);
4864 if (!lmp_le_capable(hdev))
4865 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4866 MGMT_STATUS_NOT_SUPPORTED);
4868 interval = __le16_to_cpu(cp->interval);
4870 if (interval < 0x0004 || interval > 0x4000)
4871 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4872 MGMT_STATUS_INVALID_PARAMS);
4874 window = __le16_to_cpu(cp->window);
4876 if (window < 0x0004 || window > 0x4000)
4877 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4878 MGMT_STATUS_INVALID_PARAMS);
4880 if (window > interval)
4881 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4882 MGMT_STATUS_INVALID_PARAMS);
4886 hdev->le_scan_interval = interval;
4887 hdev->le_scan_window = window;
4889 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4892 /* If background scan is running, restart it so new parameters are
4895 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4896 hdev->discovery.state == DISCOVERY_STOPPED) {
4897 struct hci_request req;
4899 hci_req_init(&req, hdev);
4901 hci_req_add_le_scan_disable(&req);
4902 hci_req_add_le_passive_scan(&req);
4904 hci_req_run(&req, NULL);
4907 hci_dev_unlock(hdev);
4912 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4915 struct mgmt_pending_cmd *cmd;
4917 BT_DBG("status 0x%02x", status);
4921 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4926 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4927 mgmt_status(status));
4929 struct mgmt_mode *cp = cmd->param;
4932 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4934 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4936 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4937 new_settings(hdev, cmd->sk);
4940 mgmt_pending_remove(cmd);
4943 hci_dev_unlock(hdev);
4946 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4947 void *data, u16 len)
4949 struct mgmt_mode *cp = data;
4950 struct mgmt_pending_cmd *cmd;
4951 struct hci_request req;
4954 BT_DBG("%s", hdev->name);
4956 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4957 hdev->hci_ver < BLUETOOTH_VER_1_2)
4958 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4959 MGMT_STATUS_NOT_SUPPORTED);
4961 if (cp->val != 0x00 && cp->val != 0x01)
4962 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4963 MGMT_STATUS_INVALID_PARAMS);
4967 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4968 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4973 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4974 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4979 if (!hdev_is_powered(hdev)) {
4980 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4981 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4983 new_settings(hdev, sk);
4987 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4994 hci_req_init(&req, hdev);
4996 write_fast_connectable(&req, cp->val);
4998 err = hci_req_run(&req, fast_connectable_complete);
5000 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5001 MGMT_STATUS_FAILED);
5002 mgmt_pending_remove(cmd);
5006 hci_dev_unlock(hdev);
5011 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5013 struct mgmt_pending_cmd *cmd;
5015 BT_DBG("status 0x%02x", status);
5019 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
5024 u8 mgmt_err = mgmt_status(status);
5026 /* We need to restore the flag if related HCI commands
5029 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
5031 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
5033 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5034 new_settings(hdev, cmd->sk);
5037 mgmt_pending_remove(cmd);
5040 hci_dev_unlock(hdev);
5043 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5045 struct mgmt_mode *cp = data;
5046 struct mgmt_pending_cmd *cmd;
5047 struct hci_request req;
5050 BT_DBG("request for %s", hdev->name);
5052 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
5053 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5054 MGMT_STATUS_NOT_SUPPORTED);
5056 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5057 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5058 MGMT_STATUS_REJECTED);
5060 if (cp->val != 0x00 && cp->val != 0x01)
5061 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5062 MGMT_STATUS_INVALID_PARAMS);
5066 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5067 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5071 if (!hdev_is_powered(hdev)) {
5073 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
5074 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
5075 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
5076 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5077 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
5080 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
5082 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5086 err = new_settings(hdev, sk);
5090 /* Reject disabling when powered on */
5092 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5093 MGMT_STATUS_REJECTED);
5096 /* When configuring a dual-mode controller to operate
5097 * with LE only and using a static address, then switching
5098 * BR/EDR back on is not allowed.
5100 * Dual-mode controllers shall operate with the public
5101 * address as its identity address for BR/EDR and LE. So
5102 * reject the attempt to create an invalid configuration.
5104 * The same restrictions applies when secure connections
5105 * has been enabled. For BR/EDR this is a controller feature
5106 * while for LE it is a host stack feature. This means that
5107 * switching BR/EDR back on when secure connections has been
5108 * enabled is not a supported transaction.
5110 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5111 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
5112 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
5113 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5114 MGMT_STATUS_REJECTED);
5119 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
5120 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5125 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5131 /* We need to flip the bit already here so that update_adv_data
5132 * generates the correct flags.
5134 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
5136 hci_req_init(&req, hdev);
5138 write_fast_connectable(&req, false);
5139 __hci_update_page_scan(&req);
5141 /* Since only the advertising data flags will change, there
5142 * is no need to update the scan response data.
5144 update_adv_data(&req);
5146 err = hci_req_run(&req, set_bredr_complete);
5148 mgmt_pending_remove(cmd);
5151 hci_dev_unlock(hdev);
5155 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5157 struct mgmt_pending_cmd *cmd;
5158 struct mgmt_mode *cp;
5160 BT_DBG("%s status %u", hdev->name, status);
5164 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5169 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5170 mgmt_status(status));
5178 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5179 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5182 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5183 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5186 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5187 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5191 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5192 new_settings(hdev, cmd->sk);
5195 mgmt_pending_remove(cmd);
5197 hci_dev_unlock(hdev);
5200 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5201 void *data, u16 len)
5203 struct mgmt_mode *cp = data;
5204 struct mgmt_pending_cmd *cmd;
5205 struct hci_request req;
5209 BT_DBG("request for %s", hdev->name);
5211 if (!lmp_sc_capable(hdev) &&
5212 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5213 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5214 MGMT_STATUS_NOT_SUPPORTED);
5216 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5217 lmp_sc_capable(hdev) &&
5218 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
5219 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5220 MGMT_STATUS_REJECTED);
5222 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5223 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5224 MGMT_STATUS_INVALID_PARAMS);
5228 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5229 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5233 changed = !hci_dev_test_and_set_flag(hdev,
5235 if (cp->val == 0x02)
5236 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5238 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5240 changed = hci_dev_test_and_clear_flag(hdev,
5242 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5245 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5250 err = new_settings(hdev, sk);
5255 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5256 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5263 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5264 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5265 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5269 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5275 hci_req_init(&req, hdev);
5276 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5277 err = hci_req_run(&req, sc_enable_complete);
5279 mgmt_pending_remove(cmd);
5284 hci_dev_unlock(hdev);
5288 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5289 void *data, u16 len)
5291 struct mgmt_mode *cp = data;
5292 bool changed, use_changed;
5295 BT_DBG("request for %s", hdev->name);
5297 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5298 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5299 MGMT_STATUS_INVALID_PARAMS);
5304 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
5306 changed = hci_dev_test_and_clear_flag(hdev,
5307 HCI_KEEP_DEBUG_KEYS);
5309 if (cp->val == 0x02)
5310 use_changed = !hci_dev_test_and_set_flag(hdev,
5311 HCI_USE_DEBUG_KEYS);
