2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 9
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
82 MGMT_OP_SET_ADVERTISING,
84 MGMT_OP_SET_STATIC_ADDRESS,
85 MGMT_OP_SET_SCAN_PARAMS,
86 MGMT_OP_SET_SECURE_CONN,
87 MGMT_OP_SET_DEBUG_KEYS,
90 MGMT_OP_GET_CONN_INFO,
91 MGMT_OP_GET_CLOCK_INFO,
93 MGMT_OP_REMOVE_DEVICE,
94 MGMT_OP_LOAD_CONN_PARAM,
95 MGMT_OP_READ_UNCONF_INDEX_LIST,
96 MGMT_OP_READ_CONFIG_INFO,
97 MGMT_OP_SET_EXTERNAL_CONFIG,
98 MGMT_OP_SET_PUBLIC_ADDRESS,
99 MGMT_OP_START_SERVICE_DISCOVERY,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
101 MGMT_OP_READ_EXT_INDEX_LIST,
102 MGMT_OP_READ_ADV_FEATURES,
105 static const u16 mgmt_events[] = {
106 MGMT_EV_CONTROLLER_ERROR,
108 MGMT_EV_INDEX_REMOVED,
109 MGMT_EV_NEW_SETTINGS,
110 MGMT_EV_CLASS_OF_DEV_CHANGED,
111 MGMT_EV_LOCAL_NAME_CHANGED,
112 MGMT_EV_NEW_LINK_KEY,
113 MGMT_EV_NEW_LONG_TERM_KEY,
114 MGMT_EV_DEVICE_CONNECTED,
115 MGMT_EV_DEVICE_DISCONNECTED,
116 MGMT_EV_CONNECT_FAILED,
117 MGMT_EV_PIN_CODE_REQUEST,
118 MGMT_EV_USER_CONFIRM_REQUEST,
119 MGMT_EV_USER_PASSKEY_REQUEST,
121 MGMT_EV_DEVICE_FOUND,
123 MGMT_EV_DEVICE_BLOCKED,
124 MGMT_EV_DEVICE_UNBLOCKED,
125 MGMT_EV_DEVICE_UNPAIRED,
126 MGMT_EV_PASSKEY_NOTIFY,
129 MGMT_EV_DEVICE_ADDED,
130 MGMT_EV_DEVICE_REMOVED,
131 MGMT_EV_NEW_CONN_PARAM,
132 MGMT_EV_UNCONF_INDEX_ADDED,
133 MGMT_EV_UNCONF_INDEX_REMOVED,
134 MGMT_EV_NEW_CONFIG_OPTIONS,
135 MGMT_EV_EXT_INDEX_ADDED,
136 MGMT_EV_EXT_INDEX_REMOVED,
137 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
140 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
142 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
143 "\x00\x00\x00\x00\x00\x00\x00\x00"
145 /* HCI to MGMT error code conversion table */
146 static u8 mgmt_status_table[] = {
148 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
149 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
150 MGMT_STATUS_FAILED, /* Hardware Failure */
151 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
152 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
153 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
154 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
155 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
156 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
157 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
158 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
159 MGMT_STATUS_BUSY, /* Command Disallowed */
160 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
161 MGMT_STATUS_REJECTED, /* Rejected Security */
162 MGMT_STATUS_REJECTED, /* Rejected Personal */
163 MGMT_STATUS_TIMEOUT, /* Host Timeout */
164 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
166 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
167 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
168 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
169 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
170 MGMT_STATUS_BUSY, /* Repeated Attempts */
171 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
172 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
173 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
174 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
175 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
176 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
177 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
178 MGMT_STATUS_FAILED, /* Unspecified Error */
179 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
180 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
181 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
182 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
183 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
184 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
185 MGMT_STATUS_FAILED, /* Unit Link Key Used */
186 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
187 MGMT_STATUS_TIMEOUT, /* Instant Passed */
188 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
189 MGMT_STATUS_FAILED, /* Transaction Collision */
190 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
191 MGMT_STATUS_REJECTED, /* QoS Rejected */
192 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
193 MGMT_STATUS_REJECTED, /* Insufficient Security */
194 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
195 MGMT_STATUS_BUSY, /* Role Switch Pending */
196 MGMT_STATUS_FAILED, /* Slot Violation */
197 MGMT_STATUS_FAILED, /* Role Switch Failed */
198 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
199 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
200 MGMT_STATUS_BUSY, /* Host Busy Pairing */
201 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
202 MGMT_STATUS_BUSY, /* Controller Busy */
203 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
204 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
205 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
206 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
207 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
210 static u8 mgmt_status(u8 hci_status)
212 if (hci_status < ARRAY_SIZE(mgmt_status_table))
213 return mgmt_status_table[hci_status];
215 return MGMT_STATUS_FAILED;
218 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
221 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
225 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
226 u16 len, int flag, struct sock *skip_sk)
228 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
232 static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
233 u16 len, struct sock *skip_sk)
235 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
236 HCI_MGMT_GENERIC_EVENTS, skip_sk);
239 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
240 struct sock *skip_sk)
242 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
243 HCI_SOCK_TRUSTED, skip_sk);
246 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
249 struct mgmt_rp_read_version rp;
251 BT_DBG("sock %p", sk);
253 rp.version = MGMT_VERSION;
254 rp.revision = cpu_to_le16(MGMT_REVISION);
256 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
260 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
263 struct mgmt_rp_read_commands *rp;
264 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
265 const u16 num_events = ARRAY_SIZE(mgmt_events);
270 BT_DBG("sock %p", sk);
272 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
274 rp = kmalloc(rp_size, GFP_KERNEL);
278 rp->num_commands = cpu_to_le16(num_commands);
279 rp->num_events = cpu_to_le16(num_events);
281 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
282 put_unaligned_le16(mgmt_commands[i], opcode);
284 for (i = 0; i < num_events; i++, opcode++)
285 put_unaligned_le16(mgmt_events[i], opcode);
287 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
294 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
297 struct mgmt_rp_read_index_list *rp;
303 BT_DBG("sock %p", sk);
305 read_lock(&hci_dev_list_lock);
308 list_for_each_entry(d, &hci_dev_list, list) {
309 if (d->dev_type == HCI_BREDR &&
310 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
314 rp_len = sizeof(*rp) + (2 * count);
315 rp = kmalloc(rp_len, GFP_ATOMIC);
317 read_unlock(&hci_dev_list_lock);
322 list_for_each_entry(d, &hci_dev_list, list) {
323 if (hci_dev_test_flag(d, HCI_SETUP) ||
324 hci_dev_test_flag(d, HCI_CONFIG) ||
325 hci_dev_test_flag(d, HCI_USER_CHANNEL))
328 /* Devices marked as raw-only are neither configured
329 * nor unconfigured controllers.
331 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
334 if (d->dev_type == HCI_BREDR &&
335 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
336 rp->index[count++] = cpu_to_le16(d->id);
337 BT_DBG("Added hci%u", d->id);
341 rp->num_controllers = cpu_to_le16(count);
342 rp_len = sizeof(*rp) + (2 * count);
344 read_unlock(&hci_dev_list_lock);
346 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
354 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
355 void *data, u16 data_len)
357 struct mgmt_rp_read_unconf_index_list *rp;
363 BT_DBG("sock %p", sk);
365 read_lock(&hci_dev_list_lock);
368 list_for_each_entry(d, &hci_dev_list, list) {
369 if (d->dev_type == HCI_BREDR &&
370 hci_dev_test_flag(d, HCI_UNCONFIGURED))
374 rp_len = sizeof(*rp) + (2 * count);
375 rp = kmalloc(rp_len, GFP_ATOMIC);
377 read_unlock(&hci_dev_list_lock);
382 list_for_each_entry(d, &hci_dev_list, list) {
383 if (hci_dev_test_flag(d, HCI_SETUP) ||
384 hci_dev_test_flag(d, HCI_CONFIG) ||
385 hci_dev_test_flag(d, HCI_USER_CHANNEL))
388 /* Devices marked as raw-only are neither configured
389 * nor unconfigured controllers.
391 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
394 if (d->dev_type == HCI_BREDR &&
395 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
396 rp->index[count++] = cpu_to_le16(d->id);
397 BT_DBG("Added hci%u", d->id);
401 rp->num_controllers = cpu_to_le16(count);
402 rp_len = sizeof(*rp) + (2 * count);
404 read_unlock(&hci_dev_list_lock);
406 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
407 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
414 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
415 void *data, u16 data_len)
417 struct mgmt_rp_read_ext_index_list *rp;
423 BT_DBG("sock %p", sk);
425 read_lock(&hci_dev_list_lock);
428 list_for_each_entry(d, &hci_dev_list, list) {
429 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
433 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
434 rp = kmalloc(rp_len, GFP_ATOMIC);
436 read_unlock(&hci_dev_list_lock);
441 list_for_each_entry(d, &hci_dev_list, list) {
442 if (hci_dev_test_flag(d, HCI_SETUP) ||
443 hci_dev_test_flag(d, HCI_CONFIG) ||
444 hci_dev_test_flag(d, HCI_USER_CHANNEL))
447 /* Devices marked as raw-only are neither configured
448 * nor unconfigured controllers.
450 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
453 if (d->dev_type == HCI_BREDR) {
454 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
455 rp->entry[count].type = 0x01;
457 rp->entry[count].type = 0x00;
458 } else if (d->dev_type == HCI_AMP) {
459 rp->entry[count].type = 0x02;
464 rp->entry[count].bus = d->bus;
465 rp->entry[count++].index = cpu_to_le16(d->id);
466 BT_DBG("Added hci%u", d->id);
469 rp->num_controllers = cpu_to_le16(count);
470 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
472 read_unlock(&hci_dev_list_lock);
474 /* If this command is called at least once, then all the
475 * default index and unconfigured index events are disabled
476 * and from now on only extended index events are used.
478 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
479 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
480 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
482 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
483 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
490 static bool is_configured(struct hci_dev *hdev)
492 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
493 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
496 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
497 !bacmp(&hdev->public_addr, BDADDR_ANY))
503 static __le32 get_missing_options(struct hci_dev *hdev)
507 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
508 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
509 options |= MGMT_OPTION_EXTERNAL_CONFIG;
511 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
512 !bacmp(&hdev->public_addr, BDADDR_ANY))
513 options |= MGMT_OPTION_PUBLIC_ADDRESS;
515 return cpu_to_le32(options);
518 static int new_options(struct hci_dev *hdev, struct sock *skip)
520 __le32 options = get_missing_options(hdev);
522 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
523 sizeof(options), skip);
526 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
528 __le32 options = get_missing_options(hdev);
530 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
534 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
535 void *data, u16 data_len)
537 struct mgmt_rp_read_config_info rp;
540 BT_DBG("sock %p %s", sk, hdev->name);
544 memset(&rp, 0, sizeof(rp));
545 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
547 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
548 options |= MGMT_OPTION_EXTERNAL_CONFIG;
550 if (hdev->set_bdaddr)
551 options |= MGMT_OPTION_PUBLIC_ADDRESS;
553 rp.supported_options = cpu_to_le32(options);
554 rp.missing_options = get_missing_options(hdev);
556 hci_dev_unlock(hdev);
558 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
562 static u32 get_supported_settings(struct hci_dev *hdev)
566 settings |= MGMT_SETTING_POWERED;
567 settings |= MGMT_SETTING_BONDABLE;
568 settings |= MGMT_SETTING_DEBUG_KEYS;
569 settings |= MGMT_SETTING_CONNECTABLE;
570 settings |= MGMT_SETTING_DISCOVERABLE;
572 if (lmp_bredr_capable(hdev)) {
573 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
574 settings |= MGMT_SETTING_FAST_CONNECTABLE;
575 settings |= MGMT_SETTING_BREDR;
576 settings |= MGMT_SETTING_LINK_SECURITY;
578 if (lmp_ssp_capable(hdev)) {
579 settings |= MGMT_SETTING_SSP;
580 settings |= MGMT_SETTING_HS;
583 if (lmp_sc_capable(hdev))
584 settings |= MGMT_SETTING_SECURE_CONN;
587 if (lmp_le_capable(hdev)) {
588 settings |= MGMT_SETTING_LE;
589 settings |= MGMT_SETTING_ADVERTISING;
590 settings |= MGMT_SETTING_SECURE_CONN;
591 settings |= MGMT_SETTING_PRIVACY;
592 settings |= MGMT_SETTING_STATIC_ADDRESS;
595 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
597 settings |= MGMT_SETTING_CONFIGURATION;
602 static u32 get_current_settings(struct hci_dev *hdev)
606 if (hdev_is_powered(hdev))
607 settings |= MGMT_SETTING_POWERED;
609 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
610 settings |= MGMT_SETTING_CONNECTABLE;
612 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
613 settings |= MGMT_SETTING_FAST_CONNECTABLE;
615 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
616 settings |= MGMT_SETTING_DISCOVERABLE;
618 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
619 settings |= MGMT_SETTING_BONDABLE;
621 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
622 settings |= MGMT_SETTING_BREDR;
624 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
625 settings |= MGMT_SETTING_LE;
627 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
628 settings |= MGMT_SETTING_LINK_SECURITY;
630 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
631 settings |= MGMT_SETTING_SSP;
633 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
634 settings |= MGMT_SETTING_HS;
636 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
637 settings |= MGMT_SETTING_ADVERTISING;
639 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
640 settings |= MGMT_SETTING_SECURE_CONN;
642 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
643 settings |= MGMT_SETTING_DEBUG_KEYS;
645 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
646 settings |= MGMT_SETTING_PRIVACY;
648 /* The current setting for static address has two purposes. The
649 * first is to indicate if the static address will be used and
650 * the second is to indicate if it is actually set.
652 * This means if the static address is not configured, this flag
653 * will never bet set. If the address is configured, then if the
654 * address is actually used decides if the flag is set or not.
