2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 9
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
103 MGMT_OP_ADD_ADVERTISING,
104 MGMT_OP_REMOVE_ADVERTISING,
107 static const u16 mgmt_events[] = {
108 MGMT_EV_CONTROLLER_ERROR,
110 MGMT_EV_INDEX_REMOVED,
111 MGMT_EV_NEW_SETTINGS,
112 MGMT_EV_CLASS_OF_DEV_CHANGED,
113 MGMT_EV_LOCAL_NAME_CHANGED,
114 MGMT_EV_NEW_LINK_KEY,
115 MGMT_EV_NEW_LONG_TERM_KEY,
116 MGMT_EV_DEVICE_CONNECTED,
117 MGMT_EV_DEVICE_DISCONNECTED,
118 MGMT_EV_CONNECT_FAILED,
119 MGMT_EV_PIN_CODE_REQUEST,
120 MGMT_EV_USER_CONFIRM_REQUEST,
121 MGMT_EV_USER_PASSKEY_REQUEST,
123 MGMT_EV_DEVICE_FOUND,
125 MGMT_EV_DEVICE_BLOCKED,
126 MGMT_EV_DEVICE_UNBLOCKED,
127 MGMT_EV_DEVICE_UNPAIRED,
128 MGMT_EV_PASSKEY_NOTIFY,
131 MGMT_EV_DEVICE_ADDED,
132 MGMT_EV_DEVICE_REMOVED,
133 MGMT_EV_NEW_CONN_PARAM,
134 MGMT_EV_UNCONF_INDEX_ADDED,
135 MGMT_EV_UNCONF_INDEX_REMOVED,
136 MGMT_EV_NEW_CONFIG_OPTIONS,
137 MGMT_EV_EXT_INDEX_ADDED,
138 MGMT_EV_EXT_INDEX_REMOVED,
139 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
140 MGMT_EV_ADVERTISING_ADDED,
141 MGMT_EV_ADVERTISING_REMOVED,
144 static const u16 mgmt_untrusted_commands[] = {
145 MGMT_OP_READ_INDEX_LIST,
147 MGMT_OP_READ_UNCONF_INDEX_LIST,
148 MGMT_OP_READ_CONFIG_INFO,
149 MGMT_OP_READ_EXT_INDEX_LIST,
152 static const u16 mgmt_untrusted_events[] = {
154 MGMT_EV_INDEX_REMOVED,
155 MGMT_EV_NEW_SETTINGS,
156 MGMT_EV_CLASS_OF_DEV_CHANGED,
157 MGMT_EV_LOCAL_NAME_CHANGED,
158 MGMT_EV_UNCONF_INDEX_ADDED,
159 MGMT_EV_UNCONF_INDEX_REMOVED,
160 MGMT_EV_NEW_CONFIG_OPTIONS,
161 MGMT_EV_EXT_INDEX_ADDED,
162 MGMT_EV_EXT_INDEX_REMOVED,
165 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
167 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
168 "\x00\x00\x00\x00\x00\x00\x00\x00"
170 /* HCI to MGMT error code conversion table */
171 static u8 mgmt_status_table[] = {
173 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
174 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
175 MGMT_STATUS_FAILED, /* Hardware Failure */
176 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
177 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
178 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
179 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
180 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
181 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
183 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
184 MGMT_STATUS_BUSY, /* Command Disallowed */
185 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
186 MGMT_STATUS_REJECTED, /* Rejected Security */
187 MGMT_STATUS_REJECTED, /* Rejected Personal */
188 MGMT_STATUS_TIMEOUT, /* Host Timeout */
189 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
190 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
191 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
192 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
193 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
194 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
195 MGMT_STATUS_BUSY, /* Repeated Attempts */
196 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
197 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
198 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
199 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
200 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
201 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
202 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
203 MGMT_STATUS_FAILED, /* Unspecified Error */
204 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
205 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
206 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
207 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
208 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
209 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
210 MGMT_STATUS_FAILED, /* Unit Link Key Used */
211 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
212 MGMT_STATUS_TIMEOUT, /* Instant Passed */
213 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
214 MGMT_STATUS_FAILED, /* Transaction Collision */
215 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
216 MGMT_STATUS_REJECTED, /* QoS Rejected */
217 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
218 MGMT_STATUS_REJECTED, /* Insufficient Security */
219 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
220 MGMT_STATUS_BUSY, /* Role Switch Pending */
221 MGMT_STATUS_FAILED, /* Slot Violation */
222 MGMT_STATUS_FAILED, /* Role Switch Failed */
223 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
224 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
225 MGMT_STATUS_BUSY, /* Host Busy Pairing */
226 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
227 MGMT_STATUS_BUSY, /* Controller Busy */
228 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
229 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
230 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
231 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
232 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
235 static u8 mgmt_status(u8 hci_status)
237 if (hci_status < ARRAY_SIZE(mgmt_status_table))
238 return mgmt_status_table[hci_status];
240 return MGMT_STATUS_FAILED;
243 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
246 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
250 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag, struct sock *skip_sk)
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
257 static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, struct sock *skip_sk)
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 HCI_MGMT_GENERIC_EVENTS, skip_sk);
264 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
268 HCI_SOCK_TRUSTED, skip_sk);
271 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
274 struct mgmt_rp_read_version rp;
276 BT_DBG("sock %p", sk);
278 rp.version = MGMT_VERSION;
279 rp.revision = cpu_to_le16(MGMT_REVISION);
281 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
285 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
288 struct mgmt_rp_read_commands *rp;
289 u16 num_commands, num_events;
293 BT_DBG("sock %p", sk);
295 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
296 num_commands = ARRAY_SIZE(mgmt_commands);
297 num_events = ARRAY_SIZE(mgmt_events);
299 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
300 num_events = ARRAY_SIZE(mgmt_untrusted_events);
303 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
305 rp = kmalloc(rp_size, GFP_KERNEL);
309 rp->num_commands = cpu_to_le16(num_commands);
310 rp->num_events = cpu_to_le16(num_events);
312 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
313 __le16 *opcode = rp->opcodes;
315 for (i = 0; i < num_commands; i++, opcode++)
316 put_unaligned_le16(mgmt_commands[i], opcode);
318 for (i = 0; i < num_events; i++, opcode++)
319 put_unaligned_le16(mgmt_events[i], opcode);
321 __le16 *opcode = rp->opcodes;
323 for (i = 0; i < num_commands; i++, opcode++)
324 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
326 for (i = 0; i < num_events; i++, opcode++)
327 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
330 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
337 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
340 struct mgmt_rp_read_index_list *rp;
346 BT_DBG("sock %p", sk);
348 read_lock(&hci_dev_list_lock);
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (d->dev_type == HCI_BREDR &&
353 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
357 rp_len = sizeof(*rp) + (2 * count);
358 rp = kmalloc(rp_len, GFP_ATOMIC);
360 read_unlock(&hci_dev_list_lock);
365 list_for_each_entry(d, &hci_dev_list, list) {
366 if (hci_dev_test_flag(d, HCI_SETUP) ||
367 hci_dev_test_flag(d, HCI_CONFIG) ||
368 hci_dev_test_flag(d, HCI_USER_CHANNEL))
371 /* Devices marked as raw-only are neither configured
372 * nor unconfigured controllers.
374 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
377 if (d->dev_type == HCI_BREDR &&
378 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
379 rp->index[count++] = cpu_to_le16(d->id);
380 BT_DBG("Added hci%u", d->id);
384 rp->num_controllers = cpu_to_le16(count);
385 rp_len = sizeof(*rp) + (2 * count);
387 read_unlock(&hci_dev_list_lock);
389 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
397 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
398 void *data, u16 data_len)
400 struct mgmt_rp_read_unconf_index_list *rp;
406 BT_DBG("sock %p", sk);
408 read_lock(&hci_dev_list_lock);
411 list_for_each_entry(d, &hci_dev_list, list) {
412 if (d->dev_type == HCI_BREDR &&
413 hci_dev_test_flag(d, HCI_UNCONFIGURED))
417 rp_len = sizeof(*rp) + (2 * count);
418 rp = kmalloc(rp_len, GFP_ATOMIC);
420 read_unlock(&hci_dev_list_lock);
425 list_for_each_entry(d, &hci_dev_list, list) {
426 if (hci_dev_test_flag(d, HCI_SETUP) ||
427 hci_dev_test_flag(d, HCI_CONFIG) ||
428 hci_dev_test_flag(d, HCI_USER_CHANNEL))
431 /* Devices marked as raw-only are neither configured
432 * nor unconfigured controllers.
434 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
437 if (d->dev_type == HCI_BREDR &&
438 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
439 rp->index[count++] = cpu_to_le16(d->id);
440 BT_DBG("Added hci%u", d->id);
444 rp->num_controllers = cpu_to_le16(count);
445 rp_len = sizeof(*rp) + (2 * count);
447 read_unlock(&hci_dev_list_lock);
449 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
450 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
457 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
458 void *data, u16 data_len)
460 struct mgmt_rp_read_ext_index_list *rp;
466 BT_DBG("sock %p", sk);
468 read_lock(&hci_dev_list_lock);
471 list_for_each_entry(d, &hci_dev_list, list) {
472 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
476 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
477 rp = kmalloc(rp_len, GFP_ATOMIC);
479 read_unlock(&hci_dev_list_lock);
484 list_for_each_entry(d, &hci_dev_list, list) {
485 if (hci_dev_test_flag(d, HCI_SETUP) ||
486 hci_dev_test_flag(d, HCI_CONFIG) ||
487 hci_dev_test_flag(d, HCI_USER_CHANNEL))
490 /* Devices marked as raw-only are neither configured
491 * nor unconfigured controllers.
493 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
496 if (d->dev_type == HCI_BREDR) {
497 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
498 rp->entry[count].type = 0x01;
500 rp->entry[count].type = 0x00;
501 } else if (d->dev_type == HCI_AMP) {
502 rp->entry[count].type = 0x02;
507 rp->entry[count].bus = d->bus;
508 rp->entry[count++].index = cpu_to_le16(d->id);
509 BT_DBG("Added hci%u", d->id);
512 rp->num_controllers = cpu_to_le16(count);
513 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
515 read_unlock(&hci_dev_list_lock);
517 /* If this command is called at least once, then all the
518 * default index and unconfigured index events are disabled
519 * and from now on only extended index events are used.
521 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
522 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
523 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
525 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
526 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
533 static bool is_configured(struct hci_dev *hdev)
535 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
536 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
539 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
540 !bacmp(&hdev->public_addr, BDADDR_ANY))
546 static __le32 get_missing_options(struct hci_dev *hdev)
550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
552 options |= MGMT_OPTION_EXTERNAL_CONFIG;
554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
556 options |= MGMT_OPTION_PUBLIC_ADDRESS;
558 return cpu_to_le32(options);
561 static int new_options(struct hci_dev *hdev, struct sock *skip)
563 __le32 options = get_missing_options(hdev);
565 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
566 sizeof(options), skip);
569 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
571 __le32 options = get_missing_options(hdev);
573 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
577 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
578 void *data, u16 data_len)
580 struct mgmt_rp_read_config_info rp;
583 BT_DBG("sock %p %s", sk, hdev->name);
587 memset(&rp, 0, sizeof(rp));
588 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
590 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
591 options |= MGMT_OPTION_EXTERNAL_CONFIG;
593 if (hdev->set_bdaddr)
594 options |= MGMT_OPTION_PUBLIC_ADDRESS;
596 rp.supported_options = cpu_to_le32(options);
597 rp.missing_options = get_missing_options(hdev);
599 hci_dev_unlock(hdev);
601 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
605 static u32 get_supported_settings(struct hci_dev *hdev)
609 settings |= MGMT_SETTING_POWERED;
610 settings |= MGMT_SETTING_BONDABLE;
611 settings |= MGMT_SETTING_DEBUG_KEYS;
612 settings |= MGMT_SETTING_CONNECTABLE;
613 settings |= MGMT_SETTING_DISCOVERABLE;
615 if (lmp_bredr_capable(hdev)) {
616 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
617 settings |= MGMT_SETTING_FAST_CONNECTABLE;
618 settings |= MGMT_SETTING_BREDR;
619 settings |= MGMT_SETTING_LINK_SECURITY;
621 if (lmp_ssp_capable(hdev)) {
622 settings |= MGMT_SETTING_SSP;
623 settings |= MGMT_SETTING_HS;
626 if (lmp_sc_capable(hdev))
627 settings |= MGMT_SETTING_SECURE_CONN;
630 if (lmp_le_capable(hdev)) {
631 settings |= MGMT_SETTING_LE;
632 settings |= MGMT_SETTING_ADVERTISING;
633 settings |= MGMT_SETTING_SECURE_CONN;
634 settings |= MGMT_SETTING_PRIVACY;
635 settings |= MGMT_SETTING_STATIC_ADDRESS;
638 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
640 settings |= MGMT_SETTING_CONFIGURATION;
645 static u32 get_current_settings(struct hci_dev *hdev)
649 if (hdev_is_powered(hdev))
650 settings |= MGMT_SETTING_POWERED;
652 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
653 settings |= MGMT_SETTING_CONNECTABLE;
655 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
656 settings |= MGMT_SETTING_FAST_CONNECTABLE;
658 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
659 settings |= MGMT_SETTING_DISCOVERABLE;
661 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
662 settings |= MGMT_SETTING_BONDABLE;
664 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
665 settings |= MGMT_SETTING_BREDR;
667 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
668 settings |= MGMT_SETTING_LE;
670 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
671 settings |= MGMT_SETTING_LINK_SECURITY;
673 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
674 settings |= MGMT_SETTING_SSP;
676 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
677 settings |= MGMT_SETTING_HS;
679 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
680 settings |= MGMT_SETTING_ADVERTISING;
682 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
683 settings |= MGMT_SETTING_SECURE_CONN;
685 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
686 settings |= MGMT_SETTING_DEBUG_KEYS;
688 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
689 settings |= MGMT_SETTING_PRIVACY;
691 /* The current setting for static address has two purposes. The
692 * first is to indicate if the static address will be used and
693 * the second is to indicate if it is actually set.
695 * This means if the static address is not configured, this flag
696 * will never be set. If the address is configured, then if the
697 * address is actually used decides if the flag is set or not.
699 * For single mode LE only controllers and dual-mode controllers
700 * with BR/EDR disabled, the existence of the static address will
703 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
704 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
705 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
706 if (bacmp(&hdev->static_addr, BDADDR_ANY))
707 settings |= MGMT_SETTING_STATIC_ADDRESS;
713 #define PNP_INFO_SVCLASS_ID 0x1200
715 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
717 u8 *ptr = data, *uuids_start = NULL;
718 struct bt_uuid *uuid;
723 list_for_each_entry(uuid, &hdev->uuids, list) {
726 if (uuid->size != 16)
729 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
733 if (uuid16 == PNP_INFO_SVCLASS_ID)
739 uuids_start[1] = EIR_UUID16_ALL;
743 /* Stop if not enough space to put next UUID */
744 if ((ptr - data) + sizeof(u16) > len) {
745 uuids_start[1] = EIR_UUID16_SOME;
749 *ptr++ = (uuid16 & 0x00ff);
750 *ptr++ = (uuid16 & 0xff00) >> 8;
751 uuids_start[0] += sizeof(uuid16);
757 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
759 u8 *ptr = data, *uuids_start = NULL;
760 struct bt_uuid *uuid;
765 list_for_each_entry(uuid, &hdev->uuids, list) {
766 if (uuid->size != 32)
772 uuids_start[1] = EIR_UUID32_ALL;
776 /* Stop if not enough space to put next UUID */
777 if ((ptr - data) + sizeof(u32) > len) {
778 uuids_start[1] = EIR_UUID32_SOME;
782 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
784 uuids_start[0] += sizeof(u32);
790 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
792 u8 *ptr = data, *uuids_start = NULL;
793 struct bt_uuid *uuid;
798 list_for_each_entry(uuid, &hdev->uuids, list) {
799 if (uuid->size != 128)
805 uuids_start[1] = EIR_UUID128_ALL;
809 /* Stop if not enough space to put next UUID */
810 if ((ptr - data) + 16 > len) {
811 uuids_start[1] = EIR_UUID128_SOME;
815 memcpy(ptr, uuid->uuid, 16);
817 uuids_start[0] += 16;
823 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
825 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
828 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
829 struct hci_dev *hdev,
832 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
835 static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
840 name_len = strlen(hdev->dev_name);
842 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
844 if (name_len > max_len) {
846 ptr[1] = EIR_NAME_SHORT;
848 ptr[1] = EIR_NAME_COMPLETE;
850 ptr[0] = name_len + 1;
852 memcpy(ptr + 2, hdev->dev_name, name_len);
854 ad_len += (name_len + 2);
855 ptr += (name_len + 2);
861 static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
863 /* TODO: Set the appropriate entries based on advertising instance flags
864 * here once flags other than 0 are supported.
866 memcpy(ptr, hdev->adv_instance.scan_rsp_data,
867 hdev->adv_instance.scan_rsp_len);
869 return hdev->adv_instance.scan_rsp_len;
872 static void update_scan_rsp_data_for_instance(struct hci_request *req,
875 struct hci_dev *hdev = req->hdev;
876 struct hci_cp_le_set_scan_rsp_data cp;
879 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
882 memset(&cp, 0, sizeof(cp));
885 len = create_instance_scan_rsp_data(hdev, cp.data);
887 len = create_default_scan_rsp_data(hdev, cp.data);
889 if (hdev->scan_rsp_data_len == len &&
890 !memcmp(cp.data, hdev->scan_rsp_data, len))
893 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
894 hdev->scan_rsp_data_len = len;
898 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
901 static void update_scan_rsp_data(struct hci_request *req)
903 struct hci_dev *hdev = req->hdev;
906 /* The "Set Advertising" setting supersedes the "Add Advertising"
907 * setting. Here we set the scan response data based on which
908 * setting was set. When neither apply, default to the global settings,
909 * represented by instance "0".
911 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
912 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
917 update_scan_rsp_data_for_instance(req, instance);
920 static u8 get_adv_discov_flags(struct hci_dev *hdev)
922 struct mgmt_pending_cmd *cmd;
924 /* If there's a pending mgmt command the flags will not yet have
925 * their final values, so check for this first.
927 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
929 struct mgmt_mode *cp = cmd->param;
931 return LE_AD_GENERAL;
932 else if (cp->val == 0x02)
933 return LE_AD_LIMITED;
935 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
936 return LE_AD_LIMITED;
937 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
938 return LE_AD_GENERAL;
944 static u8 get_current_adv_instance(struct hci_dev *hdev)
946 /* The "Set Advertising" setting supersedes the "Add Advertising"
947 * setting. Here we set the advertising data based on which
948 * setting was set. When neither apply, default to the global settings,
949 * represented by instance "0".
951 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
952 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
958 static bool get_connectable(struct hci_dev *hdev)
960 struct mgmt_pending_cmd *cmd;
962 /* If there's a pending mgmt command the flag will not yet have
963 * it's final value, so check for this first.
965 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
967 struct mgmt_mode *cp = cmd->param;
972 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
975 static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
982 if (instance == 0x01)
983 return hdev->adv_instance.flags;
985 /* Instance 0 always manages the "Tx Power" and "Flags" fields */
986 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
988 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting corresponds
989 * to the "connectable" instance flag.