5313 use_changed = hci_dev_test_and_clear_flag(hdev,
5314 HCI_USE_DEBUG_KEYS);
5316 if (hdev_is_powered(hdev) && use_changed &&
5317 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5318 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5319 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5320 sizeof(mode), &mode);
5323 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5328 err = new_settings(hdev, sk);
5331 hci_dev_unlock(hdev);
5335 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5338 struct mgmt_cp_set_privacy *cp = cp_data;
5342 BT_DBG("request for %s", hdev->name);
5344 if (!lmp_le_capable(hdev))
5345 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5346 MGMT_STATUS_NOT_SUPPORTED);
5348 if (cp->privacy != 0x00 && cp->privacy != 0x01)
5349 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5350 MGMT_STATUS_INVALID_PARAMS);
5352 if (hdev_is_powered(hdev))
5353 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5354 MGMT_STATUS_REJECTED);
5358 /* If user space supports this command it is also expected to
5359 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5361 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5364 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
5365 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5366 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
5368 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
5369 memset(hdev->irk, 0, sizeof(hdev->irk));
5370 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
5373 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5378 err = new_settings(hdev, sk);
5381 hci_dev_unlock(hdev);
5385 static bool irk_is_valid(struct mgmt_irk_info *irk)
5387 switch (irk->addr.type) {
5388 case BDADDR_LE_PUBLIC:
5391 case BDADDR_LE_RANDOM:
5392 /* Two most significant bits shall be set */
5393 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5401 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5404 struct mgmt_cp_load_irks *cp = cp_data;
5405 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5406 sizeof(struct mgmt_irk_info));
5407 u16 irk_count, expected_len;
5410 BT_DBG("request for %s", hdev->name);
5412 if (!lmp_le_capable(hdev))
5413 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5414 MGMT_STATUS_NOT_SUPPORTED);
5416 irk_count = __le16_to_cpu(cp->irk_count);
5417 if (irk_count > max_irk_count) {
5418 BT_ERR("load_irks: too big irk_count value %u", irk_count);
5419 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5420 MGMT_STATUS_INVALID_PARAMS);
5423 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5424 if (expected_len != len) {
5425 BT_ERR("load_irks: expected %u bytes, got %u bytes",
5427 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5428 MGMT_STATUS_INVALID_PARAMS);
5431 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5433 for (i = 0; i < irk_count; i++) {
5434 struct mgmt_irk_info *key = &cp->irks[i];
5436 if (!irk_is_valid(key))
5437 return mgmt_cmd_status(sk, hdev->id,
5439 MGMT_STATUS_INVALID_PARAMS);
5444 hci_smp_irks_clear(hdev);
5446 for (i = 0; i < irk_count; i++) {
5447 struct mgmt_irk_info *irk = &cp->irks[i];
5450 if (irk->addr.type == BDADDR_LE_PUBLIC)
5451 addr_type = ADDR_LE_DEV_PUBLIC;
5453 addr_type = ADDR_LE_DEV_RANDOM;
5455 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5459 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5461 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5463 hci_dev_unlock(hdev);
5468 static bool ltk_is_valid(struct mgmt_ltk_info *key)
5470 if (key->master != 0x00 && key->master != 0x01)
5473 switch (key->addr.type) {
5474 case BDADDR_LE_PUBLIC:
5477 case BDADDR_LE_RANDOM:
5478 /* Two most significant bits shall be set */
5479 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5487 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5488 void *cp_data, u16 len)
5490 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5491 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5492 sizeof(struct mgmt_ltk_info));
5493 u16 key_count, expected_len;
5496 BT_DBG("request for %s", hdev->name);
5498 if (!lmp_le_capable(hdev))
5499 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5500 MGMT_STATUS_NOT_SUPPORTED);
5502 key_count = __le16_to_cpu(cp->key_count);
5503 if (key_count > max_key_count) {
5504 BT_ERR("load_ltks: too big key_count value %u", key_count);
5505 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5506 MGMT_STATUS_INVALID_PARAMS);
5509 expected_len = sizeof(*cp) + key_count *
5510 sizeof(struct mgmt_ltk_info);
5511 if (expected_len != len) {
5512 BT_ERR("load_keys: expected %u bytes, got %u bytes",
5514 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5515 MGMT_STATUS_INVALID_PARAMS);
5518 BT_DBG("%s key_count %u", hdev->name, key_count);
5520 for (i = 0; i < key_count; i++) {
5521 struct mgmt_ltk_info *key = &cp->keys[i];
5523 if (!ltk_is_valid(key))
5524 return mgmt_cmd_status(sk, hdev->id,
5525 MGMT_OP_LOAD_LONG_TERM_KEYS,
5526 MGMT_STATUS_INVALID_PARAMS);
5531 hci_smp_ltks_clear(hdev);
5533 for (i = 0; i < key_count; i++) {
5534 struct mgmt_ltk_info *key = &cp->keys[i];
5535 u8 type, addr_type, authenticated;
5537 if (key->addr.type == BDADDR_LE_PUBLIC)
5538 addr_type = ADDR_LE_DEV_PUBLIC;
5540 addr_type = ADDR_LE_DEV_RANDOM;
5542 switch (key->type) {
5543 case MGMT_LTK_UNAUTHENTICATED:
5544 authenticated = 0x00;
5545 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5547 case MGMT_LTK_AUTHENTICATED:
5548 authenticated = 0x01;
5549 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5551 case MGMT_LTK_P256_UNAUTH:
5552 authenticated = 0x00;
5553 type = SMP_LTK_P256;
5555 case MGMT_LTK_P256_AUTH:
5556 authenticated = 0x01;
5557 type = SMP_LTK_P256;
5559 case MGMT_LTK_P256_DEBUG:
5560 authenticated = 0x00;
5561 type = SMP_LTK_P256_DEBUG;
5566 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
5567 authenticated, key->val, key->enc_size, key->ediv,
5571 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5574 hci_dev_unlock(hdev);
5579 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5581 struct hci_conn *conn = cmd->user_data;
5582 struct mgmt_rp_get_conn_info rp;
5585 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5587 if (status == MGMT_STATUS_SUCCESS) {
5588 rp.rssi = conn->rssi;
5589 rp.tx_power = conn->tx_power;
5590 rp.max_tx_power = conn->max_tx_power;
5592 rp.rssi = HCI_RSSI_INVALID;
5593 rp.tx_power = HCI_TX_POWER_INVALID;
5594 rp.max_tx_power = HCI_TX_POWER_INVALID;
5597 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5598 status, &rp, sizeof(rp));
5600 hci_conn_drop(conn);
5606 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5609 struct hci_cp_read_rssi *cp;
5610 struct mgmt_pending_cmd *cmd;
5611 struct hci_conn *conn;
5615 BT_DBG("status 0x%02x", hci_status);
5619 /* Commands sent in request are either Read RSSI or Read Transmit Power
5620 * Level so we check which one was last sent to retrieve connection
5621 * handle. Both commands have handle as first parameter so it's safe to
5622 * cast data on the same command struct.
5624 * First command sent is always Read RSSI and we fail only if it fails.
5625 * In other case we simply override error to indicate success as we
5626 * already remembered if TX power value is actually valid.
5628 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5630 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5631 status = MGMT_STATUS_SUCCESS;
5633 status = mgmt_status(hci_status);
5637 BT_ERR("invalid sent_cmd in conn_info response");
5641 handle = __le16_to_cpu(cp->handle);
5642 conn = hci_conn_hash_lookup_handle(hdev, handle);
5644 BT_ERR("unknown handle (%d) in conn_info response", handle);
5648 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5652 cmd->cmd_complete(cmd, status);
5653 mgmt_pending_remove(cmd);
5656 hci_dev_unlock(hdev);
5659 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5662 struct mgmt_cp_get_conn_info *cp = data;
5663 struct mgmt_rp_get_conn_info rp;
5664 struct hci_conn *conn;
5665 unsigned long conn_info_age;
5668 BT_DBG("%s", hdev->name);
5670 memset(&rp, 0, sizeof(rp));
5671 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5672 rp.addr.type = cp->addr.type;
5674 if (!bdaddr_type_is_valid(cp->addr.type))
5675 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5676 MGMT_STATUS_INVALID_PARAMS,
5681 if (!hdev_is_powered(hdev)) {
5682 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5683 MGMT_STATUS_NOT_POWERED, &rp,
5688 if (cp->addr.type == BDADDR_BREDR)
5689 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5692 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5694 if (!conn || conn->state != BT_CONNECTED) {
5695 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5696 MGMT_STATUS_NOT_CONNECTED, &rp,
5701 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5702 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5703 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5707 /* To avoid client trying to guess when to poll again for information we
5708 * calculate conn info age as random value between min/max set in hdev.
5710 conn_info_age = hdev->conn_info_min_age +
5711 prandom_u32_max(hdev->conn_info_max_age -
5712 hdev->conn_info_min_age);
5714 /* Query controller to refresh cached values if they are too old or were
5717 if (time_after(jiffies, conn->conn_info_timestamp +
5718 msecs_to_jiffies(conn_info_age)) ||
5719 !conn->conn_info_timestamp) {
5720 struct hci_request req;
5721 struct hci_cp_read_tx_power req_txp_cp;
5722 struct hci_cp_read_rssi req_rssi_cp;
5723 struct mgmt_pending_cmd *cmd;
5725 hci_req_init(&req, hdev);
5726 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5727 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5730 /* For LE links TX power does not change thus we don't need to
5731 * query for it once value is known.
