2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
39 #define MGMT_VERSION 1
40 #define MGMT_REVISION 9
42 static const u16 mgmt_commands[] = {
43 MGMT_OP_READ_INDEX_LIST,
46 MGMT_OP_SET_DISCOVERABLE,
47 MGMT_OP_SET_CONNECTABLE,
48 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_LINK_SECURITY,
54 MGMT_OP_SET_DEV_CLASS,
55 MGMT_OP_SET_LOCAL_NAME,
58 MGMT_OP_LOAD_LINK_KEYS,
59 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_GET_CONNECTIONS,
62 MGMT_OP_PIN_CODE_REPLY,
63 MGMT_OP_PIN_CODE_NEG_REPLY,
64 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_CANCEL_PAIR_DEVICE,
67 MGMT_OP_UNPAIR_DEVICE,
68 MGMT_OP_USER_CONFIRM_REPLY,
69 MGMT_OP_USER_CONFIRM_NEG_REPLY,
70 MGMT_OP_USER_PASSKEY_REPLY,
71 MGMT_OP_USER_PASSKEY_NEG_REPLY,
72 MGMT_OP_READ_LOCAL_OOB_DATA,
73 MGMT_OP_ADD_REMOTE_OOB_DATA,
74 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
75 MGMT_OP_START_DISCOVERY,
76 MGMT_OP_STOP_DISCOVERY,
79 MGMT_OP_UNBLOCK_DEVICE,
80 MGMT_OP_SET_DEVICE_ID,
81 MGMT_OP_SET_ADVERTISING,
83 MGMT_OP_SET_STATIC_ADDRESS,
84 MGMT_OP_SET_SCAN_PARAMS,
85 MGMT_OP_SET_SECURE_CONN,
86 MGMT_OP_SET_DEBUG_KEYS,
89 MGMT_OP_GET_CONN_INFO,
90 MGMT_OP_GET_CLOCK_INFO,
92 MGMT_OP_REMOVE_DEVICE,
93 MGMT_OP_LOAD_CONN_PARAM,
94 MGMT_OP_READ_UNCONF_INDEX_LIST,
95 MGMT_OP_READ_CONFIG_INFO,
96 MGMT_OP_SET_EXTERNAL_CONFIG,
97 MGMT_OP_SET_PUBLIC_ADDRESS,
98 MGMT_OP_START_SERVICE_DISCOVERY,
101 static const u16 mgmt_events[] = {
102 MGMT_EV_CONTROLLER_ERROR,
104 MGMT_EV_INDEX_REMOVED,
105 MGMT_EV_NEW_SETTINGS,
106 MGMT_EV_CLASS_OF_DEV_CHANGED,
107 MGMT_EV_LOCAL_NAME_CHANGED,
108 MGMT_EV_NEW_LINK_KEY,
109 MGMT_EV_NEW_LONG_TERM_KEY,
110 MGMT_EV_DEVICE_CONNECTED,
111 MGMT_EV_DEVICE_DISCONNECTED,
112 MGMT_EV_CONNECT_FAILED,
113 MGMT_EV_PIN_CODE_REQUEST,
114 MGMT_EV_USER_CONFIRM_REQUEST,
115 MGMT_EV_USER_PASSKEY_REQUEST,
117 MGMT_EV_DEVICE_FOUND,
119 MGMT_EV_DEVICE_BLOCKED,
120 MGMT_EV_DEVICE_UNBLOCKED,
121 MGMT_EV_DEVICE_UNPAIRED,
122 MGMT_EV_PASSKEY_NOTIFY,
125 MGMT_EV_DEVICE_ADDED,
126 MGMT_EV_DEVICE_REMOVED,
127 MGMT_EV_NEW_CONN_PARAM,
128 MGMT_EV_UNCONF_INDEX_ADDED,
129 MGMT_EV_UNCONF_INDEX_REMOVED,
130 MGMT_EV_NEW_CONFIG_OPTIONS,
133 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
135 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
136 "\x00\x00\x00\x00\x00\x00\x00\x00"
138 struct mgmt_pending_cmd {
139 struct list_head list;
146 int (*cmd_complete)(struct mgmt_pending_cmd *cmd, u8 status);
149 /* HCI to MGMT error code conversion table */
150 static u8 mgmt_status_table[] = {
152 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
153 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
154 MGMT_STATUS_FAILED, /* Hardware Failure */
155 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
156 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
157 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
158 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
159 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
160 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
161 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
162 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
163 MGMT_STATUS_BUSY, /* Command Disallowed */
164 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
165 MGMT_STATUS_REJECTED, /* Rejected Security */
166 MGMT_STATUS_REJECTED, /* Rejected Personal */
167 MGMT_STATUS_TIMEOUT, /* Host Timeout */
168 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
169 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
170 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
171 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
172 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
173 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
174 MGMT_STATUS_BUSY, /* Repeated Attempts */
175 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
176 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
177 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
178 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
179 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
180 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
181 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
182 MGMT_STATUS_FAILED, /* Unspecified Error */
183 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
184 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
185 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
186 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
187 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
188 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
189 MGMT_STATUS_FAILED, /* Unit Link Key Used */
190 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
191 MGMT_STATUS_TIMEOUT, /* Instant Passed */
192 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
193 MGMT_STATUS_FAILED, /* Transaction Collision */
194 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
195 MGMT_STATUS_REJECTED, /* QoS Rejected */
196 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
197 MGMT_STATUS_REJECTED, /* Insufficient Security */
198 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
199 MGMT_STATUS_BUSY, /* Role Switch Pending */
200 MGMT_STATUS_FAILED, /* Slot Violation */
201 MGMT_STATUS_FAILED, /* Role Switch Failed */
202 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
203 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
204 MGMT_STATUS_BUSY, /* Host Busy Pairing */
205 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
206 MGMT_STATUS_BUSY, /* Controller Busy */
207 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
208 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
209 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
210 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
211 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
214 static u8 mgmt_status(u8 hci_status)
216 if (hci_status < ARRAY_SIZE(mgmt_status_table))
217 return mgmt_status_table[hci_status];
219 return MGMT_STATUS_FAILED;
222 static int mgmt_send_event(u16 event, struct hci_dev *hdev,
223 unsigned short channel, void *data, u16 data_len,
224 struct sock *skip_sk)
227 struct mgmt_hdr *hdr;
229 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
233 hdr = (void *) skb_put(skb, sizeof(*hdr));
234 hdr->opcode = cpu_to_le16(event);
236 hdr->index = cpu_to_le16(hdev->id);
238 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
239 hdr->len = cpu_to_le16(data_len);
242 memcpy(skb_put(skb, data_len), data, data_len);
245 __net_timestamp(skb);
247 hci_send_to_channel(channel, skb, skip_sk);
253 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
254 struct sock *skip_sk)
256 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
260 static int mgmt_cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
263 struct mgmt_hdr *hdr;
264 struct mgmt_ev_cmd_status *ev;
267 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
269 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
273 hdr = (void *) skb_put(skb, sizeof(*hdr));
275 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
276 hdr->index = cpu_to_le16(index);
277 hdr->len = cpu_to_le16(sizeof(*ev));
279 ev = (void *) skb_put(skb, sizeof(*ev));
281 ev->opcode = cpu_to_le16(cmd);
283 err = sock_queue_rcv_skb(sk, skb);
290 static int mgmt_cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
291 void *rp, size_t rp_len)
294 struct mgmt_hdr *hdr;
295 struct mgmt_ev_cmd_complete *ev;
298 BT_DBG("sock %p", sk);
300 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
304 hdr = (void *) skb_put(skb, sizeof(*hdr));
306 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
307 hdr->index = cpu_to_le16(index);
308 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
310 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
311 ev->opcode = cpu_to_le16(cmd);
315 memcpy(ev->data, rp, rp_len);
317 err = sock_queue_rcv_skb(sk, skb);
324 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
327 struct mgmt_rp_read_version rp;
329 BT_DBG("sock %p", sk);
331 rp.version = MGMT_VERSION;
332 rp.revision = cpu_to_le16(MGMT_REVISION);
334 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
338 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
341 struct mgmt_rp_read_commands *rp;
342 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
343 const u16 num_events = ARRAY_SIZE(mgmt_events);
348 BT_DBG("sock %p", sk);
350 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
352 rp = kmalloc(rp_size, GFP_KERNEL);
356 rp->num_commands = cpu_to_le16(num_commands);
357 rp->num_events = cpu_to_le16(num_events);
359 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
360 put_unaligned_le16(mgmt_commands[i], opcode);
362 for (i = 0; i < num_events; i++, opcode++)
363 put_unaligned_le16(mgmt_events[i], opcode);
365 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
372 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
375 struct mgmt_rp_read_index_list *rp;
381 BT_DBG("sock %p", sk);
383 read_lock(&hci_dev_list_lock);
386 list_for_each_entry(d, &hci_dev_list, list) {
387 if (d->dev_type == HCI_BREDR &&
388 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
392 rp_len = sizeof(*rp) + (2 * count);
393 rp = kmalloc(rp_len, GFP_ATOMIC);
395 read_unlock(&hci_dev_list_lock);
400 list_for_each_entry(d, &hci_dev_list, list) {
401 if (hci_dev_test_flag(d, HCI_SETUP) ||
402 hci_dev_test_flag(d, HCI_CONFIG) ||
403 hci_dev_test_flag(d, HCI_USER_CHANNEL))
406 /* Devices marked as raw-only are neither configured
407 * nor unconfigured controllers.
409 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
412 if (d->dev_type == HCI_BREDR &&
413 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
414 rp->index[count++] = cpu_to_le16(d->id);
415 BT_DBG("Added hci%u", d->id);
419 rp->num_controllers = cpu_to_le16(count);
420 rp_len = sizeof(*rp) + (2 * count);
422 read_unlock(&hci_dev_list_lock);
424 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
432 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
433 void *data, u16 data_len)
435 struct mgmt_rp_read_unconf_index_list *rp;
441 BT_DBG("sock %p", sk);
443 read_lock(&hci_dev_list_lock);
446 list_for_each_entry(d, &hci_dev_list, list) {
447 if (d->dev_type == HCI_BREDR &&
448 hci_dev_test_flag(d, HCI_UNCONFIGURED))
452 rp_len = sizeof(*rp) + (2 * count);
453 rp = kmalloc(rp_len, GFP_ATOMIC);
455 read_unlock(&hci_dev_list_lock);
460 list_for_each_entry(d, &hci_dev_list, list) {
461 if (hci_dev_test_flag(d, HCI_SETUP) ||
462 hci_dev_test_flag(d, HCI_CONFIG) ||
463 hci_dev_test_flag(d, HCI_USER_CHANNEL))
466 /* Devices marked as raw-only are neither configured
467 * nor unconfigured controllers.
469 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
472 if (d->dev_type == HCI_BREDR &&
473 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
474 rp->index[count++] = cpu_to_le16(d->id);
475 BT_DBG("Added hci%u", d->id);
479 rp->num_controllers = cpu_to_le16(count);
480 rp_len = sizeof(*rp) + (2 * count);
482 read_unlock(&hci_dev_list_lock);
484 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
485 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
492 static bool is_configured(struct hci_dev *hdev)
494 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
495 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
498 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
499 !bacmp(&hdev->public_addr, BDADDR_ANY))
505 static __le32 get_missing_options(struct hci_dev *hdev)
509 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
510 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
511 options |= MGMT_OPTION_EXTERNAL_CONFIG;
513 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
514 !bacmp(&hdev->public_addr, BDADDR_ANY))
515 options |= MGMT_OPTION_PUBLIC_ADDRESS;
517 return cpu_to_le32(options);
520 static int new_options(struct hci_dev *hdev, struct sock *skip)
522 __le32 options = get_missing_options(hdev);
524 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
525 sizeof(options), skip);
528 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
530 __le32 options = get_missing_options(hdev);
532 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
536 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
537 void *data, u16 data_len)
539 struct mgmt_rp_read_config_info rp;
542 BT_DBG("sock %p %s", sk, hdev->name);
546 memset(&rp, 0, sizeof(rp));
547 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
549 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
550 options |= MGMT_OPTION_EXTERNAL_CONFIG;
552 if (hdev->set_bdaddr)
553 options |= MGMT_OPTION_PUBLIC_ADDRESS;
555 rp.supported_options = cpu_to_le32(options);
556 rp.missing_options = get_missing_options(hdev);
558 hci_dev_unlock(hdev);
560 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
564 static u32 get_supported_settings(struct hci_dev *hdev)
568 settings |= MGMT_SETTING_POWERED;
569 settings |= MGMT_SETTING_BONDABLE;
570 settings |= MGMT_SETTING_DEBUG_KEYS;
571 settings |= MGMT_SETTING_CONNECTABLE;
572 settings |= MGMT_SETTING_DISCOVERABLE;
574 if (lmp_bredr_capable(hdev)) {
575 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
576 settings |= MGMT_SETTING_FAST_CONNECTABLE;
577 settings |= MGMT_SETTING_BREDR;
578 settings |= MGMT_SETTING_LINK_SECURITY;
580 if (lmp_ssp_capable(hdev)) {
581 settings |= MGMT_SETTING_SSP;
582 settings |= MGMT_SETTING_HS;
585 if (lmp_sc_capable(hdev))
586 settings |= MGMT_SETTING_SECURE_CONN;
589 if (lmp_le_capable(hdev)) {
590 settings |= MGMT_SETTING_LE;
591 settings |= MGMT_SETTING_ADVERTISING;
592 settings |= MGMT_SETTING_SECURE_CONN;
593 settings |= MGMT_SETTING_PRIVACY;
594 settings |= MGMT_SETTING_STATIC_ADDRESS;
597 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
599 settings |= MGMT_SETTING_CONFIGURATION;
604 static u32 get_current_settings(struct hci_dev *hdev)
608 if (hdev_is_powered(hdev))
609 settings |= MGMT_SETTING_POWERED;
611 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
612 settings |= MGMT_SETTING_CONNECTABLE;
614 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
615 settings |= MGMT_SETTING_FAST_CONNECTABLE;
617 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
618 settings |= MGMT_SETTING_DISCOVERABLE;
620 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
621 settings |= MGMT_SETTING_BONDABLE;
623 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
624 settings |= MGMT_SETTING_BREDR;
626 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
627 settings |= MGMT_SETTING_LE;
629 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
630 settings |= MGMT_SETTING_LINK_SECURITY;
632 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
633 settings |= MGMT_SETTING_SSP;
635 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
636 settings |= MGMT_SETTING_HS;
638 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
639 settings |= MGMT_SETTING_ADVERTISING;
641 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
642 settings |= MGMT_SETTING_SECURE_CONN;
644 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
645 settings |= MGMT_SETTING_DEBUG_KEYS;
647 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
648 settings |= MGMT_SETTING_PRIVACY;
650 /* The current setting for static address has two purposes. The
651 * first is to indicate if the static address will be used and
652 * the second is to indicate if it is actually set.
654 * This means if the static address is not configured, this flag
655 * will never bet set. If the address is configured, then if the
656 * address is actually used decides if the flag is set or not.
658 * For single mode LE only controllers and dual-mode controllers
659 * with BR/EDR disabled, the existence of the static address will
662 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ||
663 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
664 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
665 if (bacmp(&hdev->static_addr, BDADDR_ANY))
666 settings |= MGMT_SETTING_STATIC_ADDRESS;
672 #define PNP_INFO_SVCLASS_ID 0x1200
674 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
676 u8 *ptr = data, *uuids_start = NULL;
677 struct bt_uuid *uuid;
682 list_for_each_entry(uuid, &hdev->uuids, list) {
685 if (uuid->size != 16)
688 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
692 if (uuid16 == PNP_INFO_SVCLASS_ID)
698 uuids_start[1] = EIR_UUID16_ALL;
702 /* Stop if not enough space to put next UUID */
703 if ((ptr - data) + sizeof(u16) > len) {
704 uuids_start[1] = EIR_UUID16_SOME;
708 *ptr++ = (uuid16 & 0x00ff);
709 *ptr++ = (uuid16 & 0xff00) >> 8;
710 uuids_start[0] += sizeof(uuid16);
716 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
718 u8 *ptr = data, *uuids_start = NULL;
719 struct bt_uuid *uuid;
724 list_for_each_entry(uuid, &hdev->uuids, list) {
725 if (uuid->size != 32)
731 uuids_start[1] = EIR_UUID32_ALL;
735 /* Stop if not enough space to put next UUID */
736 if ((ptr - data) + sizeof(u32) > len) {
737 uuids_start[1] = EIR_UUID32_SOME;
741 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
743 uuids_start[0] += sizeof(u32);
749 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
751 u8 *ptr = data, *uuids_start = NULL;
752 struct bt_uuid *uuid;
757 list_for_each_entry(uuid, &hdev->uuids, list) {
758 if (uuid->size != 128)
764 uuids_start[1] = EIR_UUID128_ALL;
768 /* Stop if not enough space to put next UUID */
769 if ((ptr - data) + 16 > len) {
770 uuids_start[1] = EIR_UUID128_SOME;
774 memcpy(ptr, uuid->uuid, 16);
776 uuids_start[0] += 16;
782 static struct mgmt_pending_cmd *mgmt_pending_find(u16 opcode,
783 struct hci_dev *hdev)
785 struct mgmt_pending_cmd *cmd;
787 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
788 if (cmd->opcode == opcode)
795 static struct mgmt_pending_cmd *mgmt_pending_find_data(u16 opcode,
796 struct hci_dev *hdev,
799 struct mgmt_pending_cmd *cmd;
801 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
802 if (cmd->user_data != data)
804 if (cmd->opcode == opcode)
811 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
816 name_len = strlen(hdev->dev_name);
818 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
820 if (name_len > max_len) {
822 ptr[1] = EIR_NAME_SHORT;
824 ptr[1] = EIR_NAME_COMPLETE;
826 ptr[0] = name_len + 1;
828 memcpy(ptr + 2, hdev->dev_name, name_len);
830 ad_len += (name_len + 2);
831 ptr += (name_len + 2);
837 static void update_scan_rsp_data(struct hci_request *req)
839 struct hci_dev *hdev = req->hdev;
840 struct hci_cp_le_set_scan_rsp_data cp;
843 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
846 memset(&cp, 0, sizeof(cp));
848 len = create_scan_rsp_data(hdev, cp.data);
850 if (hdev->scan_rsp_data_len == len &&
851 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
854 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
855 hdev->scan_rsp_data_len = len;
859 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
862 static u8 get_adv_discov_flags(struct hci_dev *hdev)
864 struct mgmt_pending_cmd *cmd;
866 /* If there's a pending mgmt command the flags will not yet have
867 * their final values, so check for this first.