991 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
992 flags |= MGMT_ADV_FLAG_CONNECTABLE;
997 static u8 get_adv_instance_scan_rsp_len(struct hci_dev *hdev, u8 instance)
999 /* Ignore instance 0 and other unsupported instances */
1000 if (instance != 0x01)
1003 /* TODO: Take into account the "appearance" and "local-name" flags here.
1004 * These are currently being ignored as they are not supported.
1006 return hdev->adv_instance.scan_rsp_len;
1009 static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
1011 u8 ad_len = 0, flags = 0;
1012 u32 instance_flags = get_adv_instance_flags(hdev, instance);
1014 /* The Add Advertising command allows userspace to set both the general
1015 * and limited discoverable flags.
1017 if (instance_flags & MGMT_ADV_FLAG_DISCOV)
1018 flags |= LE_AD_GENERAL;
1020 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
1021 flags |= LE_AD_LIMITED;
1023 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
1024 /* If a discovery flag wasn't provided, simply use the global
1028 flags |= get_adv_discov_flags(hdev);
1030 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1031 flags |= LE_AD_NO_BREDR;
1033 /* If flags would still be empty, then there is no need to
1034 * include the "Flags" AD field".
1046 /* Provide Tx Power only if we can provide a valid value for it */
1047 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID &&
1048 (instance_flags & MGMT_ADV_FLAG_TX_POWER)) {
1050 ptr[1] = EIR_TX_POWER;
1051 ptr[2] = (u8)hdev->adv_tx_power;
1058 memcpy(ptr, hdev->adv_instance.adv_data,
1059 hdev->adv_instance.adv_data_len);
1060 ad_len += hdev->adv_instance.adv_data_len;
1066 static void update_adv_data_for_instance(struct hci_request *req, u8 instance)
1068 struct hci_dev *hdev = req->hdev;
1069 struct hci_cp_le_set_adv_data cp;
1072 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1075 memset(&cp, 0, sizeof(cp));
1077 len = create_instance_adv_data(hdev, instance, cp.data);
1079 /* There's nothing to do if the data hasn't changed */
1080 if (hdev->adv_data_len == len &&
1081 memcmp(cp.data, hdev->adv_data, len) == 0)
1084 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1085 hdev->adv_data_len = len;
1089 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1092 static void update_adv_data(struct hci_request *req)
1094 struct hci_dev *hdev = req->hdev;
1095 u8 instance = get_current_adv_instance(hdev);
1097 update_adv_data_for_instance(req, instance);
1100 int mgmt_update_adv_data(struct hci_dev *hdev)
1102 struct hci_request req;
1104 hci_req_init(&req, hdev);
1105 update_adv_data(&req);
1107 return hci_req_run(&req, NULL);
1110 static void create_eir(struct hci_dev *hdev, u8 *data)
1115 name_len = strlen(hdev->dev_name);
1119 if (name_len > 48) {
1121 ptr[1] = EIR_NAME_SHORT;
1123 ptr[1] = EIR_NAME_COMPLETE;
1125 /* EIR Data length */
1126 ptr[0] = name_len + 1;
1128 memcpy(ptr + 2, hdev->dev_name, name_len);
1130 ptr += (name_len + 2);
1133 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
1135 ptr[1] = EIR_TX_POWER;
1136 ptr[2] = (u8) hdev->inq_tx_power;
1141 if (hdev->devid_source > 0) {
1143 ptr[1] = EIR_DEVICE_ID;
1145 put_unaligned_le16(hdev->devid_source, ptr + 2);
1146 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1147 put_unaligned_le16(hdev->devid_product, ptr + 6);
1148 put_unaligned_le16(hdev->devid_version, ptr + 8);
1153 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1154 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1155 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
1158 static void update_eir(struct hci_request *req)
1160 struct hci_dev *hdev = req->hdev;
1161 struct hci_cp_write_eir cp;
1163 if (!hdev_is_powered(hdev))
1166 if (!lmp_ext_inq_capable(hdev))
1169 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1172 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1175 memset(&cp, 0, sizeof(cp));
1177 create_eir(hdev, cp.data);
1179 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
1182 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1184 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1187 static u8 get_service_classes(struct hci_dev *hdev)
1189 struct bt_uuid *uuid;
1192 list_for_each_entry(uuid, &hdev->uuids, list)
1193 val |= uuid->svc_hint;
1198 static void update_class(struct hci_request *req)
1200 struct hci_dev *hdev = req->hdev;
1203 BT_DBG("%s", hdev->name);
1205 if (!hdev_is_powered(hdev))
1208 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1211 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1214 cod[0] = hdev->minor_class;
1215 cod[1] = hdev->major_class;
1216 cod[2] = get_service_classes(hdev);
1218 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
1221 if (memcmp(cod, hdev->dev_class, 3) == 0)
1224 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1227 static void disable_advertising(struct hci_request *req)
1231 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1234 static void enable_advertising(struct hci_request *req)
1236 struct hci_dev *hdev = req->hdev;
1237 struct hci_cp_le_set_adv_param cp;
1238 u8 own_addr_type, enable = 0x01;
1243 if (hci_conn_num(hdev, LE_LINK) > 0)
1246 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1247 disable_advertising(req);
1249 /* Clear the HCI_LE_ADV bit temporarily so that the
1250 * hci_update_random_address knows that it's safe to go ahead
1251 * and write a new random address. The flag will be set back on
1252 * as soon as the SET_ADV_ENABLE HCI command completes.
1254 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1256 instance = get_current_adv_instance(hdev);
1257 flags = get_adv_instance_flags(hdev, instance);
1259 /* If the "connectable" instance flag was not set, then choose between
1260 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
1262 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1263 get_connectable(hdev);
1265 /* Set require_privacy to true only when non-connectable
1266 * advertising is used. In that case it is fine to use a
1267 * non-resolvable private address.
1269 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1272 memset(&cp, 0, sizeof(cp));
1273 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1274 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1277 cp.type = LE_ADV_IND;
1278 else if (get_adv_instance_scan_rsp_len(hdev, instance))
1279 cp.type = LE_ADV_SCAN_IND;
1281 cp.type = LE_ADV_NONCONN_IND;
1283 cp.own_address_type = own_addr_type;
1284 cp.channel_map = hdev->le_adv_channel_map;
1286 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1288 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1291 static void service_cache_off(struct work_struct *work)
1293 struct hci_dev *hdev = container_of(work, struct hci_dev,
1294 service_cache.work);
1295 struct hci_request req;
1297 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1300 hci_req_init(&req, hdev);
1307 hci_dev_unlock(hdev);
1309 hci_req_run(&req, NULL);
1312 static void rpa_expired(struct work_struct *work)
1314 struct hci_dev *hdev = container_of(work, struct hci_dev,
1316 struct hci_request req;
1320 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1322 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
1325 /* The generation of a new RPA and programming it into the
1326 * controller happens in the enable_advertising() function.
1328 hci_req_init(&req, hdev);
1329 enable_advertising(&req);
1330 hci_req_run(&req, NULL);
1333 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1335 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
1338 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1339 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1341 /* Non-mgmt controlled devices get this bit set
1342 * implicitly so that pairing works for them, however
1343 * for mgmt we require user-space to explicitly enable
1346 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1349 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1350 void *data, u16 data_len)
1352 struct mgmt_rp_read_info rp;
1354 BT_DBG("sock %p %s", sk, hdev->name);
1358 memset(&rp, 0, sizeof(rp));
1360 bacpy(&rp.bdaddr, &hdev->bdaddr);
1362 rp.version = hdev->hci_ver;
1363 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1365 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1366 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1368 memcpy(rp.dev_class, hdev->dev_class, 3);
1370 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1371 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1373 hci_dev_unlock(hdev);
1375 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1379 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1381 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1383 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1387 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1389 BT_DBG("%s status 0x%02x", hdev->name, status);
1391 if (hci_conn_count(hdev) == 0) {
1392 cancel_delayed_work(&hdev->power_off);
1393 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1397 static bool hci_stop_discovery(struct hci_request *req)
1399 struct hci_dev *hdev = req->hdev;
1400 struct hci_cp_remote_name_req_cancel cp;
1401 struct inquiry_entry *e;
1403 switch (hdev->discovery.state) {
1404 case DISCOVERY_FINDING:
1405 if (test_bit(HCI_INQUIRY, &hdev->flags))
1406 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1408 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1409 cancel_delayed_work(&hdev->le_scan_disable);
1410 hci_req_add_le_scan_disable(req);
1415 case DISCOVERY_RESOLVING:
1416 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1421 bacpy(&cp.bdaddr, &e->data.bdaddr);
1422 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1428 /* Passive scanning */
1429 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1430 hci_req_add_le_scan_disable(req);
1440 static void advertising_added(struct sock *sk, struct hci_dev *hdev,
1443 struct mgmt_ev_advertising_added ev;
1445 ev.instance = instance;
1447 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1450 static void advertising_removed(struct sock *sk, struct hci_dev *hdev,
1453 struct mgmt_ev_advertising_removed ev;
1455 ev.instance = instance;
1457 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1460 static void clear_adv_instance(struct hci_dev *hdev)
1462 struct hci_request req;
1464 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1467 if (hdev->adv_instance.timeout)
1468 cancel_delayed_work(&hdev->adv_instance.timeout_exp);
1470 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
1471 advertising_removed(NULL, hdev, 1);
1472 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
1474 if (!hdev_is_powered(hdev) ||
1475 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1478 hci_req_init(&req, hdev);
1479 disable_advertising(&req);
1480 hci_req_run(&req, NULL);
1483 static int clean_up_hci_state(struct hci_dev *hdev)
1485 struct hci_request req;
1486 struct hci_conn *conn;
1487 bool discov_stopped;
1490 hci_req_init(&req, hdev);
1492 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1493 test_bit(HCI_PSCAN, &hdev->flags)) {
1495 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1498 if (hdev->adv_instance.timeout)
1499 clear_adv_instance(hdev);
1501 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1502 disable_advertising(&req);
1504 discov_stopped = hci_stop_discovery(&req);
1506 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1507 struct hci_cp_disconnect dc;
1508 struct hci_cp_reject_conn_req rej;
1510 switch (conn->state) {
1513 dc.handle = cpu_to_le16(conn->handle);
1514 dc.reason = 0x15; /* Terminated due to Power Off */
1515 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1518 if (conn->type == LE_LINK)
1519 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1521 else if (conn->type == ACL_LINK)
1522 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1526 bacpy(&rej.bdaddr, &conn->dst);
1527 rej.reason = 0x15; /* Terminated due to Power Off */
1528 if (conn->type == ACL_LINK)
1529 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1531 else if (conn->type == SCO_LINK)
1532 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1538 err = hci_req_run(&req, clean_up_hci_complete);
1539 if (!err && discov_stopped)
1540 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1545 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1548 struct mgmt_mode *cp = data;
1549 struct mgmt_pending_cmd *cmd;
1552 BT_DBG("request for %s", hdev->name);
1554 if (cp->val != 0x00 && cp->val != 0x01)
1555 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1556 MGMT_STATUS_INVALID_PARAMS);
1560 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1561 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1566 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
1567 cancel_delayed_work(&hdev->power_off);
1570 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1572 err = mgmt_powered(hdev, 1);
1577 if (!!cp->val == hdev_is_powered(hdev)) {
1578 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1582 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1589 queue_work(hdev->req_workqueue, &hdev->power_on);
1592 /* Disconnect connections, stop scans, etc */
1593 err = clean_up_hci_state(hdev);
1595 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1596 HCI_POWER_OFF_TIMEOUT);
1598 /* ENODATA means there were no HCI commands queued */
1599 if (err == -ENODATA) {
1600 cancel_delayed_work(&hdev->power_off);
1601 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1607 hci_dev_unlock(hdev);
1611 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1613 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1615 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1619 int mgmt_new_settings(struct hci_dev *hdev)
1621 return new_settings(hdev, NULL);
1626 struct hci_dev *hdev;
1630 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1632 struct cmd_lookup *match = data;
1634 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1636 list_del(&cmd->list);
1638 if (match->sk == NULL) {
1639 match->sk = cmd->sk;
1640 sock_hold(match->sk);
1643 mgmt_pending_free(cmd);
1646 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1650 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1651 mgmt_pending_remove(cmd);
1654 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1656 if (cmd->cmd_complete) {
1659 cmd->cmd_complete(cmd, *status);
1660 mgmt_pending_remove(cmd);
1665 cmd_status_rsp(cmd, data);
1668 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1670 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1671 cmd->param, cmd->param_len);
1674 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1676 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1677 cmd->param, sizeof(struct mgmt_addr_info));
1680 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1682 if (!lmp_bredr_capable(hdev))
1683 return MGMT_STATUS_NOT_SUPPORTED;
1684 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1685 return MGMT_STATUS_REJECTED;
1687 return MGMT_STATUS_SUCCESS;
1690 static u8 mgmt_le_support(struct hci_dev *hdev)
1692 if (!lmp_le_capable(hdev))
1693 return MGMT_STATUS_NOT_SUPPORTED;
1694 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1695 return MGMT_STATUS_REJECTED;
1697 return MGMT_STATUS_SUCCESS;
1700 static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1703 struct mgmt_pending_cmd *cmd;
1704 struct mgmt_mode *cp;
1705 struct hci_request req;
1708 BT_DBG("status 0x%02x", status);
1712 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1717 u8 mgmt_err = mgmt_status(status);
1718 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1719 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1725 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
1727 if (hdev->discov_timeout > 0) {
1728 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1729 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1733 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
1736 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1739 new_settings(hdev, cmd->sk);
1741 /* When the discoverable mode gets changed, make sure
1742 * that class of device has the limited discoverable
1743 * bit correctly set. Also update page scan based on whitelist
1746 hci_req_init(&req, hdev);
1747 __hci_update_page_scan(&req);
1749 hci_req_run(&req, NULL);
1752 mgmt_pending_remove(cmd);
1755 hci_dev_unlock(hdev);
1758 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1761 struct mgmt_cp_set_discoverable *cp = data;
1762 struct mgmt_pending_cmd *cmd;
1763 struct hci_request req;
1768 BT_DBG("request for %s", hdev->name);
1770 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1771 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1772 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1773 MGMT_STATUS_REJECTED);
1775 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1776 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1777 MGMT_STATUS_INVALID_PARAMS);
1779 timeout = __le16_to_cpu(cp->timeout);
1781 /* Disabling discoverable requires that no timeout is set,
1782 * and enabling limited discoverable requires a timeout.
1784 if ((cp->val == 0x00 && timeout > 0) ||
1785 (cp->val == 0x02 && timeout == 0))
1786 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1787 MGMT_STATUS_INVALID_PARAMS);
1791 if (!hdev_is_powered(hdev) && timeout > 0) {
1792 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1793 MGMT_STATUS_NOT_POWERED);
1797 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1798 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1799 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1804 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1805 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1806 MGMT_STATUS_REJECTED);
1810 if (!hdev_is_powered(hdev)) {
1811 bool changed = false;
1813 /* Setting limited discoverable when powered off is
1814 * not a valid operation since it requires a timeout
1815 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1817 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1818 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1822 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1827 err = new_settings(hdev, sk);
1832 /* If the current mode is the same, then just update the timeout
1833 * value with the new value. And if only the timeout gets updated,
1834 * then no need for any HCI transactions.
1836 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1837 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1838 HCI_LIMITED_DISCOVERABLE)) {
1839 cancel_delayed_work(&hdev->discov_off);
1840 hdev->discov_timeout = timeout;
1842 if (cp->val && hdev->discov_timeout > 0) {
1843 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1844 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1848 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1852 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1858 /* Cancel any potential discoverable timeout that might be
1859 * still active and store new timeout value. The arming of
1860 * the timeout happens in the complete handler.
1862 cancel_delayed_work(&hdev->discov_off);
1863 hdev->discov_timeout = timeout;
1865 /* Limited discoverable mode */
1866 if (cp->val == 0x02)
1867 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1869 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1871 hci_req_init(&req, hdev);
1873 /* The procedure for LE-only controllers is much simpler - just
1874 * update the advertising data.
1876 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1882 struct hci_cp_write_current_iac_lap hci_cp;
1884 if (cp->val == 0x02) {
1885 /* Limited discoverable mode */
1886 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1887 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1888 hci_cp.iac_lap[1] = 0x8b;
1889 hci_cp.iac_lap[2] = 0x9e;
1890 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1891 hci_cp.iac_lap[4] = 0x8b;
1892 hci_cp.iac_lap[5] = 0x9e;
1894 /* General discoverable mode */
1896 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1897 hci_cp.iac_lap[1] = 0x8b;
1898 hci_cp.iac_lap[2] = 0x9e;
1901 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1902 (hci_cp.num_iac * 3) + 1, &hci_cp);
1904 scan |= SCAN_INQUIRY;
1906 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1909 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1912 update_adv_data(&req);
1914 err = hci_req_run(&req, set_discoverable_complete);
1916 mgmt_pending_remove(cmd);
1919 hci_dev_unlock(hdev);
1923 static void write_fast_connectable(struct hci_request *req, bool enable)
1925 struct hci_dev *hdev = req->hdev;
1926 struct hci_cp_write_page_scan_activity acp;
1929 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1932 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1936 type = PAGE_SCAN_TYPE_INTERLACED;
1938 /* 160 msec page scan interval */
1939 acp.interval = cpu_to_le16(0x0100);
1941 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1943 /* default 1.28 sec page scan */
1944 acp.interval = cpu_to_le16(0x0800);
1947 acp.window = cpu_to_le16(0x0012);
1949 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1950 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1951 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1954 if (hdev->page_scan_type != type)
1955 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1958 static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1961 struct mgmt_pending_cmd *cmd;
1962 struct mgmt_mode *cp;
1963 bool conn_changed, discov_changed;
1965 BT_DBG("status 0x%02x", status);
1969 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1974 u8 mgmt_err = mgmt_status(status);
1975 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1981 conn_changed = !hci_dev_test_and_set_flag(hdev,
1983 discov_changed = false;
1985 conn_changed = hci_dev_test_and_clear_flag(hdev,
1987 discov_changed = hci_dev_test_and_clear_flag(hdev,
1991 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1993 if (conn_changed || discov_changed) {
1994 new_settings(hdev, cmd->sk);
1995 hci_update_page_scan(hdev);
1997 mgmt_update_adv_data(hdev);
1998 hci_update_background_scan(hdev);
2002 mgmt_pending_remove(cmd);
2005 hci_dev_unlock(hdev);
2008 static int set_connectable_update_settings(struct hci_dev *hdev,
2009 struct sock *sk, u8 val)
2011 bool changed = false;
2014 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
2018 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
2020 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
2021 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2024 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
2029 hci_update_page_scan(hdev);
2030 hci_update_background_scan(hdev);
2031 return new_settings(hdev, sk);
2037 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
2040 struct mgmt_mode *cp = data;
2041 struct mgmt_pending_cmd *cmd;
2042 struct hci_request req;
2046 BT_DBG("request for %s", hdev->name);
2048 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2049 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
2050 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2051 MGMT_STATUS_REJECTED);
2053 if (cp->val != 0x00 && cp->val != 0x01)
2054 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2055 MGMT_STATUS_INVALID_PARAMS);
2059 if (!hdev_is_powered(hdev)) {
2060 err = set_connectable_update_settings(hdev, sk, cp->val);
2064 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
2065 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
2066 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2071 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
2077 hci_req_init(&req, hdev);
2079 /* If BR/EDR is not enabled and we disable advertising as a
2080 * by-product of disabling connectable, we need to update the
2081 * advertising flags.