5733 if (!bdaddr_type_is_le(cp->addr.type) ||
5734 conn->tx_power == HCI_TX_POWER_INVALID) {
5735 req_txp_cp.handle = cpu_to_le16(conn->handle);
5736 req_txp_cp.type = 0x00;
5737 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5738 sizeof(req_txp_cp), &req_txp_cp);
5741 /* Max TX power needs to be read only once per connection */
5742 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5743 req_txp_cp.handle = cpu_to_le16(conn->handle);
5744 req_txp_cp.type = 0x01;
5745 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5746 sizeof(req_txp_cp), &req_txp_cp);
5749 err = hci_req_run(&req, conn_info_refresh_complete);
5753 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5760 hci_conn_hold(conn);
5761 cmd->user_data = hci_conn_get(conn);
5762 cmd->cmd_complete = conn_info_cmd_complete;
5764 conn->conn_info_timestamp = jiffies;
5766 /* Cache is valid, just reply with values cached in hci_conn */
5767 rp.rssi = conn->rssi;
5768 rp.tx_power = conn->tx_power;
5769 rp.max_tx_power = conn->max_tx_power;
5771 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5772 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5776 hci_dev_unlock(hdev);
5780 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5782 struct hci_conn *conn = cmd->user_data;
5783 struct mgmt_rp_get_clock_info rp;
5784 struct hci_dev *hdev;
5787 memset(&rp, 0, sizeof(rp));
5788 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5793 hdev = hci_dev_get(cmd->index);
5795 rp.local_clock = cpu_to_le32(hdev->clock);
5800 rp.piconet_clock = cpu_to_le32(conn->clock);
5801 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5805 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5809 hci_conn_drop(conn);
5816 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5818 struct hci_cp_read_clock *hci_cp;
5819 struct mgmt_pending_cmd *cmd;
5820 struct hci_conn *conn;
5822 BT_DBG("%s status %u", hdev->name, status);
5826 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5830 if (hci_cp->which) {
5831 u16 handle = __le16_to_cpu(hci_cp->handle);
5832 conn = hci_conn_hash_lookup_handle(hdev, handle);
5837 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5841 cmd->cmd_complete(cmd, mgmt_status(status));
5842 mgmt_pending_remove(cmd);
5845 hci_dev_unlock(hdev);
5848 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5851 struct mgmt_cp_get_clock_info *cp = data;
5852 struct mgmt_rp_get_clock_info rp;
5853 struct hci_cp_read_clock hci_cp;
5854 struct mgmt_pending_cmd *cmd;
5855 struct hci_request req;
5856 struct hci_conn *conn;
5859 BT_DBG("%s", hdev->name);
5861 memset(&rp, 0, sizeof(rp));
5862 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5863 rp.addr.type = cp->addr.type;
5865 if (cp->addr.type != BDADDR_BREDR)
5866 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5867 MGMT_STATUS_INVALID_PARAMS,
5872 if (!hdev_is_powered(hdev)) {
5873 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5874 MGMT_STATUS_NOT_POWERED, &rp,
5879 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5880 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5882 if (!conn || conn->state != BT_CONNECTED) {
5883 err = mgmt_cmd_complete(sk, hdev->id,
5884 MGMT_OP_GET_CLOCK_INFO,
5885 MGMT_STATUS_NOT_CONNECTED,
5893 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5899 cmd->cmd_complete = clock_info_cmd_complete;
5901 hci_req_init(&req, hdev);
5903 memset(&hci_cp, 0, sizeof(hci_cp));
5904 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5907 hci_conn_hold(conn);
5908 cmd->user_data = hci_conn_get(conn);
5910 hci_cp.handle = cpu_to_le16(conn->handle);
5911 hci_cp.which = 0x01; /* Piconet clock */
5912 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5915 err = hci_req_run(&req, get_clock_info_complete);
5917 mgmt_pending_remove(cmd);
5920 hci_dev_unlock(hdev);
5924 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5926 struct hci_conn *conn;
5928 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5932 if (conn->dst_type != type)
5935 if (conn->state != BT_CONNECTED)
5941 /* This function requires the caller holds hdev->lock */
5942 static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5943 u8 addr_type, u8 auto_connect)
5945 struct hci_dev *hdev = req->hdev;
5946 struct hci_conn_params *params;
5948 params = hci_conn_params_add(hdev, addr, addr_type);
5952 if (params->auto_connect == auto_connect)
5955 list_del_init(¶ms->action);
5957 switch (auto_connect) {
5958 case HCI_AUTO_CONN_DISABLED:
5959 case HCI_AUTO_CONN_LINK_LOSS:
5960 __hci_update_background_scan(req);
5962 case HCI_AUTO_CONN_REPORT:
5963 list_add(¶ms->action, &hdev->pend_le_reports);
5964 __hci_update_background_scan(req);
5966 case HCI_AUTO_CONN_DIRECT:
5967 case HCI_AUTO_CONN_ALWAYS:
5968 if (!is_connected(hdev, addr, addr_type)) {
5969 list_add(¶ms->action, &hdev->pend_le_conns);
5970 __hci_update_background_scan(req);
5975 params->auto_connect = auto_connect;
5977 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5983 static void device_added(struct sock *sk, struct hci_dev *hdev,
5984 bdaddr_t *bdaddr, u8 type, u8 action)
5986 struct mgmt_ev_device_added ev;
5988 bacpy(&ev.addr.bdaddr, bdaddr);
5989 ev.addr.type = type;
5992 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5995 static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5997 struct mgmt_pending_cmd *cmd;
5999 BT_DBG("status 0x%02x", status);
6003 cmd = pending_find(MGMT_OP_ADD_DEVICE, hdev);
6007 cmd->cmd_complete(cmd, mgmt_status(status));
6008 mgmt_pending_remove(cmd);
6011 hci_dev_unlock(hdev);
6014 static int add_device(struct sock *sk, struct hci_dev *hdev,
6015 void *data, u16 len)
6017 struct mgmt_cp_add_device *cp = data;
6018 struct mgmt_pending_cmd *cmd;
6019 struct hci_request req;
6020 u8 auto_conn, addr_type;
6023 BT_DBG("%s", hdev->name);
6025 if (!bdaddr_type_is_valid(cp->addr.type) ||
6026 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
6027 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6028 MGMT_STATUS_INVALID_PARAMS,
6029 &cp->addr, sizeof(cp->addr));
6031 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
6032 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6033 MGMT_STATUS_INVALID_PARAMS,
6034 &cp->addr, sizeof(cp->addr));
6036 hci_req_init(&req, hdev);
6040 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
6046 cmd->cmd_complete = addr_cmd_complete;
6048 if (cp->addr.type == BDADDR_BREDR) {
6049 /* Only incoming connections action is supported for now */
6050 if (cp->action != 0x01) {
6051 err = cmd->cmd_complete(cmd,
6052 MGMT_STATUS_INVALID_PARAMS);
6053 mgmt_pending_remove(cmd);
6057 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
6062 __hci_update_page_scan(&req);
6067 if (cp->addr.type == BDADDR_LE_PUBLIC)
6068 addr_type = ADDR_LE_DEV_PUBLIC;
6070 addr_type = ADDR_LE_DEV_RANDOM;
6072 if (cp->action == 0x02)
6073 auto_conn = HCI_AUTO_CONN_ALWAYS;
6074 else if (cp->action == 0x01)
6075 auto_conn = HCI_AUTO_CONN_DIRECT;
6077 auto_conn = HCI_AUTO_CONN_REPORT;
6079 /* If the connection parameters don't exist for this device,
6080 * they will be created and configured with defaults.
6082 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
6084 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
6085 mgmt_pending_remove(cmd);
6090 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
6092 err = hci_req_run(&req, add_device_complete);
6094 /* ENODATA means no HCI commands were needed (e.g. if
6095 * the adapter is powered off).
6097 if (err == -ENODATA)
6098 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
6099 mgmt_pending_remove(cmd);
6103 hci_dev_unlock(hdev);
6107 static void device_removed(struct sock *sk, struct hci_dev *hdev,
6108 bdaddr_t *bdaddr, u8 type)
6110 struct mgmt_ev_device_removed ev;
6112 bacpy(&ev.addr.bdaddr, bdaddr);
6113 ev.addr.type = type;
6115 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
6118 static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6120 struct mgmt_pending_cmd *cmd;
6122 BT_DBG("status 0x%02x", status);
6126 cmd = pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
6130 cmd->cmd_complete(cmd, mgmt_status(status));
6131 mgmt_pending_remove(cmd);
6134 hci_dev_unlock(hdev);
6137 static int remove_device(struct sock *sk, struct hci_dev *hdev,
6138 void *data, u16 len)
6140 struct mgmt_cp_remove_device *cp = data;
6141 struct mgmt_pending_cmd *cmd;
6142 struct hci_request req;
6145 BT_DBG("%s", hdev->name);
6147 hci_req_init(&req, hdev);
6151 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
6157 cmd->cmd_complete = addr_cmd_complete;
6159 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6160 struct hci_conn_params *params;
6163 if (!bdaddr_type_is_valid(cp->addr.type)) {
6164 err = cmd->cmd_complete(cmd,
6165 MGMT_STATUS_INVALID_PARAMS);
6166 mgmt_pending_remove(cmd);
6170 if (cp->addr.type == BDADDR_BREDR) {
6171 err = hci_bdaddr_list_del(&hdev->whitelist,
6175 err = cmd->cmd_complete(cmd,
6176 MGMT_STATUS_INVALID_PARAMS);
6177 mgmt_pending_remove(cmd);
6181 __hci_update_page_scan(&req);
6183 device_removed(sk, hdev, &cp->addr.bdaddr,
6188 if (cp->addr.type == BDADDR_LE_PUBLIC)
6189 addr_type = ADDR_LE_DEV_PUBLIC;
6191 addr_type = ADDR_LE_DEV_RANDOM;
6193 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6196 err = cmd->cmd_complete(cmd,
6197 MGMT_STATUS_INVALID_PARAMS);
6198 mgmt_pending_remove(cmd);
6202 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
6203 err = cmd->cmd_complete(cmd,
6204 MGMT_STATUS_INVALID_PARAMS);
6205 mgmt_pending_remove(cmd);
6209 list_del(¶ms->action);
6210 list_del(¶ms->list);
6212 __hci_update_background_scan(&req);
6214 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
6216 struct hci_conn_params *p, *tmp;
6217 struct bdaddr_list *b, *btmp;
6219 if (cp->addr.type) {
6220 err = cmd->cmd_complete(cmd,
6221 MGMT_STATUS_INVALID_PARAMS);
6222 mgmt_pending_remove(cmd);
6226 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6227 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6232 __hci_update_page_scan(&req);
6234 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6235 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6237 device_removed(sk, hdev, &p->addr, p->addr_type);
6238 list_del(&p->action);
6243 BT_DBG("All LE connection parameters were removed");
6245 __hci_update_background_scan(&req);
6249 err = hci_req_run(&req, remove_device_complete);
6251 /* ENODATA means no HCI commands were needed (e.g. if
6252 * the adapter is powered off).