869 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
871 struct mgmt_mode *cp = cmd->param;
873 return LE_AD_GENERAL;
874 else if (cp->val == 0x02)
875 return LE_AD_LIMITED;
877 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
878 return LE_AD_LIMITED;
879 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
880 return LE_AD_GENERAL;
886 static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
888 u8 ad_len = 0, flags = 0;
890 flags |= get_adv_discov_flags(hdev);
892 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
893 flags |= LE_AD_NO_BREDR;
896 BT_DBG("adv flags 0x%02x", flags);
906 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
908 ptr[1] = EIR_TX_POWER;
909 ptr[2] = (u8) hdev->adv_tx_power;
918 static void update_adv_data(struct hci_request *req)
920 struct hci_dev *hdev = req->hdev;
921 struct hci_cp_le_set_adv_data cp;
924 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
927 memset(&cp, 0, sizeof(cp));
929 len = create_adv_data(hdev, cp.data);
931 if (hdev->adv_data_len == len &&
932 memcmp(cp.data, hdev->adv_data, len) == 0)
935 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
936 hdev->adv_data_len = len;
940 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
943 int mgmt_update_adv_data(struct hci_dev *hdev)
945 struct hci_request req;
947 hci_req_init(&req, hdev);
948 update_adv_data(&req);
950 return hci_req_run(&req, NULL);
953 static void create_eir(struct hci_dev *hdev, u8 *data)
958 name_len = strlen(hdev->dev_name);
964 ptr[1] = EIR_NAME_SHORT;
966 ptr[1] = EIR_NAME_COMPLETE;
968 /* EIR Data length */
969 ptr[0] = name_len + 1;
971 memcpy(ptr + 2, hdev->dev_name, name_len);
973 ptr += (name_len + 2);
976 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
978 ptr[1] = EIR_TX_POWER;
979 ptr[2] = (u8) hdev->inq_tx_power;
984 if (hdev->devid_source > 0) {
986 ptr[1] = EIR_DEVICE_ID;
988 put_unaligned_le16(hdev->devid_source, ptr + 2);
989 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
990 put_unaligned_le16(hdev->devid_product, ptr + 6);
991 put_unaligned_le16(hdev->devid_version, ptr + 8);
996 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
997 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
998 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1001 static void update_eir(struct hci_request *req)
1003 struct hci_dev *hdev = req->hdev;
1004 struct hci_cp_write_eir cp;
1006 if (!hdev_is_powered(hdev))
1009 if (!lmp_ext_inq_capable(hdev))
1012 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1015 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1018 memset(&cp, 0, sizeof(cp));
1020 create_eir(hdev, cp.data);
1022 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
1025 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1027 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1030 static u8 get_service_classes(struct hci_dev *hdev)
1032 struct bt_uuid *uuid;
1035 list_for_each_entry(uuid, &hdev->uuids, list)
1036 val |= uuid->svc_hint;
1041 static void update_class(struct hci_request *req)
1043 struct hci_dev *hdev = req->hdev;
1046 BT_DBG("%s", hdev->name);
1048 if (!hdev_is_powered(hdev))
1051 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1054 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1057 cod[0] = hdev->minor_class;
1058 cod[1] = hdev->major_class;
1059 cod[2] = get_service_classes(hdev);
1061 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
1064 if (memcmp(cod, hdev->dev_class, 3) == 0)
1067 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1070 static bool get_connectable(struct hci_dev *hdev)
1072 struct mgmt_pending_cmd *cmd;
1074 /* If there's a pending mgmt command the flag will not yet have
1075 * it's final value, so check for this first.
1077 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1079 struct mgmt_mode *cp = cmd->param;
1083 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
1086 static void disable_advertising(struct hci_request *req)
1090 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1093 static void enable_advertising(struct hci_request *req)
1095 struct hci_dev *hdev = req->hdev;
1096 struct hci_cp_le_set_adv_param cp;
1097 u8 own_addr_type, enable = 0x01;
1100 if (hci_conn_num(hdev, LE_LINK) > 0)
1103 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1104 disable_advertising(req);
1106 /* Clear the HCI_LE_ADV bit temporarily so that the
1107 * hci_update_random_address knows that it's safe to go ahead
1108 * and write a new random address. The flag will be set back on
1109 * as soon as the SET_ADV_ENABLE HCI command completes.
1111 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1113 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
1116 connectable = get_connectable(hdev);
1118 /* Set require_privacy to true only when non-connectable
1119 * advertising is used. In that case it is fine to use a
1120 * non-resolvable private address.
1122 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1125 memset(&cp, 0, sizeof(cp));
1126 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1127 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1128 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1129 cp.own_address_type = own_addr_type;
1130 cp.channel_map = hdev->le_adv_channel_map;
1132 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1134 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1137 static void service_cache_off(struct work_struct *work)
1139 struct hci_dev *hdev = container_of(work, struct hci_dev,
1140 service_cache.work);
1141 struct hci_request req;
1143 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1146 hci_req_init(&req, hdev);
1153 hci_dev_unlock(hdev);
1155 hci_req_run(&req, NULL);
1158 static void rpa_expired(struct work_struct *work)
1160 struct hci_dev *hdev = container_of(work, struct hci_dev,
1162 struct hci_request req;
1166 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1168 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
1171 /* The generation of a new RPA and programming it into the
1172 * controller happens in the enable_advertising() function.
1174 hci_req_init(&req, hdev);
1175 enable_advertising(&req);
1176 hci_req_run(&req, NULL);
1179 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1181 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
1184 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1185 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1187 /* Non-mgmt controlled devices get this bit set
1188 * implicitly so that pairing works for them, however
1189 * for mgmt we require user-space to explicitly enable
1192 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1195 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1196 void *data, u16 data_len)
1198 struct mgmt_rp_read_info rp;
1200 BT_DBG("sock %p %s", sk, hdev->name);
1204 memset(&rp, 0, sizeof(rp));
1206 bacpy(&rp.bdaddr, &hdev->bdaddr);
1208 rp.version = hdev->hci_ver;
1209 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1211 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1212 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1214 memcpy(rp.dev_class, hdev->dev_class, 3);
1216 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1217 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1219 hci_dev_unlock(hdev);
1221 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1225 static void mgmt_pending_free(struct mgmt_pending_cmd *cmd)
1232 static struct mgmt_pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1233 struct hci_dev *hdev,
1234 void *data, u16 len)
1236 struct mgmt_pending_cmd *cmd;
1238 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1242 cmd->opcode = opcode;
1243 cmd->index = hdev->id;
1245 cmd->param = kmemdup(data, len, GFP_KERNEL);
1251 cmd->param_len = len;
1256 list_add(&cmd->list, &hdev->mgmt_pending);
1261 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
1262 void (*cb)(struct mgmt_pending_cmd *cmd,
1266 struct mgmt_pending_cmd *cmd, *tmp;
1268 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
1269 if (opcode > 0 && cmd->opcode != opcode)
1276 static void mgmt_pending_remove(struct mgmt_pending_cmd *cmd)
1278 list_del(&cmd->list);
1279 mgmt_pending_free(cmd);
1282 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1284 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1286 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1290 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1292 BT_DBG("%s status 0x%02x", hdev->name, status);
1294 if (hci_conn_count(hdev) == 0) {
1295 cancel_delayed_work(&hdev->power_off);
1296 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1300 static bool hci_stop_discovery(struct hci_request *req)
1302 struct hci_dev *hdev = req->hdev;
1303 struct hci_cp_remote_name_req_cancel cp;
1304 struct inquiry_entry *e;
1306 switch (hdev->discovery.state) {
1307 case DISCOVERY_FINDING:
1308 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1309 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1311 cancel_delayed_work(&hdev->le_scan_disable);
1312 hci_req_add_le_scan_disable(req);
1317 case DISCOVERY_RESOLVING:
1318 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1323 bacpy(&cp.bdaddr, &e->data.bdaddr);
1324 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1330 /* Passive scanning */
1331 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1332 hci_req_add_le_scan_disable(req);
1342 static int clean_up_hci_state(struct hci_dev *hdev)
1344 struct hci_request req;
1345 struct hci_conn *conn;
1346 bool discov_stopped;
1349 hci_req_init(&req, hdev);
1351 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1352 test_bit(HCI_PSCAN, &hdev->flags)) {
1354 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1357 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1358 disable_advertising(&req);
1360 discov_stopped = hci_stop_discovery(&req);
1362 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1363 struct hci_cp_disconnect dc;
1364 struct hci_cp_reject_conn_req rej;
1366 switch (conn->state) {
1369 dc.handle = cpu_to_le16(conn->handle);
1370 dc.reason = 0x15; /* Terminated due to Power Off */
1371 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1374 if (conn->type == LE_LINK)
1375 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1377 else if (conn->type == ACL_LINK)
1378 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1382 bacpy(&rej.bdaddr, &conn->dst);
1383 rej.reason = 0x15; /* Terminated due to Power Off */
1384 if (conn->type == ACL_LINK)
1385 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1387 else if (conn->type == SCO_LINK)
1388 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1394 err = hci_req_run(&req, clean_up_hci_complete);
1395 if (!err && discov_stopped)
1396 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1401 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1404 struct mgmt_mode *cp = data;
1405 struct mgmt_pending_cmd *cmd;
1408 BT_DBG("request for %s", hdev->name);
1410 if (cp->val != 0x00 && cp->val != 0x01)
1411 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1412 MGMT_STATUS_INVALID_PARAMS);
1416 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1417 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1422 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
1423 cancel_delayed_work(&hdev->power_off);
1426 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1428 err = mgmt_powered(hdev, 1);
1433 if (!!cp->val == hdev_is_powered(hdev)) {
1434 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1438 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1445 queue_work(hdev->req_workqueue, &hdev->power_on);
1448 /* Disconnect connections, stop scans, etc */
1449 err = clean_up_hci_state(hdev);
1451 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1452 HCI_POWER_OFF_TIMEOUT);
1454 /* ENODATA means there were no HCI commands queued */
1455 if (err == -ENODATA) {
1456 cancel_delayed_work(&hdev->power_off);
1457 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1463 hci_dev_unlock(hdev);
1467 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1471 ev = cpu_to_le32(get_current_settings(hdev));
1473 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1476 int mgmt_new_settings(struct hci_dev *hdev)
1478 return new_settings(hdev, NULL);
1483 struct hci_dev *hdev;
1487 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1489 struct cmd_lookup *match = data;
1491 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1493 list_del(&cmd->list);
1495 if (match->sk == NULL) {
1496 match->sk = cmd->sk;
1497 sock_hold(match->sk);
1500 mgmt_pending_free(cmd);
1503 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1507 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1508 mgmt_pending_remove(cmd);
1511 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1513 if (cmd->cmd_complete) {
1516 cmd->cmd_complete(cmd, *status);
1517 mgmt_pending_remove(cmd);
1522 cmd_status_rsp(cmd, data);
1525 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1527 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1528 cmd->param, cmd->param_len);
1531 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1533 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1534 cmd->param, sizeof(struct mgmt_addr_info));
1537 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1539 if (!lmp_bredr_capable(hdev))
1540 return MGMT_STATUS_NOT_SUPPORTED;
1541 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1542 return MGMT_STATUS_REJECTED;
1544 return MGMT_STATUS_SUCCESS;
1547 static u8 mgmt_le_support(struct hci_dev *hdev)
1549 if (!lmp_le_capable(hdev))
1550 return MGMT_STATUS_NOT_SUPPORTED;
1551 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1552 return MGMT_STATUS_REJECTED;
1554 return MGMT_STATUS_SUCCESS;
1557 static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1560 struct mgmt_pending_cmd *cmd;
1561 struct mgmt_mode *cp;
1562 struct hci_request req;
1565 BT_DBG("status 0x%02x", status);
1569 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1574 u8 mgmt_err = mgmt_status(status);
1575 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1576 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1582 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
1584 if (hdev->discov_timeout > 0) {
1585 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1586 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1590 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
1593 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1596 new_settings(hdev, cmd->sk);
1598 /* When the discoverable mode gets changed, make sure
1599 * that class of device has the limited discoverable
1600 * bit correctly set. Also update page scan based on whitelist
1603 hci_req_init(&req, hdev);
1604 __hci_update_page_scan(&req);
1606 hci_req_run(&req, NULL);
1609 mgmt_pending_remove(cmd);
1612 hci_dev_unlock(hdev);
1615 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1618 struct mgmt_cp_set_discoverable *cp = data;
1619 struct mgmt_pending_cmd *cmd;
1620 struct hci_request req;
1625 BT_DBG("request for %s", hdev->name);
1627 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1628 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1629 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1630 MGMT_STATUS_REJECTED);
1632 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1633 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1634 MGMT_STATUS_INVALID_PARAMS);
1636 timeout = __le16_to_cpu(cp->timeout);
1638 /* Disabling discoverable requires that no timeout is set,
1639 * and enabling limited discoverable requires a timeout.
1641 if ((cp->val == 0x00 && timeout > 0) ||
1642 (cp->val == 0x02 && timeout == 0))
1643 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1644 MGMT_STATUS_INVALID_PARAMS);
1648 if (!hdev_is_powered(hdev) && timeout > 0) {
1649 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1650 MGMT_STATUS_NOT_POWERED);
1654 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1655 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1656 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1661 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1662 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1663 MGMT_STATUS_REJECTED);
1667 if (!hdev_is_powered(hdev)) {
1668 bool changed = false;
1670 /* Setting limited discoverable when powered off is
1671 * not a valid operation since it requires a timeout
1672 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1674 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1675 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1679 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1684 err = new_settings(hdev, sk);
1689 /* If the current mode is the same, then just update the timeout
1690 * value with the new value. And if only the timeout gets updated,
1691 * then no need for any HCI transactions.
1693 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1694 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1695 HCI_LIMITED_DISCOVERABLE)) {
1696 cancel_delayed_work(&hdev->discov_off);
1697 hdev->discov_timeout = timeout;
1699 if (cp->val && hdev->discov_timeout > 0) {
1700 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1701 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1705 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1709 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1715 /* Cancel any potential discoverable timeout that might be
1716 * still active and store new timeout value. The arming of
1717 * the timeout happens in the complete handler.
1719 cancel_delayed_work(&hdev->discov_off);
1720 hdev->discov_timeout = timeout;
1722 /* Limited discoverable mode */
1723 if (cp->val == 0x02)
1724 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1726 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1728 hci_req_init(&req, hdev);
1730 /* The procedure for LE-only controllers is much simpler - just
1731 * update the advertising data.
1733 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1739 struct hci_cp_write_current_iac_lap hci_cp;
1741 if (cp->val == 0x02) {
1742 /* Limited discoverable mode */
1743 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1744 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1745 hci_cp.iac_lap[1] = 0x8b;
1746 hci_cp.iac_lap[2] = 0x9e;
1747 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1748 hci_cp.iac_lap[4] = 0x8b;
1749 hci_cp.iac_lap[5] = 0x9e;
1751 /* General discoverable mode */
1753 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1754 hci_cp.iac_lap[1] = 0x8b;
1755 hci_cp.iac_lap[2] = 0x9e;
1758 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1759 (hci_cp.num_iac * 3) + 1, &hci_cp);
1761 scan |= SCAN_INQUIRY;
1763 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1766 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1769 update_adv_data(&req);
1771 err = hci_req_run(&req, set_discoverable_complete);
1773 mgmt_pending_remove(cmd);
1776 hci_dev_unlock(hdev);
1780 static void write_fast_connectable(struct hci_request *req, bool enable)
1782 struct hci_dev *hdev = req->hdev;
1783 struct hci_cp_write_page_scan_activity acp;
1786 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1789 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1793 type = PAGE_SCAN_TYPE_INTERLACED;
1795 /* 160 msec page scan interval */
1796 acp.interval = cpu_to_le16(0x0100);
1798 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1800 /* default 1.28 sec page scan */
1801 acp.interval = cpu_to_le16(0x0800);
1804 acp.window = cpu_to_le16(0x0012);
1806 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1807 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1808 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1811 if (hdev->page_scan_type != type)
1812 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1815 static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1818 struct mgmt_pending_cmd *cmd;
1819 struct mgmt_mode *cp;
1820 bool conn_changed, discov_changed;
1822 BT_DBG("status 0x%02x", status);
1826 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1831 u8 mgmt_err = mgmt_status(status);
1832 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1838 conn_changed = !hci_dev_test_and_set_flag(hdev,
1840 discov_changed = false;
1842 conn_changed = hci_dev_test_and_clear_flag(hdev,
1844 discov_changed = hci_dev_test_and_clear_flag(hdev,
1848 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1850 if (conn_changed || discov_changed) {
1851 new_settings(hdev, cmd->sk);
1852 hci_update_page_scan(hdev);
1854 mgmt_update_adv_data(hdev);
1855 hci_update_background_scan(hdev);
1859 mgmt_pending_remove(cmd);
1862 hci_dev_unlock(hdev);
1865 static int set_connectable_update_settings(struct hci_dev *hdev,
1866 struct sock *sk, u8 val)
1868 bool changed = false;
1871 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1875 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1877 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1878 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1881 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1886 hci_update_page_scan(hdev);
1887 hci_update_background_scan(hdev);
1888 return new_settings(hdev, sk);
1894 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1897 struct mgmt_mode *cp = data;
1898 struct mgmt_pending_cmd *cmd;
1899 struct hci_request req;
1903 BT_DBG("request for %s", hdev->name);
1905 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1906 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1907 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1908 MGMT_STATUS_REJECTED);
1910 if (cp->val != 0x00 && cp->val != 0x01)
1911 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1912 MGMT_STATUS_INVALID_PARAMS);
1916 if (!hdev_is_powered(hdev)) {
1917 err = set_connectable_update_settings(hdev, sk, cp->val);
1921 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1922 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1923 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1928 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1934 hci_req_init(&req, hdev);
1936 /* If BR/EDR is not enabled and we disable advertising as a
1937 * by-product of disabling connectable, we need to update the
1938 * advertising flags.