2083 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2085 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2086 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
2088 update_adv_data(&req);
2089 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
2093 /* If we don't have any whitelist entries just
2094 * disable all scanning. If there are entries
2095 * and we had both page and inquiry scanning
2096 * enabled then fall back to only page scanning.
2097 * Otherwise no changes are needed.
2099 if (list_empty(&hdev->whitelist))
2100 scan = SCAN_DISABLED;
2101 else if (test_bit(HCI_ISCAN, &hdev->flags))
2104 goto no_scan_update;
2106 if (test_bit(HCI_ISCAN, &hdev->flags) &&
2107 hdev->discov_timeout > 0)
2108 cancel_delayed_work(&hdev->discov_off);
2111 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2115 /* Update the advertising parameters if necessary */
2116 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2117 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
2118 enable_advertising(&req);
2120 err = hci_req_run(&req, set_connectable_complete);
2122 mgmt_pending_remove(cmd);
2123 if (err == -ENODATA)
2124 err = set_connectable_update_settings(hdev, sk,
2130 hci_dev_unlock(hdev);
2134 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
2137 struct mgmt_mode *cp = data;
2141 BT_DBG("request for %s", hdev->name);
2143 if (cp->val != 0x00 && cp->val != 0x01)
2144 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2145 MGMT_STATUS_INVALID_PARAMS);
2150 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
2152 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
2154 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
2159 err = new_settings(hdev, sk);
2162 hci_dev_unlock(hdev);
2166 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2169 struct mgmt_mode *cp = data;
2170 struct mgmt_pending_cmd *cmd;
2174 BT_DBG("request for %s", hdev->name);
2176 status = mgmt_bredr_support(hdev);
2178 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2181 if (cp->val != 0x00 && cp->val != 0x01)
2182 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2183 MGMT_STATUS_INVALID_PARAMS);
2187 if (!hdev_is_powered(hdev)) {
2188 bool changed = false;
2190 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
2191 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
2195 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2200 err = new_settings(hdev, sk);
2205 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2206 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2213 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2214 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2218 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2224 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2226 mgmt_pending_remove(cmd);
2231 hci_dev_unlock(hdev);
2235 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2237 struct mgmt_mode *cp = data;
2238 struct mgmt_pending_cmd *cmd;
2242 BT_DBG("request for %s", hdev->name);
2244 status = mgmt_bredr_support(hdev);
2246 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2248 if (!lmp_ssp_capable(hdev))
2249 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2250 MGMT_STATUS_NOT_SUPPORTED);
2252 if (cp->val != 0x00 && cp->val != 0x01)
2253 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2254 MGMT_STATUS_INVALID_PARAMS);
2258 if (!hdev_is_powered(hdev)) {
2262 changed = !hci_dev_test_and_set_flag(hdev,
2265 changed = hci_dev_test_and_clear_flag(hdev,
2268 changed = hci_dev_test_and_clear_flag(hdev,
2271 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
2274 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2279 err = new_settings(hdev, sk);
2284 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2285 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2290 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
2291 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2295 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2301 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
2302 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2303 sizeof(cp->val), &cp->val);
2305 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2307 mgmt_pending_remove(cmd);
2312 hci_dev_unlock(hdev);
2316 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2318 struct mgmt_mode *cp = data;
2323 BT_DBG("request for %s", hdev->name);
2325 status = mgmt_bredr_support(hdev);
2327 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2329 if (!lmp_ssp_capable(hdev))
2330 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2331 MGMT_STATUS_NOT_SUPPORTED);
2333 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
2334 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2335 MGMT_STATUS_REJECTED);
2337 if (cp->val != 0x00 && cp->val != 0x01)
2338 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2339 MGMT_STATUS_INVALID_PARAMS);
2343 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2344 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2350 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
2352 if (hdev_is_powered(hdev)) {
2353 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2354 MGMT_STATUS_REJECTED);
2358 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
2361 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2366 err = new_settings(hdev, sk);
2369 hci_dev_unlock(hdev);
2373 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2375 struct cmd_lookup match = { NULL, hdev };
2380 u8 mgmt_err = mgmt_status(status);
2382 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2387 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2389 new_settings(hdev, match.sk);
2394 /* Make sure the controller has a good default for
2395 * advertising data. Restrict the update to when LE
2396 * has actually been enabled. During power on, the
2397 * update in powered_update_hci will take care of it.
2399 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2400 struct hci_request req;
2402 hci_req_init(&req, hdev);
2403 update_adv_data(&req);
2404 update_scan_rsp_data(&req);
2405 __hci_update_background_scan(&req);
2406 hci_req_run(&req, NULL);
2410 hci_dev_unlock(hdev);
2413 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2415 struct mgmt_mode *cp = data;
2416 struct hci_cp_write_le_host_supported hci_cp;
2417 struct mgmt_pending_cmd *cmd;
2418 struct hci_request req;
2422 BT_DBG("request for %s", hdev->name);
2424 if (!lmp_le_capable(hdev))
2425 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2426 MGMT_STATUS_NOT_SUPPORTED);
2428 if (cp->val != 0x00 && cp->val != 0x01)
2429 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2430 MGMT_STATUS_INVALID_PARAMS);
2432 /* Bluetooth single mode LE only controllers or dual-mode
2433 * controllers configured as LE only devices, do not allow
2434 * switching LE off. These have either LE enabled explicitly
2435 * or BR/EDR has been previously switched off.
2437 * When trying to enable an already enabled LE, then gracefully
2438 * send a positive response. Trying to disable it however will
2439 * result into rejection.
2441 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2442 if (cp->val == 0x01)
2443 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2445 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2446 MGMT_STATUS_REJECTED);
2452 enabled = lmp_host_le_capable(hdev);
2454 if (!hdev_is_powered(hdev) || val == enabled) {
2455 bool changed = false;
2457 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2458 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
2462 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2463 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
2467 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2472 err = new_settings(hdev, sk);
2477 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2478 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2479 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2484 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2490 hci_req_init(&req, hdev);
2492 memset(&hci_cp, 0, sizeof(hci_cp));
2496 hci_cp.simul = 0x00;
2498 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2499 disable_advertising(&req);
2502 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2505 err = hci_req_run(&req, le_enable_complete);
2507 mgmt_pending_remove(cmd);
2510 hci_dev_unlock(hdev);
2514 /* This is a helper function to test for pending mgmt commands that can
2515 * cause CoD or EIR HCI commands. We can only allow one such pending
2516 * mgmt command at a time since otherwise we cannot easily track what
2517 * the current values are, will be, and based on that calculate if a new
2518 * HCI command needs to be sent and if yes with what value.
2520 static bool pending_eir_or_class(struct hci_dev *hdev)
2522 struct mgmt_pending_cmd *cmd;
2524 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2525 switch (cmd->opcode) {
2526 case MGMT_OP_ADD_UUID:
2527 case MGMT_OP_REMOVE_UUID:
2528 case MGMT_OP_SET_DEV_CLASS:
2529 case MGMT_OP_SET_POWERED:
2537 static const u8 bluetooth_base_uuid[] = {
2538 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2539 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2542 static u8 get_uuid_size(const u8 *uuid)
2546 if (memcmp(uuid, bluetooth_base_uuid, 12))
2549 val = get_unaligned_le32(&uuid[12]);
2556 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2558 struct mgmt_pending_cmd *cmd;
2562 cmd = pending_find(mgmt_op, hdev);
2566 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2567 mgmt_status(status), hdev->dev_class, 3);
2569 mgmt_pending_remove(cmd);
2572 hci_dev_unlock(hdev);
2575 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2577 BT_DBG("status 0x%02x", status);
2579 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2582 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2584 struct mgmt_cp_add_uuid *cp = data;
2585 struct mgmt_pending_cmd *cmd;
2586 struct hci_request req;
2587 struct bt_uuid *uuid;
2590 BT_DBG("request for %s", hdev->name);
2594 if (pending_eir_or_class(hdev)) {
2595 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2600 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2606 memcpy(uuid->uuid, cp->uuid, 16);
2607 uuid->svc_hint = cp->svc_hint;
2608 uuid->size = get_uuid_size(cp->uuid);
2610 list_add_tail(&uuid->list, &hdev->uuids);
2612 hci_req_init(&req, hdev);
2617 err = hci_req_run(&req, add_uuid_complete);
2619 if (err != -ENODATA)
2622 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2623 hdev->dev_class, 3);
2627 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2636 hci_dev_unlock(hdev);
2640 static bool enable_service_cache(struct hci_dev *hdev)
2642 if (!hdev_is_powered(hdev))
2645 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2646 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2654 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2656 BT_DBG("status 0x%02x", status);
2658 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2661 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2664 struct mgmt_cp_remove_uuid *cp = data;
2665 struct mgmt_pending_cmd *cmd;
2666 struct bt_uuid *match, *tmp;
2667 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2668 struct hci_request req;
2671 BT_DBG("request for %s", hdev->name);
2675 if (pending_eir_or_class(hdev)) {
2676 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2681 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2682 hci_uuids_clear(hdev);
2684 if (enable_service_cache(hdev)) {
2685 err = mgmt_cmd_complete(sk, hdev->id,
2686 MGMT_OP_REMOVE_UUID,
2687 0, hdev->dev_class, 3);
2696 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2697 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2700 list_del(&match->list);
2706 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2707 MGMT_STATUS_INVALID_PARAMS);
2712 hci_req_init(&req, hdev);
2717 err = hci_req_run(&req, remove_uuid_complete);
2719 if (err != -ENODATA)
2722 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2723 hdev->dev_class, 3);
2727 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2736 hci_dev_unlock(hdev);
2740 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2742 BT_DBG("status 0x%02x", status);
2744 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2747 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2750 struct mgmt_cp_set_dev_class *cp = data;
2751 struct mgmt_pending_cmd *cmd;
2752 struct hci_request req;
2755 BT_DBG("request for %s", hdev->name);
2757 if (!lmp_bredr_capable(hdev))
2758 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2759 MGMT_STATUS_NOT_SUPPORTED);
2763 if (pending_eir_or_class(hdev)) {
2764 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2769 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2770 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2771 MGMT_STATUS_INVALID_PARAMS);
2775 hdev->major_class = cp->major;
2776 hdev->minor_class = cp->minor;
2778 if (!hdev_is_powered(hdev)) {
2779 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2780 hdev->dev_class, 3);
2784 hci_req_init(&req, hdev);
2786 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2787 hci_dev_unlock(hdev);
2788 cancel_delayed_work_sync(&hdev->service_cache);
2795 err = hci_req_run(&req, set_class_complete);
2797 if (err != -ENODATA)
2800 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2801 hdev->dev_class, 3);
2805 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2814 hci_dev_unlock(hdev);
2818 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2821 struct mgmt_cp_load_link_keys *cp = data;
2822 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2823 sizeof(struct mgmt_link_key_info));
2824 u16 key_count, expected_len;
2828 BT_DBG("request for %s", hdev->name);
2830 if (!lmp_bredr_capable(hdev))
2831 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2832 MGMT_STATUS_NOT_SUPPORTED);
2834 key_count = __le16_to_cpu(cp->key_count);
2835 if (key_count > max_key_count) {
2836 BT_ERR("load_link_keys: too big key_count value %u",
2838 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2839 MGMT_STATUS_INVALID_PARAMS);
2842 expected_len = sizeof(*cp) + key_count *
2843 sizeof(struct mgmt_link_key_info);
2844 if (expected_len != len) {
2845 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2847 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2848 MGMT_STATUS_INVALID_PARAMS);
2851 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2852 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2853 MGMT_STATUS_INVALID_PARAMS);
2855 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2858 for (i = 0; i < key_count; i++) {
2859 struct mgmt_link_key_info *key = &cp->keys[i];
2861 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2862 return mgmt_cmd_status(sk, hdev->id,
2863 MGMT_OP_LOAD_LINK_KEYS,
2864 MGMT_STATUS_INVALID_PARAMS);
2869 hci_link_keys_clear(hdev);
2872 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2874 changed = hci_dev_test_and_clear_flag(hdev,
2875 HCI_KEEP_DEBUG_KEYS);
2878 new_settings(hdev, NULL);
2880 for (i = 0; i < key_count; i++) {
2881 struct mgmt_link_key_info *key = &cp->keys[i];
2883 /* Always ignore debug keys and require a new pairing if
2884 * the user wants to use them.
2886 if (key->type == HCI_LK_DEBUG_COMBINATION)
2889 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2890 key->type, key->pin_len, NULL);
2893 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2895 hci_dev_unlock(hdev);
2900 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2901 u8 addr_type, struct sock *skip_sk)
2903 struct mgmt_ev_device_unpaired ev;
2905 bacpy(&ev.addr.bdaddr, bdaddr);
2906 ev.addr.type = addr_type;
2908 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2912 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2915 struct mgmt_cp_unpair_device *cp = data;
2916 struct mgmt_rp_unpair_device rp;
2917 struct hci_cp_disconnect dc;
2918 struct mgmt_pending_cmd *cmd;
2919 struct hci_conn *conn;
2922 memset(&rp, 0, sizeof(rp));
2923 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2924 rp.addr.type = cp->addr.type;
2926 if (!bdaddr_type_is_valid(cp->addr.type))
2927 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2928 MGMT_STATUS_INVALID_PARAMS,
2931 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2932 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2933 MGMT_STATUS_INVALID_PARAMS,
2938 if (!hdev_is_powered(hdev)) {
2939 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2940 MGMT_STATUS_NOT_POWERED, &rp,
2945 if (cp->addr.type == BDADDR_BREDR) {
2946 /* If disconnection is requested, then look up the
2947 * connection. If the remote device is connected, it
2948 * will be later used to terminate the link.
2950 * Setting it to NULL explicitly will cause no
2951 * termination of the link.
2954 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2959 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2963 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2966 /* Defer clearing up the connection parameters
2967 * until closing to give a chance of keeping
2968 * them if a repairing happens.
2970 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2972 /* If disconnection is not requested, then
2973 * clear the connection variable so that the
2974 * link is not terminated.
2976 if (!cp->disconnect)
2980 if (cp->addr.type == BDADDR_LE_PUBLIC)
2981 addr_type = ADDR_LE_DEV_PUBLIC;
2983 addr_type = ADDR_LE_DEV_RANDOM;
2985 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2987 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2991 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2992 MGMT_STATUS_NOT_PAIRED, &rp,
2997 /* If the connection variable is set, then termination of the
2998 * link is requested.
3001 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
3003 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
3007 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
3014 cmd->cmd_complete = addr_cmd_complete;
3016 dc.handle = cpu_to_le16(conn->handle);
3017 dc.reason = 0x13; /* Remote User Terminated Connection */
3018 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
3020 mgmt_pending_remove(cmd);
3023 hci_dev_unlock(hdev);
3027 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
3030 struct mgmt_cp_disconnect *cp = data;
3031 struct mgmt_rp_disconnect rp;
3032 struct mgmt_pending_cmd *cmd;
3033 struct hci_conn *conn;
3038 memset(&rp, 0, sizeof(rp));
3039 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3040 rp.addr.type = cp->addr.type;
3042 if (!bdaddr_type_is_valid(cp->addr.type))
3043 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3044 MGMT_STATUS_INVALID_PARAMS,
3049 if (!test_bit(HCI_UP, &hdev->flags)) {
3050 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3051 MGMT_STATUS_NOT_POWERED, &rp,
3056 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
3057 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3058 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3062 if (cp->addr.type == BDADDR_BREDR)
3063 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3066 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
3068 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
3069 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3070 MGMT_STATUS_NOT_CONNECTED, &rp,
3075 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
3081 cmd->cmd_complete = generic_cmd_complete;
3083 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
3085 mgmt_pending_remove(cmd);
3088 hci_dev_unlock(hdev);
3092 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
3094 switch (link_type) {
3096 switch (addr_type) {
3097 case ADDR_LE_DEV_PUBLIC:
3098 return BDADDR_LE_PUBLIC;
3101 /* Fallback to LE Random address type */
3102 return BDADDR_LE_RANDOM;
3106 /* Fallback to BR/EDR type */
3107 return BDADDR_BREDR;
3111 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3114 struct mgmt_rp_get_connections *rp;
3124 if (!hdev_is_powered(hdev)) {
3125 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3126 MGMT_STATUS_NOT_POWERED);
3131 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3132 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3136 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3137 rp = kmalloc(rp_len, GFP_KERNEL);
3144 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3145 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3147 bacpy(&rp->addr[i].bdaddr, &c->dst);
3148 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
3149 if (c->type == SCO_LINK || c->type == ESCO_LINK)
3154 rp->conn_count = cpu_to_le16(i);
3156 /* Recalculate length in case of filtered SCO connections, etc */
3157 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
3159 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3165 hci_dev_unlock(hdev);
3169 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3170 struct mgmt_cp_pin_code_neg_reply *cp)
3172 struct mgmt_pending_cmd *cmd;
3175 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
3180 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
3181 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
3183 mgmt_pending_remove(cmd);
3188 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3191 struct hci_conn *conn;
3192 struct mgmt_cp_pin_code_reply *cp = data;
3193 struct hci_cp_pin_code_reply reply;
3194 struct mgmt_pending_cmd *cmd;
3201 if (!hdev_is_powered(hdev)) {
3202 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3203 MGMT_STATUS_NOT_POWERED);
3207 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
3209 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3210 MGMT_STATUS_NOT_CONNECTED);
3214 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
3215 struct mgmt_cp_pin_code_neg_reply ncp;
3217 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
3219 BT_ERR("PIN code is not 16 bytes long");
3221 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3223 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3224 MGMT_STATUS_INVALID_PARAMS);
3229 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3235 cmd->cmd_complete = addr_cmd_complete;
3237 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3238 reply.pin_len = cp->pin_len;
3239 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3241 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3243 mgmt_pending_remove(cmd);
3246 hci_dev_unlock(hdev);
3250 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3253 struct mgmt_cp_set_io_capability *cp = data;
3257 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3258 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3259 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3263 hdev->io_capability = cp->io_capability;
3265 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3266 hdev->io_capability);
3268 hci_dev_unlock(hdev);
3270 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3274 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
3276 struct hci_dev *hdev = conn->hdev;
3277 struct mgmt_pending_cmd *cmd;
3279 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3280 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3283 if (cmd->user_data != conn)
3292 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
3294 struct mgmt_rp_pair_device rp;
3295 struct hci_conn *conn = cmd->user_data;
3298 bacpy(&rp.addr.bdaddr, &conn->dst);
3299 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3301 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3302 status, &rp, sizeof(rp));
3304 /* So we don't get further callbacks for this connection */
3305 conn->connect_cfm_cb = NULL;
3306 conn->security_cfm_cb = NULL;
3307 conn->disconn_cfm_cb = NULL;
3309 hci_conn_drop(conn);
3311 /* The device is paired so there is no need to remove
3312 * its connection parameters anymore.