6254 if (err == -ENODATA)
6255 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
6256 mgmt_pending_remove(cmd);
6260 hci_dev_unlock(hdev);
6264 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6267 struct mgmt_cp_load_conn_param *cp = data;
6268 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6269 sizeof(struct mgmt_conn_param));
6270 u16 param_count, expected_len;
6273 if (!lmp_le_capable(hdev))
6274 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6275 MGMT_STATUS_NOT_SUPPORTED);
6277 param_count = __le16_to_cpu(cp->param_count);
6278 if (param_count > max_param_count) {
6279 BT_ERR("load_conn_param: too big param_count value %u",
6281 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6282 MGMT_STATUS_INVALID_PARAMS);
6285 expected_len = sizeof(*cp) + param_count *
6286 sizeof(struct mgmt_conn_param);
6287 if (expected_len != len) {
6288 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6290 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6291 MGMT_STATUS_INVALID_PARAMS);
6294 BT_DBG("%s param_count %u", hdev->name, param_count);
6298 hci_conn_params_clear_disabled(hdev);
6300 for (i = 0; i < param_count; i++) {
6301 struct mgmt_conn_param *param = &cp->params[i];
6302 struct hci_conn_params *hci_param;
6303 u16 min, max, latency, timeout;
6306 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
6309 if (param->addr.type == BDADDR_LE_PUBLIC) {
6310 addr_type = ADDR_LE_DEV_PUBLIC;
6311 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6312 addr_type = ADDR_LE_DEV_RANDOM;
6314 BT_ERR("Ignoring invalid connection parameters");
6318 min = le16_to_cpu(param->min_interval);
6319 max = le16_to_cpu(param->max_interval);
6320 latency = le16_to_cpu(param->latency);
6321 timeout = le16_to_cpu(param->timeout);
6323 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6324 min, max, latency, timeout);
6326 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6327 BT_ERR("Ignoring invalid connection parameters");
6331 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
6334 BT_ERR("Failed to add connection parameters");
6338 hci_param->conn_min_interval = min;
6339 hci_param->conn_max_interval = max;
6340 hci_param->conn_latency = latency;
6341 hci_param->supervision_timeout = timeout;
6344 hci_dev_unlock(hdev);
6346 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6350 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6351 void *data, u16 len)
6353 struct mgmt_cp_set_external_config *cp = data;
6357 BT_DBG("%s", hdev->name);
6359 if (hdev_is_powered(hdev))
6360 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6361 MGMT_STATUS_REJECTED);
6363 if (cp->config != 0x00 && cp->config != 0x01)
6364 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6365 MGMT_STATUS_INVALID_PARAMS);
6367 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6368 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6369 MGMT_STATUS_NOT_SUPPORTED);
6374 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
6376 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
6378 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6385 err = new_options(hdev, sk);
6387 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
6388 mgmt_index_removed(hdev);
6390 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
6391 hci_dev_set_flag(hdev, HCI_CONFIG);
6392 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6394 queue_work(hdev->req_workqueue, &hdev->power_on);
6396 set_bit(HCI_RAW, &hdev->flags);
6397 mgmt_index_added(hdev);
6402 hci_dev_unlock(hdev);
6406 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6407 void *data, u16 len)
6409 struct mgmt_cp_set_public_address *cp = data;
6413 BT_DBG("%s", hdev->name);
6415 if (hdev_is_powered(hdev))
6416 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6417 MGMT_STATUS_REJECTED);
6419 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6420 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6421 MGMT_STATUS_INVALID_PARAMS);
6423 if (!hdev->set_bdaddr)
6424 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6425 MGMT_STATUS_NOT_SUPPORTED);
6429 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6430 bacpy(&hdev->public_addr, &cp->bdaddr);
6432 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6439 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6440 err = new_options(hdev, sk);
6442 if (is_configured(hdev)) {
6443 mgmt_index_removed(hdev);
6445 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6447 hci_dev_set_flag(hdev, HCI_CONFIG);
6448 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6450 queue_work(hdev->req_workqueue, &hdev->power_on);
6454 hci_dev_unlock(hdev);
6458 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6461 eir[eir_len++] = sizeof(type) + data_len;
6462 eir[eir_len++] = type;
6463 memcpy(&eir[eir_len], data, data_len);
6464 eir_len += data_len;
6469 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6470 u16 opcode, struct sk_buff *skb)
6472 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6473 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6474 u8 *h192, *r192, *h256, *r256;
6475 struct mgmt_pending_cmd *cmd;
6479 BT_DBG("%s status %u", hdev->name, status);
6481 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6485 mgmt_cp = cmd->param;
6488 status = mgmt_status(status);
6495 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6496 struct hci_rp_read_local_oob_data *rp;
6498 if (skb->len != sizeof(*rp)) {
6499 status = MGMT_STATUS_FAILED;
6502 status = MGMT_STATUS_SUCCESS;
6503 rp = (void *)skb->data;
6505 eir_len = 5 + 18 + 18;
6512 struct hci_rp_read_local_oob_ext_data *rp;
6514 if (skb->len != sizeof(*rp)) {
6515 status = MGMT_STATUS_FAILED;
6518 status = MGMT_STATUS_SUCCESS;
6519 rp = (void *)skb->data;
6521 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6522 eir_len = 5 + 18 + 18;
6526 eir_len = 5 + 18 + 18 + 18 + 18;
6536 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6543 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6544 hdev->dev_class, 3);
6547 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6548 EIR_SSP_HASH_C192, h192, 16);
6549 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6550 EIR_SSP_RAND_R192, r192, 16);
6554 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6555 EIR_SSP_HASH_C256, h256, 16);
6556 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6557 EIR_SSP_RAND_R256, r256, 16);
6561 mgmt_rp->type = mgmt_cp->type;
6562 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6564 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6565 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6566 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6567 if (err < 0 || status)
6570 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6572 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6573 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6574 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6577 mgmt_pending_remove(cmd);
6580 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6581 struct mgmt_cp_read_local_oob_ext_data *cp)
6583 struct mgmt_pending_cmd *cmd;
6584 struct hci_request req;
6587 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6592 hci_req_init(&req, hdev);
6594 if (bredr_sc_enabled(hdev))
6595 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6597 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6599 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6601 mgmt_pending_remove(cmd);
6608 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6609 void *data, u16 data_len)
6611 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6612 struct mgmt_rp_read_local_oob_ext_data *rp;
6615 u8 status, flags, role, addr[7], hash[16], rand[16];
6618 BT_DBG("%s", hdev->name);
6620 if (hdev_is_powered(hdev)) {
6622 case BIT(BDADDR_BREDR):
6623 status = mgmt_bredr_support(hdev);
6629 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6630 status = mgmt_le_support(hdev);
6634 eir_len = 9 + 3 + 18 + 18 + 3;
6637 status = MGMT_STATUS_INVALID_PARAMS;
6642 status = MGMT_STATUS_NOT_POWERED;
6646 rp_len = sizeof(*rp) + eir_len;
6647 rp = kmalloc(rp_len, GFP_ATOMIC);
6658 case BIT(BDADDR_BREDR):
6659 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6660 err = read_local_ssp_oob_req(hdev, sk, cp);
6661 hci_dev_unlock(hdev);
6665 status = MGMT_STATUS_FAILED;
6668 eir_len = eir_append_data(rp->eir, eir_len,
6670 hdev->dev_class, 3);
6673 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6674 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6675 smp_generate_oob(hdev, hash, rand) < 0) {
6676 hci_dev_unlock(hdev);
6677 status = MGMT_STATUS_FAILED;
6681 /* This should return the active RPA, but since the RPA
6682 * is only programmed on demand, it is really hard to fill
6683 * this in at the moment. For now disallow retrieving
6684 * local out-of-band data when privacy is in use.