656 * For single mode LE only controllers and dual-mode controllers
657 * with BR/EDR disabled, the existence of the static address will
660 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
661 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
662 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
663 if (bacmp(&hdev->static_addr, BDADDR_ANY))
664 settings |= MGMT_SETTING_STATIC_ADDRESS;
670 #define PNP_INFO_SVCLASS_ID 0x1200
672 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
674 u8 *ptr = data, *uuids_start = NULL;
675 struct bt_uuid *uuid;
680 list_for_each_entry(uuid, &hdev->uuids, list) {
683 if (uuid->size != 16)
686 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
690 if (uuid16 == PNP_INFO_SVCLASS_ID)
696 uuids_start[1] = EIR_UUID16_ALL;
700 /* Stop if not enough space to put next UUID */
701 if ((ptr - data) + sizeof(u16) > len) {
702 uuids_start[1] = EIR_UUID16_SOME;
706 *ptr++ = (uuid16 & 0x00ff);
707 *ptr++ = (uuid16 & 0xff00) >> 8;
708 uuids_start[0] += sizeof(uuid16);
714 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
716 u8 *ptr = data, *uuids_start = NULL;
717 struct bt_uuid *uuid;
722 list_for_each_entry(uuid, &hdev->uuids, list) {
723 if (uuid->size != 32)
729 uuids_start[1] = EIR_UUID32_ALL;
733 /* Stop if not enough space to put next UUID */
734 if ((ptr - data) + sizeof(u32) > len) {
735 uuids_start[1] = EIR_UUID32_SOME;
739 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
741 uuids_start[0] += sizeof(u32);
747 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
749 u8 *ptr = data, *uuids_start = NULL;
750 struct bt_uuid *uuid;
755 list_for_each_entry(uuid, &hdev->uuids, list) {
756 if (uuid->size != 128)
762 uuids_start[1] = EIR_UUID128_ALL;
766 /* Stop if not enough space to put next UUID */
767 if ((ptr - data) + 16 > len) {
768 uuids_start[1] = EIR_UUID128_SOME;
772 memcpy(ptr, uuid->uuid, 16);
774 uuids_start[0] += 16;
780 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
782 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
785 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
786 struct hci_dev *hdev,
789 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
792 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
797 name_len = strlen(hdev->dev_name);
799 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
801 if (name_len > max_len) {
803 ptr[1] = EIR_NAME_SHORT;
805 ptr[1] = EIR_NAME_COMPLETE;
807 ptr[0] = name_len + 1;
809 memcpy(ptr + 2, hdev->dev_name, name_len);
811 ad_len += (name_len + 2);
812 ptr += (name_len + 2);
818 static void update_scan_rsp_data(struct hci_request *req)
820 struct hci_dev *hdev = req->hdev;
821 struct hci_cp_le_set_scan_rsp_data cp;
824 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
827 memset(&cp, 0, sizeof(cp));
829 len = create_scan_rsp_data(hdev, cp.data);
831 if (hdev->scan_rsp_data_len == len &&
832 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
835 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
836 hdev->scan_rsp_data_len = len;
840 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
843 static u8 get_adv_discov_flags(struct hci_dev *hdev)
845 struct mgmt_pending_cmd *cmd;
847 /* If there's a pending mgmt command the flags will not yet have
848 * their final values, so check for this first.
850 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
852 struct mgmt_mode *cp = cmd->param;
854 return LE_AD_GENERAL;
855 else if (cp->val == 0x02)
856 return LE_AD_LIMITED;
858 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
859 return LE_AD_LIMITED;
860 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
861 return LE_AD_GENERAL;
867 static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
869 u8 ad_len = 0, flags = 0;
871 flags |= get_adv_discov_flags(hdev);
873 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
874 flags |= LE_AD_NO_BREDR;
877 BT_DBG("adv flags 0x%02x", flags);
887 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
889 ptr[1] = EIR_TX_POWER;
890 ptr[2] = (u8) hdev->adv_tx_power;
899 static void update_adv_data(struct hci_request *req)
901 struct hci_dev *hdev = req->hdev;
902 struct hci_cp_le_set_adv_data cp;
905 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
908 memset(&cp, 0, sizeof(cp));
910 len = create_adv_data(hdev, cp.data);
912 if (hdev->adv_data_len == len &&
913 memcmp(cp.data, hdev->adv_data, len) == 0)
916 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
917 hdev->adv_data_len = len;
921 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
924 int mgmt_update_adv_data(struct hci_dev *hdev)
926 struct hci_request req;
928 hci_req_init(&req, hdev);
929 update_adv_data(&req);
931 return hci_req_run(&req, NULL);
934 static void create_eir(struct hci_dev *hdev, u8 *data)
939 name_len = strlen(hdev->dev_name);
945 ptr[1] = EIR_NAME_SHORT;
947 ptr[1] = EIR_NAME_COMPLETE;
949 /* EIR Data length */
950 ptr[0] = name_len + 1;
952 memcpy(ptr + 2, hdev->dev_name, name_len);
954 ptr += (name_len + 2);
957 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
959 ptr[1] = EIR_TX_POWER;
960 ptr[2] = (u8) hdev->inq_tx_power;
965 if (hdev->devid_source > 0) {
967 ptr[1] = EIR_DEVICE_ID;
969 put_unaligned_le16(hdev->devid_source, ptr + 2);
970 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
971 put_unaligned_le16(hdev->devid_product, ptr + 6);
972 put_unaligned_le16(hdev->devid_version, ptr + 8);
977 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
978 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
979 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
982 static void update_eir(struct hci_request *req)
984 struct hci_dev *hdev = req->hdev;
985 struct hci_cp_write_eir cp;
987 if (!hdev_is_powered(hdev))
990 if (!lmp_ext_inq_capable(hdev))
993 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
996 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
999 memset(&cp, 0, sizeof(cp));
1001 create_eir(hdev, cp.data);
1003 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
1006 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1008 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
1011 static u8 get_service_classes(struct hci_dev *hdev)
1013 struct bt_uuid *uuid;
1016 list_for_each_entry(uuid, &hdev->uuids, list)
1017 val |= uuid->svc_hint;
1022 static void update_class(struct hci_request *req)
1024 struct hci_dev *hdev = req->hdev;
1027 BT_DBG("%s", hdev->name);
1029 if (!hdev_is_powered(hdev))
1032 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1035 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
1038 cod[0] = hdev->minor_class;
1039 cod[1] = hdev->major_class;
1040 cod[2] = get_service_classes(hdev);
1042 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
1045 if (memcmp(cod, hdev->dev_class, 3) == 0)
1048 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1051 static bool get_connectable(struct hci_dev *hdev)
1053 struct mgmt_pending_cmd *cmd;
1055 /* If there's a pending mgmt command the flag will not yet have
1056 * it's final value, so check for this first.
1058 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1060 struct mgmt_mode *cp = cmd->param;
1064 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
1067 static void disable_advertising(struct hci_request *req)
1071 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1074 static void enable_advertising(struct hci_request *req)
1076 struct hci_dev *hdev = req->hdev;
1077 struct hci_cp_le_set_adv_param cp;
1078 u8 own_addr_type, enable = 0x01;
1081 if (hci_conn_num(hdev, LE_LINK) > 0)
1084 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1085 disable_advertising(req);
1087 /* Clear the HCI_LE_ADV bit temporarily so that the
1088 * hci_update_random_address knows that it's safe to go ahead
1089 * and write a new random address. The flag will be set back on
1090 * as soon as the SET_ADV_ENABLE HCI command completes.
1092 hci_dev_clear_flag(hdev, HCI_LE_ADV);
1094 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
1097 connectable = get_connectable(hdev);
1099 /* Set require_privacy to true only when non-connectable
1100 * advertising is used. In that case it is fine to use a
1101 * non-resolvable private address.
1103 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1106 memset(&cp, 0, sizeof(cp));
1107 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1108 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1109 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1110 cp.own_address_type = own_addr_type;
1111 cp.channel_map = hdev->le_adv_channel_map;
1113 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1115 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1118 static void service_cache_off(struct work_struct *work)
1120 struct hci_dev *hdev = container_of(work, struct hci_dev,
1121 service_cache.work);
1122 struct hci_request req;
1124 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
1127 hci_req_init(&req, hdev);
1134 hci_dev_unlock(hdev);
1136 hci_req_run(&req, NULL);
1139 static void rpa_expired(struct work_struct *work)
1141 struct hci_dev *hdev = container_of(work, struct hci_dev,
1143 struct hci_request req;
1147 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1149 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
1152 /* The generation of a new RPA and programming it into the
1153 * controller happens in the enable_advertising() function.
1155 hci_req_init(&req, hdev);
1156 enable_advertising(&req);
1157 hci_req_run(&req, NULL);
1160 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1162 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
1165 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1166 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1168 /* Non-mgmt controlled devices get this bit set
1169 * implicitly so that pairing works for them, however
1170 * for mgmt we require user-space to explicitly enable
1173 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1176 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1177 void *data, u16 data_len)
1179 struct mgmt_rp_read_info rp;
1181 BT_DBG("sock %p %s", sk, hdev->name);
1185 memset(&rp, 0, sizeof(rp));
1187 bacpy(&rp.bdaddr, &hdev->bdaddr);
1189 rp.version = hdev->hci_ver;
1190 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1192 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1193 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1195 memcpy(rp.dev_class, hdev->dev_class, 3);
1197 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1198 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1200 hci_dev_unlock(hdev);
1202 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1206 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1208 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1210 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1214 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1216 BT_DBG("%s status 0x%02x", hdev->name, status);
1218 if (hci_conn_count(hdev) == 0) {
1219 cancel_delayed_work(&hdev->power_off);
1220 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1224 static bool hci_stop_discovery(struct hci_request *req)
1226 struct hci_dev *hdev = req->hdev;
1227 struct hci_cp_remote_name_req_cancel cp;
1228 struct inquiry_entry *e;
1230 switch (hdev->discovery.state) {
1231 case DISCOVERY_FINDING:
1232 if (test_bit(HCI_INQUIRY, &hdev->flags))
1233 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1235 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1236 cancel_delayed_work(&hdev->le_scan_disable);
1237 hci_req_add_le_scan_disable(req);
1242 case DISCOVERY_RESOLVING:
1243 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1248 bacpy(&cp.bdaddr, &e->data.bdaddr);
1249 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1255 /* Passive scanning */
1256 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
1257 hci_req_add_le_scan_disable(req);
1267 static int clean_up_hci_state(struct hci_dev *hdev)
1269 struct hci_request req;
1270 struct hci_conn *conn;
1271 bool discov_stopped;
1274 hci_req_init(&req, hdev);
1276 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1277 test_bit(HCI_PSCAN, &hdev->flags)) {
1279 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1282 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1283 disable_advertising(&req);
1285 discov_stopped = hci_stop_discovery(&req);
1287 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1288 struct hci_cp_disconnect dc;
1289 struct hci_cp_reject_conn_req rej;
1291 switch (conn->state) {
1294 dc.handle = cpu_to_le16(conn->handle);
1295 dc.reason = 0x15; /* Terminated due to Power Off */
1296 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1299 if (conn->type == LE_LINK)
1300 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1302 else if (conn->type == ACL_LINK)
1303 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1307 bacpy(&rej.bdaddr, &conn->dst);
1308 rej.reason = 0x15; /* Terminated due to Power Off */
1309 if (conn->type == ACL_LINK)
1310 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1312 else if (conn->type == SCO_LINK)
1313 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1319 err = hci_req_run(&req, clean_up_hci_complete);
1320 if (!err && discov_stopped)
1321 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1326 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1329 struct mgmt_mode *cp = data;
1330 struct mgmt_pending_cmd *cmd;
1333 BT_DBG("request for %s", hdev->name);
1335 if (cp->val != 0x00 && cp->val != 0x01)
1336 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1337 MGMT_STATUS_INVALID_PARAMS);
1341 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1342 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1347 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
1348 cancel_delayed_work(&hdev->power_off);
1351 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1353 err = mgmt_powered(hdev, 1);
1358 if (!!cp->val == hdev_is_powered(hdev)) {
1359 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1363 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1370 queue_work(hdev->req_workqueue, &hdev->power_on);
1373 /* Disconnect connections, stop scans, etc */
1374 err = clean_up_hci_state(hdev);
1376 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1377 HCI_POWER_OFF_TIMEOUT);
1379 /* ENODATA means there were no HCI commands queued */
1380 if (err == -ENODATA) {
1381 cancel_delayed_work(&hdev->power_off);
1382 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1388 hci_dev_unlock(hdev);
1392 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1394 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1396 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1400 int mgmt_new_settings(struct hci_dev *hdev)
1402 return new_settings(hdev, NULL);
1407 struct hci_dev *hdev;
1411 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1413 struct cmd_lookup *match = data;
1415 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1417 list_del(&cmd->list);
1419 if (match->sk == NULL) {
1420 match->sk = cmd->sk;
1421 sock_hold(match->sk);
1424 mgmt_pending_free(cmd);
1427 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1431 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1432 mgmt_pending_remove(cmd);
1435 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1437 if (cmd->cmd_complete) {
1440 cmd->cmd_complete(cmd, *status);
1441 mgmt_pending_remove(cmd);
1446 cmd_status_rsp(cmd, data);
1449 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1451 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1452 cmd->param, cmd->param_len);
1455 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1457 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1458 cmd->param, sizeof(struct mgmt_addr_info));
1461 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1463 if (!lmp_bredr_capable(hdev))
1464 return MGMT_STATUS_NOT_SUPPORTED;
1465 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1466 return MGMT_STATUS_REJECTED;
1468 return MGMT_STATUS_SUCCESS;
1471 static u8 mgmt_le_support(struct hci_dev *hdev)
1473 if (!lmp_le_capable(hdev))
1474 return MGMT_STATUS_NOT_SUPPORTED;
1475 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1476 return MGMT_STATUS_REJECTED;
1478 return MGMT_STATUS_SUCCESS;
1481 static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1484 struct mgmt_pending_cmd *cmd;
1485 struct mgmt_mode *cp;
1486 struct hci_request req;
1489 BT_DBG("status 0x%02x", status);
1493 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1498 u8 mgmt_err = mgmt_status(status);
1499 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1500 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1506 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
1508 if (hdev->discov_timeout > 0) {
1509 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1510 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1514 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
1517 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1520 new_settings(hdev, cmd->sk);
1522 /* When the discoverable mode gets changed, make sure
1523 * that class of device has the limited discoverable
1524 * bit correctly set. Also update page scan based on whitelist
1527 hci_req_init(&req, hdev);
1528 __hci_update_page_scan(&req);
1530 hci_req_run(&req, NULL);
1533 mgmt_pending_remove(cmd);
1536 hci_dev_unlock(hdev);
1539 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1542 struct mgmt_cp_set_discoverable *cp = data;
1543 struct mgmt_pending_cmd *cmd;
1544 struct hci_request req;
1549 BT_DBG("request for %s", hdev->name);
1551 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1552 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1553 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1554 MGMT_STATUS_REJECTED);
1556 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1557 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1558 MGMT_STATUS_INVALID_PARAMS);
1560 timeout = __le16_to_cpu(cp->timeout);
1562 /* Disabling discoverable requires that no timeout is set,
1563 * and enabling limited discoverable requires a timeout.