1940 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1942 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1943 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1945 update_adv_data(&req);
1946 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1950 /* If we don't have any whitelist entries just
1951 * disable all scanning. If there are entries
1952 * and we had both page and inquiry scanning
1953 * enabled then fall back to only page scanning.
1954 * Otherwise no changes are needed.
1956 if (list_empty(&hdev->whitelist))
1957 scan = SCAN_DISABLED;
1958 else if (test_bit(HCI_ISCAN, &hdev->flags))
1961 goto no_scan_update;
1963 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1964 hdev->discov_timeout > 0)
1965 cancel_delayed_work(&hdev->discov_off);
1968 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1972 /* Update the advertising parameters if necessary */
1973 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
1974 enable_advertising(&req);
1976 err = hci_req_run(&req, set_connectable_complete);
1978 mgmt_pending_remove(cmd);
1979 if (err == -ENODATA)
1980 err = set_connectable_update_settings(hdev, sk,
1986 hci_dev_unlock(hdev);
1990 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1993 struct mgmt_mode *cp = data;
1997 BT_DBG("request for %s", hdev->name);
1999 if (cp->val != 0x00 && cp->val != 0x01)
2000 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2001 MGMT_STATUS_INVALID_PARAMS);
2006 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
2008 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
2010 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
2015 err = new_settings(hdev, sk);
2018 hci_dev_unlock(hdev);
2022 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2025 struct mgmt_mode *cp = data;
2026 struct mgmt_pending_cmd *cmd;
2030 BT_DBG("request for %s", hdev->name);
2032 status = mgmt_bredr_support(hdev);
2034 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2037 if (cp->val != 0x00 && cp->val != 0x01)
2038 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2039 MGMT_STATUS_INVALID_PARAMS);
2043 if (!hdev_is_powered(hdev)) {
2044 bool changed = false;
2046 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
2047 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
2051 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2056 err = new_settings(hdev, sk);
2061 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2062 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2069 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2070 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2074 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2080 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2082 mgmt_pending_remove(cmd);
2087 hci_dev_unlock(hdev);
2091 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2093 struct mgmt_mode *cp = data;
2094 struct mgmt_pending_cmd *cmd;
2098 BT_DBG("request for %s", hdev->name);
2100 status = mgmt_bredr_support(hdev);
2102 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2104 if (!lmp_ssp_capable(hdev))
2105 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2106 MGMT_STATUS_NOT_SUPPORTED);
2108 if (cp->val != 0x00 && cp->val != 0x01)
2109 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2110 MGMT_STATUS_INVALID_PARAMS);
2114 if (!hdev_is_powered(hdev)) {
2118 changed = !hci_dev_test_and_set_flag(hdev,
2121 changed = hci_dev_test_and_clear_flag(hdev,
2124 changed = hci_dev_test_and_clear_flag(hdev,
2127 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
2130 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2135 err = new_settings(hdev, sk);
2140 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
2141 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2146 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
2147 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2151 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2157 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
2158 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2159 sizeof(cp->val), &cp->val);
2161 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2163 mgmt_pending_remove(cmd);
2168 hci_dev_unlock(hdev);
2172 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2174 struct mgmt_mode *cp = data;
2179 BT_DBG("request for %s", hdev->name);
2181 status = mgmt_bredr_support(hdev);
2183 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2185 if (!lmp_ssp_capable(hdev))
2186 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2187 MGMT_STATUS_NOT_SUPPORTED);
2189 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
2190 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2191 MGMT_STATUS_REJECTED);
2193 if (cp->val != 0x00 && cp->val != 0x01)
2194 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2195 MGMT_STATUS_INVALID_PARAMS);
2199 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
2200 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2206 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
2208 if (hdev_is_powered(hdev)) {
2209 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2210 MGMT_STATUS_REJECTED);
2214 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
2217 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2222 err = new_settings(hdev, sk);
2225 hci_dev_unlock(hdev);
2229 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2231 struct cmd_lookup match = { NULL, hdev };
2236 u8 mgmt_err = mgmt_status(status);
2238 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2243 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2245 new_settings(hdev, match.sk);
2250 /* Make sure the controller has a good default for
2251 * advertising data. Restrict the update to when LE
2252 * has actually been enabled. During power on, the
2253 * update in powered_update_hci will take care of it.
2255 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2256 struct hci_request req;
2258 hci_req_init(&req, hdev);
2259 update_adv_data(&req);
2260 update_scan_rsp_data(&req);
2261 __hci_update_background_scan(&req);
2262 hci_req_run(&req, NULL);
2266 hci_dev_unlock(hdev);
2269 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2271 struct mgmt_mode *cp = data;
2272 struct hci_cp_write_le_host_supported hci_cp;
2273 struct mgmt_pending_cmd *cmd;
2274 struct hci_request req;
2278 BT_DBG("request for %s", hdev->name);
2280 if (!lmp_le_capable(hdev))
2281 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2282 MGMT_STATUS_NOT_SUPPORTED);
2284 if (cp->val != 0x00 && cp->val != 0x01)
2285 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2286 MGMT_STATUS_INVALID_PARAMS);
2288 /* LE-only devices do not allow toggling LE on/off */
2289 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2290 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2291 MGMT_STATUS_REJECTED);
2296 enabled = lmp_host_le_capable(hdev);
2298 if (!hdev_is_powered(hdev) || val == enabled) {
2299 bool changed = false;
2301 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2302 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
2306 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2307 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
2311 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2316 err = new_settings(hdev, sk);
2321 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2322 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2323 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2328 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2334 hci_req_init(&req, hdev);
2336 memset(&hci_cp, 0, sizeof(hci_cp));
2340 hci_cp.simul = 0x00;
2342 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2343 disable_advertising(&req);
2346 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2349 err = hci_req_run(&req, le_enable_complete);
2351 mgmt_pending_remove(cmd);
2354 hci_dev_unlock(hdev);
2358 /* This is a helper function to test for pending mgmt commands that can
2359 * cause CoD or EIR HCI commands. We can only allow one such pending
2360 * mgmt command at a time since otherwise we cannot easily track what
2361 * the current values are, will be, and based on that calculate if a new
2362 * HCI command needs to be sent and if yes with what value.
2364 static bool pending_eir_or_class(struct hci_dev *hdev)
2366 struct mgmt_pending_cmd *cmd;
2368 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2369 switch (cmd->opcode) {
2370 case MGMT_OP_ADD_UUID:
2371 case MGMT_OP_REMOVE_UUID:
2372 case MGMT_OP_SET_DEV_CLASS:
2373 case MGMT_OP_SET_POWERED:
2381 static const u8 bluetooth_base_uuid[] = {
2382 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2383 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2386 static u8 get_uuid_size(const u8 *uuid)
2390 if (memcmp(uuid, bluetooth_base_uuid, 12))
2393 val = get_unaligned_le32(&uuid[12]);
2400 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2402 struct mgmt_pending_cmd *cmd;
2406 cmd = mgmt_pending_find(mgmt_op, hdev);
2410 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2411 mgmt_status(status), hdev->dev_class, 3);
2413 mgmt_pending_remove(cmd);
2416 hci_dev_unlock(hdev);
2419 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2421 BT_DBG("status 0x%02x", status);
2423 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2426 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2428 struct mgmt_cp_add_uuid *cp = data;
2429 struct mgmt_pending_cmd *cmd;
2430 struct hci_request req;
2431 struct bt_uuid *uuid;
2434 BT_DBG("request for %s", hdev->name);
2438 if (pending_eir_or_class(hdev)) {
2439 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2444 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2450 memcpy(uuid->uuid, cp->uuid, 16);
2451 uuid->svc_hint = cp->svc_hint;
2452 uuid->size = get_uuid_size(cp->uuid);
2454 list_add_tail(&uuid->list, &hdev->uuids);
2456 hci_req_init(&req, hdev);
2461 err = hci_req_run(&req, add_uuid_complete);
2463 if (err != -ENODATA)
2466 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2467 hdev->dev_class, 3);
2471 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2480 hci_dev_unlock(hdev);
2484 static bool enable_service_cache(struct hci_dev *hdev)
2486 if (!hdev_is_powered(hdev))
2489 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2490 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2498 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2500 BT_DBG("status 0x%02x", status);
2502 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2505 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2508 struct mgmt_cp_remove_uuid *cp = data;
2509 struct mgmt_pending_cmd *cmd;
2510 struct bt_uuid *match, *tmp;
2511 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2512 struct hci_request req;
2515 BT_DBG("request for %s", hdev->name);
2519 if (pending_eir_or_class(hdev)) {
2520 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2525 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2526 hci_uuids_clear(hdev);
2528 if (enable_service_cache(hdev)) {
2529 err = mgmt_cmd_complete(sk, hdev->id,
2530 MGMT_OP_REMOVE_UUID,
2531 0, hdev->dev_class, 3);
2540 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2541 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2544 list_del(&match->list);
2550 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2551 MGMT_STATUS_INVALID_PARAMS);
2556 hci_req_init(&req, hdev);
2561 err = hci_req_run(&req, remove_uuid_complete);
2563 if (err != -ENODATA)
2566 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2567 hdev->dev_class, 3);
2571 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2580 hci_dev_unlock(hdev);
2584 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2586 BT_DBG("status 0x%02x", status);
2588 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2591 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2594 struct mgmt_cp_set_dev_class *cp = data;
2595 struct mgmt_pending_cmd *cmd;
2596 struct hci_request req;
2599 BT_DBG("request for %s", hdev->name);
2601 if (!lmp_bredr_capable(hdev))
2602 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2603 MGMT_STATUS_NOT_SUPPORTED);
2607 if (pending_eir_or_class(hdev)) {
2608 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2613 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2614 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2615 MGMT_STATUS_INVALID_PARAMS);
2619 hdev->major_class = cp->major;
2620 hdev->minor_class = cp->minor;
2622 if (!hdev_is_powered(hdev)) {
2623 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2624 hdev->dev_class, 3);
2628 hci_req_init(&req, hdev);
2630 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2631 hci_dev_unlock(hdev);
2632 cancel_delayed_work_sync(&hdev->service_cache);
2639 err = hci_req_run(&req, set_class_complete);
2641 if (err != -ENODATA)
2644 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2645 hdev->dev_class, 3);
2649 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2658 hci_dev_unlock(hdev);
2662 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2665 struct mgmt_cp_load_link_keys *cp = data;
2666 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2667 sizeof(struct mgmt_link_key_info));
2668 u16 key_count, expected_len;
2672 BT_DBG("request for %s", hdev->name);
2674 if (!lmp_bredr_capable(hdev))
2675 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2676 MGMT_STATUS_NOT_SUPPORTED);
2678 key_count = __le16_to_cpu(cp->key_count);
2679 if (key_count > max_key_count) {
2680 BT_ERR("load_link_keys: too big key_count value %u",
2682 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2683 MGMT_STATUS_INVALID_PARAMS);
2686 expected_len = sizeof(*cp) + key_count *
2687 sizeof(struct mgmt_link_key_info);
2688 if (expected_len != len) {
2689 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2691 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2692 MGMT_STATUS_INVALID_PARAMS);
2695 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2696 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2697 MGMT_STATUS_INVALID_PARAMS);
2699 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2702 for (i = 0; i < key_count; i++) {
2703 struct mgmt_link_key_info *key = &cp->keys[i];
2705 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2706 return mgmt_cmd_status(sk, hdev->id,
2707 MGMT_OP_LOAD_LINK_KEYS,
2708 MGMT_STATUS_INVALID_PARAMS);
2713 hci_link_keys_clear(hdev);
2716 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2718 changed = hci_dev_test_and_clear_flag(hdev,
2719 HCI_KEEP_DEBUG_KEYS);
2722 new_settings(hdev, NULL);
2724 for (i = 0; i < key_count; i++) {
2725 struct mgmt_link_key_info *key = &cp->keys[i];
2727 /* Always ignore debug keys and require a new pairing if
2728 * the user wants to use them.
2730 if (key->type == HCI_LK_DEBUG_COMBINATION)
2733 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2734 key->type, key->pin_len, NULL);
2737 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2739 hci_dev_unlock(hdev);
2744 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2745 u8 addr_type, struct sock *skip_sk)
2747 struct mgmt_ev_device_unpaired ev;
2749 bacpy(&ev.addr.bdaddr, bdaddr);
2750 ev.addr.type = addr_type;
2752 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2756 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2759 struct mgmt_cp_unpair_device *cp = data;
2760 struct mgmt_rp_unpair_device rp;
2761 struct hci_cp_disconnect dc;
2762 struct mgmt_pending_cmd *cmd;
2763 struct hci_conn *conn;
2766 memset(&rp, 0, sizeof(rp));
2767 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2768 rp.addr.type = cp->addr.type;
2770 if (!bdaddr_type_is_valid(cp->addr.type))
2771 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2772 MGMT_STATUS_INVALID_PARAMS,
2775 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2776 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2777 MGMT_STATUS_INVALID_PARAMS,
2782 if (!hdev_is_powered(hdev)) {
2783 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2784 MGMT_STATUS_NOT_POWERED, &rp,
2789 if (cp->addr.type == BDADDR_BREDR) {
2790 /* If disconnection is requested, then look up the
2791 * connection. If the remote device is connected, it
2792 * will be later used to terminate the link.
2794 * Setting it to NULL explicitly will cause no
2795 * termination of the link.
2798 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2803 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2807 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2810 /* Defer clearing up the connection parameters
2811 * until closing to give a chance of keeping
2812 * them if a repairing happens.
2814 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2816 /* If disconnection is not requested, then
2817 * clear the connection variable so that the
2818 * link is not terminated.
2820 if (!cp->disconnect)
2824 if (cp->addr.type == BDADDR_LE_PUBLIC)
2825 addr_type = ADDR_LE_DEV_PUBLIC;
2827 addr_type = ADDR_LE_DEV_RANDOM;
2829 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2831 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2835 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2836 MGMT_STATUS_NOT_PAIRED, &rp,
2841 /* If the connection variable is set, then termination of the
2842 * link is requested.