3314 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3321 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3323 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3324 struct mgmt_pending_cmd *cmd;
3326 cmd = find_pairing(conn);
3328 cmd->cmd_complete(cmd, status);
3329 mgmt_pending_remove(cmd);
3333 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3335 struct mgmt_pending_cmd *cmd;
3337 BT_DBG("status %u", status);
3339 cmd = find_pairing(conn);
3341 BT_DBG("Unable to find a pending command");
3345 cmd->cmd_complete(cmd, mgmt_status(status));
3346 mgmt_pending_remove(cmd);
3349 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3351 struct mgmt_pending_cmd *cmd;
3353 BT_DBG("status %u", status);
3358 cmd = find_pairing(conn);
3360 BT_DBG("Unable to find a pending command");
3364 cmd->cmd_complete(cmd, mgmt_status(status));
3365 mgmt_pending_remove(cmd);
3368 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3371 struct mgmt_cp_pair_device *cp = data;
3372 struct mgmt_rp_pair_device rp;
3373 struct mgmt_pending_cmd *cmd;
3374 u8 sec_level, auth_type;
3375 struct hci_conn *conn;
3380 memset(&rp, 0, sizeof(rp));
3381 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3382 rp.addr.type = cp->addr.type;
3384 if (!bdaddr_type_is_valid(cp->addr.type))
3385 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3386 MGMT_STATUS_INVALID_PARAMS,
3389 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3390 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3391 MGMT_STATUS_INVALID_PARAMS,
3396 if (!hdev_is_powered(hdev)) {
3397 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3398 MGMT_STATUS_NOT_POWERED, &rp,
3403 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3404 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3405 MGMT_STATUS_ALREADY_PAIRED, &rp,
3410 sec_level = BT_SECURITY_MEDIUM;
3411 auth_type = HCI_AT_DEDICATED_BONDING;
3413 if (cp->addr.type == BDADDR_BREDR) {
3414 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3419 /* Convert from L2CAP channel address type to HCI address type
3421 if (cp->addr.type == BDADDR_LE_PUBLIC)
3422 addr_type = ADDR_LE_DEV_PUBLIC;
3424 addr_type = ADDR_LE_DEV_RANDOM;
3426 /* When pairing a new device, it is expected to remember
3427 * this device for future connections. Adding the connection
3428 * parameter information ahead of time allows tracking
3429 * of the slave preferred values and will speed up any
3430 * further connection establishment.
3432 * If connection parameters already exist, then they
3433 * will be kept and this function does nothing.
3435 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3437 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3438 sec_level, HCI_LE_CONN_TIMEOUT,
3445 if (PTR_ERR(conn) == -EBUSY)
3446 status = MGMT_STATUS_BUSY;
3447 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3448 status = MGMT_STATUS_NOT_SUPPORTED;
3449 else if (PTR_ERR(conn) == -ECONNREFUSED)
3450 status = MGMT_STATUS_REJECTED;
3452 status = MGMT_STATUS_CONNECT_FAILED;
3454 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3455 status, &rp, sizeof(rp));
3459 if (conn->connect_cfm_cb) {
3460 hci_conn_drop(conn);
3461 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3462 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3466 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3469 hci_conn_drop(conn);
3473 cmd->cmd_complete = pairing_complete;
3475 /* For LE, just connecting isn't a proof that the pairing finished */
3476 if (cp->addr.type == BDADDR_BREDR) {
3477 conn->connect_cfm_cb = pairing_complete_cb;
3478 conn->security_cfm_cb = pairing_complete_cb;
3479 conn->disconn_cfm_cb = pairing_complete_cb;
3481 conn->connect_cfm_cb = le_pairing_complete_cb;
3482 conn->security_cfm_cb = le_pairing_complete_cb;
3483 conn->disconn_cfm_cb = le_pairing_complete_cb;
3486 conn->io_capability = cp->io_cap;
3487 cmd->user_data = hci_conn_get(conn);
3489 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3490 hci_conn_security(conn, sec_level, auth_type, true)) {
3491 cmd->cmd_complete(cmd, 0);
3492 mgmt_pending_remove(cmd);
3498 hci_dev_unlock(hdev);
3502 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3505 struct mgmt_addr_info *addr = data;
3506 struct mgmt_pending_cmd *cmd;
3507 struct hci_conn *conn;
3514 if (!hdev_is_powered(hdev)) {
3515 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3516 MGMT_STATUS_NOT_POWERED);
3520 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3522 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3523 MGMT_STATUS_INVALID_PARAMS);
3527 conn = cmd->user_data;
3529 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3530 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3531 MGMT_STATUS_INVALID_PARAMS);
3535 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3536 mgmt_pending_remove(cmd);
3538 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3539 addr, sizeof(*addr));
3541 hci_dev_unlock(hdev);
3545 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3546 struct mgmt_addr_info *addr, u16 mgmt_op,
3547 u16 hci_op, __le32 passkey)
3549 struct mgmt_pending_cmd *cmd;
3550 struct hci_conn *conn;
3555 if (!hdev_is_powered(hdev)) {
3556 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3557 MGMT_STATUS_NOT_POWERED, addr,
3562 if (addr->type == BDADDR_BREDR)
3563 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3565 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3568 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3569 MGMT_STATUS_NOT_CONNECTED, addr,
3574 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3575 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3577 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3578 MGMT_STATUS_SUCCESS, addr,
3581 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3582 MGMT_STATUS_FAILED, addr,
3588 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3594 cmd->cmd_complete = addr_cmd_complete;
3596 /* Continue with pairing via HCI */
3597 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3598 struct hci_cp_user_passkey_reply cp;
3600 bacpy(&cp.bdaddr, &addr->bdaddr);
3601 cp.passkey = passkey;
3602 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3604 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3608 mgmt_pending_remove(cmd);
3611 hci_dev_unlock(hdev);
3615 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3616 void *data, u16 len)
3618 struct mgmt_cp_pin_code_neg_reply *cp = data;
3622 return user_pairing_resp(sk, hdev, &cp->addr,
3623 MGMT_OP_PIN_CODE_NEG_REPLY,
3624 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3627 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3630 struct mgmt_cp_user_confirm_reply *cp = data;
3634 if (len != sizeof(*cp))
3635 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3636 MGMT_STATUS_INVALID_PARAMS);
3638 return user_pairing_resp(sk, hdev, &cp->addr,
3639 MGMT_OP_USER_CONFIRM_REPLY,
3640 HCI_OP_USER_CONFIRM_REPLY, 0);
3643 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3644 void *data, u16 len)
3646 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3650 return user_pairing_resp(sk, hdev, &cp->addr,
3651 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3652 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3655 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3658 struct mgmt_cp_user_passkey_reply *cp = data;
3662 return user_pairing_resp(sk, hdev, &cp->addr,
3663 MGMT_OP_USER_PASSKEY_REPLY,
3664 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3667 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3668 void *data, u16 len)
3670 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3674 return user_pairing_resp(sk, hdev, &cp->addr,
3675 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3676 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3679 static void update_name(struct hci_request *req)
3681 struct hci_dev *hdev = req->hdev;
3682 struct hci_cp_write_local_name cp;
3684 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3686 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3689 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3691 struct mgmt_cp_set_local_name *cp;
3692 struct mgmt_pending_cmd *cmd;
3694 BT_DBG("status 0x%02x", status);
3698 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3705 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3706 mgmt_status(status));
3708 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3711 mgmt_pending_remove(cmd);
3714 hci_dev_unlock(hdev);
3717 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3720 struct mgmt_cp_set_local_name *cp = data;
3721 struct mgmt_pending_cmd *cmd;
3722 struct hci_request req;
3729 /* If the old values are the same as the new ones just return a
3730 * direct command complete event.
3732 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3733 !memcmp(hdev->short_name, cp->short_name,
3734 sizeof(hdev->short_name))) {
3735 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3740 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3742 if (!hdev_is_powered(hdev)) {
3743 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3745 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3750 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3756 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3762 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3764 hci_req_init(&req, hdev);
3766 if (lmp_bredr_capable(hdev)) {
3771 /* The name is stored in the scan response data and so
3772 * no need to udpate the advertising data here.
3774 if (lmp_le_capable(hdev))
3775 update_scan_rsp_data(&req);
3777 err = hci_req_run(&req, set_name_complete);
3779 mgmt_pending_remove(cmd);
3782 hci_dev_unlock(hdev);
3786 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3787 u16 opcode, struct sk_buff *skb)
3789 struct mgmt_rp_read_local_oob_data mgmt_rp;
3790 size_t rp_size = sizeof(mgmt_rp);
3791 struct mgmt_pending_cmd *cmd;
3793 BT_DBG("%s status %u", hdev->name, status);
3795 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3799 if (status || !skb) {
3800 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3801 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3805 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3807 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3808 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3810 if (skb->len < sizeof(*rp)) {
3811 mgmt_cmd_status(cmd->sk, hdev->id,
3812 MGMT_OP_READ_LOCAL_OOB_DATA,
3813 MGMT_STATUS_FAILED);
3817 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3818 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3820 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3822 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3824 if (skb->len < sizeof(*rp)) {
3825 mgmt_cmd_status(cmd->sk, hdev->id,
3826 MGMT_OP_READ_LOCAL_OOB_DATA,
3827 MGMT_STATUS_FAILED);
3831 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3832 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3834 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3835 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3838 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3839 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3842 mgmt_pending_remove(cmd);
3845 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3846 void *data, u16 data_len)
3848 struct mgmt_pending_cmd *cmd;
3849 struct hci_request req;
3852 BT_DBG("%s", hdev->name);
3856 if (!hdev_is_powered(hdev)) {
3857 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3858 MGMT_STATUS_NOT_POWERED);
3862 if (!lmp_ssp_capable(hdev)) {
3863 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3864 MGMT_STATUS_NOT_SUPPORTED);
3868 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3869 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3874 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3880 hci_req_init(&req, hdev);
3882 if (bredr_sc_enabled(hdev))
3883 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3885 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3887 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3889 mgmt_pending_remove(cmd);
3892 hci_dev_unlock(hdev);
3896 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3897 void *data, u16 len)
3899 struct mgmt_addr_info *addr = data;
3902 BT_DBG("%s ", hdev->name);
3904 if (!bdaddr_type_is_valid(addr->type))
3905 return mgmt_cmd_complete(sk, hdev->id,
3906 MGMT_OP_ADD_REMOTE_OOB_DATA,
3907 MGMT_STATUS_INVALID_PARAMS,
3908 addr, sizeof(*addr));
3912 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3913 struct mgmt_cp_add_remote_oob_data *cp = data;
3916 if (cp->addr.type != BDADDR_BREDR) {
3917 err = mgmt_cmd_complete(sk, hdev->id,
3918 MGMT_OP_ADD_REMOTE_OOB_DATA,
3919 MGMT_STATUS_INVALID_PARAMS,
3920 &cp->addr, sizeof(cp->addr));
3924 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3925 cp->addr.type, cp->hash,
3926 cp->rand, NULL, NULL);
3928 status = MGMT_STATUS_FAILED;
3930 status = MGMT_STATUS_SUCCESS;
3932 err = mgmt_cmd_complete(sk, hdev->id,
3933 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3934 &cp->addr, sizeof(cp->addr));
3935 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3936 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3937 u8 *rand192, *hash192, *rand256, *hash256;
3940 if (bdaddr_type_is_le(cp->addr.type)) {
3941 /* Enforce zero-valued 192-bit parameters as
3942 * long as legacy SMP OOB isn't implemented.
3944 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3945 memcmp(cp->hash192, ZERO_KEY, 16)) {
3946 err = mgmt_cmd_complete(sk, hdev->id,
3947 MGMT_OP_ADD_REMOTE_OOB_DATA,
3948 MGMT_STATUS_INVALID_PARAMS,
3949 addr, sizeof(*addr));
3956 /* In case one of the P-192 values is set to zero,
3957 * then just disable OOB data for P-192.
3959 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3960 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3964 rand192 = cp->rand192;
3965 hash192 = cp->hash192;
3969 /* In case one of the P-256 values is set to zero, then just
3970 * disable OOB data for P-256.
3972 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3973 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3977 rand256 = cp->rand256;
3978 hash256 = cp->hash256;
3981 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3982 cp->addr.type, hash192, rand192,
3985 status = MGMT_STATUS_FAILED;
3987 status = MGMT_STATUS_SUCCESS;
3989 err = mgmt_cmd_complete(sk, hdev->id,
3990 MGMT_OP_ADD_REMOTE_OOB_DATA,
3991 status, &cp->addr, sizeof(cp->addr));
3993 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3994 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3995 MGMT_STATUS_INVALID_PARAMS);
3999 hci_dev_unlock(hdev);
4003 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
4004 void *data, u16 len)
4006 struct mgmt_cp_remove_remote_oob_data *cp = data;
4010 BT_DBG("%s", hdev->name);
4012 if (cp->addr.type != BDADDR_BREDR)
4013 return mgmt_cmd_complete(sk, hdev->id,
4014 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4015 MGMT_STATUS_INVALID_PARAMS,
4016 &cp->addr, sizeof(cp->addr));
4020 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4021 hci_remote_oob_data_clear(hdev);
4022 status = MGMT_STATUS_SUCCESS;
4026 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
4028 status = MGMT_STATUS_INVALID_PARAMS;
4030 status = MGMT_STATUS_SUCCESS;
4033 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4034 status, &cp->addr, sizeof(cp->addr));
4036 hci_dev_unlock(hdev);
4040 static bool trigger_bredr_inquiry(struct hci_request *req, u8 *status)
4042 struct hci_dev *hdev = req->hdev;
4043 struct hci_cp_inquiry cp;
4044 /* General inquiry access code (GIAC) */
4045 u8 lap[3] = { 0x33, 0x8b, 0x9e };
4047 *status = mgmt_bredr_support(hdev);
4051 if (hci_dev_test_flag(hdev, HCI_INQUIRY)) {
4052 *status = MGMT_STATUS_BUSY;
4056 hci_inquiry_cache_flush(hdev);
4058 memset(&cp, 0, sizeof(cp));
4059 memcpy(&cp.lap, lap, sizeof(cp.lap));
4060 cp.length = DISCOV_BREDR_INQUIRY_LEN;
4062 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
4067 static bool trigger_le_scan(struct hci_request *req, u16 interval, u8 *status)
4069 struct hci_dev *hdev = req->hdev;
4070 struct hci_cp_le_set_scan_param param_cp;
4071 struct hci_cp_le_set_scan_enable enable_cp;
4075 *status = mgmt_le_support(hdev);
4079 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
4080 /* Don't let discovery abort an outgoing connection attempt
4081 * that's using directed advertising.
4083 if (hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
4084 *status = MGMT_STATUS_REJECTED;
4088 disable_advertising(req);
4091 /* If controller is scanning, it means the background scanning is
4092 * running. Thus, we should temporarily stop it in order to set the
4093 * discovery scanning parameters.
4095 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
4096 hci_req_add_le_scan_disable(req);
4098 /* All active scans will be done with either a resolvable private
4099 * address (when privacy feature has been enabled) or non-resolvable
4102 err = hci_update_random_address(req, true, &own_addr_type);
4104 *status = MGMT_STATUS_FAILED;
4108 memset(¶m_cp, 0, sizeof(param_cp));
4109 param_cp.type = LE_SCAN_ACTIVE;
4110 param_cp.interval = cpu_to_le16(interval);
4111 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
4112 param_cp.own_address_type = own_addr_type;
4114 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
4117 memset(&enable_cp, 0, sizeof(enable_cp));
4118 enable_cp.enable = LE_SCAN_ENABLE;
4119 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
4121 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
4127 static bool trigger_discovery(struct hci_request *req, u8 *status)
4129 struct hci_dev *hdev = req->hdev;
4131 switch (hdev->discovery.type) {
4132 case DISCOV_TYPE_BREDR:
4133 if (!trigger_bredr_inquiry(req, status))
4137 case DISCOV_TYPE_INTERLEAVED:
4138 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
4140 /* During simultaneous discovery, we double LE scan
4141 * interval. We must leave some time for the controller
4142 * to do BR/EDR inquiry.
4144 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT * 2,
4148 if (!trigger_bredr_inquiry(req, status))
4154 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4155 *status = MGMT_STATUS_NOT_SUPPORTED;
4160 case DISCOV_TYPE_LE:
4161 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT, status))
4166 *status = MGMT_STATUS_INVALID_PARAMS;
4173 static void start_discovery_complete(struct hci_dev *hdev, u8 status,
4176 struct mgmt_pending_cmd *cmd;
4177 unsigned long timeout;
4179 BT_DBG("status %d", status);
4183 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
4185 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
4188 cmd->cmd_complete(cmd, mgmt_status(status));
4189 mgmt_pending_remove(cmd);
4193 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4197 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
4199 /* If the scan involves LE scan, pick proper timeout to schedule
4200 * hdev->le_scan_disable that will stop it.
4202 switch (hdev->discovery.type) {
4203 case DISCOV_TYPE_LE:
4204 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4206 case DISCOV_TYPE_INTERLEAVED:
4207 /* When running simultaneous discovery, the LE scanning time
4208 * should occupy the whole discovery time sine BR/EDR inquiry
4209 * and LE scanning are scheduled by the controller.
4211 * For interleaving discovery in comparison, BR/EDR inquiry
4212 * and LE scanning are done sequentially with separate
4215 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
4216 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4218 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
4220 case DISCOV_TYPE_BREDR:
4224 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
4230 /* When service discovery is used and the controller has
4231 * a strict duplicate filter, it is important to remember
4232 * the start and duration of the scan. This is required
4233 * for restarting scanning during the discovery phase.
4235 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
4237 hdev->discovery.result_filtering) {
4238 hdev->discovery.scan_start = jiffies;
4239 hdev->discovery.scan_duration = timeout;
4242 queue_delayed_work(hdev->workqueue,
4243 &hdev->le_scan_disable, timeout);
4247 hci_dev_unlock(hdev);
4250 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4251 void *data, u16 len)
4253 struct mgmt_cp_start_discovery *cp = data;
4254 struct mgmt_pending_cmd *cmd;
4255 struct hci_request req;
4259 BT_DBG("%s", hdev->name);
4263 if (!hdev_is_powered(hdev)) {
4264 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4265 MGMT_STATUS_NOT_POWERED,
4266 &cp->type, sizeof(cp->type));
4270 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4271 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4272 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4273 MGMT_STATUS_BUSY, &cp->type,
4278 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4284 cmd->cmd_complete = generic_cmd_complete;
4286 /* Clear the discovery filter first to free any previously
4287 * allocated memory for the UUID list.