6686 * Returning the identity address will not help here since
6687 * pairing happens before the identity resolving key is
6688 * known and thus the connection establishment happens
6689 * based on the RPA and not the identity address.
6691 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6692 hci_dev_unlock(hdev);
6693 status = MGMT_STATUS_REJECTED;
6697 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6698 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6699 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6700 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6701 memcpy(addr, &hdev->static_addr, 6);
6704 memcpy(addr, &hdev->bdaddr, 6);
6708 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6709 addr, sizeof(addr));
6711 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6716 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6717 &role, sizeof(role));
6719 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6720 eir_len = eir_append_data(rp->eir, eir_len,
6722 hash, sizeof(hash));
6724 eir_len = eir_append_data(rp->eir, eir_len,
6726 rand, sizeof(rand));
6729 flags = get_adv_discov_flags(hdev);
6731 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6732 flags |= LE_AD_NO_BREDR;
6734 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6735 &flags, sizeof(flags));
6739 hci_dev_unlock(hdev);
6741 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6743 status = MGMT_STATUS_SUCCESS;
6746 rp->type = cp->type;
6747 rp->eir_len = cpu_to_le16(eir_len);
6749 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6750 status, rp, sizeof(*rp) + eir_len);
6751 if (err < 0 || status)
6754 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6755 rp, sizeof(*rp) + eir_len,
6756 HCI_MGMT_OOB_DATA_EVENTS, sk);
6764 static u32 get_supported_adv_flags(struct hci_dev *hdev)
6768 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6769 flags |= MGMT_ADV_FLAG_DISCOV;
6770 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6771 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6773 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
6774 flags |= MGMT_ADV_FLAG_TX_POWER;
6779 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6780 void *data, u16 data_len)
6782 struct mgmt_rp_read_adv_features *rp;
6786 u32 supported_flags;
6788 BT_DBG("%s", hdev->name);
6790 if (!lmp_le_capable(hdev))
6791 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6792 MGMT_STATUS_REJECTED);
6796 rp_len = sizeof(*rp);
6798 /* Currently only one instance is supported, so just add 1 to the
6801 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6805 rp = kmalloc(rp_len, GFP_ATOMIC);
6807 hci_dev_unlock(hdev);
6811 supported_flags = get_supported_adv_flags(hdev);
6813 rp->supported_flags = cpu_to_le32(supported_flags);
6814 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6815 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6816 rp->max_instances = 1;
6818 /* Currently only one instance is supported, so simply return the
6819 * current instance number.
6822 rp->num_instances = 1;
6823 rp->instance[0] = 1;
6825 rp->num_instances = 0;
6828 hci_dev_unlock(hdev);
6830 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6831 MGMT_STATUS_SUCCESS, rp, rp_len);
6838 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6839 u8 len, bool is_adv_data)
6841 u8 max_len = HCI_MAX_AD_LENGTH;
6843 bool flags_managed = false;
6844 bool tx_power_managed = false;
6845 u32 flags_params = MGMT_ADV_FLAG_DISCOV | MGMT_ADV_FLAG_LIMITED_DISCOV |
6846 MGMT_ADV_FLAG_MANAGED_FLAGS;
6848 if (is_adv_data && (adv_flags & flags_params)) {
6849 flags_managed = true;
6853 if (is_adv_data && (adv_flags & MGMT_ADV_FLAG_TX_POWER)) {
6854 tx_power_managed = true;
6861 /* Make sure that the data is correctly formatted. */
6862 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6865 if (flags_managed && data[i + 1] == EIR_FLAGS)
6868 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
6871 /* If the current field length would exceed the total data
6872 * length, then it's invalid.
6874 if (i + cur_len >= len)
6881 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6884 struct mgmt_pending_cmd *cmd;
6885 struct mgmt_rp_add_advertising rp;
6887 BT_DBG("status %d", status);
6891 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6894 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
6895 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
6896 advertising_removed(cmd ? cmd->sk : NULL, hdev, 1);
6905 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6906 mgmt_status(status));
6908 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6909 mgmt_status(status), &rp, sizeof(rp));
6911 mgmt_pending_remove(cmd);
6914 hci_dev_unlock(hdev);
6917 static void adv_timeout_expired(struct work_struct *work)
6919 struct hci_dev *hdev = container_of(work, struct hci_dev,
6920 adv_instance.timeout_exp.work);
6922 hdev->adv_instance.timeout = 0;
6925 clear_adv_instance(hdev);
6926 hci_dev_unlock(hdev);
6929 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6930 void *data, u16 data_len)
6932 struct mgmt_cp_add_advertising *cp = data;
6933 struct mgmt_rp_add_advertising rp;
6935 u32 supported_flags;
6939 struct mgmt_pending_cmd *cmd;
6940 struct hci_request req;
6942 BT_DBG("%s", hdev->name);
6944 status = mgmt_le_support(hdev);
6946 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6949 flags = __le32_to_cpu(cp->flags);
6950 timeout = __le16_to_cpu(cp->timeout);
6952 /* The current implementation only supports adding one instance and only
6953 * a subset of the specified flags.
6955 supported_flags = get_supported_adv_flags(hdev);
6956 if (cp->instance != 0x01 || (flags & ~supported_flags))
6957 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6958 MGMT_STATUS_INVALID_PARAMS);
6962 if (timeout && !hdev_is_powered(hdev)) {
6963 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6964 MGMT_STATUS_REJECTED);
6968 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6969 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6970 pending_find(MGMT_OP_SET_LE, hdev)) {
6971 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6976 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6977 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6978 cp->scan_rsp_len, false)) {
6979 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6980 MGMT_STATUS_INVALID_PARAMS);
6984 INIT_DELAYED_WORK(&hdev->adv_instance.timeout_exp, adv_timeout_expired);
6986 hdev->adv_instance.flags = flags;
6987 hdev->adv_instance.adv_data_len = cp->adv_data_len;
6988 hdev->adv_instance.scan_rsp_len = cp->scan_rsp_len;
6990 if (cp->adv_data_len)
6991 memcpy(hdev->adv_instance.adv_data, cp->data, cp->adv_data_len);
6993 if (cp->scan_rsp_len)
6994 memcpy(hdev->adv_instance.scan_rsp_data,
6995 cp->data + cp->adv_data_len, cp->scan_rsp_len);
6997 if (hdev->adv_instance.timeout)
6998 cancel_delayed_work(&hdev->adv_instance.timeout_exp);
7000 hdev->adv_instance.timeout = timeout;
7003 queue_delayed_work(hdev->workqueue,
7004 &hdev->adv_instance.timeout_exp,
7005 msecs_to_jiffies(timeout * 1000));
7007 if (!hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING_INSTANCE))
7008 advertising_added(sk, hdev, 1);
7010 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
7011 * we have no HCI communication to make. Simply return.
7013 if (!hdev_is_powered(hdev) ||
7014 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
7016 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7017 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7021 /* We're good to go, update advertising data, parameters, and start
7024 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
7031 hci_req_init(&req, hdev);
7033 update_adv_data(&req);
7034 update_scan_rsp_data(&req);
7035 enable_advertising(&req);
7037 err = hci_req_run(&req, add_advertising_complete);
7039 mgmt_pending_remove(cmd);
7042 hci_dev_unlock(hdev);
7047 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
7050 struct mgmt_pending_cmd *cmd;
7051 struct mgmt_rp_remove_advertising rp;
7053 BT_DBG("status %d", status);
7057 /* A failure status here only means that we failed to disable
7058 * advertising. Otherwise, the advertising instance has been removed,
7059 * so report success.
7061 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
7067 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
7069 mgmt_pending_remove(cmd);
7072 hci_dev_unlock(hdev);
7075 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
7076 void *data, u16 data_len)
7078 struct mgmt_cp_remove_advertising *cp = data;
7079 struct mgmt_rp_remove_advertising rp;
7081 struct mgmt_pending_cmd *cmd;
7082 struct hci_request req;
7084 BT_DBG("%s", hdev->name);
7086 /* The current implementation only allows modifying instance no 1. A
7087 * value of 0 indicates that all instances should be cleared.
7089 if (cp->instance > 1)
7090 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7091 MGMT_STATUS_INVALID_PARAMS);
7095 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7096 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7097 pending_find(MGMT_OP_SET_LE, hdev)) {
7098 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7103 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
7104 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7105 MGMT_STATUS_INVALID_PARAMS);
7109 if (hdev->adv_instance.timeout)
7110 cancel_delayed_work(&hdev->adv_instance.timeout_exp);
7112 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
7114 advertising_removed(sk, hdev, 1);
7116 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
7118 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
7119 * we have no HCI communication to make. Simply return.