2845 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2847 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2851 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2858 cmd->cmd_complete = addr_cmd_complete;
2860 dc.handle = cpu_to_le16(conn->handle);
2861 dc.reason = 0x13; /* Remote User Terminated Connection */
2862 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2864 mgmt_pending_remove(cmd);
2867 hci_dev_unlock(hdev);
2871 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2874 struct mgmt_cp_disconnect *cp = data;
2875 struct mgmt_rp_disconnect rp;
2876 struct mgmt_pending_cmd *cmd;
2877 struct hci_conn *conn;
2882 memset(&rp, 0, sizeof(rp));
2883 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2884 rp.addr.type = cp->addr.type;
2886 if (!bdaddr_type_is_valid(cp->addr.type))
2887 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2888 MGMT_STATUS_INVALID_PARAMS,
2893 if (!test_bit(HCI_UP, &hdev->flags)) {
2894 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2895 MGMT_STATUS_NOT_POWERED, &rp,
2900 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2901 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2902 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2906 if (cp->addr.type == BDADDR_BREDR)
2907 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2910 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2912 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2913 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2914 MGMT_STATUS_NOT_CONNECTED, &rp,
2919 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2925 cmd->cmd_complete = generic_cmd_complete;
2927 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2929 mgmt_pending_remove(cmd);
2932 hci_dev_unlock(hdev);
2936 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2938 switch (link_type) {
2940 switch (addr_type) {
2941 case ADDR_LE_DEV_PUBLIC:
2942 return BDADDR_LE_PUBLIC;
2945 /* Fallback to LE Random address type */
2946 return BDADDR_LE_RANDOM;
2950 /* Fallback to BR/EDR type */
2951 return BDADDR_BREDR;
2955 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2958 struct mgmt_rp_get_connections *rp;
2968 if (!hdev_is_powered(hdev)) {
2969 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2970 MGMT_STATUS_NOT_POWERED);
2975 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2976 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2980 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2981 rp = kmalloc(rp_len, GFP_KERNEL);
2988 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2989 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2991 bacpy(&rp->addr[i].bdaddr, &c->dst);
2992 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2993 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2998 rp->conn_count = cpu_to_le16(i);
3000 /* Recalculate length in case of filtered SCO connections, etc */
3001 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3003 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3009 hci_dev_unlock(hdev);
3013 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3014 struct mgmt_cp_pin_code_neg_reply *cp)
3016 struct mgmt_pending_cmd *cmd;
3019 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3024 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3025 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3027 mgmt_pending_remove(cmd);
3032 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3035 struct hci_conn *conn;
3036 struct mgmt_cp_pin_code_reply *cp = data;
3037 struct hci_cp_pin_code_reply reply;
3038 struct mgmt_pending_cmd *cmd;
3045 if (!hdev_is_powered(hdev)) {
3046 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3047 MGMT_STATUS_NOT_POWERED);
3051 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3053 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3054 MGMT_STATUS_NOT_CONNECTED);
3058 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3059 struct mgmt_cp_pin_code_neg_reply ncp;
3061 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3063 BT_ERR("PIN code is not 16 bytes long");
3065 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3067 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3068 MGMT_STATUS_INVALID_PARAMS);
3073 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3079 cmd->cmd_complete = addr_cmd_complete;
3081 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3082 reply.pin_len = cp->pin_len;
3083 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3085 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3087 mgmt_pending_remove(cmd);
3090 hci_dev_unlock(hdev);
3094 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3097 struct mgmt_cp_set_io_capability *cp = data;
3101 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3102 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3103 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3107 hdev->io_capability = cp->io_capability;
3109 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3110 hdev->io_capability);
3112 hci_dev_unlock(hdev);
3114 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3118 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
3120 struct hci_dev *hdev = conn->hdev;
3121 struct mgmt_pending_cmd *cmd;
3123 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3124 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3127 if (cmd->user_data != conn)
3136 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
3138 struct mgmt_rp_pair_device rp;
3139 struct hci_conn *conn = cmd->user_data;
3142 bacpy(&rp.addr.bdaddr, &conn->dst);
3143 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3145 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3146 status, &rp, sizeof(rp));
3148 /* So we don't get further callbacks for this connection */
3149 conn->connect_cfm_cb = NULL;
3150 conn->security_cfm_cb = NULL;
3151 conn->disconn_cfm_cb = NULL;
3153 hci_conn_drop(conn);
3155 /* The device is paired so there is no need to remove
3156 * its connection parameters anymore.
3158 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3165 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3167 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3168 struct mgmt_pending_cmd *cmd;
3170 cmd = find_pairing(conn);
3172 cmd->cmd_complete(cmd, status);
3173 mgmt_pending_remove(cmd);
3177 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3179 struct mgmt_pending_cmd *cmd;
3181 BT_DBG("status %u", status);
3183 cmd = find_pairing(conn);
3185 BT_DBG("Unable to find a pending command");
3189 cmd->cmd_complete(cmd, mgmt_status(status));
3190 mgmt_pending_remove(cmd);
3193 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3195 struct mgmt_pending_cmd *cmd;
3197 BT_DBG("status %u", status);
3202 cmd = find_pairing(conn);
3204 BT_DBG("Unable to find a pending command");
3208 cmd->cmd_complete(cmd, mgmt_status(status));
3209 mgmt_pending_remove(cmd);
3212 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3215 struct mgmt_cp_pair_device *cp = data;
3216 struct mgmt_rp_pair_device rp;
3217 struct mgmt_pending_cmd *cmd;
3218 u8 sec_level, auth_type;
3219 struct hci_conn *conn;
3224 memset(&rp, 0, sizeof(rp));
3225 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3226 rp.addr.type = cp->addr.type;
3228 if (!bdaddr_type_is_valid(cp->addr.type))
3229 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3230 MGMT_STATUS_INVALID_PARAMS,
3233 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3234 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3235 MGMT_STATUS_INVALID_PARAMS,
3240 if (!hdev_is_powered(hdev)) {
3241 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3242 MGMT_STATUS_NOT_POWERED, &rp,
3247 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3248 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3249 MGMT_STATUS_ALREADY_PAIRED, &rp,
3254 sec_level = BT_SECURITY_MEDIUM;
3255 auth_type = HCI_AT_DEDICATED_BONDING;
3257 if (cp->addr.type == BDADDR_BREDR) {
3258 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3263 /* Convert from L2CAP channel address type to HCI address type
3265 if (cp->addr.type == BDADDR_LE_PUBLIC)
3266 addr_type = ADDR_LE_DEV_PUBLIC;
3268 addr_type = ADDR_LE_DEV_RANDOM;
3270 /* When pairing a new device, it is expected to remember
3271 * this device for future connections. Adding the connection
3272 * parameter information ahead of time allows tracking
3273 * of the slave preferred values and will speed up any
3274 * further connection establishment.
3276 * If connection parameters already exist, then they
3277 * will be kept and this function does nothing.
3279 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3281 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3282 sec_level, HCI_LE_CONN_TIMEOUT,
3289 if (PTR_ERR(conn) == -EBUSY)
3290 status = MGMT_STATUS_BUSY;
3291 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3292 status = MGMT_STATUS_NOT_SUPPORTED;
3293 else if (PTR_ERR(conn) == -ECONNREFUSED)
3294 status = MGMT_STATUS_REJECTED;
3296 status = MGMT_STATUS_CONNECT_FAILED;
3298 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3299 status, &rp, sizeof(rp));
3303 if (conn->connect_cfm_cb) {
3304 hci_conn_drop(conn);
3305 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3306 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3310 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3313 hci_conn_drop(conn);
3317 cmd->cmd_complete = pairing_complete;
3319 /* For LE, just connecting isn't a proof that the pairing finished */
3320 if (cp->addr.type == BDADDR_BREDR) {
3321 conn->connect_cfm_cb = pairing_complete_cb;
3322 conn->security_cfm_cb = pairing_complete_cb;
3323 conn->disconn_cfm_cb = pairing_complete_cb;
3325 conn->connect_cfm_cb = le_pairing_complete_cb;
3326 conn->security_cfm_cb = le_pairing_complete_cb;
3327 conn->disconn_cfm_cb = le_pairing_complete_cb;
3330 conn->io_capability = cp->io_cap;
3331 cmd->user_data = hci_conn_get(conn);
3333 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3334 hci_conn_security(conn, sec_level, auth_type, true)) {
3335 cmd->cmd_complete(cmd, 0);
3336 mgmt_pending_remove(cmd);
3342 hci_dev_unlock(hdev);
3346 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3349 struct mgmt_addr_info *addr = data;
3350 struct mgmt_pending_cmd *cmd;
3351 struct hci_conn *conn;
3358 if (!hdev_is_powered(hdev)) {
3359 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3360 MGMT_STATUS_NOT_POWERED);
3364 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3367 MGMT_STATUS_INVALID_PARAMS);
3371 conn = cmd->user_data;
3373 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3374 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3375 MGMT_STATUS_INVALID_PARAMS);
3379 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3380 mgmt_pending_remove(cmd);
3382 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3383 addr, sizeof(*addr));
3385 hci_dev_unlock(hdev);
3389 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3390 struct mgmt_addr_info *addr, u16 mgmt_op,
3391 u16 hci_op, __le32 passkey)
3393 struct mgmt_pending_cmd *cmd;
3394 struct hci_conn *conn;
3399 if (!hdev_is_powered(hdev)) {
3400 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3401 MGMT_STATUS_NOT_POWERED, addr,
3406 if (addr->type == BDADDR_BREDR)
3407 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3409 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3412 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3413 MGMT_STATUS_NOT_CONNECTED, addr,
3418 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3419 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3421 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3422 MGMT_STATUS_SUCCESS, addr,
3425 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3426 MGMT_STATUS_FAILED, addr,
3432 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3438 cmd->cmd_complete = addr_cmd_complete;
3440 /* Continue with pairing via HCI */
3441 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3442 struct hci_cp_user_passkey_reply cp;
3444 bacpy(&cp.bdaddr, &addr->bdaddr);
3445 cp.passkey = passkey;
3446 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3448 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3452 mgmt_pending_remove(cmd);
3455 hci_dev_unlock(hdev);
3459 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3460 void *data, u16 len)
3462 struct mgmt_cp_pin_code_neg_reply *cp = data;
3466 return user_pairing_resp(sk, hdev, &cp->addr,
3467 MGMT_OP_PIN_CODE_NEG_REPLY,
3468 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3471 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3474 struct mgmt_cp_user_confirm_reply *cp = data;
3478 if (len != sizeof(*cp))
3479 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3480 MGMT_STATUS_INVALID_PARAMS);
3482 return user_pairing_resp(sk, hdev, &cp->addr,
3483 MGMT_OP_USER_CONFIRM_REPLY,
3484 HCI_OP_USER_CONFIRM_REPLY, 0);
3487 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3488 void *data, u16 len)
3490 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3494 return user_pairing_resp(sk, hdev, &cp->addr,
3495 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3496 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3499 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3502 struct mgmt_cp_user_passkey_reply *cp = data;
3506 return user_pairing_resp(sk, hdev, &cp->addr,
3507 MGMT_OP_USER_PASSKEY_REPLY,
3508 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3511 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3512 void *data, u16 len)
3514 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3518 return user_pairing_resp(sk, hdev, &cp->addr,
3519 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3520 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3523 static void update_name(struct hci_request *req)
3525 struct hci_dev *hdev = req->hdev;
3526 struct hci_cp_write_local_name cp;
3528 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3530 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3533 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3535 struct mgmt_cp_set_local_name *cp;
3536 struct mgmt_pending_cmd *cmd;
3538 BT_DBG("status 0x%02x", status);
3542 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3549 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3550 mgmt_status(status));
3552 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3555 mgmt_pending_remove(cmd);
3558 hci_dev_unlock(hdev);
3561 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3564 struct mgmt_cp_set_local_name *cp = data;
3565 struct mgmt_pending_cmd *cmd;
3566 struct hci_request req;
3573 /* If the old values are the same as the new ones just return a
3574 * direct command complete event.
3576 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3577 !memcmp(hdev->short_name, cp->short_name,
3578 sizeof(hdev->short_name))) {
3579 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3584 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3586 if (!hdev_is_powered(hdev)) {
3587 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3589 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3594 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3600 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3606 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3608 hci_req_init(&req, hdev);
3610 if (lmp_bredr_capable(hdev)) {
3615 /* The name is stored in the scan response data and so
3616 * no need to udpate the advertising data here.
3618 if (lmp_le_capable(hdev))
3619 update_scan_rsp_data(&req);
3621 err = hci_req_run(&req, set_name_complete);
3623 mgmt_pending_remove(cmd);
3626 hci_dev_unlock(hdev);
3630 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3631 void *data, u16 data_len)
3633 struct mgmt_pending_cmd *cmd;
3636 BT_DBG("%s", hdev->name);
3640 if (!hdev_is_powered(hdev)) {
3641 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3642 MGMT_STATUS_NOT_POWERED);
3646 if (!lmp_ssp_capable(hdev)) {
3647 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3648 MGMT_STATUS_NOT_SUPPORTED);
3652 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3653 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3658 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3664 if (bredr_sc_enabled(hdev))
3665 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3668 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3671 mgmt_pending_remove(cmd);
3674 hci_dev_unlock(hdev);
3678 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3679 void *data, u16 len)
3681 struct mgmt_addr_info *addr = data;
3684 BT_DBG("%s ", hdev->name);
3686 if (!bdaddr_type_is_valid(addr->type))
3687 return mgmt_cmd_complete(sk, hdev->id,
3688 MGMT_OP_ADD_REMOTE_OOB_DATA,
3689 MGMT_STATUS_INVALID_PARAMS,
3690 addr, sizeof(*addr));
3694 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3695 struct mgmt_cp_add_remote_oob_data *cp = data;
3698 if (cp->addr.type != BDADDR_BREDR) {
3699 err = mgmt_cmd_complete(sk, hdev->id,
3700 MGMT_OP_ADD_REMOTE_OOB_DATA,
3701 MGMT_STATUS_INVALID_PARAMS,
3702 &cp->addr, sizeof(cp->addr));
3706 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3707 cp->addr.type, cp->hash,
3708 cp->rand, NULL, NULL);
3710 status = MGMT_STATUS_FAILED;
3712 status = MGMT_STATUS_SUCCESS;
3714 err = mgmt_cmd_complete(sk, hdev->id,
3715 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3716 &cp->addr, sizeof(cp->addr));
3717 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3718 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3719 u8 *rand192, *hash192, *rand256, *hash256;
3722 if (bdaddr_type_is_le(cp->addr.type)) {
3723 /* Enforce zero-valued 192-bit parameters as
3724 * long as legacy SMP OOB isn't implemented.
3726 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3727 memcmp(cp->hash192, ZERO_KEY, 16)) {
3728 err = mgmt_cmd_complete(sk, hdev->id,
3729 MGMT_OP_ADD_REMOTE_OOB_DATA,
3730 MGMT_STATUS_INVALID_PARAMS,
3731 addr, sizeof(*addr));
3738 /* In case one of the P-192 values is set to zero,
3739 * then just disable OOB data for P-192.
3741 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3742 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3746 rand192 = cp->rand192;
3747 hash192 = cp->hash192;
3751 /* In case one of the P-256 values is set to zero, then just
3752 * disable OOB data for P-256.
3754 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3755 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3759 rand256 = cp->rand256;
3760 hash256 = cp->hash256;
3763 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3764 cp->addr.type, hash192, rand192,
3767 status = MGMT_STATUS_FAILED;
3769 status = MGMT_STATUS_SUCCESS;
3771 err = mgmt_cmd_complete(sk, hdev->id,
3772 MGMT_OP_ADD_REMOTE_OOB_DATA,
3773 status, &cp->addr, sizeof(cp->addr));
3775 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3776 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3777 MGMT_STATUS_INVALID_PARAMS);
3781 hci_dev_unlock(hdev);
3785 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3786 void *data, u16 len)
3788 struct mgmt_cp_remove_remote_oob_data *cp = data;
3792 BT_DBG("%s", hdev->name);
3794 if (cp->addr.type != BDADDR_BREDR)
3795 return mgmt_cmd_complete(sk, hdev->id,
3796 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3797 MGMT_STATUS_INVALID_PARAMS,
3798 &cp->addr, sizeof(cp->addr));
3802 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3803 hci_remote_oob_data_clear(hdev);
3804 status = MGMT_STATUS_SUCCESS;
3808 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3810 status = MGMT_STATUS_INVALID_PARAMS;
3812 status = MGMT_STATUS_SUCCESS;
3815 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3816 status, &cp->addr, sizeof(cp->addr));
3818 hci_dev_unlock(hdev);
3822 static bool trigger_discovery(struct hci_request *req, u8 *status)
3824 struct hci_dev *hdev = req->hdev;
3825 struct hci_cp_le_set_scan_param param_cp;
3826 struct hci_cp_le_set_scan_enable enable_cp;
3827 struct hci_cp_inquiry inq_cp;
3828 /* General inquiry access code (GIAC) */
3829 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3833 switch (hdev->discovery.type) {
3834 case DISCOV_TYPE_BREDR:
3835 *status = mgmt_bredr_support(hdev);
3839 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3840 *status = MGMT_STATUS_BUSY;
3844 hci_inquiry_cache_flush(hdev);
3846 memset(&inq_cp, 0, sizeof(inq_cp));
3847 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3848 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3849 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3852 case DISCOV_TYPE_LE:
3853 case DISCOV_TYPE_INTERLEAVED:
3854 *status = mgmt_le_support(hdev);
3858 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3859 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
3860 *status = MGMT_STATUS_NOT_SUPPORTED;
3864 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
3865 /* Don't let discovery abort an outgoing
3866 * connection attempt that's using directed
3869 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3871 *status = MGMT_STATUS_REJECTED;
3875 disable_advertising(req);
3878 /* If controller is scanning, it means the background scanning
3879 * is running. Thus, we should temporarily stop it in order to
3880 * set the discovery scanning parameters.
3882 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
3883 hci_req_add_le_scan_disable(req);
3885 memset(¶m_cp, 0, sizeof(param_cp));
3887 /* All active scans will be done with either a resolvable
3888 * private address (when privacy feature has been enabled)
3889 * or non-resolvable private address.
3891 err = hci_update_random_address(req, true, &own_addr_type);
3893 *status = MGMT_STATUS_FAILED;
3897 param_cp.type = LE_SCAN_ACTIVE;
3898 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3899 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3900 param_cp.own_address_type = own_addr_type;
3901 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3904 memset(&enable_cp, 0, sizeof(enable_cp));
3905 enable_cp.enable = LE_SCAN_ENABLE;
3906 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3907 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3912 *status = MGMT_STATUS_INVALID_PARAMS;
3919 static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3922 struct mgmt_pending_cmd *cmd;
3923 unsigned long timeout;
3925 BT_DBG("status %d", status);
3929 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3931 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3934 cmd->cmd_complete(cmd, mgmt_status(status));
3935 mgmt_pending_remove(cmd);
3939 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3943 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3945 /* If the scan involves LE scan, pick proper timeout to schedule
3946 * hdev->le_scan_disable that will stop it.