4289 hci_discovery_filter_clear(hdev);
4291 hdev->discovery.type = cp->type;
4292 hdev->discovery.report_invalid_rssi = false;
4294 hci_req_init(&req, hdev);
4296 if (!trigger_discovery(&req, &status)) {
4297 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4298 status, &cp->type, sizeof(cp->type));
4299 mgmt_pending_remove(cmd);
4303 err = hci_req_run(&req, start_discovery_complete);
4305 mgmt_pending_remove(cmd);
4309 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4312 hci_dev_unlock(hdev);
4316 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4319 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4323 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4324 void *data, u16 len)
4326 struct mgmt_cp_start_service_discovery *cp = data;
4327 struct mgmt_pending_cmd *cmd;
4328 struct hci_request req;
4329 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4330 u16 uuid_count, expected_len;
4334 BT_DBG("%s", hdev->name);
4338 if (!hdev_is_powered(hdev)) {
4339 err = mgmt_cmd_complete(sk, hdev->id,
4340 MGMT_OP_START_SERVICE_DISCOVERY,
4341 MGMT_STATUS_NOT_POWERED,
4342 &cp->type, sizeof(cp->type));
4346 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4347 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4348 err = mgmt_cmd_complete(sk, hdev->id,
4349 MGMT_OP_START_SERVICE_DISCOVERY,
4350 MGMT_STATUS_BUSY, &cp->type,
4355 uuid_count = __le16_to_cpu(cp->uuid_count);
4356 if (uuid_count > max_uuid_count) {
4357 BT_ERR("service_discovery: too big uuid_count value %u",
4359 err = mgmt_cmd_complete(sk, hdev->id,
4360 MGMT_OP_START_SERVICE_DISCOVERY,
4361 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4366 expected_len = sizeof(*cp) + uuid_count * 16;
4367 if (expected_len != len) {
4368 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4370 err = mgmt_cmd_complete(sk, hdev->id,
4371 MGMT_OP_START_SERVICE_DISCOVERY,
4372 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4377 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4384 cmd->cmd_complete = service_discovery_cmd_complete;
4386 /* Clear the discovery filter first to free any previously
4387 * allocated memory for the UUID list.
4389 hci_discovery_filter_clear(hdev);
4391 hdev->discovery.result_filtering = true;
4392 hdev->discovery.type = cp->type;
4393 hdev->discovery.rssi = cp->rssi;
4394 hdev->discovery.uuid_count = uuid_count;
4396 if (uuid_count > 0) {
4397 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4399 if (!hdev->discovery.uuids) {
4400 err = mgmt_cmd_complete(sk, hdev->id,
4401 MGMT_OP_START_SERVICE_DISCOVERY,
4403 &cp->type, sizeof(cp->type));
4404 mgmt_pending_remove(cmd);
4409 hci_req_init(&req, hdev);
4411 if (!trigger_discovery(&req, &status)) {
4412 err = mgmt_cmd_complete(sk, hdev->id,
4413 MGMT_OP_START_SERVICE_DISCOVERY,
4414 status, &cp->type, sizeof(cp->type));
4415 mgmt_pending_remove(cmd);
4419 err = hci_req_run(&req, start_discovery_complete);
4421 mgmt_pending_remove(cmd);
4425 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4428 hci_dev_unlock(hdev);
4432 static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4434 struct mgmt_pending_cmd *cmd;
4436 BT_DBG("status %d", status);
4440 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4442 cmd->cmd_complete(cmd, mgmt_status(status));
4443 mgmt_pending_remove(cmd);
4447 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4449 hci_dev_unlock(hdev);
4452 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4455 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4456 struct mgmt_pending_cmd *cmd;
4457 struct hci_request req;
4460 BT_DBG("%s", hdev->name);
4464 if (!hci_discovery_active(hdev)) {
4465 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4466 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4467 sizeof(mgmt_cp->type));
4471 if (hdev->discovery.type != mgmt_cp->type) {
4472 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4473 MGMT_STATUS_INVALID_PARAMS,
4474 &mgmt_cp->type, sizeof(mgmt_cp->type));
4478 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4484 cmd->cmd_complete = generic_cmd_complete;
4486 hci_req_init(&req, hdev);
4488 hci_stop_discovery(&req);
4490 err = hci_req_run(&req, stop_discovery_complete);
4492 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4496 mgmt_pending_remove(cmd);
4498 /* If no HCI commands were sent we're done */
4499 if (err == -ENODATA) {
4500 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4501 &mgmt_cp->type, sizeof(mgmt_cp->type));
4502 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4506 hci_dev_unlock(hdev);
4510 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4513 struct mgmt_cp_confirm_name *cp = data;
4514 struct inquiry_entry *e;
4517 BT_DBG("%s", hdev->name);
4521 if (!hci_discovery_active(hdev)) {
4522 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4523 MGMT_STATUS_FAILED, &cp->addr,
4528 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4530 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4531 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4536 if (cp->name_known) {
4537 e->name_state = NAME_KNOWN;
4540 e->name_state = NAME_NEEDED;
4541 hci_inquiry_cache_update_resolve(hdev, e);
4544 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4545 &cp->addr, sizeof(cp->addr));
4548 hci_dev_unlock(hdev);
4552 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4555 struct mgmt_cp_block_device *cp = data;
4559 BT_DBG("%s", hdev->name);
4561 if (!bdaddr_type_is_valid(cp->addr.type))
4562 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4563 MGMT_STATUS_INVALID_PARAMS,
4564 &cp->addr, sizeof(cp->addr));
4568 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4571 status = MGMT_STATUS_FAILED;
4575 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4577 status = MGMT_STATUS_SUCCESS;
4580 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4581 &cp->addr, sizeof(cp->addr));
4583 hci_dev_unlock(hdev);
4588 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4591 struct mgmt_cp_unblock_device *cp = data;
4595 BT_DBG("%s", hdev->name);
4597 if (!bdaddr_type_is_valid(cp->addr.type))
4598 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4599 MGMT_STATUS_INVALID_PARAMS,
4600 &cp->addr, sizeof(cp->addr));
4604 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4607 status = MGMT_STATUS_INVALID_PARAMS;
4611 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4613 status = MGMT_STATUS_SUCCESS;
4616 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4617 &cp->addr, sizeof(cp->addr));
4619 hci_dev_unlock(hdev);
4624 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4627 struct mgmt_cp_set_device_id *cp = data;
4628 struct hci_request req;
4632 BT_DBG("%s", hdev->name);
4634 source = __le16_to_cpu(cp->source);
4636 if (source > 0x0002)
4637 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4638 MGMT_STATUS_INVALID_PARAMS);
4642 hdev->devid_source = source;
4643 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4644 hdev->devid_product = __le16_to_cpu(cp->product);
4645 hdev->devid_version = __le16_to_cpu(cp->version);
4647 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4650 hci_req_init(&req, hdev);
4652 hci_req_run(&req, NULL);
4654 hci_dev_unlock(hdev);
4659 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4662 BT_DBG("status %d", status);
4665 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4668 struct cmd_lookup match = { NULL, hdev };
4669 struct hci_request req;
4674 u8 mgmt_err = mgmt_status(status);
4676 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4677 cmd_status_rsp, &mgmt_err);
4681 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4682 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4684 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4686 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4689 new_settings(hdev, match.sk);
4694 /* If "Set Advertising" was just disabled and instance advertising was
4695 * set up earlier, then enable the advertising instance.
4697 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4698 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
4701 hci_req_init(&req, hdev);
4703 update_adv_data(&req);
4704 enable_advertising(&req);
4706 if (hci_req_run(&req, enable_advertising_instance) < 0)
4707 BT_ERR("Failed to re-configure advertising");
4710 hci_dev_unlock(hdev);
4713 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4716 struct mgmt_mode *cp = data;
4717 struct mgmt_pending_cmd *cmd;
4718 struct hci_request req;
4722 BT_DBG("request for %s", hdev->name);
4724 status = mgmt_le_support(hdev);
4726 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4729 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4730 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4731 MGMT_STATUS_INVALID_PARAMS);
4737 /* The following conditions are ones which mean that we should
4738 * not do any HCI communication but directly send a mgmt
4739 * response to user space (after toggling the flag if
4742 if (!hdev_is_powered(hdev) ||
4743 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4744 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4745 hci_conn_num(hdev, LE_LINK) > 0 ||
4746 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4747 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4751 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4752 if (cp->val == 0x02)
4753 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4755 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4757 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4758 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4761 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4766 err = new_settings(hdev, sk);
4771 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4772 pending_find(MGMT_OP_SET_LE, hdev)) {
4773 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4778 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4784 hci_req_init(&req, hdev);
4786 if (cp->val == 0x02)
4787 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4789 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4792 /* Switch to instance "0" for the Set Advertising setting. */
4793 update_adv_data_for_instance(&req, 0);
4794 update_scan_rsp_data_for_instance(&req, 0);
4795 enable_advertising(&req);
4797 disable_advertising(&req);
4800 err = hci_req_run(&req, set_advertising_complete);
4802 mgmt_pending_remove(cmd);
4805 hci_dev_unlock(hdev);
4809 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4810 void *data, u16 len)
4812 struct mgmt_cp_set_static_address *cp = data;
4815 BT_DBG("%s", hdev->name);
4817 if (!lmp_le_capable(hdev))
4818 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4819 MGMT_STATUS_NOT_SUPPORTED);
4821 if (hdev_is_powered(hdev))
4822 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4823 MGMT_STATUS_REJECTED);
4825 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4826 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4827 return mgmt_cmd_status(sk, hdev->id,
4828 MGMT_OP_SET_STATIC_ADDRESS,
4829 MGMT_STATUS_INVALID_PARAMS);
4831 /* Two most significant bits shall be set */
4832 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4833 return mgmt_cmd_status(sk, hdev->id,
4834 MGMT_OP_SET_STATIC_ADDRESS,
4835 MGMT_STATUS_INVALID_PARAMS);
4840 bacpy(&hdev->static_addr, &cp->bdaddr);
4842 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4846 err = new_settings(hdev, sk);
4849 hci_dev_unlock(hdev);
4853 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4854 void *data, u16 len)
4856 struct mgmt_cp_set_scan_params *cp = data;
4857 __u16 interval, window;
4860 BT_DBG("%s", hdev->name);
4862 if (!lmp_le_capable(hdev))
4863 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4864 MGMT_STATUS_NOT_SUPPORTED);
4866 interval = __le16_to_cpu(cp->interval);
4868 if (interval < 0x0004 || interval > 0x4000)
4869 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4870 MGMT_STATUS_INVALID_PARAMS);
4872 window = __le16_to_cpu(cp->window);
4874 if (window < 0x0004 || window > 0x4000)
4875 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4876 MGMT_STATUS_INVALID_PARAMS);
4878 if (window > interval)
4879 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4880 MGMT_STATUS_INVALID_PARAMS);
4884 hdev->le_scan_interval = interval;
4885 hdev->le_scan_window = window;
4887 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4890 /* If background scan is running, restart it so new parameters are
4893 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4894 hdev->discovery.state == DISCOVERY_STOPPED) {
4895 struct hci_request req;
4897 hci_req_init(&req, hdev);
4899 hci_req_add_le_scan_disable(&req);
4900 hci_req_add_le_passive_scan(&req);
4902 hci_req_run(&req, NULL);
4905 hci_dev_unlock(hdev);
4910 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4913 struct mgmt_pending_cmd *cmd;
4915 BT_DBG("status 0x%02x", status);
4919 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4924 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4925 mgmt_status(status));
4927 struct mgmt_mode *cp = cmd->param;
4930 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4932 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4934 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4935 new_settings(hdev, cmd->sk);
4938 mgmt_pending_remove(cmd);
4941 hci_dev_unlock(hdev);
4944 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4945 void *data, u16 len)
4947 struct mgmt_mode *cp = data;
4948 struct mgmt_pending_cmd *cmd;
4949 struct hci_request req;
4952 BT_DBG("%s", hdev->name);
4954 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4955 hdev->hci_ver < BLUETOOTH_VER_1_2)
4956 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4957 MGMT_STATUS_NOT_SUPPORTED);
4959 if (cp->val != 0x00 && cp->val != 0x01)
4960 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4961 MGMT_STATUS_INVALID_PARAMS);
4965 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4966 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4971 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4972 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4977 if (!hdev_is_powered(hdev)) {
4978 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4979 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4981 new_settings(hdev, sk);
4985 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4992 hci_req_init(&req, hdev);
4994 write_fast_connectable(&req, cp->val);
4996 err = hci_req_run(&req, fast_connectable_complete);
4998 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4999 MGMT_STATUS_FAILED);
5000 mgmt_pending_remove(cmd);
5004 hci_dev_unlock(hdev);
5009 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5011 struct mgmt_pending_cmd *cmd;
5013 BT_DBG("status 0x%02x", status);
5017 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
5022 u8 mgmt_err = mgmt_status(status);
5024 /* We need to restore the flag if related HCI commands
5027 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
5029 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
5031 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5032 new_settings(hdev, cmd->sk);
5035 mgmt_pending_remove(cmd);
5038 hci_dev_unlock(hdev);
5041 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5043 struct mgmt_mode *cp = data;
5044 struct mgmt_pending_cmd *cmd;
5045 struct hci_request req;
5048 BT_DBG("request for %s", hdev->name);
5050 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
5051 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5052 MGMT_STATUS_NOT_SUPPORTED);
5054 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5055 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5056 MGMT_STATUS_REJECTED);
5058 if (cp->val != 0x00 && cp->val != 0x01)
5059 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5060 MGMT_STATUS_INVALID_PARAMS);
5064 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5065 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5069 if (!hdev_is_powered(hdev)) {
5071 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
5072 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
5073 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
5074 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5075 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
5078 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
5080 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5084 err = new_settings(hdev, sk);
5088 /* Reject disabling when powered on */
5090 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5091 MGMT_STATUS_REJECTED);
5094 /* When configuring a dual-mode controller to operate
5095 * with LE only and using a static address, then switching
5096 * BR/EDR back on is not allowed.
5098 * Dual-mode controllers shall operate with the public
5099 * address as its identity address for BR/EDR and LE. So
5100 * reject the attempt to create an invalid configuration.
5102 * The same restrictions applies when secure connections
5103 * has been enabled. For BR/EDR this is a controller feature
5104 * while for LE it is a host stack feature. This means that
5105 * switching BR/EDR back on when secure connections has been
5106 * enabled is not a supported transaction.
5108 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5109 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
5110 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
5111 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5112 MGMT_STATUS_REJECTED);
5117 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
5118 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5123 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5129 /* We need to flip the bit already here so that update_adv_data
5130 * generates the correct flags.
5132 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
5134 hci_req_init(&req, hdev);
5136 write_fast_connectable(&req, false);
5137 __hci_update_page_scan(&req);
5139 /* Since only the advertising data flags will change, there
5140 * is no need to update the scan response data.
5142 update_adv_data(&req);
5144 err = hci_req_run(&req, set_bredr_complete);
5146 mgmt_pending_remove(cmd);
5149 hci_dev_unlock(hdev);
5153 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5155 struct mgmt_pending_cmd *cmd;
5156 struct mgmt_mode *cp;
5158 BT_DBG("%s status %u", hdev->name, status);
5162 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5167 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5168 mgmt_status(status));
5176 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5177 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5180 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5181 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5184 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5185 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5189 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5190 new_settings(hdev, cmd->sk);
5193 mgmt_pending_remove(cmd);
5195 hci_dev_unlock(hdev);
5198 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5199 void *data, u16 len)
5201 struct mgmt_mode *cp = data;
5202 struct mgmt_pending_cmd *cmd;
5203 struct hci_request req;
5207 BT_DBG("request for %s", hdev->name);
5209 if (!lmp_sc_capable(hdev) &&
5210 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
5211 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5212 MGMT_STATUS_NOT_SUPPORTED);
5214 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5215 lmp_sc_capable(hdev) &&
5216 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
5217 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5218 MGMT_STATUS_REJECTED);
5220 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5221 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5222 MGMT_STATUS_INVALID_PARAMS);
5226 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
5227 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
5231 changed = !hci_dev_test_and_set_flag(hdev,
5233 if (cp->val == 0x02)
5234 hci_dev_set_flag(hdev, HCI_SC_ONLY);
5236 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5238 changed = hci_dev_test_and_clear_flag(hdev,
5240 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
5243 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5248 err = new_settings(hdev, sk);
5253 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
5254 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5261 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5262 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5263 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5267 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5273 hci_req_init(&req, hdev);
5274 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5275 err = hci_req_run(&req, sc_enable_complete);
5277 mgmt_pending_remove(cmd);
5282 hci_dev_unlock(hdev);
5286 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5287 void *data, u16 len)
5289 struct mgmt_mode *cp = data;
5290 bool changed, use_changed;
5293 BT_DBG("request for %s", hdev->name);
5295 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5296 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5297 MGMT_STATUS_INVALID_PARAMS);
5302 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
5304 changed = hci_dev_test_and_clear_flag(hdev,
5305 HCI_KEEP_DEBUG_KEYS);
5307 if (cp->val == 0x02)
5308 use_changed = !hci_dev_test_and_set_flag(hdev,
5309 HCI_USE_DEBUG_KEYS);
5311 use_changed = hci_dev_test_and_clear_flag(hdev,
5312 HCI_USE_DEBUG_KEYS);
5314 if (hdev_is_powered(hdev) && use_changed &&
5315 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5316 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5317 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5318 sizeof(mode), &mode);
5321 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5326 err = new_settings(hdev, sk);
5329 hci_dev_unlock(hdev);
5333 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5336 struct mgmt_cp_set_privacy *cp = cp_data;
5340 BT_DBG("request for %s", hdev->name);
5342 if (!lmp_le_capable(hdev))
5343 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5344 MGMT_STATUS_NOT_SUPPORTED);
5346 if (cp->privacy != 0x00 && cp->privacy != 0x01)
5347 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5348 MGMT_STATUS_INVALID_PARAMS);
5350 if (hdev_is_powered(hdev))
5351 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5352 MGMT_STATUS_REJECTED);
5356 /* If user space supports this command it is also expected to
5357 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5359 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5362 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
5363 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5364 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
5366 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
5367 memset(hdev->irk, 0, sizeof(hdev->irk));
5368 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
5371 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5376 err = new_settings(hdev, sk);
5379 hci_dev_unlock(hdev);
5383 static bool irk_is_valid(struct mgmt_irk_info *irk)
5385 switch (irk->addr.type) {
5386 case BDADDR_LE_PUBLIC:
5389 case BDADDR_LE_RANDOM:
5390 /* Two most significant bits shall be set */
5391 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5399 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5402 struct mgmt_cp_load_irks *cp = cp_data;
5403 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5404 sizeof(struct mgmt_irk_info));
5405 u16 irk_count, expected_len;
5408 BT_DBG("request for %s", hdev->name);
5410 if (!lmp_le_capable(hdev))
5411 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5412 MGMT_STATUS_NOT_SUPPORTED);
5414 irk_count = __le16_to_cpu(cp->irk_count);
5415 if (irk_count > max_irk_count) {
5416 BT_ERR("load_irks: too big irk_count value %u", irk_count);
5417 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5418 MGMT_STATUS_INVALID_PARAMS);
5421 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5422 if (expected_len != len) {
5423 BT_ERR("load_irks: expected %u bytes, got %u bytes",
5425 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5426 MGMT_STATUS_INVALID_PARAMS);
5429 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5431 for (i = 0; i < irk_count; i++) {
5432 struct mgmt_irk_info *key = &cp->irks[i];
5434 if (!irk_is_valid(key))
5435 return mgmt_cmd_status(sk, hdev->id,
5437 MGMT_STATUS_INVALID_PARAMS);
5442 hci_smp_irks_clear(hdev);
5444 for (i = 0; i < irk_count; i++) {
5445 struct mgmt_irk_info *irk = &cp->irks[i];
5448 if (irk->addr.type == BDADDR_LE_PUBLIC)
5449 addr_type = ADDR_LE_DEV_PUBLIC;
5451 addr_type = ADDR_LE_DEV_RANDOM;
5453 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5457 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5459 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5461 hci_dev_unlock(hdev);
5466 static bool ltk_is_valid(struct mgmt_ltk_info *key)
5468 if (key->master != 0x00 && key->master != 0x01)
5471 switch (key->addr.type) {
5472 case BDADDR_LE_PUBLIC:
5475 case BDADDR_LE_RANDOM:
5476 /* Two most significant bits shall be set */
5477 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5485 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5486 void *cp_data, u16 len)
5488 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5489 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5490 sizeof(struct mgmt_ltk_info));
5491 u16 key_count, expected_len;
5494 BT_DBG("request for %s", hdev->name);
5496 if (!lmp_le_capable(hdev))
5497 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5498 MGMT_STATUS_NOT_SUPPORTED);
5500 key_count = __le16_to_cpu(cp->key_count);
5501 if (key_count > max_key_count) {
5502 BT_ERR("load_ltks: too big key_count value %u", key_count);
5503 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5504 MGMT_STATUS_INVALID_PARAMS);
5507 expected_len = sizeof(*cp) + key_count *
5508 sizeof(struct mgmt_ltk_info);
5509 if (expected_len != len) {
5510 BT_ERR("load_keys: expected %u bytes, got %u bytes",
5512 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5513 MGMT_STATUS_INVALID_PARAMS);
5516 BT_DBG("%s key_count %u", hdev->name, key_count);
5518 for (i = 0; i < key_count; i++) {
5519 struct mgmt_ltk_info *key = &cp->keys[i];
5521 if (!ltk_is_valid(key))
5522 return mgmt_cmd_status(sk, hdev->id,
5523 MGMT_OP_LOAD_LONG_TERM_KEYS,
5524 MGMT_STATUS_INVALID_PARAMS);
5529 hci_smp_ltks_clear(hdev);
5531 for (i = 0; i < key_count; i++) {
5532 struct mgmt_ltk_info *key = &cp->keys[i];
5533 u8 type, addr_type, authenticated;
5535 if (key->addr.type == BDADDR_LE_PUBLIC)
5536 addr_type = ADDR_LE_DEV_PUBLIC;
5538 addr_type = ADDR_LE_DEV_RANDOM;
5540 switch (key->type) {
5541 case MGMT_LTK_UNAUTHENTICATED:
5542 authenticated = 0x00;
5543 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5545 case MGMT_LTK_AUTHENTICATED:
5546 authenticated = 0x01;
5547 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5549 case MGMT_LTK_P256_UNAUTH:
5550 authenticated = 0x00;
5551 type = SMP_LTK_P256;
5553 case MGMT_LTK_P256_AUTH:
5554 authenticated = 0x01;
5555 type = SMP_LTK_P256;
5557 case MGMT_LTK_P256_DEBUG:
5558 authenticated = 0x00;
5559 type = SMP_LTK_P256_DEBUG;
5564 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
5565 authenticated, key->val, key->enc_size, key->ediv,
5569 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5572 hci_dev_unlock(hdev);
5577 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5579 struct hci_conn *conn = cmd->user_data;
5580 struct mgmt_rp_get_conn_info rp;
5583 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5585 if (status == MGMT_STATUS_SUCCESS) {
5586 rp.rssi = conn->rssi;
5587 rp.tx_power = conn->tx_power;
5588 rp.max_tx_power = conn->max_tx_power;
5590 rp.rssi = HCI_RSSI_INVALID;
5591 rp.tx_power = HCI_TX_POWER_INVALID;
5592 rp.max_tx_power = HCI_TX_POWER_INVALID;
5595 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5596 status, &rp, sizeof(rp));
5598 hci_conn_drop(conn);
5604 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5607 struct hci_cp_read_rssi *cp;
5608 struct mgmt_pending_cmd *cmd;
5609 struct hci_conn *conn;
5613 BT_DBG("status 0x%02x", hci_status);
5617 /* Commands sent in request are either Read RSSI or Read Transmit Power
5618 * Level so we check which one was last sent to retrieve connection
5619 * handle. Both commands have handle as first parameter so it's safe to
5620 * cast data on the same command struct.