7121 if (!hdev_is_powered(hdev) ||
7122 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
7124 err = mgmt_cmd_complete(sk, hdev->id,
7125 MGMT_OP_REMOVE_ADVERTISING,
7126 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7130 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
7137 hci_req_init(&req, hdev);
7138 disable_advertising(&req);
7140 err = hci_req_run(&req, remove_advertising_complete);
7142 mgmt_pending_remove(cmd);
7145 hci_dev_unlock(hdev);
7150 static const struct hci_mgmt_handler mgmt_handlers[] = {
7151 { NULL }, /* 0x0000 (no command) */
7152 { read_version, MGMT_READ_VERSION_SIZE,
7154 HCI_MGMT_UNTRUSTED },
7155 { read_commands, MGMT_READ_COMMANDS_SIZE,
7157 HCI_MGMT_UNTRUSTED },
7158 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
7160 HCI_MGMT_UNTRUSTED },
7161 { read_controller_info, MGMT_READ_INFO_SIZE,
7162 HCI_MGMT_UNTRUSTED },
7163 { set_powered, MGMT_SETTING_SIZE },
7164 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
7165 { set_connectable, MGMT_SETTING_SIZE },
7166 { set_fast_connectable, MGMT_SETTING_SIZE },
7167 { set_bondable, MGMT_SETTING_SIZE },
7168 { set_link_security, MGMT_SETTING_SIZE },
7169 { set_ssp, MGMT_SETTING_SIZE },
7170 { set_hs, MGMT_SETTING_SIZE },
7171 { set_le, MGMT_SETTING_SIZE },
7172 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
7173 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
7174 { add_uuid, MGMT_ADD_UUID_SIZE },
7175 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
7176 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
7178 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
7180 { disconnect, MGMT_DISCONNECT_SIZE },
7181 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
7182 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
7183 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
7184 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
7185 { pair_device, MGMT_PAIR_DEVICE_SIZE },
7186 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
7187 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
7188 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
7189 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
7190 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
7191 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
7192 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
7193 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
7195 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
7196 { start_discovery, MGMT_START_DISCOVERY_SIZE },
7197 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
7198 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
7199 { block_device, MGMT_BLOCK_DEVICE_SIZE },
7200 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
7201 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
7202 { set_advertising, MGMT_SETTING_SIZE },
7203 { set_bredr, MGMT_SETTING_SIZE },
7204 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
7205 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
7206 { set_secure_conn, MGMT_SETTING_SIZE },
7207 { set_debug_keys, MGMT_SETTING_SIZE },
7208 { set_privacy, MGMT_SET_PRIVACY_SIZE },
7209 { load_irks, MGMT_LOAD_IRKS_SIZE,
7211 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
7212 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
7213 { add_device, MGMT_ADD_DEVICE_SIZE },
7214 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
7215 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
7217 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
7219 HCI_MGMT_UNTRUSTED },
7220 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
7221 HCI_MGMT_UNCONFIGURED |
7222 HCI_MGMT_UNTRUSTED },
7223 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
7224 HCI_MGMT_UNCONFIGURED },
7225 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
7226 HCI_MGMT_UNCONFIGURED },
7227 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
7229 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
7230 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
7232 HCI_MGMT_UNTRUSTED },
7233 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
7234 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
7236 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
7239 void mgmt_index_added(struct hci_dev *hdev)
7241 struct mgmt_ev_ext_index ev;
7243 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7246 switch (hdev->dev_type) {
7248 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7249 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7250 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7253 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7254 HCI_MGMT_INDEX_EVENTS);
7267 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7268 HCI_MGMT_EXT_INDEX_EVENTS);
7271 void mgmt_index_removed(struct hci_dev *hdev)
7273 struct mgmt_ev_ext_index ev;
7274 u8 status = MGMT_STATUS_INVALID_INDEX;
7276 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7279 switch (hdev->dev_type) {
7281 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7283 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7284 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7285 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7288 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7289 HCI_MGMT_INDEX_EVENTS);
7302 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7303 HCI_MGMT_EXT_INDEX_EVENTS);
7306 /* This function requires the caller holds hdev->lock */
7307 static void restart_le_actions(struct hci_request *req)
7309 struct hci_dev *hdev = req->hdev;
7310 struct hci_conn_params *p;
7312 list_for_each_entry(p, &hdev->le_conn_params, list) {
7313 /* Needed for AUTO_OFF case where might not "really"
7314 * have been powered off.
7316 list_del_init(&p->action);
7318 switch (p->auto_connect) {
7319 case HCI_AUTO_CONN_DIRECT:
7320 case HCI_AUTO_CONN_ALWAYS:
7321 list_add(&p->action, &hdev->pend_le_conns);
7323 case HCI_AUTO_CONN_REPORT:
7324 list_add(&p->action, &hdev->pend_le_reports);
7331 __hci_update_background_scan(req);
7334 static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7336 struct cmd_lookup match = { NULL, hdev };
7338 BT_DBG("status 0x%02x", status);
7341 /* Register the available SMP channels (BR/EDR and LE) only
7342 * when successfully powering on the controller. This late
7343 * registration is required so that LE SMP can clearly
7344 * decide if the public address or static address is used.
7351 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7353 new_settings(hdev, match.sk);
7355 hci_dev_unlock(hdev);
7361 static int powered_update_hci(struct hci_dev *hdev)
7363 struct hci_request req;
7366 hci_req_init(&req, hdev);
7368 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
7369 !lmp_host_ssp_capable(hdev)) {
7372 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
7374 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
7377 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
7378 sizeof(support), &support);
7382 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
7383 lmp_bredr_capable(hdev)) {
7384 struct hci_cp_write_le_host_supported cp;
7389 /* Check first if we already have the right
7390 * host state (host features set)
7392 if (cp.le != lmp_host_le_capable(hdev) ||
7393 cp.simul != lmp_host_le_br_capable(hdev))
7394 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
7398 if (lmp_le_capable(hdev)) {
7399 /* Make sure the controller has a good default for
7400 * advertising data. This also applies to the case
7401 * where BR/EDR was toggled during the AUTO_OFF phase.
7403 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
7404 update_adv_data(&req);
7405 update_scan_rsp_data(&req);
7408 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7409 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
7410 enable_advertising(&req);
7412 restart_le_actions(&req);
7415 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
7416 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
7417 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
7418 sizeof(link_sec), &link_sec);
7420 if (lmp_bredr_capable(hdev)) {
7421 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
7422 write_fast_connectable(&req, true);
7424 write_fast_connectable(&req, false);
7425 __hci_update_page_scan(&req);
7431 return hci_req_run(&req, powered_complete);
7434 int mgmt_powered(struct hci_dev *hdev, u8 powered)
7436 struct cmd_lookup match = { NULL, hdev };
7437 u8 status, zero_cod[] = { 0, 0, 0 };
7440 if (!hci_dev_test_flag(hdev, HCI_MGMT))
7444 if (powered_update_hci(hdev) == 0)
7447 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
7452 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7454 /* If the power off is because of hdev unregistration let
7455 * use the appropriate INVALID_INDEX status. Otherwise use
7456 * NOT_POWERED. We cover both scenarios here since later in
7457 * mgmt_index_removed() any hci_conn callbacks will have already
7458 * been triggered, potentially causing misleading DISCONNECTED
7461 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7462 status = MGMT_STATUS_INVALID_INDEX;
7464 status = MGMT_STATUS_NOT_POWERED;
7466 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7468 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
7469 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7470 zero_cod, sizeof(zero_cod), NULL);
7473 err = new_settings(hdev, match.sk);
7481 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7483 struct mgmt_pending_cmd *cmd;
7486 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7490 if (err == -ERFKILL)
7491 status = MGMT_STATUS_RFKILLED;
7493 status = MGMT_STATUS_FAILED;
7495 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7497 mgmt_pending_remove(cmd);
7500 void mgmt_discoverable_timeout(struct hci_dev *hdev)
7502 struct hci_request req;
7506 /* When discoverable timeout triggers, then just make sure
7507 * the limited discoverable flag is cleared. Even in the case
7508 * of a timeout triggered from general discoverable, it is
7509 * safe to unconditionally clear the flag.
7511 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
7512 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
7514 hci_req_init(&req, hdev);
7515 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
7516 u8 scan = SCAN_PAGE;
7517 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
7518 sizeof(scan), &scan);
7522 /* Advertising instances don't use the global discoverable setting, so
7523 * only update AD if advertising was enabled using Set Advertising.