3948 switch (hdev->discovery.type) {
3949 case DISCOV_TYPE_LE:
3950 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3952 case DISCOV_TYPE_INTERLEAVED:
3953 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3955 case DISCOV_TYPE_BREDR:
3959 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3965 /* When service discovery is used and the controller has
3966 * a strict duplicate filter, it is important to remember
3967 * the start and duration of the scan. This is required
3968 * for restarting scanning during the discovery phase.
3970 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
3972 hdev->discovery.result_filtering) {
3973 hdev->discovery.scan_start = jiffies;
3974 hdev->discovery.scan_duration = timeout;
3977 queue_delayed_work(hdev->workqueue,
3978 &hdev->le_scan_disable, timeout);
3982 hci_dev_unlock(hdev);
3985 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3986 void *data, u16 len)
3988 struct mgmt_cp_start_discovery *cp = data;
3989 struct mgmt_pending_cmd *cmd;
3990 struct hci_request req;
3994 BT_DBG("%s", hdev->name);
3998 if (!hdev_is_powered(hdev)) {
3999 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4000 MGMT_STATUS_NOT_POWERED,
4001 &cp->type, sizeof(cp->type));
4005 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4006 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4007 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4008 MGMT_STATUS_BUSY, &cp->type,
4013 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4019 cmd->cmd_complete = generic_cmd_complete;
4021 /* Clear the discovery filter first to free any previously
4022 * allocated memory for the UUID list.
4024 hci_discovery_filter_clear(hdev);
4026 hdev->discovery.type = cp->type;
4027 hdev->discovery.report_invalid_rssi = false;
4029 hci_req_init(&req, hdev);
4031 if (!trigger_discovery(&req, &status)) {
4032 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4033 status, &cp->type, sizeof(cp->type));
4034 mgmt_pending_remove(cmd);
4038 err = hci_req_run(&req, start_discovery_complete);
4040 mgmt_pending_remove(cmd);
4044 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4047 hci_dev_unlock(hdev);
4051 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4054 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4058 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4059 void *data, u16 len)
4061 struct mgmt_cp_start_service_discovery *cp = data;
4062 struct mgmt_pending_cmd *cmd;
4063 struct hci_request req;
4064 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4065 u16 uuid_count, expected_len;
4069 BT_DBG("%s", hdev->name);
4073 if (!hdev_is_powered(hdev)) {
4074 err = mgmt_cmd_complete(sk, hdev->id,
4075 MGMT_OP_START_SERVICE_DISCOVERY,
4076 MGMT_STATUS_NOT_POWERED,
4077 &cp->type, sizeof(cp->type));
4081 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4082 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4083 err = mgmt_cmd_complete(sk, hdev->id,
4084 MGMT_OP_START_SERVICE_DISCOVERY,
4085 MGMT_STATUS_BUSY, &cp->type,
4090 uuid_count = __le16_to_cpu(cp->uuid_count);
4091 if (uuid_count > max_uuid_count) {
4092 BT_ERR("service_discovery: too big uuid_count value %u",
4094 err = mgmt_cmd_complete(sk, hdev->id,
4095 MGMT_OP_START_SERVICE_DISCOVERY,
4096 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4101 expected_len = sizeof(*cp) + uuid_count * 16;
4102 if (expected_len != len) {
4103 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4105 err = mgmt_cmd_complete(sk, hdev->id,
4106 MGMT_OP_START_SERVICE_DISCOVERY,
4107 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4112 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4119 cmd->cmd_complete = service_discovery_cmd_complete;
4121 /* Clear the discovery filter first to free any previously
4122 * allocated memory for the UUID list.
4124 hci_discovery_filter_clear(hdev);
4126 hdev->discovery.result_filtering = true;
4127 hdev->discovery.type = cp->type;
4128 hdev->discovery.rssi = cp->rssi;
4129 hdev->discovery.uuid_count = uuid_count;
4131 if (uuid_count > 0) {
4132 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4134 if (!hdev->discovery.uuids) {
4135 err = mgmt_cmd_complete(sk, hdev->id,
4136 MGMT_OP_START_SERVICE_DISCOVERY,
4138 &cp->type, sizeof(cp->type));
4139 mgmt_pending_remove(cmd);
4144 hci_req_init(&req, hdev);
4146 if (!trigger_discovery(&req, &status)) {
4147 err = mgmt_cmd_complete(sk, hdev->id,
4148 MGMT_OP_START_SERVICE_DISCOVERY,
4149 status, &cp->type, sizeof(cp->type));
4150 mgmt_pending_remove(cmd);
4154 err = hci_req_run(&req, start_discovery_complete);
4156 mgmt_pending_remove(cmd);
4160 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4163 hci_dev_unlock(hdev);
4167 static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4169 struct mgmt_pending_cmd *cmd;
4171 BT_DBG("status %d", status);
4175 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4177 cmd->cmd_complete(cmd, mgmt_status(status));
4178 mgmt_pending_remove(cmd);
4182 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4184 hci_dev_unlock(hdev);
4187 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4190 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4191 struct mgmt_pending_cmd *cmd;
4192 struct hci_request req;
4195 BT_DBG("%s", hdev->name);
4199 if (!hci_discovery_active(hdev)) {
4200 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4201 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4202 sizeof(mgmt_cp->type));
4206 if (hdev->discovery.type != mgmt_cp->type) {
4207 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4208 MGMT_STATUS_INVALID_PARAMS,
4209 &mgmt_cp->type, sizeof(mgmt_cp->type));
4213 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4219 cmd->cmd_complete = generic_cmd_complete;
4221 hci_req_init(&req, hdev);
4223 hci_stop_discovery(&req);
4225 err = hci_req_run(&req, stop_discovery_complete);
4227 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4231 mgmt_pending_remove(cmd);
4233 /* If no HCI commands were sent we're done */
4234 if (err == -ENODATA) {
4235 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4236 &mgmt_cp->type, sizeof(mgmt_cp->type));
4237 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4241 hci_dev_unlock(hdev);
4245 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4248 struct mgmt_cp_confirm_name *cp = data;
4249 struct inquiry_entry *e;
4252 BT_DBG("%s", hdev->name);
4256 if (!hci_discovery_active(hdev)) {
4257 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4258 MGMT_STATUS_FAILED, &cp->addr,
4263 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4265 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4266 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4271 if (cp->name_known) {
4272 e->name_state = NAME_KNOWN;
4275 e->name_state = NAME_NEEDED;
4276 hci_inquiry_cache_update_resolve(hdev, e);
4279 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4280 &cp->addr, sizeof(cp->addr));
4283 hci_dev_unlock(hdev);
4287 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4290 struct mgmt_cp_block_device *cp = data;
4294 BT_DBG("%s", hdev->name);
4296 if (!bdaddr_type_is_valid(cp->addr.type))
4297 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4298 MGMT_STATUS_INVALID_PARAMS,
4299 &cp->addr, sizeof(cp->addr));
4303 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4306 status = MGMT_STATUS_FAILED;
4310 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4312 status = MGMT_STATUS_SUCCESS;
4315 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4316 &cp->addr, sizeof(cp->addr));
4318 hci_dev_unlock(hdev);
4323 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4326 struct mgmt_cp_unblock_device *cp = data;
4330 BT_DBG("%s", hdev->name);
4332 if (!bdaddr_type_is_valid(cp->addr.type))
4333 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4334 MGMT_STATUS_INVALID_PARAMS,
4335 &cp->addr, sizeof(cp->addr));
4339 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4342 status = MGMT_STATUS_INVALID_PARAMS;
4346 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4348 status = MGMT_STATUS_SUCCESS;
4351 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4352 &cp->addr, sizeof(cp->addr));
4354 hci_dev_unlock(hdev);
4359 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4362 struct mgmt_cp_set_device_id *cp = data;
4363 struct hci_request req;
4367 BT_DBG("%s", hdev->name);
4369 source = __le16_to_cpu(cp->source);
4371 if (source > 0x0002)
4372 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4373 MGMT_STATUS_INVALID_PARAMS);
4377 hdev->devid_source = source;
4378 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4379 hdev->devid_product = __le16_to_cpu(cp->product);
4380 hdev->devid_version = __le16_to_cpu(cp->version);
4382 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4385 hci_req_init(&req, hdev);
4387 hci_req_run(&req, NULL);
4389 hci_dev_unlock(hdev);
4394 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4397 struct cmd_lookup match = { NULL, hdev };
4402 u8 mgmt_err = mgmt_status(status);
4404 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4405 cmd_status_rsp, &mgmt_err);
4409 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4410 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4412 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4414 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4417 new_settings(hdev, match.sk);
4423 hci_dev_unlock(hdev);
4426 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4429 struct mgmt_mode *cp = data;
4430 struct mgmt_pending_cmd *cmd;
4431 struct hci_request req;
4435 BT_DBG("request for %s", hdev->name);
4437 status = mgmt_le_support(hdev);
4439 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4442 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4443 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4444 MGMT_STATUS_INVALID_PARAMS);
4450 /* The following conditions are ones which mean that we should
4451 * not do any HCI communication but directly send a mgmt
4452 * response to user space (after toggling the flag if
4455 if (!hdev_is_powered(hdev) ||
4456 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4457 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4458 hci_conn_num(hdev, LE_LINK) > 0 ||
4459 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4460 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4464 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4465 if (cp->val == 0x02)
4466 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4468 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4470 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4471 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4474 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4479 err = new_settings(hdev, sk);
4484 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4485 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4486 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4491 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4497 hci_req_init(&req, hdev);
4499 if (cp->val == 0x02)
4500 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4502 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4505 enable_advertising(&req);
4507 disable_advertising(&req);
4509 err = hci_req_run(&req, set_advertising_complete);
4511 mgmt_pending_remove(cmd);
4514 hci_dev_unlock(hdev);
4518 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4519 void *data, u16 len)
4521 struct mgmt_cp_set_static_address *cp = data;
4524 BT_DBG("%s", hdev->name);
4526 if (!lmp_le_capable(hdev))
4527 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4528 MGMT_STATUS_NOT_SUPPORTED);
4530 if (hdev_is_powered(hdev))
4531 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4532 MGMT_STATUS_REJECTED);
4534 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4535 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4536 return mgmt_cmd_status(sk, hdev->id,
4537 MGMT_OP_SET_STATIC_ADDRESS,
4538 MGMT_STATUS_INVALID_PARAMS);
4540 /* Two most significant bits shall be set */
4541 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4542 return mgmt_cmd_status(sk, hdev->id,
4543 MGMT_OP_SET_STATIC_ADDRESS,
4544 MGMT_STATUS_INVALID_PARAMS);
4549 bacpy(&hdev->static_addr, &cp->bdaddr);
4551 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4555 err = new_settings(hdev, sk);
4558 hci_dev_unlock(hdev);
4562 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4563 void *data, u16 len)
4565 struct mgmt_cp_set_scan_params *cp = data;
4566 __u16 interval, window;
4569 BT_DBG("%s", hdev->name);
4571 if (!lmp_le_capable(hdev))
4572 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4573 MGMT_STATUS_NOT_SUPPORTED);
4575 interval = __le16_to_cpu(cp->interval);
4577 if (interval < 0x0004 || interval > 0x4000)
4578 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4579 MGMT_STATUS_INVALID_PARAMS);
4581 window = __le16_to_cpu(cp->window);
4583 if (window < 0x0004 || window > 0x4000)
4584 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4585 MGMT_STATUS_INVALID_PARAMS);
4587 if (window > interval)
4588 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4589 MGMT_STATUS_INVALID_PARAMS);
4593 hdev->le_scan_interval = interval;
4594 hdev->le_scan_window = window;
4596 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4599 /* If background scan is running, restart it so new parameters are
4602 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4603 hdev->discovery.state == DISCOVERY_STOPPED) {
4604 struct hci_request req;
4606 hci_req_init(&req, hdev);
4608 hci_req_add_le_scan_disable(&req);
4609 hci_req_add_le_passive_scan(&req);
4611 hci_req_run(&req, NULL);
4614 hci_dev_unlock(hdev);
4619 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4622 struct mgmt_pending_cmd *cmd;
4624 BT_DBG("status 0x%02x", status);
4628 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4633 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4634 mgmt_status(status));
4636 struct mgmt_mode *cp = cmd->param;
4639 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4641 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4643 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4644 new_settings(hdev, cmd->sk);
4647 mgmt_pending_remove(cmd);
4650 hci_dev_unlock(hdev);
4653 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4654 void *data, u16 len)
4656 struct mgmt_mode *cp = data;
4657 struct mgmt_pending_cmd *cmd;
4658 struct hci_request req;
4661 BT_DBG("%s", hdev->name);
4663 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4664 hdev->hci_ver < BLUETOOTH_VER_1_2)
4665 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4666 MGMT_STATUS_NOT_SUPPORTED);
4668 if (cp->val != 0x00 && cp->val != 0x01)
4669 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4670 MGMT_STATUS_INVALID_PARAMS);
4674 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4675 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4680 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4681 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4686 if (!hdev_is_powered(hdev)) {
4687 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4688 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4690 new_settings(hdev, sk);
4694 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4701 hci_req_init(&req, hdev);
4703 write_fast_connectable(&req, cp->val);
4705 err = hci_req_run(&req, fast_connectable_complete);
4707 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4708 MGMT_STATUS_FAILED);
4709 mgmt_pending_remove(cmd);
4713 hci_dev_unlock(hdev);
4718 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4720 struct mgmt_pending_cmd *cmd;
4722 BT_DBG("status 0x%02x", status);
4726 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4731 u8 mgmt_err = mgmt_status(status);
4733 /* We need to restore the flag if related HCI commands
4736 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4738 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4740 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4741 new_settings(hdev, cmd->sk);
4744 mgmt_pending_remove(cmd);
4747 hci_dev_unlock(hdev);
4750 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4752 struct mgmt_mode *cp = data;
4753 struct mgmt_pending_cmd *cmd;
4754 struct hci_request req;
4757 BT_DBG("request for %s", hdev->name);
4759 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4760 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4761 MGMT_STATUS_NOT_SUPPORTED);
4763 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4764 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4765 MGMT_STATUS_REJECTED);
4767 if (cp->val != 0x00 && cp->val != 0x01)
4768 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4769 MGMT_STATUS_INVALID_PARAMS);
4773 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4774 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4778 if (!hdev_is_powered(hdev)) {
4780 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4781 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4782 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4783 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4784 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4787 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4789 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4793 err = new_settings(hdev, sk);
4797 /* Reject disabling when powered on */
4799 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4800 MGMT_STATUS_REJECTED);
4803 /* When configuring a dual-mode controller to operate
4804 * with LE only and using a static address, then switching
4805 * BR/EDR back on is not allowed.
4807 * Dual-mode controllers shall operate with the public
4808 * address as its identity address for BR/EDR and LE. So
4809 * reject the attempt to create an invalid configuration.
4811 * The same restrictions applies when secure connections
4812 * has been enabled. For BR/EDR this is a controller feature
4813 * while for LE it is a host stack feature. This means that
4814 * switching BR/EDR back on when secure connections has been
4815 * enabled is not a supported transaction.
4817 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4818 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4819 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4820 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4821 MGMT_STATUS_REJECTED);
4826 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4827 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4832 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4838 /* We need to flip the bit already here so that update_adv_data
4839 * generates the correct flags.
4841 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4843 hci_req_init(&req, hdev);
4845 write_fast_connectable(&req, false);
4846 __hci_update_page_scan(&req);
4848 /* Since only the advertising data flags will change, there
4849 * is no need to update the scan response data.