1565 if ((cp->val == 0x00 && timeout > 0) ||
1566 (cp->val == 0x02 && timeout == 0))
1567 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1568 MGMT_STATUS_INVALID_PARAMS);
1572 if (!hdev_is_powered(hdev) && timeout > 0) {
1573 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1574 MGMT_STATUS_NOT_POWERED);
1578 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1579 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1580 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1585 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1586 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1587 MGMT_STATUS_REJECTED);
1591 if (!hdev_is_powered(hdev)) {
1592 bool changed = false;
1594 /* Setting limited discoverable when powered off is
1595 * not a valid operation since it requires a timeout
1596 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1598 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1599 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1603 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1608 err = new_settings(hdev, sk);
1613 /* If the current mode is the same, then just update the timeout
1614 * value with the new value. And if only the timeout gets updated,
1615 * then no need for any HCI transactions.
1617 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1618 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1619 HCI_LIMITED_DISCOVERABLE)) {
1620 cancel_delayed_work(&hdev->discov_off);
1621 hdev->discov_timeout = timeout;
1623 if (cp->val && hdev->discov_timeout > 0) {
1624 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1625 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1629 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1633 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1639 /* Cancel any potential discoverable timeout that might be
1640 * still active and store new timeout value. The arming of
1641 * the timeout happens in the complete handler.
1643 cancel_delayed_work(&hdev->discov_off);
1644 hdev->discov_timeout = timeout;
1646 /* Limited discoverable mode */
1647 if (cp->val == 0x02)
1648 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1650 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1652 hci_req_init(&req, hdev);
1654 /* The procedure for LE-only controllers is much simpler - just
1655 * update the advertising data.
1657 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1663 struct hci_cp_write_current_iac_lap hci_cp;
1665 if (cp->val == 0x02) {
1666 /* Limited discoverable mode */
1667 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1668 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1669 hci_cp.iac_lap[1] = 0x8b;
1670 hci_cp.iac_lap[2] = 0x9e;
1671 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1672 hci_cp.iac_lap[4] = 0x8b;
1673 hci_cp.iac_lap[5] = 0x9e;
1675 /* General discoverable mode */
1677 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1678 hci_cp.iac_lap[1] = 0x8b;
1679 hci_cp.iac_lap[2] = 0x9e;
1682 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1683 (hci_cp.num_iac * 3) + 1, &hci_cp);
1685 scan |= SCAN_INQUIRY;
1687 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1690 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1693 update_adv_data(&req);
1695 err = hci_req_run(&req, set_discoverable_complete);
1697 mgmt_pending_remove(cmd);
1700 hci_dev_unlock(hdev);
1704 static void write_fast_connectable(struct hci_request *req, bool enable)
1706 struct hci_dev *hdev = req->hdev;
1707 struct hci_cp_write_page_scan_activity acp;
1710 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1713 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1717 type = PAGE_SCAN_TYPE_INTERLACED;
1719 /* 160 msec page scan interval */
1720 acp.interval = cpu_to_le16(0x0100);
1722 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1724 /* default 1.28 sec page scan */
1725 acp.interval = cpu_to_le16(0x0800);
1728 acp.window = cpu_to_le16(0x0012);
1730 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1731 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1732 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1735 if (hdev->page_scan_type != type)
1736 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1739 static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1742 struct mgmt_pending_cmd *cmd;
1743 struct mgmt_mode *cp;
1744 bool conn_changed, discov_changed;
1746 BT_DBG("status 0x%02x", status);
1750 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1755 u8 mgmt_err = mgmt_status(status);
1756 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1762 conn_changed = !hci_dev_test_and_set_flag(hdev,
1764 discov_changed = false;
1766 conn_changed = hci_dev_test_and_clear_flag(hdev,
1768 discov_changed = hci_dev_test_and_clear_flag(hdev,
1772 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1774 if (conn_changed || discov_changed) {
1775 new_settings(hdev, cmd->sk);
1776 hci_update_page_scan(hdev);
1778 mgmt_update_adv_data(hdev);
1779 hci_update_background_scan(hdev);
1783 mgmt_pending_remove(cmd);
1786 hci_dev_unlock(hdev);
1789 static int set_connectable_update_settings(struct hci_dev *hdev,
1790 struct sock *sk, u8 val)
1792 bool changed = false;
1795 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1799 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1801 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1802 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1805 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1810 hci_update_page_scan(hdev);
1811 hci_update_background_scan(hdev);
1812 return new_settings(hdev, sk);
1818 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1821 struct mgmt_mode *cp = data;
1822 struct mgmt_pending_cmd *cmd;
1823 struct hci_request req;
1827 BT_DBG("request for %s", hdev->name);
1829 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1830 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1831 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1832 MGMT_STATUS_REJECTED);
1834 if (cp->val != 0x00 && cp->val != 0x01)
1835 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1836 MGMT_STATUS_INVALID_PARAMS);
1840 if (!hdev_is_powered(hdev)) {
1841 err = set_connectable_update_settings(hdev, sk, cp->val);
1845 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1846 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1847 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1852 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1858 hci_req_init(&req, hdev);
1860 /* If BR/EDR is not enabled and we disable advertising as a
1861 * by-product of disabling connectable, we need to update the
1862 * advertising flags.
1864 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1866 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1867 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1869 update_adv_data(&req);
1870 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1874 /* If we don't have any whitelist entries just
1875 * disable all scanning. If there are entries
1876 * and we had both page and inquiry scanning
1877 * enabled then fall back to only page scanning.
1878 * Otherwise no changes are needed.
1880 if (list_empty(&hdev->whitelist))
1881 scan = SCAN_DISABLED;
1882 else if (test_bit(HCI_ISCAN, &hdev->flags))
1885 goto no_scan_update;
1887 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1888 hdev->discov_timeout > 0)
1889 cancel_delayed_work(&hdev->discov_off);
1892 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1896 /* Update the advertising parameters if necessary */
1897 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
1898 enable_advertising(&req);
1900 err = hci_req_run(&req, set_connectable_complete);
1902 mgmt_pending_remove(cmd);
1903 if (err == -ENODATA)
1904 err = set_connectable_update_settings(hdev, sk,
1910 hci_dev_unlock(hdev);
1914 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1917 struct mgmt_mode *cp = data;
1921 BT_DBG("request for %s", hdev->name);
1923 if (cp->val != 0x00 && cp->val != 0x01)
1924 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1925 MGMT_STATUS_INVALID_PARAMS);
1930 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1932 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1934 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1939 err = new_settings(hdev, sk);
1942 hci_dev_unlock(hdev);
1946 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1949 struct mgmt_mode *cp = data;
1950 struct mgmt_pending_cmd *cmd;
1954 BT_DBG("request for %s", hdev->name);
1956 status = mgmt_bredr_support(hdev);
1958 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1961 if (cp->val != 0x00 && cp->val != 0x01)
1962 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1963 MGMT_STATUS_INVALID_PARAMS);
1967 if (!hdev_is_powered(hdev)) {
1968 bool changed = false;
1970 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1971 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1975 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1980 err = new_settings(hdev, sk);
1985 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1986 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1993 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1994 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1998 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2004 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2006 mgmt_pending_remove(cmd);
2011 hci_dev_unlock(hdev);
2015 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2017 struct mgmt_mode *cp = data;
2018 struct mgmt_pending_cmd *cmd;
2022 BT_DBG("request for %s", hdev->name);
2024 status = mgmt_bredr_support(hdev);
2026 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2028 if (!lmp_ssp_capable(hdev))
2029 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2030 MGMT_STATUS_NOT_SUPPORTED);
2032 if (cp->val != 0x00 && cp->val != 0x01)
2033 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2034 MGMT_STATUS_INVALID_PARAMS);
2038 if (!hdev_is_powered(hdev)) {
2042 changed = !hci_dev_test_and_set_flag(hdev,
2045 changed = hci_dev_test_and_clear_flag(hdev,
2048 changed = hci_dev_test_and_clear_flag(hdev,
2051 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
2054 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2059 err = new_settings(hdev, sk);
2064 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2065 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2070 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
2071 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2075 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2081 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
2082 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2083 sizeof(cp->val), &cp->val);
2085 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2087 mgmt_pending_remove(cmd);
2092 hci_dev_unlock(hdev);
2096 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2098 struct mgmt_mode *cp = data;
2103 BT_DBG("request for %s", hdev->name);
2105 status = mgmt_bredr_support(hdev);
2107 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2109 if (!lmp_ssp_capable(hdev))
2110 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2111 MGMT_STATUS_NOT_SUPPORTED);
2113 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
2114 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2115 MGMT_STATUS_REJECTED);
2117 if (cp->val != 0x00 && cp->val != 0x01)
2118 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2119 MGMT_STATUS_INVALID_PARAMS);
2123 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2124 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2130 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
2132 if (hdev_is_powered(hdev)) {
2133 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2134 MGMT_STATUS_REJECTED);
2138 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
2141 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2146 err = new_settings(hdev, sk);
2149 hci_dev_unlock(hdev);
2153 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2155 struct cmd_lookup match = { NULL, hdev };
2160 u8 mgmt_err = mgmt_status(status);
2162 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2167 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2169 new_settings(hdev, match.sk);
2174 /* Make sure the controller has a good default for
2175 * advertising data. Restrict the update to when LE
2176 * has actually been enabled. During power on, the
2177 * update in powered_update_hci will take care of it.
2179 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2180 struct hci_request req;
2182 hci_req_init(&req, hdev);
2183 update_adv_data(&req);
2184 update_scan_rsp_data(&req);
2185 __hci_update_background_scan(&req);
2186 hci_req_run(&req, NULL);
2190 hci_dev_unlock(hdev);
2193 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2195 struct mgmt_mode *cp = data;
2196 struct hci_cp_write_le_host_supported hci_cp;
2197 struct mgmt_pending_cmd *cmd;
2198 struct hci_request req;
2202 BT_DBG("request for %s", hdev->name);
2204 if (!lmp_le_capable(hdev))
2205 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2206 MGMT_STATUS_NOT_SUPPORTED);
2208 if (cp->val != 0x00 && cp->val != 0x01)
2209 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2210 MGMT_STATUS_INVALID_PARAMS);
2212 /* Bluetooth single mode LE only controllers or dual-mode
2213 * controllers configured as LE only devices, do not allow
2214 * switching LE off. These have either LE enabled explicitly
2215 * or BR/EDR has been previously switched off.
2217 * When trying to enable an already enabled LE, then gracefully
2218 * send a positive response. Trying to disable it however will
2219 * result into rejection.
2221 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2222 if (cp->val == 0x01)
2223 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2225 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2226 MGMT_STATUS_REJECTED);
2232 enabled = lmp_host_le_capable(hdev);
2234 if (!hdev_is_powered(hdev) || val == enabled) {
2235 bool changed = false;
2237 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2238 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
2242 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2243 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
2247 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2252 err = new_settings(hdev, sk);
2257 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2258 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2259 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2264 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2270 hci_req_init(&req, hdev);
2272 memset(&hci_cp, 0, sizeof(hci_cp));
2276 hci_cp.simul = 0x00;
2278 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2279 disable_advertising(&req);
2282 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2285 err = hci_req_run(&req, le_enable_complete);
2287 mgmt_pending_remove(cmd);
2290 hci_dev_unlock(hdev);
2294 /* This is a helper function to test for pending mgmt commands that can
2295 * cause CoD or EIR HCI commands. We can only allow one such pending
2296 * mgmt command at a time since otherwise we cannot easily track what
2297 * the current values are, will be, and based on that calculate if a new
2298 * HCI command needs to be sent and if yes with what value.