5622 * First command sent is always Read RSSI and we fail only if it fails.
5623 * In other case we simply override error to indicate success as we
5624 * already remembered if TX power value is actually valid.
5626 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5628 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5629 status = MGMT_STATUS_SUCCESS;
5631 status = mgmt_status(hci_status);
5635 BT_ERR("invalid sent_cmd in conn_info response");
5639 handle = __le16_to_cpu(cp->handle);
5640 conn = hci_conn_hash_lookup_handle(hdev, handle);
5642 BT_ERR("unknown handle (%d) in conn_info response", handle);
5646 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5650 cmd->cmd_complete(cmd, status);
5651 mgmt_pending_remove(cmd);
5654 hci_dev_unlock(hdev);
5657 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5660 struct mgmt_cp_get_conn_info *cp = data;
5661 struct mgmt_rp_get_conn_info rp;
5662 struct hci_conn *conn;
5663 unsigned long conn_info_age;
5666 BT_DBG("%s", hdev->name);
5668 memset(&rp, 0, sizeof(rp));
5669 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5670 rp.addr.type = cp->addr.type;
5672 if (!bdaddr_type_is_valid(cp->addr.type))
5673 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5674 MGMT_STATUS_INVALID_PARAMS,
5679 if (!hdev_is_powered(hdev)) {
5680 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5681 MGMT_STATUS_NOT_POWERED, &rp,
5686 if (cp->addr.type == BDADDR_BREDR)
5687 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5690 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5692 if (!conn || conn->state != BT_CONNECTED) {
5693 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5694 MGMT_STATUS_NOT_CONNECTED, &rp,
5699 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5700 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5701 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5705 /* To avoid client trying to guess when to poll again for information we
5706 * calculate conn info age as random value between min/max set in hdev.
5708 conn_info_age = hdev->conn_info_min_age +
5709 prandom_u32_max(hdev->conn_info_max_age -
5710 hdev->conn_info_min_age);
5712 /* Query controller to refresh cached values if they are too old or were
5715 if (time_after(jiffies, conn->conn_info_timestamp +
5716 msecs_to_jiffies(conn_info_age)) ||
5717 !conn->conn_info_timestamp) {
5718 struct hci_request req;
5719 struct hci_cp_read_tx_power req_txp_cp;
5720 struct hci_cp_read_rssi req_rssi_cp;
5721 struct mgmt_pending_cmd *cmd;
5723 hci_req_init(&req, hdev);
5724 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5725 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5728 /* For LE links TX power does not change thus we don't need to
5729 * query for it once value is known.
5731 if (!bdaddr_type_is_le(cp->addr.type) ||
5732 conn->tx_power == HCI_TX_POWER_INVALID) {
5733 req_txp_cp.handle = cpu_to_le16(conn->handle);
5734 req_txp_cp.type = 0x00;
5735 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5736 sizeof(req_txp_cp), &req_txp_cp);
5739 /* Max TX power needs to be read only once per connection */
5740 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5741 req_txp_cp.handle = cpu_to_le16(conn->handle);
5742 req_txp_cp.type = 0x01;
5743 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5744 sizeof(req_txp_cp), &req_txp_cp);
5747 err = hci_req_run(&req, conn_info_refresh_complete);
5751 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5758 hci_conn_hold(conn);
5759 cmd->user_data = hci_conn_get(conn);
5760 cmd->cmd_complete = conn_info_cmd_complete;
5762 conn->conn_info_timestamp = jiffies;
5764 /* Cache is valid, just reply with values cached in hci_conn */
5765 rp.rssi = conn->rssi;
5766 rp.tx_power = conn->tx_power;
5767 rp.max_tx_power = conn->max_tx_power;
5769 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5770 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5774 hci_dev_unlock(hdev);
5778 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5780 struct hci_conn *conn = cmd->user_data;
5781 struct mgmt_rp_get_clock_info rp;
5782 struct hci_dev *hdev;
5785 memset(&rp, 0, sizeof(rp));
5786 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5791 hdev = hci_dev_get(cmd->index);
5793 rp.local_clock = cpu_to_le32(hdev->clock);
5798 rp.piconet_clock = cpu_to_le32(conn->clock);
5799 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5803 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5807 hci_conn_drop(conn);
5814 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5816 struct hci_cp_read_clock *hci_cp;
5817 struct mgmt_pending_cmd *cmd;
5818 struct hci_conn *conn;
5820 BT_DBG("%s status %u", hdev->name, status);
5824 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5828 if (hci_cp->which) {
5829 u16 handle = __le16_to_cpu(hci_cp->handle);
5830 conn = hci_conn_hash_lookup_handle(hdev, handle);
5835 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5839 cmd->cmd_complete(cmd, mgmt_status(status));
5840 mgmt_pending_remove(cmd);
5843 hci_dev_unlock(hdev);
5846 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5849 struct mgmt_cp_get_clock_info *cp = data;
5850 struct mgmt_rp_get_clock_info rp;
5851 struct hci_cp_read_clock hci_cp;
5852 struct mgmt_pending_cmd *cmd;
5853 struct hci_request req;
5854 struct hci_conn *conn;
5857 BT_DBG("%s", hdev->name);
5859 memset(&rp, 0, sizeof(rp));
5860 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5861 rp.addr.type = cp->addr.type;
5863 if (cp->addr.type != BDADDR_BREDR)
5864 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5865 MGMT_STATUS_INVALID_PARAMS,
5870 if (!hdev_is_powered(hdev)) {
5871 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5872 MGMT_STATUS_NOT_POWERED, &rp,
5877 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5878 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5880 if (!conn || conn->state != BT_CONNECTED) {
5881 err = mgmt_cmd_complete(sk, hdev->id,
5882 MGMT_OP_GET_CLOCK_INFO,
5883 MGMT_STATUS_NOT_CONNECTED,
5891 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5897 cmd->cmd_complete = clock_info_cmd_complete;
5899 hci_req_init(&req, hdev);
5901 memset(&hci_cp, 0, sizeof(hci_cp));
5902 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5905 hci_conn_hold(conn);
5906 cmd->user_data = hci_conn_get(conn);
5908 hci_cp.handle = cpu_to_le16(conn->handle);
5909 hci_cp.which = 0x01; /* Piconet clock */
5910 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5913 err = hci_req_run(&req, get_clock_info_complete);
5915 mgmt_pending_remove(cmd);
5918 hci_dev_unlock(hdev);
5922 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5924 struct hci_conn *conn;
5926 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5930 if (conn->dst_type != type)
5933 if (conn->state != BT_CONNECTED)
5939 /* This function requires the caller holds hdev->lock */
5940 static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5941 u8 addr_type, u8 auto_connect)
5943 struct hci_dev *hdev = req->hdev;
5944 struct hci_conn_params *params;
5946 params = hci_conn_params_add(hdev, addr, addr_type);
5950 if (params->auto_connect == auto_connect)
5953 list_del_init(¶ms->action);
5955 switch (auto_connect) {
5956 case HCI_AUTO_CONN_DISABLED:
5957 case HCI_AUTO_CONN_LINK_LOSS:
5958 __hci_update_background_scan(req);
5960 case HCI_AUTO_CONN_REPORT:
5961 list_add(¶ms->action, &hdev->pend_le_reports);
5962 __hci_update_background_scan(req);
5964 case HCI_AUTO_CONN_DIRECT:
5965 case HCI_AUTO_CONN_ALWAYS:
5966 if (!is_connected(hdev, addr, addr_type)) {
5967 list_add(¶ms->action, &hdev->pend_le_conns);
5968 __hci_update_background_scan(req);
5973 params->auto_connect = auto_connect;
5975 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5981 static void device_added(struct sock *sk, struct hci_dev *hdev,
5982 bdaddr_t *bdaddr, u8 type, u8 action)
5984 struct mgmt_ev_device_added ev;
5986 bacpy(&ev.addr.bdaddr, bdaddr);
5987 ev.addr.type = type;
5990 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5993 static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5995 struct mgmt_pending_cmd *cmd;
5997 BT_DBG("status 0x%02x", status);
6001 cmd = pending_find(MGMT_OP_ADD_DEVICE, hdev);
6005 cmd->cmd_complete(cmd, mgmt_status(status));
6006 mgmt_pending_remove(cmd);
6009 hci_dev_unlock(hdev);
6012 static int add_device(struct sock *sk, struct hci_dev *hdev,
6013 void *data, u16 len)
6015 struct mgmt_cp_add_device *cp = data;
6016 struct mgmt_pending_cmd *cmd;
6017 struct hci_request req;
6018 u8 auto_conn, addr_type;
6021 BT_DBG("%s", hdev->name);
6023 if (!bdaddr_type_is_valid(cp->addr.type) ||
6024 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
6025 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6026 MGMT_STATUS_INVALID_PARAMS,
6027 &cp->addr, sizeof(cp->addr));
6029 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
6030 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6031 MGMT_STATUS_INVALID_PARAMS,
6032 &cp->addr, sizeof(cp->addr));
6034 hci_req_init(&req, hdev);
6038 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
6044 cmd->cmd_complete = addr_cmd_complete;
6046 if (cp->addr.type == BDADDR_BREDR) {
6047 /* Only incoming connections action is supported for now */
6048 if (cp->action != 0x01) {
6049 err = cmd->cmd_complete(cmd,
6050 MGMT_STATUS_INVALID_PARAMS);
6051 mgmt_pending_remove(cmd);
6055 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
6060 __hci_update_page_scan(&req);
6065 if (cp->addr.type == BDADDR_LE_PUBLIC)
6066 addr_type = ADDR_LE_DEV_PUBLIC;
6068 addr_type = ADDR_LE_DEV_RANDOM;
6070 if (cp->action == 0x02)
6071 auto_conn = HCI_AUTO_CONN_ALWAYS;
6072 else if (cp->action == 0x01)
6073 auto_conn = HCI_AUTO_CONN_DIRECT;
6075 auto_conn = HCI_AUTO_CONN_REPORT;
6077 /* If the connection parameters don't exist for this device,
6078 * they will be created and configured with defaults.
6080 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
6082 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
6083 mgmt_pending_remove(cmd);
6088 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
6090 err = hci_req_run(&req, add_device_complete);
6092 /* ENODATA means no HCI commands were needed (e.g. if
6093 * the adapter is powered off).
6095 if (err == -ENODATA)
6096 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
6097 mgmt_pending_remove(cmd);
6101 hci_dev_unlock(hdev);
6105 static void device_removed(struct sock *sk, struct hci_dev *hdev,
6106 bdaddr_t *bdaddr, u8 type)
6108 struct mgmt_ev_device_removed ev;
6110 bacpy(&ev.addr.bdaddr, bdaddr);
6111 ev.addr.type = type;
6113 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
6116 static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6118 struct mgmt_pending_cmd *cmd;
6120 BT_DBG("status 0x%02x", status);
6124 cmd = pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
6128 cmd->cmd_complete(cmd, mgmt_status(status));
6129 mgmt_pending_remove(cmd);
6132 hci_dev_unlock(hdev);
6135 static int remove_device(struct sock *sk, struct hci_dev *hdev,
6136 void *data, u16 len)
6138 struct mgmt_cp_remove_device *cp = data;
6139 struct mgmt_pending_cmd *cmd;
6140 struct hci_request req;
6143 BT_DBG("%s", hdev->name);
6145 hci_req_init(&req, hdev);
6149 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
6155 cmd->cmd_complete = addr_cmd_complete;
6157 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6158 struct hci_conn_params *params;
6161 if (!bdaddr_type_is_valid(cp->addr.type)) {
6162 err = cmd->cmd_complete(cmd,
6163 MGMT_STATUS_INVALID_PARAMS);
6164 mgmt_pending_remove(cmd);
6168 if (cp->addr.type == BDADDR_BREDR) {
6169 err = hci_bdaddr_list_del(&hdev->whitelist,
6173 err = cmd->cmd_complete(cmd,
6174 MGMT_STATUS_INVALID_PARAMS);
6175 mgmt_pending_remove(cmd);
6179 __hci_update_page_scan(&req);
6181 device_removed(sk, hdev, &cp->addr.bdaddr,
6186 if (cp->addr.type == BDADDR_LE_PUBLIC)
6187 addr_type = ADDR_LE_DEV_PUBLIC;
6189 addr_type = ADDR_LE_DEV_RANDOM;
6191 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6194 err = cmd->cmd_complete(cmd,
6195 MGMT_STATUS_INVALID_PARAMS);
6196 mgmt_pending_remove(cmd);
6200 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
6201 err = cmd->cmd_complete(cmd,
6202 MGMT_STATUS_INVALID_PARAMS);
6203 mgmt_pending_remove(cmd);
6207 list_del(¶ms->action);
6208 list_del(¶ms->list);
6210 __hci_update_background_scan(&req);
6212 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
6214 struct hci_conn_params *p, *tmp;
6215 struct bdaddr_list *b, *btmp;
6217 if (cp->addr.type) {
6218 err = cmd->cmd_complete(cmd,
6219 MGMT_STATUS_INVALID_PARAMS);
6220 mgmt_pending_remove(cmd);
6224 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6225 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6230 __hci_update_page_scan(&req);
6232 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6233 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6235 device_removed(sk, hdev, &p->addr, p->addr_type);
6236 list_del(&p->action);
6241 BT_DBG("All LE connection parameters were removed");
6243 __hci_update_background_scan(&req);
6247 err = hci_req_run(&req, remove_device_complete);
6249 /* ENODATA means no HCI commands were needed (e.g. if
6250 * the adapter is powered off).