4851 update_adv_data(&req);
4853 err = hci_req_run(&req, set_bredr_complete);
4855 mgmt_pending_remove(cmd);
4858 hci_dev_unlock(hdev);
4862 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4864 struct mgmt_pending_cmd *cmd;
4865 struct mgmt_mode *cp;
4867 BT_DBG("%s status %u", hdev->name, status);
4871 cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4876 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4877 mgmt_status(status));
4885 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4886 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4889 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4890 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4893 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4894 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4898 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4899 new_settings(hdev, cmd->sk);
4902 mgmt_pending_remove(cmd);
4904 hci_dev_unlock(hdev);
4907 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4908 void *data, u16 len)
4910 struct mgmt_mode *cp = data;
4911 struct mgmt_pending_cmd *cmd;
4912 struct hci_request req;
4916 BT_DBG("request for %s", hdev->name);
4918 if (!lmp_sc_capable(hdev) &&
4919 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4920 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4921 MGMT_STATUS_NOT_SUPPORTED);
4923 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4924 lmp_sc_capable(hdev) &&
4925 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4926 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4927 MGMT_STATUS_REJECTED);
4929 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4930 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4931 MGMT_STATUS_INVALID_PARAMS);
4935 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4936 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4940 changed = !hci_dev_test_and_set_flag(hdev,
4942 if (cp->val == 0x02)
4943 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4945 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4947 changed = hci_dev_test_and_clear_flag(hdev,
4949 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4952 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4957 err = new_settings(hdev, sk);
4962 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4963 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4970 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4971 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4972 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4976 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4982 hci_req_init(&req, hdev);
4983 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4984 err = hci_req_run(&req, sc_enable_complete);
4986 mgmt_pending_remove(cmd);
4991 hci_dev_unlock(hdev);
4995 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4996 void *data, u16 len)
4998 struct mgmt_mode *cp = data;
4999 bool changed, use_changed;
5002 BT_DBG("request for %s", hdev->name);
5004 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5005 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5006 MGMT_STATUS_INVALID_PARAMS);
5011 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
5013 changed = hci_dev_test_and_clear_flag(hdev,
5014 HCI_KEEP_DEBUG_KEYS);
5016 if (cp->val == 0x02)
5017 use_changed = !hci_dev_test_and_set_flag(hdev,
5018 HCI_USE_DEBUG_KEYS);
5020 use_changed = hci_dev_test_and_clear_flag(hdev,
5021 HCI_USE_DEBUG_KEYS);
5023 if (hdev_is_powered(hdev) && use_changed &&
5024 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5025 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5026 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5027 sizeof(mode), &mode);
5030 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5035 err = new_settings(hdev, sk);
5038 hci_dev_unlock(hdev);
5042 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5045 struct mgmt_cp_set_privacy *cp = cp_data;
5049 BT_DBG("request for %s", hdev->name);
5051 if (!lmp_le_capable(hdev))
5052 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5053 MGMT_STATUS_NOT_SUPPORTED);
5055 if (cp->privacy != 0x00 && cp->privacy != 0x01)
5056 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5057 MGMT_STATUS_INVALID_PARAMS);
5059 if (hdev_is_powered(hdev))
5060 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5061 MGMT_STATUS_REJECTED);
5065 /* If user space supports this command it is also expected to
5066 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5068 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5071 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
5072 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5073 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
5075 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
5076 memset(hdev->irk, 0, sizeof(hdev->irk));
5077 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
5080 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5085 err = new_settings(hdev, sk);
5088 hci_dev_unlock(hdev);
5092 static bool irk_is_valid(struct mgmt_irk_info *irk)
5094 switch (irk->addr.type) {
5095 case BDADDR_LE_PUBLIC:
5098 case BDADDR_LE_RANDOM:
5099 /* Two most significant bits shall be set */
5100 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5108 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5111 struct mgmt_cp_load_irks *cp = cp_data;
5112 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5113 sizeof(struct mgmt_irk_info));
5114 u16 irk_count, expected_len;
5117 BT_DBG("request for %s", hdev->name);
5119 if (!lmp_le_capable(hdev))
5120 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5121 MGMT_STATUS_NOT_SUPPORTED);
5123 irk_count = __le16_to_cpu(cp->irk_count);
5124 if (irk_count > max_irk_count) {
5125 BT_ERR("load_irks: too big irk_count value %u", irk_count);
5126 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5127 MGMT_STATUS_INVALID_PARAMS);
5130 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5131 if (expected_len != len) {
5132 BT_ERR("load_irks: expected %u bytes, got %u bytes",
5134 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5135 MGMT_STATUS_INVALID_PARAMS);
5138 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5140 for (i = 0; i < irk_count; i++) {
5141 struct mgmt_irk_info *key = &cp->irks[i];
5143 if (!irk_is_valid(key))
5144 return mgmt_cmd_status(sk, hdev->id,
5146 MGMT_STATUS_INVALID_PARAMS);
5151 hci_smp_irks_clear(hdev);
5153 for (i = 0; i < irk_count; i++) {
5154 struct mgmt_irk_info *irk = &cp->irks[i];
5157 if (irk->addr.type == BDADDR_LE_PUBLIC)
5158 addr_type = ADDR_LE_DEV_PUBLIC;
5160 addr_type = ADDR_LE_DEV_RANDOM;
5162 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5166 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5168 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5170 hci_dev_unlock(hdev);
5175 static bool ltk_is_valid(struct mgmt_ltk_info *key)
5177 if (key->master != 0x00 && key->master != 0x01)
5180 switch (key->addr.type) {
5181 case BDADDR_LE_PUBLIC:
5184 case BDADDR_LE_RANDOM:
5185 /* Two most significant bits shall be set */
5186 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5194 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5195 void *cp_data, u16 len)
5197 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5198 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5199 sizeof(struct mgmt_ltk_info));
5200 u16 key_count, expected_len;
5203 BT_DBG("request for %s", hdev->name);
5205 if (!lmp_le_capable(hdev))
5206 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5207 MGMT_STATUS_NOT_SUPPORTED);
5209 key_count = __le16_to_cpu(cp->key_count);
5210 if (key_count > max_key_count) {
5211 BT_ERR("load_ltks: too big key_count value %u", key_count);
5212 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5213 MGMT_STATUS_INVALID_PARAMS);
5216 expected_len = sizeof(*cp) + key_count *
5217 sizeof(struct mgmt_ltk_info);
5218 if (expected_len != len) {
5219 BT_ERR("load_keys: expected %u bytes, got %u bytes",
5221 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5222 MGMT_STATUS_INVALID_PARAMS);
5225 BT_DBG("%s key_count %u", hdev->name, key_count);
5227 for (i = 0; i < key_count; i++) {
5228 struct mgmt_ltk_info *key = &cp->keys[i];
5230 if (!ltk_is_valid(key))
5231 return mgmt_cmd_status(sk, hdev->id,
5232 MGMT_OP_LOAD_LONG_TERM_KEYS,
5233 MGMT_STATUS_INVALID_PARAMS);
5238 hci_smp_ltks_clear(hdev);
5240 for (i = 0; i < key_count; i++) {
5241 struct mgmt_ltk_info *key = &cp->keys[i];
5242 u8 type, addr_type, authenticated;
5244 if (key->addr.type == BDADDR_LE_PUBLIC)
5245 addr_type = ADDR_LE_DEV_PUBLIC;
5247 addr_type = ADDR_LE_DEV_RANDOM;
5249 switch (key->type) {
5250 case MGMT_LTK_UNAUTHENTICATED:
5251 authenticated = 0x00;
5252 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5254 case MGMT_LTK_AUTHENTICATED:
5255 authenticated = 0x01;
5256 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5258 case MGMT_LTK_P256_UNAUTH:
5259 authenticated = 0x00;
5260 type = SMP_LTK_P256;
5262 case MGMT_LTK_P256_AUTH:
5263 authenticated = 0x01;
5264 type = SMP_LTK_P256;
5266 case MGMT_LTK_P256_DEBUG:
5267 authenticated = 0x00;
5268 type = SMP_LTK_P256_DEBUG;
5273 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
5274 authenticated, key->val, key->enc_size, key->ediv,
5278 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5281 hci_dev_unlock(hdev);
5286 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5288 struct hci_conn *conn = cmd->user_data;
5289 struct mgmt_rp_get_conn_info rp;
5292 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5294 if (status == MGMT_STATUS_SUCCESS) {
5295 rp.rssi = conn->rssi;
5296 rp.tx_power = conn->tx_power;
5297 rp.max_tx_power = conn->max_tx_power;
5299 rp.rssi = HCI_RSSI_INVALID;
5300 rp.tx_power = HCI_TX_POWER_INVALID;
5301 rp.max_tx_power = HCI_TX_POWER_INVALID;
5304 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5305 status, &rp, sizeof(rp));
5307 hci_conn_drop(conn);
5313 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5316 struct hci_cp_read_rssi *cp;
5317 struct mgmt_pending_cmd *cmd;
5318 struct hci_conn *conn;
5322 BT_DBG("status 0x%02x", hci_status);
5326 /* Commands sent in request are either Read RSSI or Read Transmit Power
5327 * Level so we check which one was last sent to retrieve connection
5328 * handle. Both commands have handle as first parameter so it's safe to
5329 * cast data on the same command struct.
5331 * First command sent is always Read RSSI and we fail only if it fails.
5332 * In other case we simply override error to indicate success as we
5333 * already remembered if TX power value is actually valid.
5335 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5337 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5338 status = MGMT_STATUS_SUCCESS;
5340 status = mgmt_status(hci_status);
5344 BT_ERR("invalid sent_cmd in conn_info response");
5348 handle = __le16_to_cpu(cp->handle);
5349 conn = hci_conn_hash_lookup_handle(hdev, handle);
5351 BT_ERR("unknown handle (%d) in conn_info response", handle);
5355 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5359 cmd->cmd_complete(cmd, status);
5360 mgmt_pending_remove(cmd);
5363 hci_dev_unlock(hdev);
5366 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5369 struct mgmt_cp_get_conn_info *cp = data;
5370 struct mgmt_rp_get_conn_info rp;
5371 struct hci_conn *conn;
5372 unsigned long conn_info_age;
5375 BT_DBG("%s", hdev->name);
5377 memset(&rp, 0, sizeof(rp));
5378 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5379 rp.addr.type = cp->addr.type;
5381 if (!bdaddr_type_is_valid(cp->addr.type))
5382 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5383 MGMT_STATUS_INVALID_PARAMS,
5388 if (!hdev_is_powered(hdev)) {
5389 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5390 MGMT_STATUS_NOT_POWERED, &rp,
5395 if (cp->addr.type == BDADDR_BREDR)
5396 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5399 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5401 if (!conn || conn->state != BT_CONNECTED) {
5402 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5403 MGMT_STATUS_NOT_CONNECTED, &rp,
5408 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5409 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5410 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5414 /* To avoid client trying to guess when to poll again for information we
5415 * calculate conn info age as random value between min/max set in hdev.
5417 conn_info_age = hdev->conn_info_min_age +
5418 prandom_u32_max(hdev->conn_info_max_age -
5419 hdev->conn_info_min_age);
5421 /* Query controller to refresh cached values if they are too old or were
5424 if (time_after(jiffies, conn->conn_info_timestamp +
5425 msecs_to_jiffies(conn_info_age)) ||
5426 !conn->conn_info_timestamp) {
5427 struct hci_request req;
5428 struct hci_cp_read_tx_power req_txp_cp;
5429 struct hci_cp_read_rssi req_rssi_cp;
5430 struct mgmt_pending_cmd *cmd;
5432 hci_req_init(&req, hdev);
5433 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5434 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5437 /* For LE links TX power does not change thus we don't need to
5438 * query for it once value is known.
5440 if (!bdaddr_type_is_le(cp->addr.type) ||
5441 conn->tx_power == HCI_TX_POWER_INVALID) {
5442 req_txp_cp.handle = cpu_to_le16(conn->handle);
5443 req_txp_cp.type = 0x00;
5444 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5445 sizeof(req_txp_cp), &req_txp_cp);
5448 /* Max TX power needs to be read only once per connection */
5449 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5450 req_txp_cp.handle = cpu_to_le16(conn->handle);
5451 req_txp_cp.type = 0x01;
5452 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5453 sizeof(req_txp_cp), &req_txp_cp);
5456 err = hci_req_run(&req, conn_info_refresh_complete);
5460 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5467 hci_conn_hold(conn);
5468 cmd->user_data = hci_conn_get(conn);
5469 cmd->cmd_complete = conn_info_cmd_complete;
5471 conn->conn_info_timestamp = jiffies;
5473 /* Cache is valid, just reply with values cached in hci_conn */
5474 rp.rssi = conn->rssi;
5475 rp.tx_power = conn->tx_power;
5476 rp.max_tx_power = conn->max_tx_power;
5478 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5479 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5483 hci_dev_unlock(hdev);
5487 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5489 struct hci_conn *conn = cmd->user_data;
5490 struct mgmt_rp_get_clock_info rp;
5491 struct hci_dev *hdev;
5494 memset(&rp, 0, sizeof(rp));
5495 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5500 hdev = hci_dev_get(cmd->index);
5502 rp.local_clock = cpu_to_le32(hdev->clock);
5507 rp.piconet_clock = cpu_to_le32(conn->clock);
5508 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5512 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5516 hci_conn_drop(conn);
5523 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5525 struct hci_cp_read_clock *hci_cp;
5526 struct mgmt_pending_cmd *cmd;
5527 struct hci_conn *conn;
5529 BT_DBG("%s status %u", hdev->name, status);
5533 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5537 if (hci_cp->which) {
5538 u16 handle = __le16_to_cpu(hci_cp->handle);
5539 conn = hci_conn_hash_lookup_handle(hdev, handle);
5544 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5548 cmd->cmd_complete(cmd, mgmt_status(status));
5549 mgmt_pending_remove(cmd);
5552 hci_dev_unlock(hdev);
5555 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5558 struct mgmt_cp_get_clock_info *cp = data;
5559 struct mgmt_rp_get_clock_info rp;
5560 struct hci_cp_read_clock hci_cp;
5561 struct mgmt_pending_cmd *cmd;
5562 struct hci_request req;
5563 struct hci_conn *conn;
5566 BT_DBG("%s", hdev->name);
5568 memset(&rp, 0, sizeof(rp));
5569 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5570 rp.addr.type = cp->addr.type;
5572 if (cp->addr.type != BDADDR_BREDR)
5573 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5574 MGMT_STATUS_INVALID_PARAMS,
5579 if (!hdev_is_powered(hdev)) {
5580 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5581 MGMT_STATUS_NOT_POWERED, &rp,
5586 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5587 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5589 if (!conn || conn->state != BT_CONNECTED) {
5590 err = mgmt_cmd_complete(sk, hdev->id,
5591 MGMT_OP_GET_CLOCK_INFO,
5592 MGMT_STATUS_NOT_CONNECTED,
5600 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5606 cmd->cmd_complete = clock_info_cmd_complete;
5608 hci_req_init(&req, hdev);
5610 memset(&hci_cp, 0, sizeof(hci_cp));
5611 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5614 hci_conn_hold(conn);
5615 cmd->user_data = hci_conn_get(conn);
5617 hci_cp.handle = cpu_to_le16(conn->handle);
5618 hci_cp.which = 0x01; /* Piconet clock */
5619 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5622 err = hci_req_run(&req, get_clock_info_complete);
5624 mgmt_pending_remove(cmd);
5627 hci_dev_unlock(hdev);
5631 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5633 struct hci_conn *conn;
5635 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5639 if (conn->dst_type != type)
5642 if (conn->state != BT_CONNECTED)
5648 /* This function requires the caller holds hdev->lock */
5649 static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5650 u8 addr_type, u8 auto_connect)
5652 struct hci_dev *hdev = req->hdev;
5653 struct hci_conn_params *params;
5655 params = hci_conn_params_add(hdev, addr, addr_type);
5659 if (params->auto_connect == auto_connect)
5662 list_del_init(¶ms->action);
5664 switch (auto_connect) {
5665 case HCI_AUTO_CONN_DISABLED:
5666 case HCI_AUTO_CONN_LINK_LOSS:
5667 __hci_update_background_scan(req);
5669 case HCI_AUTO_CONN_REPORT:
5670 list_add(¶ms->action, &hdev->pend_le_reports);
5671 __hci_update_background_scan(req);
5673 case HCI_AUTO_CONN_DIRECT:
5674 case HCI_AUTO_CONN_ALWAYS:
5675 if (!is_connected(hdev, addr, addr_type)) {
5676 list_add(¶ms->action, &hdev->pend_le_conns);
5677 __hci_update_background_scan(req);
5682 params->auto_connect = auto_connect;
5684 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5690 static void device_added(struct sock *sk, struct hci_dev *hdev,
5691 bdaddr_t *bdaddr, u8 type, u8 action)
5693 struct mgmt_ev_device_added ev;
5695 bacpy(&ev.addr.bdaddr, bdaddr);
5696 ev.addr.type = type;
5699 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5702 static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5704 struct mgmt_pending_cmd *cmd;
5706 BT_DBG("status 0x%02x", status);
5710 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
5714 cmd->cmd_complete(cmd, mgmt_status(status));
5715 mgmt_pending_remove(cmd);
5718 hci_dev_unlock(hdev);
5721 static int add_device(struct sock *sk, struct hci_dev *hdev,
5722 void *data, u16 len)
5724 struct mgmt_cp_add_device *cp = data;
5725 struct mgmt_pending_cmd *cmd;
5726 struct hci_request req;
5727 u8 auto_conn, addr_type;
5730 BT_DBG("%s", hdev->name);
5732 if (!bdaddr_type_is_valid(cp->addr.type) ||
5733 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5734 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5735 MGMT_STATUS_INVALID_PARAMS,
5736 &cp->addr, sizeof(cp->addr));
5738 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5739 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5740 MGMT_STATUS_INVALID_PARAMS,
5741 &cp->addr, sizeof(cp->addr));
5743 hci_req_init(&req, hdev);
5747 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5753 cmd->cmd_complete = addr_cmd_complete;
5755 if (cp->addr.type == BDADDR_BREDR) {
5756 /* Only incoming connections action is supported for now */
5757 if (cp->action != 0x01) {
5758 err = cmd->cmd_complete(cmd,
5759 MGMT_STATUS_INVALID_PARAMS);
5760 mgmt_pending_remove(cmd);
5764 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5769 __hci_update_page_scan(&req);
5774 if (cp->addr.type == BDADDR_LE_PUBLIC)
5775 addr_type = ADDR_LE_DEV_PUBLIC;
5777 addr_type = ADDR_LE_DEV_RANDOM;
5779 if (cp->action == 0x02)
5780 auto_conn = HCI_AUTO_CONN_ALWAYS;
5781 else if (cp->action == 0x01)
5782 auto_conn = HCI_AUTO_CONN_DIRECT;
5784 auto_conn = HCI_AUTO_CONN_REPORT;
5786 /* If the connection parameters don't exist for this device,
5787 * they will be created and configured with defaults.
5789 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
5791 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5792 mgmt_pending_remove(cmd);
5797 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5799 err = hci_req_run(&req, add_device_complete);
5801 /* ENODATA means no HCI commands were needed (e.g. if
5802 * the adapter is powered off).