2300 static bool pending_eir_or_class(struct hci_dev *hdev)
2302 struct mgmt_pending_cmd *cmd;
2304 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2305 switch (cmd->opcode) {
2306 case MGMT_OP_ADD_UUID:
2307 case MGMT_OP_REMOVE_UUID:
2308 case MGMT_OP_SET_DEV_CLASS:
2309 case MGMT_OP_SET_POWERED:
2317 static const u8 bluetooth_base_uuid[] = {
2318 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2319 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2322 static u8 get_uuid_size(const u8 *uuid)
2326 if (memcmp(uuid, bluetooth_base_uuid, 12))
2329 val = get_unaligned_le32(&uuid[12]);
2336 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2338 struct mgmt_pending_cmd *cmd;
2342 cmd = pending_find(mgmt_op, hdev);
2346 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2347 mgmt_status(status), hdev->dev_class, 3);
2349 mgmt_pending_remove(cmd);
2352 hci_dev_unlock(hdev);
2355 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2357 BT_DBG("status 0x%02x", status);
2359 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2362 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2364 struct mgmt_cp_add_uuid *cp = data;
2365 struct mgmt_pending_cmd *cmd;
2366 struct hci_request req;
2367 struct bt_uuid *uuid;
2370 BT_DBG("request for %s", hdev->name);
2374 if (pending_eir_or_class(hdev)) {
2375 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2380 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2386 memcpy(uuid->uuid, cp->uuid, 16);
2387 uuid->svc_hint = cp->svc_hint;
2388 uuid->size = get_uuid_size(cp->uuid);
2390 list_add_tail(&uuid->list, &hdev->uuids);
2392 hci_req_init(&req, hdev);
2397 err = hci_req_run(&req, add_uuid_complete);
2399 if (err != -ENODATA)
2402 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2403 hdev->dev_class, 3);
2407 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2416 hci_dev_unlock(hdev);
2420 static bool enable_service_cache(struct hci_dev *hdev)
2422 if (!hdev_is_powered(hdev))
2425 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2426 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2434 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2436 BT_DBG("status 0x%02x", status);
2438 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2441 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2444 struct mgmt_cp_remove_uuid *cp = data;
2445 struct mgmt_pending_cmd *cmd;
2446 struct bt_uuid *match, *tmp;
2447 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2448 struct hci_request req;
2451 BT_DBG("request for %s", hdev->name);
2455 if (pending_eir_or_class(hdev)) {
2456 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2461 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2462 hci_uuids_clear(hdev);
2464 if (enable_service_cache(hdev)) {
2465 err = mgmt_cmd_complete(sk, hdev->id,
2466 MGMT_OP_REMOVE_UUID,
2467 0, hdev->dev_class, 3);
2476 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2477 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2480 list_del(&match->list);
2486 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2487 MGMT_STATUS_INVALID_PARAMS);
2492 hci_req_init(&req, hdev);
2497 err = hci_req_run(&req, remove_uuid_complete);
2499 if (err != -ENODATA)
2502 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2503 hdev->dev_class, 3);
2507 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2516 hci_dev_unlock(hdev);
2520 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2522 BT_DBG("status 0x%02x", status);
2524 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2527 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2530 struct mgmt_cp_set_dev_class *cp = data;
2531 struct mgmt_pending_cmd *cmd;
2532 struct hci_request req;
2535 BT_DBG("request for %s", hdev->name);
2537 if (!lmp_bredr_capable(hdev))
2538 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2539 MGMT_STATUS_NOT_SUPPORTED);
2543 if (pending_eir_or_class(hdev)) {
2544 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2549 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2550 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2551 MGMT_STATUS_INVALID_PARAMS);
2555 hdev->major_class = cp->major;
2556 hdev->minor_class = cp->minor;
2558 if (!hdev_is_powered(hdev)) {
2559 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2560 hdev->dev_class, 3);
2564 hci_req_init(&req, hdev);
2566 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2567 hci_dev_unlock(hdev);
2568 cancel_delayed_work_sync(&hdev->service_cache);
2575 err = hci_req_run(&req, set_class_complete);
2577 if (err != -ENODATA)
2580 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2581 hdev->dev_class, 3);
2585 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2594 hci_dev_unlock(hdev);
2598 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2601 struct mgmt_cp_load_link_keys *cp = data;
2602 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2603 sizeof(struct mgmt_link_key_info));
2604 u16 key_count, expected_len;
2608 BT_DBG("request for %s", hdev->name);
2610 if (!lmp_bredr_capable(hdev))
2611 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2612 MGMT_STATUS_NOT_SUPPORTED);
2614 key_count = __le16_to_cpu(cp->key_count);
2615 if (key_count > max_key_count) {
2616 BT_ERR("load_link_keys: too big key_count value %u",
2618 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2619 MGMT_STATUS_INVALID_PARAMS);
2622 expected_len = sizeof(*cp) + key_count *
2623 sizeof(struct mgmt_link_key_info);
2624 if (expected_len != len) {
2625 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2627 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2628 MGMT_STATUS_INVALID_PARAMS);
2631 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2632 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2633 MGMT_STATUS_INVALID_PARAMS);
2635 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2638 for (i = 0; i < key_count; i++) {
2639 struct mgmt_link_key_info *key = &cp->keys[i];
2641 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2642 return mgmt_cmd_status(sk, hdev->id,
2643 MGMT_OP_LOAD_LINK_KEYS,
2644 MGMT_STATUS_INVALID_PARAMS);
2649 hci_link_keys_clear(hdev);
2652 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2654 changed = hci_dev_test_and_clear_flag(hdev,
2655 HCI_KEEP_DEBUG_KEYS);
2658 new_settings(hdev, NULL);
2660 for (i = 0; i < key_count; i++) {
2661 struct mgmt_link_key_info *key = &cp->keys[i];
2663 /* Always ignore debug keys and require a new pairing if
2664 * the user wants to use them.
2666 if (key->type == HCI_LK_DEBUG_COMBINATION)
2669 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2670 key->type, key->pin_len, NULL);
2673 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2675 hci_dev_unlock(hdev);
2680 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2681 u8 addr_type, struct sock *skip_sk)
2683 struct mgmt_ev_device_unpaired ev;
2685 bacpy(&ev.addr.bdaddr, bdaddr);
2686 ev.addr.type = addr_type;
2688 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2692 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2695 struct mgmt_cp_unpair_device *cp = data;
2696 struct mgmt_rp_unpair_device rp;
2697 struct hci_cp_disconnect dc;
2698 struct mgmt_pending_cmd *cmd;
2699 struct hci_conn *conn;
2702 memset(&rp, 0, sizeof(rp));
2703 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2704 rp.addr.type = cp->addr.type;
2706 if (!bdaddr_type_is_valid(cp->addr.type))
2707 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2708 MGMT_STATUS_INVALID_PARAMS,
2711 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2712 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2713 MGMT_STATUS_INVALID_PARAMS,
2718 if (!hdev_is_powered(hdev)) {
2719 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2720 MGMT_STATUS_NOT_POWERED, &rp,
2725 if (cp->addr.type == BDADDR_BREDR) {
2726 /* If disconnection is requested, then look up the
2727 * connection. If the remote device is connected, it
2728 * will be later used to terminate the link.
2730 * Setting it to NULL explicitly will cause no
2731 * termination of the link.
2734 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2739 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2743 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2746 /* Defer clearing up the connection parameters
2747 * until closing to give a chance of keeping
2748 * them if a repairing happens.
2750 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2752 /* If disconnection is not requested, then
2753 * clear the connection variable so that the
2754 * link is not terminated.
2756 if (!cp->disconnect)
2760 if (cp->addr.type == BDADDR_LE_PUBLIC)
2761 addr_type = ADDR_LE_DEV_PUBLIC;
2763 addr_type = ADDR_LE_DEV_RANDOM;
2765 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2767 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2771 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2772 MGMT_STATUS_NOT_PAIRED, &rp,
2777 /* If the connection variable is set, then termination of the
2778 * link is requested.
2781 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2783 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2787 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2794 cmd->cmd_complete = addr_cmd_complete;
2796 dc.handle = cpu_to_le16(conn->handle);
2797 dc.reason = 0x13; /* Remote User Terminated Connection */
2798 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2800 mgmt_pending_remove(cmd);
2803 hci_dev_unlock(hdev);
2807 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2810 struct mgmt_cp_disconnect *cp = data;
2811 struct mgmt_rp_disconnect rp;
2812 struct mgmt_pending_cmd *cmd;
2813 struct hci_conn *conn;
2818 memset(&rp, 0, sizeof(rp));
2819 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2820 rp.addr.type = cp->addr.type;
2822 if (!bdaddr_type_is_valid(cp->addr.type))
2823 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2824 MGMT_STATUS_INVALID_PARAMS,
2829 if (!test_bit(HCI_UP, &hdev->flags)) {
2830 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2831 MGMT_STATUS_NOT_POWERED, &rp,
2836 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2837 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2838 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2842 if (cp->addr.type == BDADDR_BREDR)
2843 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2846 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2848 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2849 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2850 MGMT_STATUS_NOT_CONNECTED, &rp,
2855 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2861 cmd->cmd_complete = generic_cmd_complete;
2863 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2865 mgmt_pending_remove(cmd);
2868 hci_dev_unlock(hdev);
2872 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2874 switch (link_type) {
2876 switch (addr_type) {
2877 case ADDR_LE_DEV_PUBLIC:
2878 return BDADDR_LE_PUBLIC;
2881 /* Fallback to LE Random address type */
2882 return BDADDR_LE_RANDOM;
2886 /* Fallback to BR/EDR type */
2887 return BDADDR_BREDR;
2891 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2894 struct mgmt_rp_get_connections *rp;
2904 if (!hdev_is_powered(hdev)) {
2905 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2906 MGMT_STATUS_NOT_POWERED);
2911 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2912 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2916 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2917 rp = kmalloc(rp_len, GFP_KERNEL);
2924 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2925 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2927 bacpy(&rp->addr[i].bdaddr, &c->dst);
2928 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2929 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2934 rp->conn_count = cpu_to_le16(i);
2936 /* Recalculate length in case of filtered SCO connections, etc */
2937 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2939 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2945 hci_dev_unlock(hdev);
2949 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2950 struct mgmt_cp_pin_code_neg_reply *cp)
2952 struct mgmt_pending_cmd *cmd;
2955 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2960 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2961 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2963 mgmt_pending_remove(cmd);
2968 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2971 struct hci_conn *conn;
2972 struct mgmt_cp_pin_code_reply *cp = data;
2973 struct hci_cp_pin_code_reply reply;
2974 struct mgmt_pending_cmd *cmd;
2981 if (!hdev_is_powered(hdev)) {
2982 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2983 MGMT_STATUS_NOT_POWERED);
2987 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2989 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2990 MGMT_STATUS_NOT_CONNECTED);
2994 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2995 struct mgmt_cp_pin_code_neg_reply ncp;
2997 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2999 BT_ERR("PIN code is not 16 bytes long");
3001 err = send_pin_code_neg_reply(sk, hdev, &ncp);
3003 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3004 MGMT_STATUS_INVALID_PARAMS);
3009 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3015 cmd->cmd_complete = addr_cmd_complete;
3017 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3018 reply.pin_len = cp->pin_len;
3019 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3021 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3023 mgmt_pending_remove(cmd);
3026 hci_dev_unlock(hdev);
3030 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3033 struct mgmt_cp_set_io_capability *cp = data;
3037 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3038 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3039 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3043 hdev->io_capability = cp->io_capability;
3045 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3046 hdev->io_capability);
3048 hci_dev_unlock(hdev);
3050 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3054 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
3056 struct hci_dev *hdev = conn->hdev;
3057 struct mgmt_pending_cmd *cmd;
3059 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3060 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3063 if (cmd->user_data != conn)
3072 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
3074 struct mgmt_rp_pair_device rp;
3075 struct hci_conn *conn = cmd->user_data;
3078 bacpy(&rp.addr.bdaddr, &conn->dst);
3079 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3081 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3082 status, &rp, sizeof(rp));
3084 /* So we don't get further callbacks for this connection */
3085 conn->connect_cfm_cb = NULL;
3086 conn->security_cfm_cb = NULL;
3087 conn->disconn_cfm_cb = NULL;
3089 hci_conn_drop(conn);
3091 /* The device is paired so there is no need to remove
3092 * its connection parameters anymore.
3094 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3101 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3103 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3104 struct mgmt_pending_cmd *cmd;
3106 cmd = find_pairing(conn);
3108 cmd->cmd_complete(cmd, status);
3109 mgmt_pending_remove(cmd);
3113 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3115 struct mgmt_pending_cmd *cmd;
3117 BT_DBG("status %u", status);
3119 cmd = find_pairing(conn);
3121 BT_DBG("Unable to find a pending command");
3125 cmd->cmd_complete(cmd, mgmt_status(status));
3126 mgmt_pending_remove(cmd);
3129 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3131 struct mgmt_pending_cmd *cmd;
3133 BT_DBG("status %u", status);
3138 cmd = find_pairing(conn);
3140 BT_DBG("Unable to find a pending command");
3144 cmd->cmd_complete(cmd, mgmt_status(status));
3145 mgmt_pending_remove(cmd);
3148 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3151 struct mgmt_cp_pair_device *cp = data;
3152 struct mgmt_rp_pair_device rp;
3153 struct mgmt_pending_cmd *cmd;
3154 u8 sec_level, auth_type;
3155 struct hci_conn *conn;
3160 memset(&rp, 0, sizeof(rp));
3161 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3162 rp.addr.type = cp->addr.type;
3164 if (!bdaddr_type_is_valid(cp->addr.type))
3165 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3166 MGMT_STATUS_INVALID_PARAMS,
3169 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3170 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3171 MGMT_STATUS_INVALID_PARAMS,
3176 if (!hdev_is_powered(hdev)) {
3177 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3178 MGMT_STATUS_NOT_POWERED, &rp,
3183 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3184 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3185 MGMT_STATUS_ALREADY_PAIRED, &rp,
3190 sec_level = BT_SECURITY_MEDIUM;
3191 auth_type = HCI_AT_DEDICATED_BONDING;
3193 if (cp->addr.type == BDADDR_BREDR) {
3194 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3199 /* Convert from L2CAP channel address type to HCI address type
3201 if (cp->addr.type == BDADDR_LE_PUBLIC)
3202 addr_type = ADDR_LE_DEV_PUBLIC;
3204 addr_type = ADDR_LE_DEV_RANDOM;
3206 /* When pairing a new device, it is expected to remember
3207 * this device for future connections. Adding the connection
3208 * parameter information ahead of time allows tracking
3209 * of the slave preferred values and will speed up any
3210 * further connection establishment.
3212 * If connection parameters already exist, then they
3213 * will be kept and this function does nothing.