7525 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7526 update_adv_data(&req);
7528 hci_req_run(&req, NULL);
7530 hdev->discov_timeout = 0;
7532 new_settings(hdev, NULL);
7534 hci_dev_unlock(hdev);
7537 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7540 struct mgmt_ev_new_link_key ev;
7542 memset(&ev, 0, sizeof(ev));
7544 ev.store_hint = persistent;
7545 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7546 ev.key.addr.type = BDADDR_BREDR;
7547 ev.key.type = key->type;
7548 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7549 ev.key.pin_len = key->pin_len;
7551 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7554 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7556 switch (ltk->type) {
7559 if (ltk->authenticated)
7560 return MGMT_LTK_AUTHENTICATED;
7561 return MGMT_LTK_UNAUTHENTICATED;
7563 if (ltk->authenticated)
7564 return MGMT_LTK_P256_AUTH;
7565 return MGMT_LTK_P256_UNAUTH;
7566 case SMP_LTK_P256_DEBUG:
7567 return MGMT_LTK_P256_DEBUG;
7570 return MGMT_LTK_UNAUTHENTICATED;
7573 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7575 struct mgmt_ev_new_long_term_key ev;
7577 memset(&ev, 0, sizeof(ev));
7579 /* Devices using resolvable or non-resolvable random addresses
7580 * without providing an indentity resolving key don't require
7581 * to store long term keys. Their addresses will change the
7584 * Only when a remote device provides an identity address
7585 * make sure the long term key is stored. If the remote
7586 * identity is known, the long term keys are internally
7587 * mapped to the identity address. So allow static random
7588 * and public addresses here.
7590 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7591 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7592 ev.store_hint = 0x00;
7594 ev.store_hint = persistent;
7596 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7597 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7598 ev.key.type = mgmt_ltk_type(key);
7599 ev.key.enc_size = key->enc_size;
7600 ev.key.ediv = key->ediv;
7601 ev.key.rand = key->rand;
7603 if (key->type == SMP_LTK)
7606 memcpy(ev.key.val, key->val, sizeof(key->val));
7608 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7611 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
7613 struct mgmt_ev_new_irk ev;
7615 memset(&ev, 0, sizeof(ev));
7617 /* For identity resolving keys from devices that are already
7618 * using a public address or static random address, do not
7619 * ask for storing this key. The identity resolving key really
7620 * is only mandatory for devices using resovlable random
7623 * Storing all identity resolving keys has the downside that
7624 * they will be also loaded on next boot of they system. More
7625 * identity resolving keys, means more time during scanning is
7626 * needed to actually resolve these addresses.
7628 if (bacmp(&irk->rpa, BDADDR_ANY))
7629 ev.store_hint = 0x01;
7631 ev.store_hint = 0x00;
7633 bacpy(&ev.rpa, &irk->rpa);
7634 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7635 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7636 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7638 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7641 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7644 struct mgmt_ev_new_csrk ev;
7646 memset(&ev, 0, sizeof(ev));
7648 /* Devices using resolvable or non-resolvable random addresses
7649 * without providing an indentity resolving key don't require
7650 * to store signature resolving keys. Their addresses will change
7651 * the next time around.
7653 * Only when a remote device provides an identity address
7654 * make sure the signature resolving key is stored. So allow
7655 * static random and public addresses here.
7657 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7658 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7659 ev.store_hint = 0x00;
7661 ev.store_hint = persistent;
7663 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7664 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7665 ev.key.type = csrk->type;
7666 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7668 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7671 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7672 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7673 u16 max_interval, u16 latency, u16 timeout)
7675 struct mgmt_ev_new_conn_param ev;
7677 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7680 memset(&ev, 0, sizeof(ev));
7681 bacpy(&ev.addr.bdaddr, bdaddr);
7682 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7683 ev.store_hint = store_hint;
7684 ev.min_interval = cpu_to_le16(min_interval);
7685 ev.max_interval = cpu_to_le16(max_interval);
7686 ev.latency = cpu_to_le16(latency);
7687 ev.timeout = cpu_to_le16(timeout);
7689 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7692 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7693 u32 flags, u8 *name, u8 name_len)
7696 struct mgmt_ev_device_connected *ev = (void *) buf;
7699 bacpy(&ev->addr.bdaddr, &conn->dst);
7700 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7702 ev->flags = __cpu_to_le32(flags);
7704 /* We must ensure that the EIR Data fields are ordered and
7705 * unique. Keep it simple for now and avoid the problem by not
7706 * adding any BR/EDR data to the LE adv.
7708 if (conn->le_adv_data_len > 0) {
7709 memcpy(&ev->eir[eir_len],
7710 conn->le_adv_data, conn->le_adv_data_len);
7711 eir_len = conn->le_adv_data_len;
7714 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7717 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7718 eir_len = eir_append_data(ev->eir, eir_len,
7720 conn->dev_class, 3);
7723 ev->eir_len = cpu_to_le16(eir_len);
7725 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7726 sizeof(*ev) + eir_len, NULL);
7729 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7731 struct sock **sk = data;
7733 cmd->cmd_complete(cmd, 0);
7738 mgmt_pending_remove(cmd);
7741 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
7743 struct hci_dev *hdev = data;
7744 struct mgmt_cp_unpair_device *cp = cmd->param;
7746 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7748 cmd->cmd_complete(cmd, 0);
7749 mgmt_pending_remove(cmd);
7752 bool mgmt_powering_down(struct hci_dev *hdev)
7754 struct mgmt_pending_cmd *cmd;
7755 struct mgmt_mode *cp;
7757 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7768 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
7769 u8 link_type, u8 addr_type, u8 reason,
7770 bool mgmt_connected)
7772 struct mgmt_ev_device_disconnected ev;
7773 struct sock *sk = NULL;
7775 /* The connection is still in hci_conn_hash so test for 1
7776 * instead of 0 to know if this is the last one.
7778 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7779 cancel_delayed_work(&hdev->power_off);
7780 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7783 if (!mgmt_connected)
7786 if (link_type != ACL_LINK && link_type != LE_LINK)
7789 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
7791 bacpy(&ev.addr.bdaddr, bdaddr);
7792 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7795 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
7800 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7804 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7805 u8 link_type, u8 addr_type, u8 status)
7807 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7808 struct mgmt_cp_disconnect *cp;
7809 struct mgmt_pending_cmd *cmd;
7811 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7814 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
7820 if (bacmp(bdaddr, &cp->addr.bdaddr))
7823 if (cp->addr.type != bdaddr_type)
7826 cmd->cmd_complete(cmd, mgmt_status(status));
7827 mgmt_pending_remove(cmd);
7830 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7831 u8 addr_type, u8 status)
7833 struct mgmt_ev_connect_failed ev;
7835 /* The connection is still in hci_conn_hash so test for 1
7836 * instead of 0 to know if this is the last one.