5804 if (err == -ENODATA)
5805 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5806 mgmt_pending_remove(cmd);
5810 hci_dev_unlock(hdev);
5814 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5815 bdaddr_t *bdaddr, u8 type)
5817 struct mgmt_ev_device_removed ev;
5819 bacpy(&ev.addr.bdaddr, bdaddr);
5820 ev.addr.type = type;
5822 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5825 static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5827 struct mgmt_pending_cmd *cmd;
5829 BT_DBG("status 0x%02x", status);
5833 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5837 cmd->cmd_complete(cmd, mgmt_status(status));
5838 mgmt_pending_remove(cmd);
5841 hci_dev_unlock(hdev);
5844 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5845 void *data, u16 len)
5847 struct mgmt_cp_remove_device *cp = data;
5848 struct mgmt_pending_cmd *cmd;
5849 struct hci_request req;
5852 BT_DBG("%s", hdev->name);
5854 hci_req_init(&req, hdev);
5858 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5864 cmd->cmd_complete = addr_cmd_complete;
5866 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5867 struct hci_conn_params *params;
5870 if (!bdaddr_type_is_valid(cp->addr.type)) {
5871 err = cmd->cmd_complete(cmd,
5872 MGMT_STATUS_INVALID_PARAMS);
5873 mgmt_pending_remove(cmd);
5877 if (cp->addr.type == BDADDR_BREDR) {
5878 err = hci_bdaddr_list_del(&hdev->whitelist,
5882 err = cmd->cmd_complete(cmd,
5883 MGMT_STATUS_INVALID_PARAMS);
5884 mgmt_pending_remove(cmd);
5888 __hci_update_page_scan(&req);
5890 device_removed(sk, hdev, &cp->addr.bdaddr,
5895 if (cp->addr.type == BDADDR_LE_PUBLIC)
5896 addr_type = ADDR_LE_DEV_PUBLIC;
5898 addr_type = ADDR_LE_DEV_RANDOM;
5900 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5903 err = cmd->cmd_complete(cmd,
5904 MGMT_STATUS_INVALID_PARAMS);
5905 mgmt_pending_remove(cmd);
5909 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5910 err = cmd->cmd_complete(cmd,
5911 MGMT_STATUS_INVALID_PARAMS);
5912 mgmt_pending_remove(cmd);
5916 list_del(¶ms->action);
5917 list_del(¶ms->list);
5919 __hci_update_background_scan(&req);
5921 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5923 struct hci_conn_params *p, *tmp;
5924 struct bdaddr_list *b, *btmp;
5926 if (cp->addr.type) {
5927 err = cmd->cmd_complete(cmd,
5928 MGMT_STATUS_INVALID_PARAMS);
5929 mgmt_pending_remove(cmd);
5933 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5934 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5939 __hci_update_page_scan(&req);
5941 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5942 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5944 device_removed(sk, hdev, &p->addr, p->addr_type);
5945 list_del(&p->action);
5950 BT_DBG("All LE connection parameters were removed");
5952 __hci_update_background_scan(&req);
5956 err = hci_req_run(&req, remove_device_complete);
5958 /* ENODATA means no HCI commands were needed (e.g. if
5959 * the adapter is powered off).
5961 if (err == -ENODATA)
5962 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5963 mgmt_pending_remove(cmd);
5967 hci_dev_unlock(hdev);
5971 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5974 struct mgmt_cp_load_conn_param *cp = data;
5975 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5976 sizeof(struct mgmt_conn_param));
5977 u16 param_count, expected_len;
5980 if (!lmp_le_capable(hdev))
5981 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5982 MGMT_STATUS_NOT_SUPPORTED);
5984 param_count = __le16_to_cpu(cp->param_count);
5985 if (param_count > max_param_count) {
5986 BT_ERR("load_conn_param: too big param_count value %u",
5988 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5989 MGMT_STATUS_INVALID_PARAMS);
5992 expected_len = sizeof(*cp) + param_count *
5993 sizeof(struct mgmt_conn_param);
5994 if (expected_len != len) {
5995 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5997 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5998 MGMT_STATUS_INVALID_PARAMS);
6001 BT_DBG("%s param_count %u", hdev->name, param_count);
6005 hci_conn_params_clear_disabled(hdev);
6007 for (i = 0; i < param_count; i++) {
6008 struct mgmt_conn_param *param = &cp->params[i];
6009 struct hci_conn_params *hci_param;
6010 u16 min, max, latency, timeout;
6013 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
6016 if (param->addr.type == BDADDR_LE_PUBLIC) {
6017 addr_type = ADDR_LE_DEV_PUBLIC;
6018 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6019 addr_type = ADDR_LE_DEV_RANDOM;
6021 BT_ERR("Ignoring invalid connection parameters");
6025 min = le16_to_cpu(param->min_interval);
6026 max = le16_to_cpu(param->max_interval);
6027 latency = le16_to_cpu(param->latency);
6028 timeout = le16_to_cpu(param->timeout);
6030 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6031 min, max, latency, timeout);
6033 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6034 BT_ERR("Ignoring invalid connection parameters");
6038 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
6041 BT_ERR("Failed to add connection parameters");
6045 hci_param->conn_min_interval = min;
6046 hci_param->conn_max_interval = max;
6047 hci_param->conn_latency = latency;
6048 hci_param->supervision_timeout = timeout;
6051 hci_dev_unlock(hdev);
6053 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6057 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6058 void *data, u16 len)
6060 struct mgmt_cp_set_external_config *cp = data;
6064 BT_DBG("%s", hdev->name);
6066 if (hdev_is_powered(hdev))
6067 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6068 MGMT_STATUS_REJECTED);
6070 if (cp->config != 0x00 && cp->config != 0x01)
6071 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6072 MGMT_STATUS_INVALID_PARAMS);
6074 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6075 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6076 MGMT_STATUS_NOT_SUPPORTED);
6081 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
6083 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
6085 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6092 err = new_options(hdev, sk);
6094 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
6095 mgmt_index_removed(hdev);
6097 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
6098 hci_dev_set_flag(hdev, HCI_CONFIG);
6099 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6101 queue_work(hdev->req_workqueue, &hdev->power_on);
6103 set_bit(HCI_RAW, &hdev->flags);
6104 mgmt_index_added(hdev);
6109 hci_dev_unlock(hdev);
6113 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6114 void *data, u16 len)
6116 struct mgmt_cp_set_public_address *cp = data;
6120 BT_DBG("%s", hdev->name);
6122 if (hdev_is_powered(hdev))
6123 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6124 MGMT_STATUS_REJECTED);
6126 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6127 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6128 MGMT_STATUS_INVALID_PARAMS);
6130 if (!hdev->set_bdaddr)
6131 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6132 MGMT_STATUS_NOT_SUPPORTED);
6136 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6137 bacpy(&hdev->public_addr, &cp->bdaddr);
6139 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6146 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6147 err = new_options(hdev, sk);
6149 if (is_configured(hdev)) {
6150 mgmt_index_removed(hdev);
6152 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6154 hci_dev_set_flag(hdev, HCI_CONFIG);
6155 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6157 queue_work(hdev->req_workqueue, &hdev->power_on);
6161 hci_dev_unlock(hdev);
6165 static const struct hci_mgmt_handler mgmt_handlers[] = {
6166 { NULL }, /* 0x0000 (no command) */
6167 { read_version, MGMT_READ_VERSION_SIZE,
6169 { read_commands, MGMT_READ_COMMANDS_SIZE,
6171 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6173 { read_controller_info, MGMT_READ_INFO_SIZE, 0 },
6174 { set_powered, MGMT_SETTING_SIZE, 0 },
6175 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE, 0 },
6176 { set_connectable, MGMT_SETTING_SIZE, 0 },
6177 { set_fast_connectable, MGMT_SETTING_SIZE, 0 },
6178 { set_bondable, MGMT_SETTING_SIZE, 0 },
6179 { set_link_security, MGMT_SETTING_SIZE, 0 },
6180 { set_ssp, MGMT_SETTING_SIZE, 0 },
6181 { set_hs, MGMT_SETTING_SIZE, 0 },
6182 { set_le, MGMT_SETTING_SIZE, 0 },
6183 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE, 0 },
6184 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE, 0 },
6185 { add_uuid, MGMT_ADD_UUID_SIZE, 0 },
6186 { remove_uuid, MGMT_REMOVE_UUID_SIZE, 0 },
6187 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6189 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6191 { disconnect, MGMT_DISCONNECT_SIZE, 0 },
6192 { get_connections, MGMT_GET_CONNECTIONS_SIZE, 0 },
6193 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE, 0 },
6194 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE, 0 },
6195 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE, 0 },
6196 { pair_device, MGMT_PAIR_DEVICE_SIZE, 0 },
6197 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE, 0 },
6198 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE, 0 },
6199 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE, 0 },
6200 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE, 0 },
6201 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE, 0 },
6202 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE, 0 },
6203 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6204 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6206 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE, 0 },
6207 { start_discovery, MGMT_START_DISCOVERY_SIZE, 0 },
6208 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE, 0 },
6209 { confirm_name, MGMT_CONFIRM_NAME_SIZE, 0 },
6210 { block_device, MGMT_BLOCK_DEVICE_SIZE, 0 },
6211 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE, 0 },
6212 { set_device_id, MGMT_SET_DEVICE_ID_SIZE, 0 },
6213 { set_advertising, MGMT_SETTING_SIZE, 0 },
6214 { set_bredr, MGMT_SETTING_SIZE, 0 },
6215 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE, 0 },
6216 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE, 0 },
6217 { set_secure_conn, MGMT_SETTING_SIZE, 0 },
6218 { set_debug_keys, MGMT_SETTING_SIZE, 0 },
6219 { set_privacy, MGMT_SET_PRIVACY_SIZE, 0 },
6220 { load_irks, MGMT_LOAD_IRKS_SIZE,
6222 { get_conn_info, MGMT_GET_CONN_INFO_SIZE, 0 },
6223 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE, 0 },
6224 { add_device, MGMT_ADD_DEVICE_SIZE, 0 },
6225 { remove_device, MGMT_REMOVE_DEVICE_SIZE, 0 },
6226 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6228 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6230 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6231 HCI_MGMT_UNCONFIGURED },
6232 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6233 HCI_MGMT_UNCONFIGURED },
6234 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6235 HCI_MGMT_UNCONFIGURED },
6236 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6240 int mgmt_control(struct hci_mgmt_chan *chan, struct sock *sk,
6241 struct msghdr *msg, size_t msglen)
6245 struct mgmt_hdr *hdr;
6246 u16 opcode, index, len;
6247 struct hci_dev *hdev = NULL;
6248 const struct hci_mgmt_handler *handler;
6249 bool var_len, no_hdev;
6252 BT_DBG("got %zu bytes", msglen);
6254 if (msglen < sizeof(*hdr))
6257 buf = kmalloc(msglen, GFP_KERNEL);
6261 if (memcpy_from_msg(buf, msg, msglen)) {
6267 opcode = __le16_to_cpu(hdr->opcode);
6268 index = __le16_to_cpu(hdr->index);
6269 len = __le16_to_cpu(hdr->len);
6271 if (len != msglen - sizeof(*hdr)) {
6276 if (opcode >= chan->handler_count ||
6277 chan->handlers[opcode].func == NULL) {
6278 BT_DBG("Unknown op %u", opcode);
6279 err = mgmt_cmd_status(sk, index, opcode,
6280 MGMT_STATUS_UNKNOWN_COMMAND);
6284 handler = &chan->handlers[opcode];
6286 if (index != MGMT_INDEX_NONE) {
6287 hdev = hci_dev_get(index);
6289 err = mgmt_cmd_status(sk, index, opcode,
6290 MGMT_STATUS_INVALID_INDEX);
6294 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
6295 hci_dev_test_flag(hdev, HCI_CONFIG) ||
6296 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
6297 err = mgmt_cmd_status(sk, index, opcode,
6298 MGMT_STATUS_INVALID_INDEX);
6302 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
6303 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
6304 err = mgmt_cmd_status(sk, index, opcode,
6305 MGMT_STATUS_INVALID_INDEX);
6310 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
6311 if (no_hdev != !hdev) {
6312 err = mgmt_cmd_status(sk, index, opcode,
6313 MGMT_STATUS_INVALID_INDEX);
6317 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
6318 if ((var_len && len < handler->data_len) ||
6319 (!var_len && len != handler->data_len)) {
6320 err = mgmt_cmd_status(sk, index, opcode,
6321 MGMT_STATUS_INVALID_PARAMS);
6326 mgmt_init_hdev(sk, hdev);
6328 cp = buf + sizeof(*hdr);
6330 err = handler->func(sk, hdev, cp, len);
6344 void mgmt_index_added(struct hci_dev *hdev)
6346 if (hdev->dev_type != HCI_BREDR)
6349 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6352 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6353 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
6355 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
6358 void mgmt_index_removed(struct hci_dev *hdev)
6360 u8 status = MGMT_STATUS_INVALID_INDEX;
6362 if (hdev->dev_type != HCI_BREDR)
6365 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6368 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6370 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6371 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
6373 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
6376 /* This function requires the caller holds hdev->lock */
6377 static void restart_le_actions(struct hci_request *req)
6379 struct hci_dev *hdev = req->hdev;
6380 struct hci_conn_params *p;
6382 list_for_each_entry(p, &hdev->le_conn_params, list) {
6383 /* Needed for AUTO_OFF case where might not "really"
6384 * have been powered off.
6386 list_del_init(&p->action);
6388 switch (p->auto_connect) {
6389 case HCI_AUTO_CONN_DIRECT:
6390 case HCI_AUTO_CONN_ALWAYS:
6391 list_add(&p->action, &hdev->pend_le_conns);
6393 case HCI_AUTO_CONN_REPORT:
6394 list_add(&p->action, &hdev->pend_le_reports);
6401 __hci_update_background_scan(req);
6404 static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6406 struct cmd_lookup match = { NULL, hdev };
6408 BT_DBG("status 0x%02x", status);
6411 /* Register the available SMP channels (BR/EDR and LE) only
6412 * when successfully powering on the controller. This late
6413 * registration is required so that LE SMP can clearly
6414 * decide if the public address or static address is used.
6421 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6423 new_settings(hdev, match.sk);
6425 hci_dev_unlock(hdev);
6431 static int powered_update_hci(struct hci_dev *hdev)
6433 struct hci_request req;
6436 hci_req_init(&req, hdev);
6438 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
6439 !lmp_host_ssp_capable(hdev)) {
6442 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6444 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6447 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6448 sizeof(support), &support);
6452 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
6453 lmp_bredr_capable(hdev)) {
6454 struct hci_cp_write_le_host_supported cp;
6459 /* Check first if we already have the right
6460 * host state (host features set)
6462 if (cp.le != lmp_host_le_capable(hdev) ||
6463 cp.simul != lmp_host_le_br_capable(hdev))
6464 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6468 if (lmp_le_capable(hdev)) {
6469 /* Make sure the controller has a good default for
6470 * advertising data. This also applies to the case
6471 * where BR/EDR was toggled during the AUTO_OFF phase.
6473 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
6474 update_adv_data(&req);
6475 update_scan_rsp_data(&req);
6478 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6479 enable_advertising(&req);
6481 restart_le_actions(&req);
6484 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
6485 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
6486 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6487 sizeof(link_sec), &link_sec);
6489 if (lmp_bredr_capable(hdev)) {
6490 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
6491 write_fast_connectable(&req, true);
6493 write_fast_connectable(&req, false);
6494 __hci_update_page_scan(&req);
6500 return hci_req_run(&req, powered_complete);
6503 int mgmt_powered(struct hci_dev *hdev, u8 powered)
6505 struct cmd_lookup match = { NULL, hdev };
6506 u8 status, zero_cod[] = { 0, 0, 0 };
6509 if (!hci_dev_test_flag(hdev, HCI_MGMT))
6513 if (powered_update_hci(hdev) == 0)
6516 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6521 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6523 /* If the power off is because of hdev unregistration let
6524 * use the appropriate INVALID_INDEX status. Otherwise use
6525 * NOT_POWERED. We cover both scenarios here since later in
6526 * mgmt_index_removed() any hci_conn callbacks will have already
6527 * been triggered, potentially causing misleading DISCONNECTED
6530 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
6531 status = MGMT_STATUS_INVALID_INDEX;
6533 status = MGMT_STATUS_NOT_POWERED;
6535 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6537 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6538 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6539 zero_cod, sizeof(zero_cod), NULL);
6542 err = new_settings(hdev, match.sk);
6550 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
6552 struct mgmt_pending_cmd *cmd;
6555 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6559 if (err == -ERFKILL)
6560 status = MGMT_STATUS_RFKILLED;
6562 status = MGMT_STATUS_FAILED;
6564 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
6566 mgmt_pending_remove(cmd);
6569 void mgmt_discoverable_timeout(struct hci_dev *hdev)
6571 struct hci_request req;
6575 /* When discoverable timeout triggers, then just make sure
6576 * the limited discoverable flag is cleared. Even in the case
6577 * of a timeout triggered from general discoverable, it is
6578 * safe to unconditionally clear the flag.