3215 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3217 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3218 sec_level, HCI_LE_CONN_TIMEOUT,
3225 if (PTR_ERR(conn) == -EBUSY)
3226 status = MGMT_STATUS_BUSY;
3227 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3228 status = MGMT_STATUS_NOT_SUPPORTED;
3229 else if (PTR_ERR(conn) == -ECONNREFUSED)
3230 status = MGMT_STATUS_REJECTED;
3232 status = MGMT_STATUS_CONNECT_FAILED;
3234 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3235 status, &rp, sizeof(rp));
3239 if (conn->connect_cfm_cb) {
3240 hci_conn_drop(conn);
3241 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3242 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3246 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3249 hci_conn_drop(conn);
3253 cmd->cmd_complete = pairing_complete;
3255 /* For LE, just connecting isn't a proof that the pairing finished */
3256 if (cp->addr.type == BDADDR_BREDR) {
3257 conn->connect_cfm_cb = pairing_complete_cb;
3258 conn->security_cfm_cb = pairing_complete_cb;
3259 conn->disconn_cfm_cb = pairing_complete_cb;
3261 conn->connect_cfm_cb = le_pairing_complete_cb;
3262 conn->security_cfm_cb = le_pairing_complete_cb;
3263 conn->disconn_cfm_cb = le_pairing_complete_cb;
3266 conn->io_capability = cp->io_cap;
3267 cmd->user_data = hci_conn_get(conn);
3269 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3270 hci_conn_security(conn, sec_level, auth_type, true)) {
3271 cmd->cmd_complete(cmd, 0);
3272 mgmt_pending_remove(cmd);
3278 hci_dev_unlock(hdev);
3282 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3285 struct mgmt_addr_info *addr = data;
3286 struct mgmt_pending_cmd *cmd;
3287 struct hci_conn *conn;
3294 if (!hdev_is_powered(hdev)) {
3295 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3296 MGMT_STATUS_NOT_POWERED);
3300 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3302 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3303 MGMT_STATUS_INVALID_PARAMS);
3307 conn = cmd->user_data;
3309 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3310 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3311 MGMT_STATUS_INVALID_PARAMS);
3315 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3316 mgmt_pending_remove(cmd);
3318 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3319 addr, sizeof(*addr));
3321 hci_dev_unlock(hdev);
3325 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3326 struct mgmt_addr_info *addr, u16 mgmt_op,
3327 u16 hci_op, __le32 passkey)
3329 struct mgmt_pending_cmd *cmd;
3330 struct hci_conn *conn;
3335 if (!hdev_is_powered(hdev)) {
3336 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3337 MGMT_STATUS_NOT_POWERED, addr,
3342 if (addr->type == BDADDR_BREDR)
3343 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3345 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3348 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3349 MGMT_STATUS_NOT_CONNECTED, addr,
3354 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3355 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3357 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3358 MGMT_STATUS_SUCCESS, addr,
3361 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3362 MGMT_STATUS_FAILED, addr,
3368 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3374 cmd->cmd_complete = addr_cmd_complete;
3376 /* Continue with pairing via HCI */
3377 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3378 struct hci_cp_user_passkey_reply cp;
3380 bacpy(&cp.bdaddr, &addr->bdaddr);
3381 cp.passkey = passkey;
3382 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3384 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3388 mgmt_pending_remove(cmd);
3391 hci_dev_unlock(hdev);
3395 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3396 void *data, u16 len)
3398 struct mgmt_cp_pin_code_neg_reply *cp = data;
3402 return user_pairing_resp(sk, hdev, &cp->addr,
3403 MGMT_OP_PIN_CODE_NEG_REPLY,
3404 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3407 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3410 struct mgmt_cp_user_confirm_reply *cp = data;
3414 if (len != sizeof(*cp))
3415 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3416 MGMT_STATUS_INVALID_PARAMS);
3418 return user_pairing_resp(sk, hdev, &cp->addr,
3419 MGMT_OP_USER_CONFIRM_REPLY,
3420 HCI_OP_USER_CONFIRM_REPLY, 0);
3423 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3424 void *data, u16 len)
3426 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3430 return user_pairing_resp(sk, hdev, &cp->addr,
3431 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3432 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3435 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3438 struct mgmt_cp_user_passkey_reply *cp = data;
3442 return user_pairing_resp(sk, hdev, &cp->addr,
3443 MGMT_OP_USER_PASSKEY_REPLY,
3444 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3447 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3448 void *data, u16 len)
3450 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3454 return user_pairing_resp(sk, hdev, &cp->addr,
3455 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3456 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3459 static void update_name(struct hci_request *req)
3461 struct hci_dev *hdev = req->hdev;
3462 struct hci_cp_write_local_name cp;
3464 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3466 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3469 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3471 struct mgmt_cp_set_local_name *cp;
3472 struct mgmt_pending_cmd *cmd;
3474 BT_DBG("status 0x%02x", status);
3478 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3485 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3486 mgmt_status(status));
3488 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3491 mgmt_pending_remove(cmd);
3494 hci_dev_unlock(hdev);
3497 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3500 struct mgmt_cp_set_local_name *cp = data;
3501 struct mgmt_pending_cmd *cmd;
3502 struct hci_request req;
3509 /* If the old values are the same as the new ones just return a
3510 * direct command complete event.
3512 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3513 !memcmp(hdev->short_name, cp->short_name,
3514 sizeof(hdev->short_name))) {
3515 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3520 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3522 if (!hdev_is_powered(hdev)) {
3523 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3525 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3530 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3536 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3542 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3544 hci_req_init(&req, hdev);
3546 if (lmp_bredr_capable(hdev)) {
3551 /* The name is stored in the scan response data and so
3552 * no need to udpate the advertising data here.
3554 if (lmp_le_capable(hdev))
3555 update_scan_rsp_data(&req);
3557 err = hci_req_run(&req, set_name_complete);
3559 mgmt_pending_remove(cmd);
3562 hci_dev_unlock(hdev);
3566 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3567 void *data, u16 data_len)
3569 struct mgmt_pending_cmd *cmd;
3572 BT_DBG("%s", hdev->name);
3576 if (!hdev_is_powered(hdev)) {
3577 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3578 MGMT_STATUS_NOT_POWERED);
3582 if (!lmp_ssp_capable(hdev)) {
3583 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3584 MGMT_STATUS_NOT_SUPPORTED);
3588 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3589 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3594 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3600 if (bredr_sc_enabled(hdev))
3601 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3604 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3607 mgmt_pending_remove(cmd);
3610 hci_dev_unlock(hdev);
3614 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3615 void *data, u16 len)
3617 struct mgmt_addr_info *addr = data;
3620 BT_DBG("%s ", hdev->name);
3622 if (!bdaddr_type_is_valid(addr->type))
3623 return mgmt_cmd_complete(sk, hdev->id,
3624 MGMT_OP_ADD_REMOTE_OOB_DATA,
3625 MGMT_STATUS_INVALID_PARAMS,
3626 addr, sizeof(*addr));
3630 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3631 struct mgmt_cp_add_remote_oob_data *cp = data;
3634 if (cp->addr.type != BDADDR_BREDR) {
3635 err = mgmt_cmd_complete(sk, hdev->id,
3636 MGMT_OP_ADD_REMOTE_OOB_DATA,
3637 MGMT_STATUS_INVALID_PARAMS,
3638 &cp->addr, sizeof(cp->addr));
3642 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3643 cp->addr.type, cp->hash,
3644 cp->rand, NULL, NULL);
3646 status = MGMT_STATUS_FAILED;
3648 status = MGMT_STATUS_SUCCESS;
3650 err = mgmt_cmd_complete(sk, hdev->id,
3651 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3652 &cp->addr, sizeof(cp->addr));
3653 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3654 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3655 u8 *rand192, *hash192, *rand256, *hash256;
3658 if (bdaddr_type_is_le(cp->addr.type)) {
3659 /* Enforce zero-valued 192-bit parameters as
3660 * long as legacy SMP OOB isn't implemented.
3662 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3663 memcmp(cp->hash192, ZERO_KEY, 16)) {
3664 err = mgmt_cmd_complete(sk, hdev->id,
3665 MGMT_OP_ADD_REMOTE_OOB_DATA,
3666 MGMT_STATUS_INVALID_PARAMS,
3667 addr, sizeof(*addr));
3674 /* In case one of the P-192 values is set to zero,
3675 * then just disable OOB data for P-192.
3677 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3678 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3682 rand192 = cp->rand192;
3683 hash192 = cp->hash192;
3687 /* In case one of the P-256 values is set to zero, then just
3688 * disable OOB data for P-256.
3690 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3691 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3695 rand256 = cp->rand256;
3696 hash256 = cp->hash256;
3699 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3700 cp->addr.type, hash192, rand192,
3703 status = MGMT_STATUS_FAILED;
3705 status = MGMT_STATUS_SUCCESS;
3707 err = mgmt_cmd_complete(sk, hdev->id,
3708 MGMT_OP_ADD_REMOTE_OOB_DATA,
3709 status, &cp->addr, sizeof(cp->addr));
3711 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3712 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3713 MGMT_STATUS_INVALID_PARAMS);
3717 hci_dev_unlock(hdev);
3721 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3722 void *data, u16 len)
3724 struct mgmt_cp_remove_remote_oob_data *cp = data;
3728 BT_DBG("%s", hdev->name);
3730 if (cp->addr.type != BDADDR_BREDR)
3731 return mgmt_cmd_complete(sk, hdev->id,
3732 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3733 MGMT_STATUS_INVALID_PARAMS,
3734 &cp->addr, sizeof(cp->addr));
3738 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3739 hci_remote_oob_data_clear(hdev);
3740 status = MGMT_STATUS_SUCCESS;
3744 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3746 status = MGMT_STATUS_INVALID_PARAMS;
3748 status = MGMT_STATUS_SUCCESS;
3751 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3752 status, &cp->addr, sizeof(cp->addr));
3754 hci_dev_unlock(hdev);
3758 static bool trigger_bredr_inquiry(struct hci_request *req, u8 *status)
3760 struct hci_dev *hdev = req->hdev;
3761 struct hci_cp_inquiry cp;
3762 /* General inquiry access code (GIAC) */
3763 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3765 *status = mgmt_bredr_support(hdev);
3769 if (hci_dev_test_flag(hdev, HCI_INQUIRY)) {
3770 *status = MGMT_STATUS_BUSY;
3774 hci_inquiry_cache_flush(hdev);
3776 memset(&cp, 0, sizeof(cp));
3777 memcpy(&cp.lap, lap, sizeof(cp.lap));
3778 cp.length = DISCOV_BREDR_INQUIRY_LEN;
3780 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
3785 static bool trigger_le_scan(struct hci_request *req, u16 interval, u8 *status)
3787 struct hci_dev *hdev = req->hdev;
3788 struct hci_cp_le_set_scan_param param_cp;
3789 struct hci_cp_le_set_scan_enable enable_cp;
3793 *status = mgmt_le_support(hdev);
3797 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
3798 /* Don't let discovery abort an outgoing connection attempt
3799 * that's using directed advertising.
3801 if (hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
3802 *status = MGMT_STATUS_REJECTED;
3806 disable_advertising(req);
3809 /* If controller is scanning, it means the background scanning is
3810 * running. Thus, we should temporarily stop it in order to set the
3811 * discovery scanning parameters.
3813 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
3814 hci_req_add_le_scan_disable(req);
3816 /* All active scans will be done with either a resolvable private
3817 * address (when privacy feature has been enabled) or non-resolvable
3820 err = hci_update_random_address(req, true, &own_addr_type);
3822 *status = MGMT_STATUS_FAILED;
3826 memset(¶m_cp, 0, sizeof(param_cp));
3827 param_cp.type = LE_SCAN_ACTIVE;
3828 param_cp.interval = cpu_to_le16(interval);
3829 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3830 param_cp.own_address_type = own_addr_type;
3832 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3835 memset(&enable_cp, 0, sizeof(enable_cp));
3836 enable_cp.enable = LE_SCAN_ENABLE;
3837 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3839 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3845 static bool trigger_discovery(struct hci_request *req, u8 *status)
3847 struct hci_dev *hdev = req->hdev;
3849 switch (hdev->discovery.type) {
3850 case DISCOV_TYPE_BREDR:
3851 if (!trigger_bredr_inquiry(req, status))
3855 case DISCOV_TYPE_INTERLEAVED:
3856 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
3858 /* During simultaneous discovery, we double LE scan
3859 * interval. We must leave some time for the controller
3860 * to do BR/EDR inquiry.
3862 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT * 2,
3866 if (!trigger_bredr_inquiry(req, status))
3872 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
3873 *status = MGMT_STATUS_NOT_SUPPORTED;
3878 case DISCOV_TYPE_LE:
3879 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT, status))
3884 *status = MGMT_STATUS_INVALID_PARAMS;
3891 static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3894 struct mgmt_pending_cmd *cmd;
3895 unsigned long timeout;
3897 BT_DBG("status %d", status);
3901 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3903 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3906 cmd->cmd_complete(cmd, mgmt_status(status));
3907 mgmt_pending_remove(cmd);
3911 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3915 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3917 /* If the scan involves LE scan, pick proper timeout to schedule
3918 * hdev->le_scan_disable that will stop it.
3920 switch (hdev->discovery.type) {
3921 case DISCOV_TYPE_LE:
3922 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3924 case DISCOV_TYPE_INTERLEAVED:
3925 /* When running simultaneous discovery, the LE scanning time
3926 * should occupy the whole discovery time sine BR/EDR inquiry
3927 * and LE scanning are scheduled by the controller.
3929 * For interleaving discovery in comparison, BR/EDR inquiry
3930 * and LE scanning are done sequentially with separate
3933 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
3934 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3936 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3938 case DISCOV_TYPE_BREDR:
3942 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3948 /* When service discovery is used and the controller has
3949 * a strict duplicate filter, it is important to remember
3950 * the start and duration of the scan. This is required
3951 * for restarting scanning during the discovery phase.
3953 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
3955 hdev->discovery.result_filtering) {
3956 hdev->discovery.scan_start = jiffies;
3957 hdev->discovery.scan_duration = timeout;
3960 queue_delayed_work(hdev->workqueue,
3961 &hdev->le_scan_disable, timeout);
3965 hci_dev_unlock(hdev);
3968 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3969 void *data, u16 len)
3971 struct mgmt_cp_start_discovery *cp = data;
3972 struct mgmt_pending_cmd *cmd;
3973 struct hci_request req;
3977 BT_DBG("%s", hdev->name);
3981 if (!hdev_is_powered(hdev)) {
3982 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3983 MGMT_STATUS_NOT_POWERED,
3984 &cp->type, sizeof(cp->type));
3988 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3989 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3990 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3991 MGMT_STATUS_BUSY, &cp->type,
3996 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
4002 cmd->cmd_complete = generic_cmd_complete;
4004 /* Clear the discovery filter first to free any previously
4005 * allocated memory for the UUID list.