6252 if (err == -ENODATA)
6253 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
6254 mgmt_pending_remove(cmd);
6258 hci_dev_unlock(hdev);
6262 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6265 struct mgmt_cp_load_conn_param *cp = data;
6266 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6267 sizeof(struct mgmt_conn_param));
6268 u16 param_count, expected_len;
6271 if (!lmp_le_capable(hdev))
6272 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6273 MGMT_STATUS_NOT_SUPPORTED);
6275 param_count = __le16_to_cpu(cp->param_count);
6276 if (param_count > max_param_count) {
6277 BT_ERR("load_conn_param: too big param_count value %u",
6279 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6280 MGMT_STATUS_INVALID_PARAMS);
6283 expected_len = sizeof(*cp) + param_count *
6284 sizeof(struct mgmt_conn_param);
6285 if (expected_len != len) {
6286 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6288 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6289 MGMT_STATUS_INVALID_PARAMS);
6292 BT_DBG("%s param_count %u", hdev->name, param_count);
6296 hci_conn_params_clear_disabled(hdev);
6298 for (i = 0; i < param_count; i++) {
6299 struct mgmt_conn_param *param = &cp->params[i];
6300 struct hci_conn_params *hci_param;
6301 u16 min, max, latency, timeout;
6304 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
6307 if (param->addr.type == BDADDR_LE_PUBLIC) {
6308 addr_type = ADDR_LE_DEV_PUBLIC;
6309 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6310 addr_type = ADDR_LE_DEV_RANDOM;
6312 BT_ERR("Ignoring invalid connection parameters");
6316 min = le16_to_cpu(param->min_interval);
6317 max = le16_to_cpu(param->max_interval);
6318 latency = le16_to_cpu(param->latency);
6319 timeout = le16_to_cpu(param->timeout);
6321 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6322 min, max, latency, timeout);
6324 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6325 BT_ERR("Ignoring invalid connection parameters");
6329 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
6332 BT_ERR("Failed to add connection parameters");
6336 hci_param->conn_min_interval = min;
6337 hci_param->conn_max_interval = max;
6338 hci_param->conn_latency = latency;
6339 hci_param->supervision_timeout = timeout;
6342 hci_dev_unlock(hdev);
6344 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6348 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6349 void *data, u16 len)
6351 struct mgmt_cp_set_external_config *cp = data;
6355 BT_DBG("%s", hdev->name);
6357 if (hdev_is_powered(hdev))
6358 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6359 MGMT_STATUS_REJECTED);
6361 if (cp->config != 0x00 && cp->config != 0x01)
6362 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6363 MGMT_STATUS_INVALID_PARAMS);
6365 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6366 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6367 MGMT_STATUS_NOT_SUPPORTED);
6372 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
6374 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
6376 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6383 err = new_options(hdev, sk);
6385 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
6386 mgmt_index_removed(hdev);
6388 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
6389 hci_dev_set_flag(hdev, HCI_CONFIG);
6390 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6392 queue_work(hdev->req_workqueue, &hdev->power_on);
6394 set_bit(HCI_RAW, &hdev->flags);
6395 mgmt_index_added(hdev);
6400 hci_dev_unlock(hdev);
6404 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6405 void *data, u16 len)
6407 struct mgmt_cp_set_public_address *cp = data;
6411 BT_DBG("%s", hdev->name);
6413 if (hdev_is_powered(hdev))
6414 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6415 MGMT_STATUS_REJECTED);
6417 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6418 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6419 MGMT_STATUS_INVALID_PARAMS);
6421 if (!hdev->set_bdaddr)
6422 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6423 MGMT_STATUS_NOT_SUPPORTED);
6427 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6428 bacpy(&hdev->public_addr, &cp->bdaddr);
6430 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6437 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6438 err = new_options(hdev, sk);
6440 if (is_configured(hdev)) {
6441 mgmt_index_removed(hdev);
6443 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6445 hci_dev_set_flag(hdev, HCI_CONFIG);
6446 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6448 queue_work(hdev->req_workqueue, &hdev->power_on);
6452 hci_dev_unlock(hdev);
6456 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6459 eir[eir_len++] = sizeof(type) + data_len;
6460 eir[eir_len++] = type;
6461 memcpy(&eir[eir_len], data, data_len);
6462 eir_len += data_len;
6467 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6468 void *data, u16 data_len)
6470 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6471 struct mgmt_rp_read_local_oob_ext_data *rp;
6474 u8 status, flags, role, addr[7], hash[16], rand[16];
6477 BT_DBG("%s", hdev->name);
6479 if (hdev_is_powered(hdev)) {
6481 case BIT(BDADDR_BREDR):
6482 status = mgmt_bredr_support(hdev);
6488 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6489 status = mgmt_le_support(hdev);
6493 eir_len = 9 + 3 + 18 + 18 + 3;
6496 status = MGMT_STATUS_INVALID_PARAMS;
6501 status = MGMT_STATUS_NOT_POWERED;
6505 rp_len = sizeof(*rp) + eir_len;
6506 rp = kmalloc(rp_len, GFP_ATOMIC);
6517 case BIT(BDADDR_BREDR):
6518 eir_len = eir_append_data(rp->eir, eir_len, EIR_CLASS_OF_DEV,
6519 hdev->dev_class, 3);
6521 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6522 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6523 smp_generate_oob(hdev, hash, rand) < 0) {
6524 hci_dev_unlock(hdev);
6525 status = MGMT_STATUS_FAILED;
6529 /* This should return the active RPA, but since the RPA
6530 * is only programmed on demand, it is really hard to fill
6531 * this in at the moment. For now disallow retrieving
6532 * local out-of-band data when privacy is in use.
6534 * Returning the identity address will not help here since
6535 * pairing happens before the identity resolving key is
6536 * known and thus the connection establishment happens
6537 * based on the RPA and not the identity address.
6539 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6540 hci_dev_unlock(hdev);
6541 status = MGMT_STATUS_REJECTED;
6545 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6546 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6547 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6548 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6549 memcpy(addr, &hdev->static_addr, 6);
6552 memcpy(addr, &hdev->bdaddr, 6);
6556 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6557 addr, sizeof(addr));
6559 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6564 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6565 &role, sizeof(role));
6567 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6568 eir_len = eir_append_data(rp->eir, eir_len,
6570 hash, sizeof(hash));
6572 eir_len = eir_append_data(rp->eir, eir_len,
6574 rand, sizeof(rand));
6577 flags = get_adv_discov_flags(hdev);
6579 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6580 flags |= LE_AD_NO_BREDR;
6582 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6583 &flags, sizeof(flags));
6587 hci_dev_unlock(hdev);
6589 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6591 status = MGMT_STATUS_SUCCESS;
6594 rp->type = cp->type;
6595 rp->eir_len = cpu_to_le16(eir_len);
6597 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6598 status, rp, sizeof(*rp) + eir_len);
6599 if (err < 0 || status)
6602 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6603 rp, sizeof(*rp) + eir_len,
6604 HCI_MGMT_OOB_DATA_EVENTS, sk);
6612 static u32 get_supported_adv_flags(struct hci_dev *hdev)
6616 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6617 flags |= MGMT_ADV_FLAG_DISCOV;
6618 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6619 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6621 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
6622 flags |= MGMT_ADV_FLAG_TX_POWER;
6627 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6628 void *data, u16 data_len)
6630 struct mgmt_rp_read_adv_features *rp;
6634 u32 supported_flags;
6636 BT_DBG("%s", hdev->name);
6638 if (!lmp_le_capable(hdev))
6639 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6640 MGMT_STATUS_REJECTED);
6644 rp_len = sizeof(*rp);
6646 /* Currently only one instance is supported, so just add 1 to the
6649 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6653 rp = kmalloc(rp_len, GFP_ATOMIC);
6655 hci_dev_unlock(hdev);
6659 supported_flags = get_supported_adv_flags(hdev);
6661 rp->supported_flags = cpu_to_le32(supported_flags);
6662 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6663 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6664 rp->max_instances = 1;
6666 /* Currently only one instance is supported, so simply return the
6667 * current instance number.
6670 rp->num_instances = 1;
6671 rp->instance[0] = 1;
6673 rp->num_instances = 0;
6676 hci_dev_unlock(hdev);
6678 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6679 MGMT_STATUS_SUCCESS, rp, rp_len);
6686 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6687 u8 len, bool is_adv_data)
6689 u8 max_len = HCI_MAX_AD_LENGTH;
6691 bool flags_managed = false;
6692 bool tx_power_managed = false;
6693 u32 flags_params = MGMT_ADV_FLAG_DISCOV | MGMT_ADV_FLAG_LIMITED_DISCOV |
6694 MGMT_ADV_FLAG_MANAGED_FLAGS;
6696 if (is_adv_data && (adv_flags & flags_params)) {
6697 flags_managed = true;
6701 if (is_adv_data && (adv_flags & MGMT_ADV_FLAG_TX_POWER)) {
6702 tx_power_managed = true;
6709 /* Make sure that the data is correctly formatted. */
6710 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6713 if (flags_managed && data[i + 1] == EIR_FLAGS)
6716 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
6719 /* If the current field length would exceed the total data
6720 * length, then it's invalid.
6722 if (i + cur_len >= len)
6729 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6732 struct mgmt_pending_cmd *cmd;
6733 struct mgmt_rp_add_advertising rp;
6735 BT_DBG("status %d", status);
6739 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6742 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
6743 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
6744 advertising_removed(cmd ? cmd->sk : NULL, hdev, 1);
6753 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6754 mgmt_status(status));
6756 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6757 mgmt_status(status), &rp, sizeof(rp));
6759 mgmt_pending_remove(cmd);
6762 hci_dev_unlock(hdev);
6765 static void adv_timeout_expired(struct work_struct *work)
6767 struct hci_dev *hdev = container_of(work, struct hci_dev,
6768 adv_instance.timeout_exp.work);
6770 hdev->adv_instance.timeout = 0;
6773 clear_adv_instance(hdev);
6774 hci_dev_unlock(hdev);
6777 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6778 void *data, u16 data_len)
6780 struct mgmt_cp_add_advertising *cp = data;
6781 struct mgmt_rp_add_advertising rp;
6783 u32 supported_flags;
6787 struct mgmt_pending_cmd *cmd;
6788 struct hci_request req;
6790 BT_DBG("%s", hdev->name);
6792 status = mgmt_le_support(hdev);
6794 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6797 flags = __le32_to_cpu(cp->flags);
6798 timeout = __le16_to_cpu(cp->timeout);
6800 /* The current implementation only supports adding one instance and only
6801 * a subset of the specified flags.
6803 supported_flags = get_supported_adv_flags(hdev);
6804 if (cp->instance != 0x01 || (flags & ~supported_flags))
6805 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6806 MGMT_STATUS_INVALID_PARAMS);
6810 if (timeout && !hdev_is_powered(hdev)) {
6811 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6812 MGMT_STATUS_REJECTED);
6816 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6817 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6818 pending_find(MGMT_OP_SET_LE, hdev)) {
6819 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6824 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6825 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6826 cp->scan_rsp_len, false)) {
6827 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6828 MGMT_STATUS_INVALID_PARAMS);
6832 INIT_DELAYED_WORK(&hdev->adv_instance.timeout_exp, adv_timeout_expired);
6834 hdev->adv_instance.flags = flags;
6835 hdev->adv_instance.adv_data_len = cp->adv_data_len;
6836 hdev->adv_instance.scan_rsp_len = cp->scan_rsp_len;
6838 if (cp->adv_data_len)
6839 memcpy(hdev->adv_instance.adv_data, cp->data, cp->adv_data_len);
6841 if (cp->scan_rsp_len)
6842 memcpy(hdev->adv_instance.scan_rsp_data,
6843 cp->data + cp->adv_data_len, cp->scan_rsp_len);
6845 if (hdev->adv_instance.timeout)
6846 cancel_delayed_work(&hdev->adv_instance.timeout_exp);
6848 hdev->adv_instance.timeout = timeout;
6851 queue_delayed_work(hdev->workqueue,
6852 &hdev->adv_instance.timeout_exp,
6853 msecs_to_jiffies(timeout * 1000));
6855 if (!hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING_INSTANCE))
6856 advertising_added(sk, hdev, 1);
6858 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
6859 * we have no HCI communication to make. Simply return.
6861 if (!hdev_is_powered(hdev) ||
6862 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6864 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6865 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6869 /* We're good to go, update advertising data, parameters, and start
6872 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6879 hci_req_init(&req, hdev);
6881 update_adv_data(&req);
6882 update_scan_rsp_data(&req);
6883 enable_advertising(&req);
6885 err = hci_req_run(&req, add_advertising_complete);
6887 mgmt_pending_remove(cmd);
6890 hci_dev_unlock(hdev);
6895 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6898 struct mgmt_pending_cmd *cmd;
6899 struct mgmt_rp_remove_advertising rp;
6901 BT_DBG("status %d", status);
6905 /* A failure status here only means that we failed to disable
6906 * advertising. Otherwise, the advertising instance has been removed,
6907 * so report success.
6909 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6915 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6917 mgmt_pending_remove(cmd);
6920 hci_dev_unlock(hdev);
6923 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6924 void *data, u16 data_len)
6926 struct mgmt_cp_remove_advertising *cp = data;
6927 struct mgmt_rp_remove_advertising rp;
6929 struct mgmt_pending_cmd *cmd;
6930 struct hci_request req;
6932 BT_DBG("%s", hdev->name);
6934 /* The current implementation only allows modifying instance no 1. A
6935 * value of 0 indicates that all instances should be cleared.
6937 if (cp->instance > 1)
6938 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6939 MGMT_STATUS_INVALID_PARAMS);
6943 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6944 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6945 pending_find(MGMT_OP_SET_LE, hdev)) {
6946 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6951 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
6952 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6953 MGMT_STATUS_INVALID_PARAMS);
6957 if (hdev->adv_instance.timeout)
6958 cancel_delayed_work(&hdev->adv_instance.timeout_exp);
6960 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
6962 advertising_removed(sk, hdev, 1);
6964 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
6966 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
6967 * we have no HCI communication to make. Simply return.
6969 if (!hdev_is_powered(hdev) ||
6970 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6972 err = mgmt_cmd_complete(sk, hdev->id,
6973 MGMT_OP_REMOVE_ADVERTISING,
6974 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6978 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6985 hci_req_init(&req, hdev);
6986 disable_advertising(&req);
6988 err = hci_req_run(&req, remove_advertising_complete);
6990 mgmt_pending_remove(cmd);
6993 hci_dev_unlock(hdev);
6998 static const struct hci_mgmt_handler mgmt_handlers[] = {
6999 { NULL }, /* 0x0000 (no command) */
7000 { read_version, MGMT_READ_VERSION_SIZE,
7002 HCI_MGMT_UNTRUSTED },
7003 { read_commands, MGMT_READ_COMMANDS_SIZE,
7005 HCI_MGMT_UNTRUSTED },
7006 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
7008 HCI_MGMT_UNTRUSTED },
7009 { read_controller_info, MGMT_READ_INFO_SIZE,
7010 HCI_MGMT_UNTRUSTED },
7011 { set_powered, MGMT_SETTING_SIZE },
7012 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
7013 { set_connectable, MGMT_SETTING_SIZE },
7014 { set_fast_connectable, MGMT_SETTING_SIZE },
7015 { set_bondable, MGMT_SETTING_SIZE },
7016 { set_link_security, MGMT_SETTING_SIZE },
7017 { set_ssp, MGMT_SETTING_SIZE },
7018 { set_hs, MGMT_SETTING_SIZE },
7019 { set_le, MGMT_SETTING_SIZE },
7020 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
7021 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
7022 { add_uuid, MGMT_ADD_UUID_SIZE },
7023 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
7024 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
7026 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
7028 { disconnect, MGMT_DISCONNECT_SIZE },
7029 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
7030 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
7031 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
7032 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
7033 { pair_device, MGMT_PAIR_DEVICE_SIZE },
7034 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
7035 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
7036 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
7037 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
7038 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
7039 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
7040 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
7041 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
7043 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
7044 { start_discovery, MGMT_START_DISCOVERY_SIZE },
7045 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
7046 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
7047 { block_device, MGMT_BLOCK_DEVICE_SIZE },
7048 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
7049 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
7050 { set_advertising, MGMT_SETTING_SIZE },
7051 { set_bredr, MGMT_SETTING_SIZE },
7052 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
7053 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
7054 { set_secure_conn, MGMT_SETTING_SIZE },
7055 { set_debug_keys, MGMT_SETTING_SIZE },
7056 { set_privacy, MGMT_SET_PRIVACY_SIZE },
7057 { load_irks, MGMT_LOAD_IRKS_SIZE,
7059 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
7060 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
7061 { add_device, MGMT_ADD_DEVICE_SIZE },
7062 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
7063 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
7065 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
7067 HCI_MGMT_UNTRUSTED },
7068 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
7069 HCI_MGMT_UNCONFIGURED |
7070 HCI_MGMT_UNTRUSTED },
7071 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
7072 HCI_MGMT_UNCONFIGURED },
7073 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
7074 HCI_MGMT_UNCONFIGURED },
7075 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
7077 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
7078 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
7080 HCI_MGMT_UNTRUSTED },
7081 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
7082 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
7084 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
7087 void mgmt_index_added(struct hci_dev *hdev)
7089 struct mgmt_ev_ext_index ev;
7091 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7094 switch (hdev->dev_type) {
7096 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7097 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7098 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7101 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7102 HCI_MGMT_INDEX_EVENTS);
7115 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7116 HCI_MGMT_EXT_INDEX_EVENTS);
7119 void mgmt_index_removed(struct hci_dev *hdev)
7121 struct mgmt_ev_ext_index ev;
7122 u8 status = MGMT_STATUS_INVALID_INDEX;
7124 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7127 switch (hdev->dev_type) {
7129 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7131 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7132 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7133 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7136 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7137 HCI_MGMT_INDEX_EVENTS);
7150 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7151 HCI_MGMT_EXT_INDEX_EVENTS);
7154 /* This function requires the caller holds hdev->lock */
7155 static void restart_le_actions(struct hci_request *req)
7157 struct hci_dev *hdev = req->hdev;
7158 struct hci_conn_params *p;
7160 list_for_each_entry(p, &hdev->le_conn_params, list) {
7161 /* Needed for AUTO_OFF case where might not "really"
7162 * have been powered off.
7164 list_del_init(&p->action);
7166 switch (p->auto_connect) {
7167 case HCI_AUTO_CONN_DIRECT:
7168 case HCI_AUTO_CONN_ALWAYS:
7169 list_add(&p->action, &hdev->pend_le_conns);
7171 case HCI_AUTO_CONN_REPORT:
7172 list_add(&p->action, &hdev->pend_le_reports);
7179 __hci_update_background_scan(req);
7182 static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7184 struct cmd_lookup match = { NULL, hdev };
7186 BT_DBG("status 0x%02x", status);
7189 /* Register the available SMP channels (BR/EDR and LE) only
7190 * when successfully powering on the controller. This late
7191 * registration is required so that LE SMP can clearly
7192 * decide if the public address or static address is used.
7199 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7201 new_settings(hdev, match.sk);
7203 hci_dev_unlock(hdev);
7209 static int powered_update_hci(struct hci_dev *hdev)
7211 struct hci_request req;
7214 hci_req_init(&req, hdev);
7216 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
7217 !lmp_host_ssp_capable(hdev)) {
7220 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
7222 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
7225 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
7226 sizeof(support), &support);
7230 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
7231 lmp_bredr_capable(hdev)) {
7232 struct hci_cp_write_le_host_supported cp;
7237 /* Check first if we already have the right
7238 * host state (host features set)
7240 if (cp.le != lmp_host_le_capable(hdev) ||
7241 cp.simul != lmp_host_le_br_capable(hdev))
7242 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
7246 if (lmp_le_capable(hdev)) {
7247 /* Make sure the controller has a good default for
7248 * advertising data. This also applies to the case
7249 * where BR/EDR was toggled during the AUTO_OFF phase.