7838 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7839 cancel_delayed_work(&hdev->power_off);
7840 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7843 bacpy(&ev.addr.bdaddr, bdaddr);
7844 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7845 ev.status = mgmt_status(status);
7847 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7850 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7852 struct mgmt_ev_pin_code_request ev;
7854 bacpy(&ev.addr.bdaddr, bdaddr);
7855 ev.addr.type = BDADDR_BREDR;
7858 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7861 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7864 struct mgmt_pending_cmd *cmd;
7866 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7870 cmd->cmd_complete(cmd, mgmt_status(status));
7871 mgmt_pending_remove(cmd);
7874 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7877 struct mgmt_pending_cmd *cmd;
7879 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7883 cmd->cmd_complete(cmd, mgmt_status(status));
7884 mgmt_pending_remove(cmd);
7887 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7888 u8 link_type, u8 addr_type, u32 value,
7891 struct mgmt_ev_user_confirm_request ev;
7893 BT_DBG("%s", hdev->name);
7895 bacpy(&ev.addr.bdaddr, bdaddr);
7896 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7897 ev.confirm_hint = confirm_hint;
7898 ev.value = cpu_to_le32(value);
7900 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7904 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7905 u8 link_type, u8 addr_type)
7907 struct mgmt_ev_user_passkey_request ev;
7909 BT_DBG("%s", hdev->name);
7911 bacpy(&ev.addr.bdaddr, bdaddr);
7912 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7914 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7918 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7919 u8 link_type, u8 addr_type, u8 status,
7922 struct mgmt_pending_cmd *cmd;
7924 cmd = pending_find(opcode, hdev);
7928 cmd->cmd_complete(cmd, mgmt_status(status));
7929 mgmt_pending_remove(cmd);
7934 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7935 u8 link_type, u8 addr_type, u8 status)
7937 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7938 status, MGMT_OP_USER_CONFIRM_REPLY);
7941 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7942 u8 link_type, u8 addr_type, u8 status)
7944 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7946 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7949 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7950 u8 link_type, u8 addr_type, u8 status)
7952 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7953 status, MGMT_OP_USER_PASSKEY_REPLY);
7956 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7957 u8 link_type, u8 addr_type, u8 status)
7959 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7961 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7964 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7965 u8 link_type, u8 addr_type, u32 passkey,
7968 struct mgmt_ev_passkey_notify ev;
7970 BT_DBG("%s", hdev->name);
7972 bacpy(&ev.addr.bdaddr, bdaddr);
7973 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7974 ev.passkey = __cpu_to_le32(passkey);
7975 ev.entered = entered;
7977 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7980 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7982 struct mgmt_ev_auth_failed ev;
7983 struct mgmt_pending_cmd *cmd;
7984 u8 status = mgmt_status(hci_status);
7986 bacpy(&ev.addr.bdaddr, &conn->dst);
7987 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7990 cmd = find_pairing(conn);
7992 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7993 cmd ? cmd->sk : NULL);
7996 cmd->cmd_complete(cmd, status);
7997 mgmt_pending_remove(cmd);
8001 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
8003 struct cmd_lookup match = { NULL, hdev };
8007 u8 mgmt_err = mgmt_status(status);
8008 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
8009 cmd_status_rsp, &mgmt_err);
8013 if (test_bit(HCI_AUTH, &hdev->flags))
8014 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
8016 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
8018 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
8022 new_settings(hdev, match.sk);
8028 static void clear_eir(struct hci_request *req)
8030 struct hci_dev *hdev = req->hdev;
8031 struct hci_cp_write_eir cp;
8033 if (!lmp_ext_inq_capable(hdev))
8036 memset(hdev->eir, 0, sizeof(hdev->eir));
8038 memset(&cp, 0, sizeof(cp));
8040 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
8043 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
8045 struct cmd_lookup match = { NULL, hdev };
8046 struct hci_request req;
8047 bool changed = false;
8050 u8 mgmt_err = mgmt_status(status);
8052 if (enable && hci_dev_test_and_clear_flag(hdev,
8054 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
8055 new_settings(hdev, NULL);
8058 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
8064 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
8066 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
8068 changed = hci_dev_test_and_clear_flag(hdev,
8071 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
8074 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
8077 new_settings(hdev, match.sk);
8082 hci_req_init(&req, hdev);
8084 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
8085 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
8086 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
8087 sizeof(enable), &enable);
8093 hci_req_run(&req, NULL);
8096 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
8098 struct cmd_lookup *match = data;
8100 if (match->sk == NULL) {
8101 match->sk = cmd->sk;
8102 sock_hold(match->sk);
8106 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
8109 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
8111 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
8112 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
8113 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
8116 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8117 dev_class, 3, NULL);
8123 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
8125 struct mgmt_cp_set_local_name ev;
8126 struct mgmt_pending_cmd *cmd;
8131 memset(&ev, 0, sizeof(ev));
8132 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
8133 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
8135 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
8137 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
8139 /* If this is a HCI command related to powering on the
8140 * HCI dev don't send any mgmt signals.
8142 if (pending_find(MGMT_OP_SET_POWERED, hdev))
8146 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
8147 cmd ? cmd->sk : NULL);
8150 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
8154 for (i = 0; i < uuid_count; i++) {
8155 if (!memcmp(uuid, uuids[i], 16))
8162 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
8166 while (parsed < eir_len) {
8167 u8 field_len = eir[0];
8174 if (eir_len - parsed < field_len + 1)
8178 case EIR_UUID16_ALL:
8179 case EIR_UUID16_SOME:
8180 for (i = 0; i + 3 <= field_len; i += 2) {
8181 memcpy(uuid, bluetooth_base_uuid, 16);
8182 uuid[13] = eir[i + 3];
8183 uuid[12] = eir[i + 2];
8184 if (has_uuid(uuid, uuid_count, uuids))
8188 case EIR_UUID32_ALL:
8189 case EIR_UUID32_SOME:
8190 for (i = 0; i + 5 <= field_len; i += 4) {
8191 memcpy(uuid, bluetooth_base_uuid, 16);
8192 uuid[15] = eir[i + 5];
8193 uuid[14] = eir[i + 4];
8194 uuid[13] = eir[i + 3];
8195 uuid[12] = eir[i + 2];
8196 if (has_uuid(uuid, uuid_count, uuids))
8200 case EIR_UUID128_ALL:
8201 case EIR_UUID128_SOME:
8202 for (i = 0; i + 17 <= field_len; i += 16) {
8203 memcpy(uuid, eir + i + 2, 16);
8204 if (has_uuid(uuid, uuid_count, uuids))
8210 parsed += field_len + 1;
8211 eir += field_len + 1;
8217 static void restart_le_scan(struct hci_dev *hdev)
8219 /* If controller is not scanning we are done. */
8220 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
8223 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
8224 hdev->discovery.scan_start +
8225 hdev->discovery.scan_duration))
8228 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
8229 DISCOV_LE_RESTART_DELAY);
8232 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
8233 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8235 /* If a RSSI threshold has been specified, and
8236 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
8237 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
8238 * is set, let it through for further processing, as we might need to
8241 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
8242 * the results are also dropped.
8244 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8245 (rssi == HCI_RSSI_INVALID ||
8246 (rssi < hdev->discovery.rssi &&
8247 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
8250 if (hdev->discovery.uuid_count != 0) {
8251 /* If a list of UUIDs is provided in filter, results with no
8252 * matching UUID should be dropped.
8254 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
8255 hdev->discovery.uuids) &&
8256 !eir_has_uuids(scan_rsp, scan_rsp_len,
8257 hdev->discovery.uuid_count,
8258 hdev->discovery.uuids))
8262 /* If duplicate filtering does not report RSSI changes, then restart
8263 * scanning to ensure updated result with updated RSSI values.
8265 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8266 restart_le_scan(hdev);
8268 /* Validate RSSI value against the RSSI threshold once more. */
8269 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8270 rssi < hdev->discovery.rssi)
8277 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8278 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8279 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8282 struct mgmt_ev_device_found *ev = (void *)buf;
8285 /* Don't send events for a non-kernel initiated discovery. With
8286 * LE one exception is if we have pend_le_reports > 0 in which
8287 * case we're doing passive scanning and want these events.
8289 if (!hci_discovery_active(hdev)) {
8290 if (link_type == ACL_LINK)
8292 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
8296 if (hdev->discovery.result_filtering) {
8297 /* We are using service discovery */
8298 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8303 /* Make sure that the buffer is big enough. The 5 extra bytes
8304 * are for the potential CoD field.
8306 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
8309 memset(buf, 0, sizeof(buf));
8311 /* In case of device discovery with BR/EDR devices (pre 1.2), the
8312 * RSSI value was reported as 0 when not available. This behavior
8313 * is kept when using device discovery. This is required for full
8314 * backwards compatibility with the API.
8316 * However when using service discovery, the value 127 will be
8317 * returned when the RSSI is not available.
8319 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8320 link_type == ACL_LINK)
8323 bacpy(&ev->addr.bdaddr, bdaddr);
8324 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8326 ev->flags = cpu_to_le32(flags);
8329 /* Copy EIR or advertising data into event */
8330 memcpy(ev->eir, eir, eir_len);
8332 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
8333 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8336 if (scan_rsp_len > 0)
8337 /* Append scan response data to event */
8338 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8340 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8341 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
8343 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
8346 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8347 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
8349 struct mgmt_ev_device_found *ev;
8350 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8353 ev = (struct mgmt_ev_device_found *) buf;
8355 memset(buf, 0, sizeof(buf));
8357 bacpy(&ev->addr.bdaddr, bdaddr);
8358 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8361 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
8364 ev->eir_len = cpu_to_le16(eir_len);
8366 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
8369 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
8371 struct mgmt_ev_discovering ev;
8373 BT_DBG("%s discovering %u", hdev->name, discovering);
8375 memset(&ev, 0, sizeof(ev));
8376 ev.type = hdev->discovery.type;
8377 ev.discovering = discovering;
8379 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
8382 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8384 BT_DBG("%s status %u", hdev->name, status);
8387 void mgmt_reenable_advertising(struct hci_dev *hdev)
8389 struct hci_request req;
8391 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
8392 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
8395 hci_req_init(&req, hdev);
8396 enable_advertising(&req);
8397 hci_req_run(&req, adv_enable_complete);
8400 static struct hci_mgmt_chan chan = {
8401 .channel = HCI_CHANNEL_CONTROL,
8402 .handler_count = ARRAY_SIZE(mgmt_handlers),
8403 .handlers = mgmt_handlers,
8404 .hdev_init = mgmt_init_hdev,
8409 return hci_mgmt_chan_register(&chan);
8412 void mgmt_exit(void)
8414 hci_mgmt_chan_unregister(&chan);
Code Review / kvmfornfv.git / blob