4007 hci_discovery_filter_clear(hdev);
4009 hdev->discovery.type = cp->type;
4010 hdev->discovery.report_invalid_rssi = false;
4012 hci_req_init(&req, hdev);
4014 if (!trigger_discovery(&req, &status)) {
4015 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4016 status, &cp->type, sizeof(cp->type));
4017 mgmt_pending_remove(cmd);
4021 err = hci_req_run(&req, start_discovery_complete);
4023 mgmt_pending_remove(cmd);
4027 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4030 hci_dev_unlock(hdev);
4034 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4037 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4041 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4042 void *data, u16 len)
4044 struct mgmt_cp_start_service_discovery *cp = data;
4045 struct mgmt_pending_cmd *cmd;
4046 struct hci_request req;
4047 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4048 u16 uuid_count, expected_len;
4052 BT_DBG("%s", hdev->name);
4056 if (!hdev_is_powered(hdev)) {
4057 err = mgmt_cmd_complete(sk, hdev->id,
4058 MGMT_OP_START_SERVICE_DISCOVERY,
4059 MGMT_STATUS_NOT_POWERED,
4060 &cp->type, sizeof(cp->type));
4064 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4065 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
4066 err = mgmt_cmd_complete(sk, hdev->id,
4067 MGMT_OP_START_SERVICE_DISCOVERY,
4068 MGMT_STATUS_BUSY, &cp->type,
4073 uuid_count = __le16_to_cpu(cp->uuid_count);
4074 if (uuid_count > max_uuid_count) {
4075 BT_ERR("service_discovery: too big uuid_count value %u",
4077 err = mgmt_cmd_complete(sk, hdev->id,
4078 MGMT_OP_START_SERVICE_DISCOVERY,
4079 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4084 expected_len = sizeof(*cp) + uuid_count * 16;
4085 if (expected_len != len) {
4086 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4088 err = mgmt_cmd_complete(sk, hdev->id,
4089 MGMT_OP_START_SERVICE_DISCOVERY,
4090 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4095 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
4102 cmd->cmd_complete = service_discovery_cmd_complete;
4104 /* Clear the discovery filter first to free any previously
4105 * allocated memory for the UUID list.
4107 hci_discovery_filter_clear(hdev);
4109 hdev->discovery.result_filtering = true;
4110 hdev->discovery.type = cp->type;
4111 hdev->discovery.rssi = cp->rssi;
4112 hdev->discovery.uuid_count = uuid_count;
4114 if (uuid_count > 0) {
4115 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4117 if (!hdev->discovery.uuids) {
4118 err = mgmt_cmd_complete(sk, hdev->id,
4119 MGMT_OP_START_SERVICE_DISCOVERY,
4121 &cp->type, sizeof(cp->type));
4122 mgmt_pending_remove(cmd);
4127 hci_req_init(&req, hdev);
4129 if (!trigger_discovery(&req, &status)) {
4130 err = mgmt_cmd_complete(sk, hdev->id,
4131 MGMT_OP_START_SERVICE_DISCOVERY,
4132 status, &cp->type, sizeof(cp->type));
4133 mgmt_pending_remove(cmd);
4137 err = hci_req_run(&req, start_discovery_complete);
4139 mgmt_pending_remove(cmd);
4143 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4146 hci_dev_unlock(hdev);
4150 static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4152 struct mgmt_pending_cmd *cmd;
4154 BT_DBG("status %d", status);
4158 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4160 cmd->cmd_complete(cmd, mgmt_status(status));
4161 mgmt_pending_remove(cmd);
4165 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4167 hci_dev_unlock(hdev);
4170 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
4173 struct mgmt_cp_stop_discovery *mgmt_cp = data;
4174 struct mgmt_pending_cmd *cmd;
4175 struct hci_request req;
4178 BT_DBG("%s", hdev->name);
4182 if (!hci_discovery_active(hdev)) {
4183 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4184 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4185 sizeof(mgmt_cp->type));
4189 if (hdev->discovery.type != mgmt_cp->type) {
4190 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4191 MGMT_STATUS_INVALID_PARAMS,
4192 &mgmt_cp->type, sizeof(mgmt_cp->type));
4196 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
4202 cmd->cmd_complete = generic_cmd_complete;
4204 hci_req_init(&req, hdev);
4206 hci_stop_discovery(&req);
4208 err = hci_req_run(&req, stop_discovery_complete);
4210 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4214 mgmt_pending_remove(cmd);
4216 /* If no HCI commands were sent we're done */
4217 if (err == -ENODATA) {
4218 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4219 &mgmt_cp->type, sizeof(mgmt_cp->type));
4220 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4224 hci_dev_unlock(hdev);
4228 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4231 struct mgmt_cp_confirm_name *cp = data;
4232 struct inquiry_entry *e;
4235 BT_DBG("%s", hdev->name);
4239 if (!hci_discovery_active(hdev)) {
4240 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4241 MGMT_STATUS_FAILED, &cp->addr,
4246 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4248 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4249 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4254 if (cp->name_known) {
4255 e->name_state = NAME_KNOWN;
4258 e->name_state = NAME_NEEDED;
4259 hci_inquiry_cache_update_resolve(hdev, e);
4262 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4263 &cp->addr, sizeof(cp->addr));
4266 hci_dev_unlock(hdev);
4270 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4273 struct mgmt_cp_block_device *cp = data;
4277 BT_DBG("%s", hdev->name);
4279 if (!bdaddr_type_is_valid(cp->addr.type))
4280 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4281 MGMT_STATUS_INVALID_PARAMS,
4282 &cp->addr, sizeof(cp->addr));
4286 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4289 status = MGMT_STATUS_FAILED;
4293 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4295 status = MGMT_STATUS_SUCCESS;
4298 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4299 &cp->addr, sizeof(cp->addr));
4301 hci_dev_unlock(hdev);
4306 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4309 struct mgmt_cp_unblock_device *cp = data;
4313 BT_DBG("%s", hdev->name);
4315 if (!bdaddr_type_is_valid(cp->addr.type))
4316 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4317 MGMT_STATUS_INVALID_PARAMS,
4318 &cp->addr, sizeof(cp->addr));
4322 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4325 status = MGMT_STATUS_INVALID_PARAMS;
4329 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4331 status = MGMT_STATUS_SUCCESS;
4334 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4335 &cp->addr, sizeof(cp->addr));
4337 hci_dev_unlock(hdev);
4342 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4345 struct mgmt_cp_set_device_id *cp = data;
4346 struct hci_request req;
4350 BT_DBG("%s", hdev->name);
4352 source = __le16_to_cpu(cp->source);
4354 if (source > 0x0002)
4355 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4356 MGMT_STATUS_INVALID_PARAMS);
4360 hdev->devid_source = source;
4361 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4362 hdev->devid_product = __le16_to_cpu(cp->product);
4363 hdev->devid_version = __le16_to_cpu(cp->version);
4365 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4368 hci_req_init(&req, hdev);
4370 hci_req_run(&req, NULL);
4372 hci_dev_unlock(hdev);
4377 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4380 struct cmd_lookup match = { NULL, hdev };
4385 u8 mgmt_err = mgmt_status(status);
4387 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4388 cmd_status_rsp, &mgmt_err);
4392 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
4393 hci_dev_set_flag(hdev, HCI_ADVERTISING);
4395 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4397 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4400 new_settings(hdev, match.sk);
4406 hci_dev_unlock(hdev);
4409 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4412 struct mgmt_mode *cp = data;
4413 struct mgmt_pending_cmd *cmd;
4414 struct hci_request req;
4418 BT_DBG("request for %s", hdev->name);
4420 status = mgmt_le_support(hdev);
4422 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4425 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4426 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4427 MGMT_STATUS_INVALID_PARAMS);
4433 /* The following conditions are ones which mean that we should
4434 * not do any HCI communication but directly send a mgmt
4435 * response to user space (after toggling the flag if
4438 if (!hdev_is_powered(hdev) ||
4439 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4440 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
4441 hci_conn_num(hdev, LE_LINK) > 0 ||
4442 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4443 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4447 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
4448 if (cp->val == 0x02)
4449 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4451 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4453 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4454 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4457 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4462 err = new_settings(hdev, sk);
4467 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4468 pending_find(MGMT_OP_SET_LE, hdev)) {
4469 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4474 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4480 hci_req_init(&req, hdev);
4482 if (cp->val == 0x02)
4483 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4485 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4488 enable_advertising(&req);
4490 disable_advertising(&req);
4492 err = hci_req_run(&req, set_advertising_complete);
4494 mgmt_pending_remove(cmd);
4497 hci_dev_unlock(hdev);
4501 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4502 void *data, u16 len)
4504 struct mgmt_cp_set_static_address *cp = data;
4507 BT_DBG("%s", hdev->name);
4509 if (!lmp_le_capable(hdev))
4510 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4511 MGMT_STATUS_NOT_SUPPORTED);
4513 if (hdev_is_powered(hdev))
4514 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4515 MGMT_STATUS_REJECTED);
4517 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4518 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4519 return mgmt_cmd_status(sk, hdev->id,
4520 MGMT_OP_SET_STATIC_ADDRESS,
4521 MGMT_STATUS_INVALID_PARAMS);
4523 /* Two most significant bits shall be set */
4524 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4525 return mgmt_cmd_status(sk, hdev->id,
4526 MGMT_OP_SET_STATIC_ADDRESS,
4527 MGMT_STATUS_INVALID_PARAMS);
4532 bacpy(&hdev->static_addr, &cp->bdaddr);
4534 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4538 err = new_settings(hdev, sk);
4541 hci_dev_unlock(hdev);
4545 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4546 void *data, u16 len)
4548 struct mgmt_cp_set_scan_params *cp = data;
4549 __u16 interval, window;
4552 BT_DBG("%s", hdev->name);
4554 if (!lmp_le_capable(hdev))
4555 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4556 MGMT_STATUS_NOT_SUPPORTED);
4558 interval = __le16_to_cpu(cp->interval);
4560 if (interval < 0x0004 || interval > 0x4000)
4561 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4562 MGMT_STATUS_INVALID_PARAMS);
4564 window = __le16_to_cpu(cp->window);
4566 if (window < 0x0004 || window > 0x4000)
4567 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4568 MGMT_STATUS_INVALID_PARAMS);
4570 if (window > interval)
4571 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4572 MGMT_STATUS_INVALID_PARAMS);
4576 hdev->le_scan_interval = interval;
4577 hdev->le_scan_window = window;
4579 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4582 /* If background scan is running, restart it so new parameters are
4585 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4586 hdev->discovery.state == DISCOVERY_STOPPED) {
4587 struct hci_request req;
4589 hci_req_init(&req, hdev);
4591 hci_req_add_le_scan_disable(&req);
4592 hci_req_add_le_passive_scan(&req);
4594 hci_req_run(&req, NULL);
4597 hci_dev_unlock(hdev);
4602 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4605 struct mgmt_pending_cmd *cmd;
4607 BT_DBG("status 0x%02x", status);
4611 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4616 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4617 mgmt_status(status));
4619 struct mgmt_mode *cp = cmd->param;
4622 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4624 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4626 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4627 new_settings(hdev, cmd->sk);
4630 mgmt_pending_remove(cmd);
4633 hci_dev_unlock(hdev);
4636 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4637 void *data, u16 len)
4639 struct mgmt_mode *cp = data;
4640 struct mgmt_pending_cmd *cmd;
4641 struct hci_request req;
4644 BT_DBG("%s", hdev->name);
4646 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4647 hdev->hci_ver < BLUETOOTH_VER_1_2)
4648 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4649 MGMT_STATUS_NOT_SUPPORTED);
4651 if (cp->val != 0x00 && cp->val != 0x01)
4652 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4653 MGMT_STATUS_INVALID_PARAMS);
4657 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4658 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4663 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4664 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4669 if (!hdev_is_powered(hdev)) {
4670 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4671 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4673 new_settings(hdev, sk);
4677 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4684 hci_req_init(&req, hdev);
4686 write_fast_connectable(&req, cp->val);
4688 err = hci_req_run(&req, fast_connectable_complete);
4690 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4691 MGMT_STATUS_FAILED);
4692 mgmt_pending_remove(cmd);
4696 hci_dev_unlock(hdev);
4701 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4703 struct mgmt_pending_cmd *cmd;
4705 BT_DBG("status 0x%02x", status);
4709 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4714 u8 mgmt_err = mgmt_status(status);
4716 /* We need to restore the flag if related HCI commands
4719 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4721 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4723 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4724 new_settings(hdev, cmd->sk);
4727 mgmt_pending_remove(cmd);
4730 hci_dev_unlock(hdev);
4733 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4735 struct mgmt_mode *cp = data;
4736 struct mgmt_pending_cmd *cmd;
4737 struct hci_request req;
4740 BT_DBG("request for %s", hdev->name);
4742 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4743 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4744 MGMT_STATUS_NOT_SUPPORTED);
4746 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4747 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4748 MGMT_STATUS_REJECTED);
4750 if (cp->val != 0x00 && cp->val != 0x01)
4751 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4752 MGMT_STATUS_INVALID_PARAMS);
4756 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4757 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4761 if (!hdev_is_powered(hdev)) {
4763 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4764 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4765 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4766 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4767 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4770 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4772 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4776 err = new_settings(hdev, sk);
4780 /* Reject disabling when powered on */
4782 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4783 MGMT_STATUS_REJECTED);
4786 /* When configuring a dual-mode controller to operate
4787 * with LE only and using a static address, then switching
4788 * BR/EDR back on is not allowed.
4790 * Dual-mode controllers shall operate with the public
4791 * address as its identity address for BR/EDR and LE. So
4792 * reject the attempt to create an invalid configuration.