7251 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
7252 update_adv_data(&req);
7253 update_scan_rsp_data(&req);
7256 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7257 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
7258 enable_advertising(&req);
7260 restart_le_actions(&req);
7263 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
7264 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
7265 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
7266 sizeof(link_sec), &link_sec);
7268 if (lmp_bredr_capable(hdev)) {
7269 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
7270 write_fast_connectable(&req, true);
7272 write_fast_connectable(&req, false);
7273 __hci_update_page_scan(&req);
7279 return hci_req_run(&req, powered_complete);
7282 int mgmt_powered(struct hci_dev *hdev, u8 powered)
7284 struct cmd_lookup match = { NULL, hdev };
7285 u8 status, zero_cod[] = { 0, 0, 0 };
7288 if (!hci_dev_test_flag(hdev, HCI_MGMT))
7292 if (powered_update_hci(hdev) == 0)
7295 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
7300 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7302 /* If the power off is because of hdev unregistration let
7303 * use the appropriate INVALID_INDEX status. Otherwise use
7304 * NOT_POWERED. We cover both scenarios here since later in
7305 * mgmt_index_removed() any hci_conn callbacks will have already
7306 * been triggered, potentially causing misleading DISCONNECTED
7309 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7310 status = MGMT_STATUS_INVALID_INDEX;
7312 status = MGMT_STATUS_NOT_POWERED;
7314 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7316 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
7317 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7318 zero_cod, sizeof(zero_cod), NULL);
7321 err = new_settings(hdev, match.sk);
7329 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7331 struct mgmt_pending_cmd *cmd;
7334 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7338 if (err == -ERFKILL)
7339 status = MGMT_STATUS_RFKILLED;
7341 status = MGMT_STATUS_FAILED;
7343 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7345 mgmt_pending_remove(cmd);
7348 void mgmt_discoverable_timeout(struct hci_dev *hdev)
7350 struct hci_request req;
7354 /* When discoverable timeout triggers, then just make sure
7355 * the limited discoverable flag is cleared. Even in the case
7356 * of a timeout triggered from general discoverable, it is
7357 * safe to unconditionally clear the flag.
7359 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
7360 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
7362 hci_req_init(&req, hdev);
7363 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
7364 u8 scan = SCAN_PAGE;
7365 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
7366 sizeof(scan), &scan);
7370 /* Advertising instances don't use the global discoverable setting, so
7371 * only update AD if advertising was enabled using Set Advertising.
7373 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7374 update_adv_data(&req);
7376 hci_req_run(&req, NULL);
7378 hdev->discov_timeout = 0;
7380 new_settings(hdev, NULL);
7382 hci_dev_unlock(hdev);
7385 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7388 struct mgmt_ev_new_link_key ev;
7390 memset(&ev, 0, sizeof(ev));
7392 ev.store_hint = persistent;
7393 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7394 ev.key.addr.type = BDADDR_BREDR;
7395 ev.key.type = key->type;
7396 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7397 ev.key.pin_len = key->pin_len;
7399 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7402 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7404 switch (ltk->type) {
7407 if (ltk->authenticated)
7408 return MGMT_LTK_AUTHENTICATED;
7409 return MGMT_LTK_UNAUTHENTICATED;
7411 if (ltk->authenticated)
7412 return MGMT_LTK_P256_AUTH;
7413 return MGMT_LTK_P256_UNAUTH;
7414 case SMP_LTK_P256_DEBUG:
7415 return MGMT_LTK_P256_DEBUG;
7418 return MGMT_LTK_UNAUTHENTICATED;
7421 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7423 struct mgmt_ev_new_long_term_key ev;
7425 memset(&ev, 0, sizeof(ev));
7427 /* Devices using resolvable or non-resolvable random addresses
7428 * without providing an indentity resolving key don't require
7429 * to store long term keys. Their addresses will change the
7432 * Only when a remote device provides an identity address
7433 * make sure the long term key is stored. If the remote
7434 * identity is known, the long term keys are internally
7435 * mapped to the identity address. So allow static random
7436 * and public addresses here.
7438 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7439 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7440 ev.store_hint = 0x00;
7442 ev.store_hint = persistent;
7444 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7445 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7446 ev.key.type = mgmt_ltk_type(key);
7447 ev.key.enc_size = key->enc_size;
7448 ev.key.ediv = key->ediv;
7449 ev.key.rand = key->rand;
7451 if (key->type == SMP_LTK)
7454 memcpy(ev.key.val, key->val, sizeof(key->val));
7456 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7459 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
7461 struct mgmt_ev_new_irk ev;
7463 memset(&ev, 0, sizeof(ev));
7465 /* For identity resolving keys from devices that are already
7466 * using a public address or static random address, do not
7467 * ask for storing this key. The identity resolving key really
7468 * is only mandatory for devices using resovlable random
7471 * Storing all identity resolving keys has the downside that
7472 * they will be also loaded on next boot of they system. More
7473 * identity resolving keys, means more time during scanning is
7474 * needed to actually resolve these addresses.
7476 if (bacmp(&irk->rpa, BDADDR_ANY))
7477 ev.store_hint = 0x01;
7479 ev.store_hint = 0x00;
7481 bacpy(&ev.rpa, &irk->rpa);
7482 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7483 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7484 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7486 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7489 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7492 struct mgmt_ev_new_csrk ev;
7494 memset(&ev, 0, sizeof(ev));
7496 /* Devices using resolvable or non-resolvable random addresses
7497 * without providing an indentity resolving key don't require
7498 * to store signature resolving keys. Their addresses will change
7499 * the next time around.
7501 * Only when a remote device provides an identity address
7502 * make sure the signature resolving key is stored. So allow
7503 * static random and public addresses here.
7505 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7506 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7507 ev.store_hint = 0x00;
7509 ev.store_hint = persistent;
7511 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7512 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7513 ev.key.type = csrk->type;
7514 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7516 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7519 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7520 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7521 u16 max_interval, u16 latency, u16 timeout)
7523 struct mgmt_ev_new_conn_param ev;
7525 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7528 memset(&ev, 0, sizeof(ev));
7529 bacpy(&ev.addr.bdaddr, bdaddr);
7530 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7531 ev.store_hint = store_hint;
7532 ev.min_interval = cpu_to_le16(min_interval);
7533 ev.max_interval = cpu_to_le16(max_interval);
7534 ev.latency = cpu_to_le16(latency);
7535 ev.timeout = cpu_to_le16(timeout);
7537 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7540 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7541 u32 flags, u8 *name, u8 name_len)
7544 struct mgmt_ev_device_connected *ev = (void *) buf;
7547 bacpy(&ev->addr.bdaddr, &conn->dst);
7548 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7550 ev->flags = __cpu_to_le32(flags);
7552 /* We must ensure that the EIR Data fields are ordered and
7553 * unique. Keep it simple for now and avoid the problem by not
7554 * adding any BR/EDR data to the LE adv.
7556 if (conn->le_adv_data_len > 0) {
7557 memcpy(&ev->eir[eir_len],
7558 conn->le_adv_data, conn->le_adv_data_len);
7559 eir_len = conn->le_adv_data_len;
7562 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7565 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7566 eir_len = eir_append_data(ev->eir, eir_len,
7568 conn->dev_class, 3);
7571 ev->eir_len = cpu_to_le16(eir_len);
7573 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7574 sizeof(*ev) + eir_len, NULL);
7577 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7579 struct sock **sk = data;
7581 cmd->cmd_complete(cmd, 0);
7586 mgmt_pending_remove(cmd);
7589 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
7591 struct hci_dev *hdev = data;
7592 struct mgmt_cp_unpair_device *cp = cmd->param;
7594 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7596 cmd->cmd_complete(cmd, 0);
7597 mgmt_pending_remove(cmd);
7600 bool mgmt_powering_down(struct hci_dev *hdev)
7602 struct mgmt_pending_cmd *cmd;
7603 struct mgmt_mode *cp;
7605 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7616 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
7617 u8 link_type, u8 addr_type, u8 reason,
7618 bool mgmt_connected)
7620 struct mgmt_ev_device_disconnected ev;
7621 struct sock *sk = NULL;
7623 /* The connection is still in hci_conn_hash so test for 1
7624 * instead of 0 to know if this is the last one.
7626 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7627 cancel_delayed_work(&hdev->power_off);
7628 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7631 if (!mgmt_connected)
7634 if (link_type != ACL_LINK && link_type != LE_LINK)
7637 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
7639 bacpy(&ev.addr.bdaddr, bdaddr);
7640 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7643 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
7648 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7652 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7653 u8 link_type, u8 addr_type, u8 status)
7655 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7656 struct mgmt_cp_disconnect *cp;
7657 struct mgmt_pending_cmd *cmd;
7659 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7662 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
7668 if (bacmp(bdaddr, &cp->addr.bdaddr))
7671 if (cp->addr.type != bdaddr_type)
7674 cmd->cmd_complete(cmd, mgmt_status(status));
7675 mgmt_pending_remove(cmd);
7678 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7679 u8 addr_type, u8 status)
7681 struct mgmt_ev_connect_failed ev;
7683 /* The connection is still in hci_conn_hash so test for 1
7684 * instead of 0 to know if this is the last one.
7686 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7687 cancel_delayed_work(&hdev->power_off);
7688 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7691 bacpy(&ev.addr.bdaddr, bdaddr);
7692 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7693 ev.status = mgmt_status(status);
7695 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7698 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7700 struct mgmt_ev_pin_code_request ev;
7702 bacpy(&ev.addr.bdaddr, bdaddr);
7703 ev.addr.type = BDADDR_BREDR;
7706 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7709 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7712 struct mgmt_pending_cmd *cmd;
7714 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7718 cmd->cmd_complete(cmd, mgmt_status(status));
7719 mgmt_pending_remove(cmd);
7722 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7725 struct mgmt_pending_cmd *cmd;
7727 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7731 cmd->cmd_complete(cmd, mgmt_status(status));
7732 mgmt_pending_remove(cmd);
7735 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7736 u8 link_type, u8 addr_type, u32 value,
7739 struct mgmt_ev_user_confirm_request ev;
7741 BT_DBG("%s", hdev->name);
7743 bacpy(&ev.addr.bdaddr, bdaddr);
7744 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7745 ev.confirm_hint = confirm_hint;
7746 ev.value = cpu_to_le32(value);
7748 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7752 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7753 u8 link_type, u8 addr_type)
7755 struct mgmt_ev_user_passkey_request ev;
7757 BT_DBG("%s", hdev->name);
7759 bacpy(&ev.addr.bdaddr, bdaddr);
7760 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7762 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7766 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7767 u8 link_type, u8 addr_type, u8 status,
7770 struct mgmt_pending_cmd *cmd;
7772 cmd = pending_find(opcode, hdev);
7776 cmd->cmd_complete(cmd, mgmt_status(status));
7777 mgmt_pending_remove(cmd);
7782 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7783 u8 link_type, u8 addr_type, u8 status)
7785 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7786 status, MGMT_OP_USER_CONFIRM_REPLY);
7789 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7790 u8 link_type, u8 addr_type, u8 status)
7792 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7794 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7797 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7798 u8 link_type, u8 addr_type, u8 status)
7800 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7801 status, MGMT_OP_USER_PASSKEY_REPLY);
7804 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7805 u8 link_type, u8 addr_type, u8 status)
7807 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7809 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7812 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7813 u8 link_type, u8 addr_type, u32 passkey,
7816 struct mgmt_ev_passkey_notify ev;
7818 BT_DBG("%s", hdev->name);
7820 bacpy(&ev.addr.bdaddr, bdaddr);
7821 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7822 ev.passkey = __cpu_to_le32(passkey);
7823 ev.entered = entered;
7825 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7828 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7830 struct mgmt_ev_auth_failed ev;
7831 struct mgmt_pending_cmd *cmd;
7832 u8 status = mgmt_status(hci_status);
7834 bacpy(&ev.addr.bdaddr, &conn->dst);
7835 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7838 cmd = find_pairing(conn);
7840 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7841 cmd ? cmd->sk : NULL);
7844 cmd->cmd_complete(cmd, status);
7845 mgmt_pending_remove(cmd);
7849 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7851 struct cmd_lookup match = { NULL, hdev };
7855 u8 mgmt_err = mgmt_status(status);
7856 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7857 cmd_status_rsp, &mgmt_err);
7861 if (test_bit(HCI_AUTH, &hdev->flags))
7862 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7864 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7866 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7870 new_settings(hdev, match.sk);
7876 static void clear_eir(struct hci_request *req)
7878 struct hci_dev *hdev = req->hdev;
7879 struct hci_cp_write_eir cp;
7881 if (!lmp_ext_inq_capable(hdev))
7884 memset(hdev->eir, 0, sizeof(hdev->eir));
7886 memset(&cp, 0, sizeof(cp));
7888 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7891 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7893 struct cmd_lookup match = { NULL, hdev };
7894 struct hci_request req;
7895 bool changed = false;
7898 u8 mgmt_err = mgmt_status(status);
7900 if (enable && hci_dev_test_and_clear_flag(hdev,
7902 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7903 new_settings(hdev, NULL);
7906 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7912 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7914 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7916 changed = hci_dev_test_and_clear_flag(hdev,
7919 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7922 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7925 new_settings(hdev, match.sk);
7930 hci_req_init(&req, hdev);
7932 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7933 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7934 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7935 sizeof(enable), &enable);
7941 hci_req_run(&req, NULL);
7944 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7946 struct cmd_lookup *match = data;
7948 if (match->sk == NULL) {
7949 match->sk = cmd->sk;
7950 sock_hold(match->sk);
7954 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7957 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7959 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7960 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7961 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7964 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7965 dev_class, 3, NULL);
7971 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7973 struct mgmt_cp_set_local_name ev;
7974 struct mgmt_pending_cmd *cmd;
7979 memset(&ev, 0, sizeof(ev));
7980 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7981 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7983 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7985 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7987 /* If this is a HCI command related to powering on the
7988 * HCI dev don't send any mgmt signals.
7990 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7994 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7995 cmd ? cmd->sk : NULL);
7998 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
8002 for (i = 0; i < uuid_count; i++) {
8003 if (!memcmp(uuid, uuids[i], 16))
8010 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
8014 while (parsed < eir_len) {
8015 u8 field_len = eir[0];
8022 if (eir_len - parsed < field_len + 1)
8026 case EIR_UUID16_ALL:
8027 case EIR_UUID16_SOME:
8028 for (i = 0; i + 3 <= field_len; i += 2) {
8029 memcpy(uuid, bluetooth_base_uuid, 16);
8030 uuid[13] = eir[i + 3];
8031 uuid[12] = eir[i + 2];
8032 if (has_uuid(uuid, uuid_count, uuids))
8036 case EIR_UUID32_ALL:
8037 case EIR_UUID32_SOME:
8038 for (i = 0; i + 5 <= field_len; i += 4) {
8039 memcpy(uuid, bluetooth_base_uuid, 16);
8040 uuid[15] = eir[i + 5];
8041 uuid[14] = eir[i + 4];
8042 uuid[13] = eir[i + 3];
8043 uuid[12] = eir[i + 2];
8044 if (has_uuid(uuid, uuid_count, uuids))
8048 case EIR_UUID128_ALL:
8049 case EIR_UUID128_SOME:
8050 for (i = 0; i + 17 <= field_len; i += 16) {
8051 memcpy(uuid, eir + i + 2, 16);
8052 if (has_uuid(uuid, uuid_count, uuids))
8058 parsed += field_len + 1;
8059 eir += field_len + 1;
8065 static void restart_le_scan(struct hci_dev *hdev)
8067 /* If controller is not scanning we are done. */
8068 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
8071 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
8072 hdev->discovery.scan_start +
8073 hdev->discovery.scan_duration))
8076 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
8077 DISCOV_LE_RESTART_DELAY);
8080 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
8081 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8083 /* If a RSSI threshold has been specified, and
8084 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
8085 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
8086 * is set, let it through for further processing, as we might need to
8089 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
8090 * the results are also dropped.
8092 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8093 (rssi == HCI_RSSI_INVALID ||
8094 (rssi < hdev->discovery.rssi &&
8095 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
8098 if (hdev->discovery.uuid_count != 0) {
8099 /* If a list of UUIDs is provided in filter, results with no
8100 * matching UUID should be dropped.
8102 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
8103 hdev->discovery.uuids) &&
8104 !eir_has_uuids(scan_rsp, scan_rsp_len,
8105 hdev->discovery.uuid_count,
8106 hdev->discovery.uuids))
8110 /* If duplicate filtering does not report RSSI changes, then restart
8111 * scanning to ensure updated result with updated RSSI values.
8113 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8114 restart_le_scan(hdev);
8116 /* Validate RSSI value against the RSSI threshold once more. */
8117 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8118 rssi < hdev->discovery.rssi)
8125 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8126 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8127 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8130 struct mgmt_ev_device_found *ev = (void *)buf;
8133 /* Don't send events for a non-kernel initiated discovery. With
8134 * LE one exception is if we have pend_le_reports > 0 in which
8135 * case we're doing passive scanning and want these events.
8137 if (!hci_discovery_active(hdev)) {
8138 if (link_type == ACL_LINK)
8140 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
8144 if (hdev->discovery.result_filtering) {
8145 /* We are using service discovery */
8146 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8151 /* Make sure that the buffer is big enough. The 5 extra bytes
8152 * are for the potential CoD field.
8154 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
8157 memset(buf, 0, sizeof(buf));
8159 /* In case of device discovery with BR/EDR devices (pre 1.2), the
8160 * RSSI value was reported as 0 when not available. This behavior
8161 * is kept when using device discovery. This is required for full
8162 * backwards compatibility with the API.
8164 * However when using service discovery, the value 127 will be
8165 * returned when the RSSI is not available.
8167 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8168 link_type == ACL_LINK)
8171 bacpy(&ev->addr.bdaddr, bdaddr);
8172 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8174 ev->flags = cpu_to_le32(flags);
8177 /* Copy EIR or advertising data into event */
8178 memcpy(ev->eir, eir, eir_len);
8180 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
8181 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8184 if (scan_rsp_len > 0)
8185 /* Append scan response data to event */
8186 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8188 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8189 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
8191 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
8194 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8195 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
8197 struct mgmt_ev_device_found *ev;
8198 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8201 ev = (struct mgmt_ev_device_found *) buf;
8203 memset(buf, 0, sizeof(buf));
8205 bacpy(&ev->addr.bdaddr, bdaddr);
8206 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8209 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
8212 ev->eir_len = cpu_to_le16(eir_len);
8214 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
8217 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
8219 struct mgmt_ev_discovering ev;
8221 BT_DBG("%s discovering %u", hdev->name, discovering);
8223 memset(&ev, 0, sizeof(ev));
8224 ev.type = hdev->discovery.type;
8225 ev.discovering = discovering;
8227 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
8230 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8232 BT_DBG("%s status %u", hdev->name, status);
8235 void mgmt_reenable_advertising(struct hci_dev *hdev)
8237 struct hci_request req;
8239 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
8240 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
8243 hci_req_init(&req, hdev);
8244 enable_advertising(&req);
8245 hci_req_run(&req, adv_enable_complete);
8248 static struct hci_mgmt_chan chan = {
8249 .channel = HCI_CHANNEL_CONTROL,
8250 .handler_count = ARRAY_SIZE(mgmt_handlers),
8251 .handlers = mgmt_handlers,
8252 .hdev_init = mgmt_init_hdev,
8257 return hci_mgmt_chan_register(&chan);
8260 void mgmt_exit(void)
8262 hci_mgmt_chan_unregister(&chan);