6580 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
6581 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
6583 hci_req_init(&req, hdev);
6584 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
6585 u8 scan = SCAN_PAGE;
6586 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6587 sizeof(scan), &scan);
6590 update_adv_data(&req);
6591 hci_req_run(&req, NULL);
6593 hdev->discov_timeout = 0;
6595 new_settings(hdev, NULL);
6597 hci_dev_unlock(hdev);
6600 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6603 struct mgmt_ev_new_link_key ev;
6605 memset(&ev, 0, sizeof(ev));
6607 ev.store_hint = persistent;
6608 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6609 ev.key.addr.type = BDADDR_BREDR;
6610 ev.key.type = key->type;
6611 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
6612 ev.key.pin_len = key->pin_len;
6614 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
6617 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6619 switch (ltk->type) {
6622 if (ltk->authenticated)
6623 return MGMT_LTK_AUTHENTICATED;
6624 return MGMT_LTK_UNAUTHENTICATED;
6626 if (ltk->authenticated)
6627 return MGMT_LTK_P256_AUTH;
6628 return MGMT_LTK_P256_UNAUTH;
6629 case SMP_LTK_P256_DEBUG:
6630 return MGMT_LTK_P256_DEBUG;
6633 return MGMT_LTK_UNAUTHENTICATED;
6636 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
6638 struct mgmt_ev_new_long_term_key ev;
6640 memset(&ev, 0, sizeof(ev));
6642 /* Devices using resolvable or non-resolvable random addresses
6643 * without providing an indentity resolving key don't require
6644 * to store long term keys. Their addresses will change the
6647 * Only when a remote device provides an identity address
6648 * make sure the long term key is stored. If the remote
6649 * identity is known, the long term keys are internally
6650 * mapped to the identity address. So allow static random
6651 * and public addresses here.
6653 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6654 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6655 ev.store_hint = 0x00;
6657 ev.store_hint = persistent;
6659 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6660 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
6661 ev.key.type = mgmt_ltk_type(key);
6662 ev.key.enc_size = key->enc_size;
6663 ev.key.ediv = key->ediv;
6664 ev.key.rand = key->rand;
6666 if (key->type == SMP_LTK)
6669 memcpy(ev.key.val, key->val, sizeof(key->val));
6671 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
6674 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6676 struct mgmt_ev_new_irk ev;
6678 memset(&ev, 0, sizeof(ev));
6680 /* For identity resolving keys from devices that are already
6681 * using a public address or static random address, do not
6682 * ask for storing this key. The identity resolving key really
6683 * is only mandatory for devices using resovlable random
6686 * Storing all identity resolving keys has the downside that
6687 * they will be also loaded on next boot of they system. More
6688 * identity resolving keys, means more time during scanning is
6689 * needed to actually resolve these addresses.
6691 if (bacmp(&irk->rpa, BDADDR_ANY))
6692 ev.store_hint = 0x01;
6694 ev.store_hint = 0x00;
6696 bacpy(&ev.rpa, &irk->rpa);
6697 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6698 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6699 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6701 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6704 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6707 struct mgmt_ev_new_csrk ev;
6709 memset(&ev, 0, sizeof(ev));
6711 /* Devices using resolvable or non-resolvable random addresses
6712 * without providing an indentity resolving key don't require
6713 * to store signature resolving keys. Their addresses will change
6714 * the next time around.
6716 * Only when a remote device provides an identity address
6717 * make sure the signature resolving key is stored. So allow
6718 * static random and public addresses here.
6720 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6721 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6722 ev.store_hint = 0x00;
6724 ev.store_hint = persistent;
6726 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6727 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6728 ev.key.type = csrk->type;
6729 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6731 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6734 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
6735 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6736 u16 max_interval, u16 latency, u16 timeout)
6738 struct mgmt_ev_new_conn_param ev;
6740 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6743 memset(&ev, 0, sizeof(ev));
6744 bacpy(&ev.addr.bdaddr, bdaddr);
6745 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
6746 ev.store_hint = store_hint;
6747 ev.min_interval = cpu_to_le16(min_interval);
6748 ev.max_interval = cpu_to_le16(max_interval);
6749 ev.latency = cpu_to_le16(latency);
6750 ev.timeout = cpu_to_le16(timeout);
6752 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6755 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6758 eir[eir_len++] = sizeof(type) + data_len;
6759 eir[eir_len++] = type;
6760 memcpy(&eir[eir_len], data, data_len);
6761 eir_len += data_len;
6766 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6767 u32 flags, u8 *name, u8 name_len)
6770 struct mgmt_ev_device_connected *ev = (void *) buf;
6773 bacpy(&ev->addr.bdaddr, &conn->dst);
6774 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6776 ev->flags = __cpu_to_le32(flags);
6778 /* We must ensure that the EIR Data fields are ordered and
6779 * unique. Keep it simple for now and avoid the problem by not
6780 * adding any BR/EDR data to the LE adv.
6782 if (conn->le_adv_data_len > 0) {
6783 memcpy(&ev->eir[eir_len],
6784 conn->le_adv_data, conn->le_adv_data_len);
6785 eir_len = conn->le_adv_data_len;
6788 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6791 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
6792 eir_len = eir_append_data(ev->eir, eir_len,
6794 conn->dev_class, 3);
6797 ev->eir_len = cpu_to_le16(eir_len);
6799 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6800 sizeof(*ev) + eir_len, NULL);
6803 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
6805 struct sock **sk = data;
6807 cmd->cmd_complete(cmd, 0);
6812 mgmt_pending_remove(cmd);
6815 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
6817 struct hci_dev *hdev = data;
6818 struct mgmt_cp_unpair_device *cp = cmd->param;
6820 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6822 cmd->cmd_complete(cmd, 0);
6823 mgmt_pending_remove(cmd);
6826 bool mgmt_powering_down(struct hci_dev *hdev)
6828 struct mgmt_pending_cmd *cmd;
6829 struct mgmt_mode *cp;
6831 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6842 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
6843 u8 link_type, u8 addr_type, u8 reason,
6844 bool mgmt_connected)
6846 struct mgmt_ev_device_disconnected ev;
6847 struct sock *sk = NULL;
6849 /* The connection is still in hci_conn_hash so test for 1
6850 * instead of 0 to know if this is the last one.
6852 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6853 cancel_delayed_work(&hdev->power_off);
6854 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6857 if (!mgmt_connected)
6860 if (link_type != ACL_LINK && link_type != LE_LINK)
6863 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
6865 bacpy(&ev.addr.bdaddr, bdaddr);
6866 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6869 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
6874 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6878 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6879 u8 link_type, u8 addr_type, u8 status)
6881 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6882 struct mgmt_cp_disconnect *cp;
6883 struct mgmt_pending_cmd *cmd;
6885 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6888 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
6894 if (bacmp(bdaddr, &cp->addr.bdaddr))
6897 if (cp->addr.type != bdaddr_type)
6900 cmd->cmd_complete(cmd, mgmt_status(status));
6901 mgmt_pending_remove(cmd);
6904 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6905 u8 addr_type, u8 status)
6907 struct mgmt_ev_connect_failed ev;
6909 /* The connection is still in hci_conn_hash so test for 1
6910 * instead of 0 to know if this is the last one.
6912 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6913 cancel_delayed_work(&hdev->power_off);
6914 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6917 bacpy(&ev.addr.bdaddr, bdaddr);
6918 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6919 ev.status = mgmt_status(status);
6921 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
6924 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
6926 struct mgmt_ev_pin_code_request ev;
6928 bacpy(&ev.addr.bdaddr, bdaddr);
6929 ev.addr.type = BDADDR_BREDR;
6932 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
6935 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6938 struct mgmt_pending_cmd *cmd;
6940 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
6944 cmd->cmd_complete(cmd, mgmt_status(status));
6945 mgmt_pending_remove(cmd);
6948 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6951 struct mgmt_pending_cmd *cmd;
6953 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
6957 cmd->cmd_complete(cmd, mgmt_status(status));
6958 mgmt_pending_remove(cmd);
6961 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
6962 u8 link_type, u8 addr_type, u32 value,
6965 struct mgmt_ev_user_confirm_request ev;
6967 BT_DBG("%s", hdev->name);
6969 bacpy(&ev.addr.bdaddr, bdaddr);
6970 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6971 ev.confirm_hint = confirm_hint;
6972 ev.value = cpu_to_le32(value);
6974 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
6978 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
6979 u8 link_type, u8 addr_type)
6981 struct mgmt_ev_user_passkey_request ev;
6983 BT_DBG("%s", hdev->name);
6985 bacpy(&ev.addr.bdaddr, bdaddr);
6986 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6988 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
6992 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6993 u8 link_type, u8 addr_type, u8 status,
6996 struct mgmt_pending_cmd *cmd;
6998 cmd = mgmt_pending_find(opcode, hdev);
7002 cmd->cmd_complete(cmd, mgmt_status(status));
7003 mgmt_pending_remove(cmd);
7008 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7009 u8 link_type, u8 addr_type, u8 status)
7011 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7012 status, MGMT_OP_USER_CONFIRM_REPLY);
7015 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7016 u8 link_type, u8 addr_type, u8 status)
7018 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7020 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7023 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7024 u8 link_type, u8 addr_type, u8 status)
7026 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7027 status, MGMT_OP_USER_PASSKEY_REPLY);
7030 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7031 u8 link_type, u8 addr_type, u8 status)
7033 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7035 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7038 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7039 u8 link_type, u8 addr_type, u32 passkey,
7042 struct mgmt_ev_passkey_notify ev;
7044 BT_DBG("%s", hdev->name);
7046 bacpy(&ev.addr.bdaddr, bdaddr);
7047 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7048 ev.passkey = __cpu_to_le32(passkey);
7049 ev.entered = entered;
7051 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7054 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7056 struct mgmt_ev_auth_failed ev;
7057 struct mgmt_pending_cmd *cmd;
7058 u8 status = mgmt_status(hci_status);
7060 bacpy(&ev.addr.bdaddr, &conn->dst);
7061 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7064 cmd = find_pairing(conn);
7066 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7067 cmd ? cmd->sk : NULL);
7070 cmd->cmd_complete(cmd, status);
7071 mgmt_pending_remove(cmd);
7075 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7077 struct cmd_lookup match = { NULL, hdev };
7081 u8 mgmt_err = mgmt_status(status);
7082 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7083 cmd_status_rsp, &mgmt_err);
7087 if (test_bit(HCI_AUTH, &hdev->flags))
7088 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7090 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7092 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7096 new_settings(hdev, match.sk);
7102 static void clear_eir(struct hci_request *req)
7104 struct hci_dev *hdev = req->hdev;
7105 struct hci_cp_write_eir cp;
7107 if (!lmp_ext_inq_capable(hdev))
7110 memset(hdev->eir, 0, sizeof(hdev->eir));
7112 memset(&cp, 0, sizeof(cp));
7114 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7117 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7119 struct cmd_lookup match = { NULL, hdev };
7120 struct hci_request req;
7121 bool changed = false;
7124 u8 mgmt_err = mgmt_status(status);
7126 if (enable && hci_dev_test_and_clear_flag(hdev,
7128 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7129 new_settings(hdev, NULL);
7132 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7138 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7140 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7142 changed = hci_dev_test_and_clear_flag(hdev,
7145 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7148 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7151 new_settings(hdev, match.sk);
7156 hci_req_init(&req, hdev);
7158 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7159 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7160 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7161 sizeof(enable), &enable);
7167 hci_req_run(&req, NULL);
7170 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7172 struct cmd_lookup *match = data;
7174 if (match->sk == NULL) {
7175 match->sk = cmd->sk;
7176 sock_hold(match->sk);
7180 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7183 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7185 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7186 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7187 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7190 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
7197 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7199 struct mgmt_cp_set_local_name ev;
7200 struct mgmt_pending_cmd *cmd;
7205 memset(&ev, 0, sizeof(ev));
7206 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7207 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7209 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7211 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7213 /* If this is a HCI command related to powering on the
7214 * HCI dev don't send any mgmt signals.
7216 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7220 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7221 cmd ? cmd->sk : NULL);
7224 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
7225 u8 *rand192, u8 *hash256, u8 *rand256,
7228 struct mgmt_pending_cmd *cmd;
7230 BT_DBG("%s status %u", hdev->name, status);
7232 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
7237 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7238 mgmt_status(status));
7240 struct mgmt_rp_read_local_oob_data rp;
7241 size_t rp_size = sizeof(rp);
7243 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7244 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
7246 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
7247 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
7248 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
7250 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
7253 mgmt_cmd_complete(cmd->sk, hdev->id,
7254 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7258 mgmt_pending_remove(cmd);
7261 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7265 for (i = 0; i < uuid_count; i++) {
7266 if (!memcmp(uuid, uuids[i], 16))
7273 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7277 while (parsed < eir_len) {
7278 u8 field_len = eir[0];
7285 if (eir_len - parsed < field_len + 1)
7289 case EIR_UUID16_ALL:
7290 case EIR_UUID16_SOME:
7291 for (i = 0; i + 3 <= field_len; i += 2) {
7292 memcpy(uuid, bluetooth_base_uuid, 16);
7293 uuid[13] = eir[i + 3];
7294 uuid[12] = eir[i + 2];
7295 if (has_uuid(uuid, uuid_count, uuids))
7299 case EIR_UUID32_ALL:
7300 case EIR_UUID32_SOME:
7301 for (i = 0; i + 5 <= field_len; i += 4) {
7302 memcpy(uuid, bluetooth_base_uuid, 16);
7303 uuid[15] = eir[i + 5];
7304 uuid[14] = eir[i + 4];
7305 uuid[13] = eir[i + 3];
7306 uuid[12] = eir[i + 2];
7307 if (has_uuid(uuid, uuid_count, uuids))
7311 case EIR_UUID128_ALL:
7312 case EIR_UUID128_SOME:
7313 for (i = 0; i + 17 <= field_len; i += 16) {
7314 memcpy(uuid, eir + i + 2, 16);
7315 if (has_uuid(uuid, uuid_count, uuids))
7321 parsed += field_len + 1;
7322 eir += field_len + 1;
7328 static void restart_le_scan(struct hci_dev *hdev)
7330 /* If controller is not scanning we are done. */
7331 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7334 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7335 hdev->discovery.scan_start +
7336 hdev->discovery.scan_duration))
7339 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7340 DISCOV_LE_RESTART_DELAY);
7343 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7344 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7346 /* If a RSSI threshold has been specified, and
7347 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7348 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7349 * is set, let it through for further processing, as we might need to
7352 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7353 * the results are also dropped.
7355 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7356 (rssi == HCI_RSSI_INVALID ||
7357 (rssi < hdev->discovery.rssi &&
7358 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7361 if (hdev->discovery.uuid_count != 0) {
7362 /* If a list of UUIDs is provided in filter, results with no
7363 * matching UUID should be dropped.
7365 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7366 hdev->discovery.uuids) &&
7367 !eir_has_uuids(scan_rsp, scan_rsp_len,
7368 hdev->discovery.uuid_count,
7369 hdev->discovery.uuids))
7373 /* If duplicate filtering does not report RSSI changes, then restart
7374 * scanning to ensure updated result with updated RSSI values.
7376 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7377 restart_le_scan(hdev);
7379 /* Validate RSSI value against the RSSI threshold once more. */
7380 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7381 rssi < hdev->discovery.rssi)
7388 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7389 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7390 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7393 struct mgmt_ev_device_found *ev = (void *)buf;
7396 /* Don't send events for a non-kernel initiated discovery. With
7397 * LE one exception is if we have pend_le_reports > 0 in which
7398 * case we're doing passive scanning and want these events.
7400 if (!hci_discovery_active(hdev)) {
7401 if (link_type == ACL_LINK)
7403 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7407 if (hdev->discovery.result_filtering) {
7408 /* We are using service discovery */
7409 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7414 /* Make sure that the buffer is big enough. The 5 extra bytes
7415 * are for the potential CoD field.
7417 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7420 memset(buf, 0, sizeof(buf));
7422 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7423 * RSSI value was reported as 0 when not available. This behavior
7424 * is kept when using device discovery. This is required for full
7425 * backwards compatibility with the API.
7427 * However when using service discovery, the value 127 will be
7428 * returned when the RSSI is not available.
7430 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7431 link_type == ACL_LINK)
7434 bacpy(&ev->addr.bdaddr, bdaddr);
7435 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7437 ev->flags = cpu_to_le32(flags);
7440 /* Copy EIR or advertising data into event */
7441 memcpy(ev->eir, eir, eir_len);
7443 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7444 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7447 if (scan_rsp_len > 0)
7448 /* Append scan response data to event */
7449 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7451 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7452 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7454 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7457 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7458 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7460 struct mgmt_ev_device_found *ev;
7461 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7464 ev = (struct mgmt_ev_device_found *) buf;
7466 memset(buf, 0, sizeof(buf));
7468 bacpy(&ev->addr.bdaddr, bdaddr);
7469 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7472 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7475 ev->eir_len = cpu_to_le16(eir_len);
7477 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7480 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7482 struct mgmt_ev_discovering ev;
7484 BT_DBG("%s discovering %u", hdev->name, discovering);
7486 memset(&ev, 0, sizeof(ev));
7487 ev.type = hdev->discovery.type;
7488 ev.discovering = discovering;
7490 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7493 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7495 BT_DBG("%s status %u", hdev->name, status);
7498 void mgmt_reenable_advertising(struct hci_dev *hdev)
7500 struct hci_request req;
7502 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
7505 hci_req_init(&req, hdev);
7506 enable_advertising(&req);
7507 hci_req_run(&req, adv_enable_complete);
7510 static struct hci_mgmt_chan chan = {
7511 .channel = HCI_CHANNEL_CONTROL,
7512 .handler_count = ARRAY_SIZE(mgmt_handlers),
7513 .handlers = mgmt_handlers,
7518 return hci_mgmt_chan_register(&chan);
7521 void mgmt_exit(void)
7523 hci_mgmt_chan_unregister(&chan);
projects / firefly-linux-kernel-4.4.55.git / blob