4794 * The same restrictions applies when secure connections
4795 * has been enabled. For BR/EDR this is a controller feature
4796 * while for LE it is a host stack feature. This means that
4797 * switching BR/EDR back on when secure connections has been
4798 * enabled is not a supported transaction.
4800 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4801 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4802 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4803 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4804 MGMT_STATUS_REJECTED);
4809 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4810 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4815 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4821 /* We need to flip the bit already here so that update_adv_data
4822 * generates the correct flags.
4824 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4826 hci_req_init(&req, hdev);
4828 write_fast_connectable(&req, false);
4829 __hci_update_page_scan(&req);
4831 /* Since only the advertising data flags will change, there
4832 * is no need to update the scan response data.
4834 update_adv_data(&req);
4836 err = hci_req_run(&req, set_bredr_complete);
4838 mgmt_pending_remove(cmd);
4841 hci_dev_unlock(hdev);
4845 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4847 struct mgmt_pending_cmd *cmd;
4848 struct mgmt_mode *cp;
4850 BT_DBG("%s status %u", hdev->name, status);
4854 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4859 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4860 mgmt_status(status));
4868 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4869 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4872 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4873 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4876 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4877 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4881 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4882 new_settings(hdev, cmd->sk);
4885 mgmt_pending_remove(cmd);
4887 hci_dev_unlock(hdev);
4890 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4891 void *data, u16 len)
4893 struct mgmt_mode *cp = data;
4894 struct mgmt_pending_cmd *cmd;
4895 struct hci_request req;
4899 BT_DBG("request for %s", hdev->name);
4901 if (!lmp_sc_capable(hdev) &&
4902 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4903 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4904 MGMT_STATUS_NOT_SUPPORTED);
4906 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4907 lmp_sc_capable(hdev) &&
4908 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4909 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4910 MGMT_STATUS_REJECTED);
4912 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4913 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4914 MGMT_STATUS_INVALID_PARAMS);
4918 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4919 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4923 changed = !hci_dev_test_and_set_flag(hdev,
4925 if (cp->val == 0x02)
4926 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4928 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4930 changed = hci_dev_test_and_clear_flag(hdev,
4932 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4935 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4940 err = new_settings(hdev, sk);
4945 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4946 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4953 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4954 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4955 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4959 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4965 hci_req_init(&req, hdev);
4966 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4967 err = hci_req_run(&req, sc_enable_complete);
4969 mgmt_pending_remove(cmd);
4974 hci_dev_unlock(hdev);
4978 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4979 void *data, u16 len)
4981 struct mgmt_mode *cp = data;
4982 bool changed, use_changed;
4985 BT_DBG("request for %s", hdev->name);
4987 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4988 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4989 MGMT_STATUS_INVALID_PARAMS);
4994 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4996 changed = hci_dev_test_and_clear_flag(hdev,
4997 HCI_KEEP_DEBUG_KEYS);
4999 if (cp->val == 0x02)
5000 use_changed = !hci_dev_test_and_set_flag(hdev,
5001 HCI_USE_DEBUG_KEYS);
5003 use_changed = hci_dev_test_and_clear_flag(hdev,
5004 HCI_USE_DEBUG_KEYS);
5006 if (hdev_is_powered(hdev) && use_changed &&
5007 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5008 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5009 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5010 sizeof(mode), &mode);
5013 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5018 err = new_settings(hdev, sk);
5021 hci_dev_unlock(hdev);
5025 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5028 struct mgmt_cp_set_privacy *cp = cp_data;
5032 BT_DBG("request for %s", hdev->name);
5034 if (!lmp_le_capable(hdev))
5035 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5036 MGMT_STATUS_NOT_SUPPORTED);
5038 if (cp->privacy != 0x00 && cp->privacy != 0x01)
5039 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5040 MGMT_STATUS_INVALID_PARAMS);
5042 if (hdev_is_powered(hdev))
5043 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5044 MGMT_STATUS_REJECTED);
5048 /* If user space supports this command it is also expected to
5049 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5051 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5054 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
5055 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5056 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
5058 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
5059 memset(hdev->irk, 0, sizeof(hdev->irk));
5060 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
5063 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5068 err = new_settings(hdev, sk);
5071 hci_dev_unlock(hdev);
5075 static bool irk_is_valid(struct mgmt_irk_info *irk)
5077 switch (irk->addr.type) {
5078 case BDADDR_LE_PUBLIC:
5081 case BDADDR_LE_RANDOM:
5082 /* Two most significant bits shall be set */
5083 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5091 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5094 struct mgmt_cp_load_irks *cp = cp_data;
5095 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5096 sizeof(struct mgmt_irk_info));
5097 u16 irk_count, expected_len;
5100 BT_DBG("request for %s", hdev->name);
5102 if (!lmp_le_capable(hdev))
5103 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5104 MGMT_STATUS_NOT_SUPPORTED);
5106 irk_count = __le16_to_cpu(cp->irk_count);
5107 if (irk_count > max_irk_count) {
5108 BT_ERR("load_irks: too big irk_count value %u", irk_count);
5109 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5110 MGMT_STATUS_INVALID_PARAMS);
5113 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5114 if (expected_len != len) {
5115 BT_ERR("load_irks: expected %u bytes, got %u bytes",
5117 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5118 MGMT_STATUS_INVALID_PARAMS);
5121 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5123 for (i = 0; i < irk_count; i++) {
5124 struct mgmt_irk_info *key = &cp->irks[i];
5126 if (!irk_is_valid(key))
5127 return mgmt_cmd_status(sk, hdev->id,
5129 MGMT_STATUS_INVALID_PARAMS);
5134 hci_smp_irks_clear(hdev);
5136 for (i = 0; i < irk_count; i++) {
5137 struct mgmt_irk_info *irk = &cp->irks[i];
5140 if (irk->addr.type == BDADDR_LE_PUBLIC)
5141 addr_type = ADDR_LE_DEV_PUBLIC;
5143 addr_type = ADDR_LE_DEV_RANDOM;
5145 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5149 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
5151 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5153 hci_dev_unlock(hdev);
5158 static bool ltk_is_valid(struct mgmt_ltk_info *key)
5160 if (key->master != 0x00 && key->master != 0x01)
5163 switch (key->addr.type) {
5164 case BDADDR_LE_PUBLIC:
5167 case BDADDR_LE_RANDOM:
5168 /* Two most significant bits shall be set */
5169 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5177 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5178 void *cp_data, u16 len)
5180 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5181 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5182 sizeof(struct mgmt_ltk_info));
5183 u16 key_count, expected_len;
5186 BT_DBG("request for %s", hdev->name);
5188 if (!lmp_le_capable(hdev))
5189 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5190 MGMT_STATUS_NOT_SUPPORTED);
5192 key_count = __le16_to_cpu(cp->key_count);
5193 if (key_count > max_key_count) {
5194 BT_ERR("load_ltks: too big key_count value %u", key_count);
5195 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5196 MGMT_STATUS_INVALID_PARAMS);
5199 expected_len = sizeof(*cp) + key_count *
5200 sizeof(struct mgmt_ltk_info);
5201 if (expected_len != len) {
5202 BT_ERR("load_keys: expected %u bytes, got %u bytes",
5204 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5205 MGMT_STATUS_INVALID_PARAMS);
5208 BT_DBG("%s key_count %u", hdev->name, key_count);
5210 for (i = 0; i < key_count; i++) {
5211 struct mgmt_ltk_info *key = &cp->keys[i];
5213 if (!ltk_is_valid(key))
5214 return mgmt_cmd_status(sk, hdev->id,
5215 MGMT_OP_LOAD_LONG_TERM_KEYS,
5216 MGMT_STATUS_INVALID_PARAMS);
5221 hci_smp_ltks_clear(hdev);
5223 for (i = 0; i < key_count; i++) {
5224 struct mgmt_ltk_info *key = &cp->keys[i];
5225 u8 type, addr_type, authenticated;
5227 if (key->addr.type == BDADDR_LE_PUBLIC)
5228 addr_type = ADDR_LE_DEV_PUBLIC;
5230 addr_type = ADDR_LE_DEV_RANDOM;
5232 switch (key->type) {
5233 case MGMT_LTK_UNAUTHENTICATED:
5234 authenticated = 0x00;
5235 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5237 case MGMT_LTK_AUTHENTICATED:
5238 authenticated = 0x01;
5239 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5241 case MGMT_LTK_P256_UNAUTH:
5242 authenticated = 0x00;
5243 type = SMP_LTK_P256;
5245 case MGMT_LTK_P256_AUTH:
5246 authenticated = 0x01;
5247 type = SMP_LTK_P256;
5249 case MGMT_LTK_P256_DEBUG:
5250 authenticated = 0x00;
5251 type = SMP_LTK_P256_DEBUG;
5256 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
5257 authenticated, key->val, key->enc_size, key->ediv,
5261 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5264 hci_dev_unlock(hdev);
5269 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5271 struct hci_conn *conn = cmd->user_data;
5272 struct mgmt_rp_get_conn_info rp;
5275 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5277 if (status == MGMT_STATUS_SUCCESS) {
5278 rp.rssi = conn->rssi;
5279 rp.tx_power = conn->tx_power;
5280 rp.max_tx_power = conn->max_tx_power;
5282 rp.rssi = HCI_RSSI_INVALID;
5283 rp.tx_power = HCI_TX_POWER_INVALID;
5284 rp.max_tx_power = HCI_TX_POWER_INVALID;
5287 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5288 status, &rp, sizeof(rp));
5290 hci_conn_drop(conn);
5296 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5299 struct hci_cp_read_rssi *cp;
5300 struct mgmt_pending_cmd *cmd;
5301 struct hci_conn *conn;
5305 BT_DBG("status 0x%02x", hci_status);
5309 /* Commands sent in request are either Read RSSI or Read Transmit Power
5310 * Level so we check which one was last sent to retrieve connection
5311 * handle. Both commands have handle as first parameter so it's safe to
5312 * cast data on the same command struct.
5314 * First command sent is always Read RSSI and we fail only if it fails.
5315 * In other case we simply override error to indicate success as we
5316 * already remembered if TX power value is actually valid.
5318 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5320 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5321 status = MGMT_STATUS_SUCCESS;
5323 status = mgmt_status(hci_status);
5327 BT_ERR("invalid sent_cmd in conn_info response");
5331 handle = __le16_to_cpu(cp->handle);
5332 conn = hci_conn_hash_lookup_handle(hdev, handle);
5334 BT_ERR("unknown handle (%d) in conn_info response", handle);
5338 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5342 cmd->cmd_complete(cmd, status);
5343 mgmt_pending_remove(cmd);
5346 hci_dev_unlock(hdev);
5349 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5352 struct mgmt_cp_get_conn_info *cp = data;
5353 struct mgmt_rp_get_conn_info rp;
5354 struct hci_conn *conn;
5355 unsigned long conn_info_age;
5358 BT_DBG("%s", hdev->name);
5360 memset(&rp, 0, sizeof(rp));
5361 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5362 rp.addr.type = cp->addr.type;
5364 if (!bdaddr_type_is_valid(cp->addr.type))
5365 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5366 MGMT_STATUS_INVALID_PARAMS,
5371 if (!hdev_is_powered(hdev)) {
5372 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5373 MGMT_STATUS_NOT_POWERED, &rp,
5378 if (cp->addr.type == BDADDR_BREDR)
5379 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5382 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5384 if (!conn || conn->state != BT_CONNECTED) {
5385 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5386 MGMT_STATUS_NOT_CONNECTED, &rp,
5391 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5392 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5393 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5397 /* To avoid client trying to guess when to poll again for information we
5398 * calculate conn info age as random value between min/max set in hdev.
5400 conn_info_age = hdev->conn_info_min_age +
5401 prandom_u32_max(hdev->conn_info_max_age -
5402 hdev->conn_info_min_age);
5404 /* Query controller to refresh cached values if they are too old or were
5407 if (time_after(jiffies, conn->conn_info_timestamp +
5408 msecs_to_jiffies(conn_info_age)) ||
5409 !conn->conn_info_timestamp) {
5410 struct hci_request req;
5411 struct hci_cp_read_tx_power req_txp_cp;
5412 struct hci_cp_read_rssi req_rssi_cp;
5413 struct mgmt_pending_cmd *cmd;
5415 hci_req_init(&req, hdev);
5416 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5417 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5420 /* For LE links TX power does not change thus we don't need to
5421 * query for it once value is known.
5423 if (!bdaddr_type_is_le(cp->addr.type) ||
5424 conn->tx_power == HCI_TX_POWER_INVALID) {
5425 req_txp_cp.handle = cpu_to_le16(conn->handle);
5426 req_txp_cp.type = 0x00;
5427 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5428 sizeof(req_txp_cp), &req_txp_cp);
5431 /* Max TX power needs to be read only once per connection */
5432 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5433 req_txp_cp.handle = cpu_to_le16(conn->handle);
5434 req_txp_cp.type = 0x01;
5435 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5436 sizeof(req_txp_cp), &req_txp_cp);
5439 err = hci_req_run(&req, conn_info_refresh_complete);
5443 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5450 hci_conn_hold(conn);
5451 cmd->user_data = hci_conn_get(conn);
5452 cmd->cmd_complete = conn_info_cmd_complete;
5454 conn->conn_info_timestamp = jiffies;
5456 /* Cache is valid, just reply with values cached in hci_conn */
5457 rp.rssi = conn->rssi;
5458 rp.tx_power = conn->tx_power;
5459 rp.max_tx_power = conn->max_tx_power;
5461 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5462 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5466 hci_dev_unlock(hdev);
5470 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5472 struct hci_conn *conn = cmd->user_data;
5473 struct mgmt_rp_get_clock_info rp;
5474 struct hci_dev *hdev;
5477 memset(&rp, 0, sizeof(rp));
5478 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5483 hdev = hci_dev_get(cmd->index);
5485 rp.local_clock = cpu_to_le32(hdev->clock);
5490 rp.piconet_clock = cpu_to_le32(conn->clock);
5491 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5495 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5499 hci_conn_drop(conn);
5506 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5508 struct hci_cp_read_clock *hci_cp;
5509 struct mgmt_pending_cmd *cmd;
5510 struct hci_conn *conn;
5512 BT_DBG("%s status %u", hdev->name, status);
5516 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5520 if (hci_cp->which) {
5521 u16 handle = __le16_to_cpu(hci_cp->handle);
5522 conn = hci_conn_hash_lookup_handle(hdev, handle);
5527 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5531 cmd->cmd_complete(cmd, mgmt_status(status));
5532 mgmt_pending_remove(cmd);
5535 hci_dev_unlock(hdev);
5538 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5541 struct mgmt_cp_get_clock_info *cp = data;
5542 struct mgmt_rp_get_clock_info rp;
5543 struct hci_cp_read_clock hci_cp;
5544 struct mgmt_pending_cmd *cmd;
5545 struct hci_request req;
5546 struct hci_conn *conn;
5549 BT_DBG("%s", hdev->name);
5551 memset(&rp, 0, sizeof(rp));
5552 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5553 rp.addr.type = cp->addr.type;
5555 if (cp->addr.type != BDADDR_BREDR)
5556 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5557 MGMT_STATUS_INVALID_PARAMS,
5562 if (!hdev_is_powered(hdev)) {
5563 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5564 MGMT_STATUS_NOT_POWERED, &rp,
5569 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5570 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5572 if (!conn || conn->state != BT_CONNECTED) {
5573 err = mgmt_cmd_complete(sk, hdev->id,
5574 MGMT_OP_GET_CLOCK_INFO,
5575 MGMT_STATUS_NOT_CONNECTED,
5583 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5589 cmd->cmd_complete = clock_info_cmd_complete;
5591 hci_req_init(&req, hdev);
5593 memset(&hci_cp, 0, sizeof(hci_cp));
5594 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5597 hci_conn_hold(conn);
5598 cmd->user_data = hci_conn_get(conn);
5600 hci_cp.handle = cpu_to_le16(conn->handle);
5601 hci_cp.which = 0x01; /* Piconet clock */
5602 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5605 err = hci_req_run(&req, get_clock_info_complete);
5607 mgmt_pending_remove(cmd);
5610 hci_dev_unlock(hdev);
5614 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5616 struct hci_conn *conn;
5618 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5622 if (conn->dst_type != type)
5625 if (conn->state != BT_CONNECTED)
5631 /* This function requires the caller holds hdev->lock */
5632 static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5633 u8 addr_type, u8 auto_connect)
5635 struct hci_dev *hdev = req->hdev;
5636 struct hci_conn_params *params;
5638 params = hci_conn_params_add(hdev, addr, addr_type);
5642 if (params->auto_connect == auto_connect)
5645 list_del_init(¶ms->action);
5647 switch (auto_connect) {
5648 case HCI_AUTO_CONN_DISABLED:
5649 case HCI_AUTO_CONN_LINK_LOSS:
5650 __hci_update_background_scan(req);
5652 case HCI_AUTO_CONN_REPORT:
5653 list_add(¶ms->action, &hdev->pend_le_reports);
5654 __hci_update_background_scan(req);
5656 case HCI_AUTO_CONN_DIRECT:
5657 case HCI_AUTO_CONN_ALWAYS:
5658 if (!is_connected(hdev, addr, addr_type)) {
5659 list_add(¶ms->action, &hdev->pend_le_conns);
5660 __hci_update_background_scan(req);
5665 params->auto_connect = auto_connect;
5667 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5673 static void device_added(struct sock *sk, struct hci_dev *hdev,
5674 bdaddr_t *bdaddr, u8 type, u8 action)
5676 struct mgmt_ev_device_added ev;
5678 bacpy(&ev.addr.bdaddr, bdaddr);
5679 ev.addr.type = type;
5682 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5685 static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5687 struct mgmt_pending_cmd *cmd;
5689 BT_DBG("status 0x%02x", status);
5693 cmd = pending_find(MGMT_OP_ADD_DEVICE, hdev);
5697 cmd->cmd_complete(cmd, mgmt_status(status));
5698 mgmt_pending_remove(cmd);
5701 hci_dev_unlock(hdev);
5704 static int add_device(struct sock *sk, struct hci_dev *hdev,
5705 void *data, u16 len)
5707 struct mgmt_cp_add_device *cp = data;
5708 struct mgmt_pending_cmd *cmd;
5709 struct hci_request req;
5710 u8 auto_conn, addr_type;
5713 BT_DBG("%s", hdev->name);
5715 if (!bdaddr_type_is_valid(cp->addr.type) ||
5716 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5717 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5718 MGMT_STATUS_INVALID_PARAMS,
5719 &cp->addr, sizeof(cp->addr));
5721 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5722 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5723 MGMT_STATUS_INVALID_PARAMS,
5724 &cp->addr, sizeof(cp->addr));
5726 hci_req_init(&req, hdev);
5730 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5736 cmd->cmd_complete = addr_cmd_complete;
5738 if (cp->addr.type == BDADDR_BREDR) {
5739 /* Only incoming connections action is supported for now */
5740 if (cp->action != 0x01) {
5741 err = cmd->cmd_complete(cmd,
5742 MGMT_STATUS_INVALID_PARAMS);
5743 mgmt_pending_remove(cmd);
5747 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5752 __hci_update_page_scan(&req);
5757 if (cp->addr.type == BDADDR_LE_PUBLIC)
5758 addr_type = ADDR_LE_DEV_PUBLIC;
5760 addr_type = ADDR_LE_DEV_RANDOM;
5762 if (cp->action == 0x02)
5763 auto_conn = HCI_AUTO_CONN_ALWAYS;
5764 else if (cp->action == 0x01)
5765 auto_conn = HCI_AUTO_CONN_DIRECT;
5767 auto_conn = HCI_AUTO_CONN_REPORT;
5769 /* If the connection parameters don't exist for this device,
5770 * they will be created and configured with defaults.
5772 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
5774 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5775 mgmt_pending_remove(cmd);
5780 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5782 err = hci_req_run(&req, add_device_complete);
5784 /* ENODATA means no HCI commands were needed (e.g. if
5785 * the adapter is powered off).
5787 if (err == -ENODATA)
5788 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5789 mgmt_pending_remove(cmd);
5793 hci_dev_unlock(hdev);
5797 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5798 bdaddr_t *bdaddr, u8 type)
5800 struct mgmt_ev_device_removed ev;
5802 bacpy(&ev.addr.bdaddr, bdaddr);
5803 ev.addr.type = type;
5805 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5808 static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5810 struct mgmt_pending_cmd *cmd;
5812 BT_DBG("status 0x%02x", status);
5816 cmd = pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5820 cmd->cmd_complete(cmd, mgmt_status(status));
5821 mgmt_pending_remove(cmd);
5824 hci_dev_unlock(hdev);
5827 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5828 void *data, u16 len)
5830 struct mgmt_cp_remove_device *cp = data;
5831 struct mgmt_pending_cmd *cmd;
5832 struct hci_request req;
5835 BT_DBG("%s", hdev->name);
5837 hci_req_init(&req, hdev);
5841 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5847 cmd->cmd_complete = addr_cmd_complete;
5849 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5850 struct hci_conn_params *params;
5853 if (!bdaddr_type_is_valid(cp->addr.type)) {
5854 err = cmd->cmd_complete(cmd,
5855 MGMT_STATUS_INVALID_PARAMS);
5856 mgmt_pending_remove(cmd);
5860 if (cp->addr.type == BDADDR_BREDR) {
5861 err = hci_bdaddr_list_del(&hdev->whitelist,
5865 err = cmd->cmd_complete(cmd,
5866 MGMT_STATUS_INVALID_PARAMS);
5867 mgmt_pending_remove(cmd);
5871 __hci_update_page_scan(&req);
5873 device_removed(sk, hdev, &cp->addr.bdaddr,
5878 if (cp->addr.type == BDADDR_LE_PUBLIC)
5879 addr_type = ADDR_LE_DEV_PUBLIC;
5881 addr_type = ADDR_LE_DEV_RANDOM;
5883 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5886 err = cmd->cmd_complete(cmd,
5887 MGMT_STATUS_INVALID_PARAMS);
5888 mgmt_pending_remove(cmd);
5892 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5893 err = cmd->cmd_complete(cmd,
5894 MGMT_STATUS_INVALID_PARAMS);
5895 mgmt_pending_remove(cmd);
5899 list_del(¶ms->action);
5900 list_del(¶ms->list);
5902 __hci_update_background_scan(&req);
5904 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5906 struct hci_conn_params *p, *tmp;
5907 struct bdaddr_list *b, *btmp;
5909 if (cp->addr.type) {
5910 err = cmd->cmd_complete(cmd,
5911 MGMT_STATUS_INVALID_PARAMS);
5912 mgmt_pending_remove(cmd);
5916 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5917 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5922 __hci_update_page_scan(&req);
5924 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5925 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5927 device_removed(sk, hdev, &p->addr, p->addr_type);
5928 list_del(&p->action);
5933 BT_DBG("All LE connection parameters were removed");
5935 __hci_update_background_scan(&req);
5939 err = hci_req_run(&req, remove_device_complete);
5941 /* ENODATA means no HCI commands were needed (e.g. if
5942 * the adapter is powered off).
5944 if (err == -ENODATA)
5945 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5946 mgmt_pending_remove(cmd);
5950 hci_dev_unlock(hdev);
5954 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5957 struct mgmt_cp_load_conn_param *cp = data;
5958 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5959 sizeof(struct mgmt_conn_param));
5960 u16 param_count, expected_len;
5963 if (!lmp_le_capable(hdev))
5964 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5965 MGMT_STATUS_NOT_SUPPORTED);
5967 param_count = __le16_to_cpu(cp->param_count);
5968 if (param_count > max_param_count) {
5969 BT_ERR("load_conn_param: too big param_count value %u",
5971 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5972 MGMT_STATUS_INVALID_PARAMS);
5975 expected_len = sizeof(*cp) + param_count *
5976 sizeof(struct mgmt_conn_param);
5977 if (expected_len != len) {
5978 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5980 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5981 MGMT_STATUS_INVALID_PARAMS);
5984 BT_DBG("%s param_count %u", hdev->name, param_count);
5988 hci_conn_params_clear_disabled(hdev);
5990 for (i = 0; i < param_count; i++) {
5991 struct mgmt_conn_param *param = &cp->params[i];
5992 struct hci_conn_params *hci_param;
5993 u16 min, max, latency, timeout;
5996 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5999 if (param->addr.type == BDADDR_LE_PUBLIC) {
6000 addr_type = ADDR_LE_DEV_PUBLIC;
6001 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6002 addr_type = ADDR_LE_DEV_RANDOM;
6004 BT_ERR("Ignoring invalid connection parameters");
6008 min = le16_to_cpu(param->min_interval);
6009 max = le16_to_cpu(param->max_interval);
6010 latency = le16_to_cpu(param->latency);
6011 timeout = le16_to_cpu(param->timeout);
6013 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6014 min, max, latency, timeout);
6016 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6017 BT_ERR("Ignoring invalid connection parameters");
6021 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
6024 BT_ERR("Failed to add connection parameters");
6028 hci_param->conn_min_interval = min;
6029 hci_param->conn_max_interval = max;
6030 hci_param->conn_latency = latency;
6031 hci_param->supervision_timeout = timeout;
6034 hci_dev_unlock(hdev);
6036 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6040 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6041 void *data, u16 len)
6043 struct mgmt_cp_set_external_config *cp = data;
6047 BT_DBG("%s", hdev->name);
6049 if (hdev_is_powered(hdev))
6050 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6051 MGMT_STATUS_REJECTED);
6053 if (cp->config != 0x00 && cp->config != 0x01)
6054 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6055 MGMT_STATUS_INVALID_PARAMS);
6057 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6058 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6059 MGMT_STATUS_NOT_SUPPORTED);
6064 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
6066 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
6068 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6075 err = new_options(hdev, sk);
6077 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
6078 mgmt_index_removed(hdev);
6080 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
6081 hci_dev_set_flag(hdev, HCI_CONFIG);
6082 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6084 queue_work(hdev->req_workqueue, &hdev->power_on);
6086 set_bit(HCI_RAW, &hdev->flags);
6087 mgmt_index_added(hdev);
6092 hci_dev_unlock(hdev);
6096 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6097 void *data, u16 len)
6099 struct mgmt_cp_set_public_address *cp = data;
6103 BT_DBG("%s", hdev->name);
6105 if (hdev_is_powered(hdev))
6106 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6107 MGMT_STATUS_REJECTED);
6109 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6110 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6111 MGMT_STATUS_INVALID_PARAMS);
6113 if (!hdev->set_bdaddr)
6114 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6115 MGMT_STATUS_NOT_SUPPORTED);
6119 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6120 bacpy(&hdev->public_addr, &cp->bdaddr);
6122 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6129 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6130 err = new_options(hdev, sk);
6132 if (is_configured(hdev)) {
6133 mgmt_index_removed(hdev);
6135 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6137 hci_dev_set_flag(hdev, HCI_CONFIG);
6138 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6140 queue_work(hdev->req_workqueue, &hdev->power_on);
6144 hci_dev_unlock(hdev);
6148 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6151 eir[eir_len++] = sizeof(type) + data_len;
6152 eir[eir_len++] = type;
6153 memcpy(&eir[eir_len], data, data_len);
6154 eir_len += data_len;
6159 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6160 void *data, u16 data_len)
6162 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6163 struct mgmt_rp_read_local_oob_ext_data *rp;
6166 u8 status, flags, role, addr[7], hash[16], rand[16];
6169 BT_DBG("%s", hdev->name);
6171 if (!hdev_is_powered(hdev))
6172 return mgmt_cmd_complete(sk, hdev->id,
6173 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6174 MGMT_STATUS_NOT_POWERED,
6175 &cp->type, sizeof(cp->type));
6178 case BIT(BDADDR_BREDR):
6179 status = mgmt_bredr_support(hdev);
6181 return mgmt_cmd_complete(sk, hdev->id,
6182 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6187 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6188 status = mgmt_le_support(hdev);
6190 return mgmt_cmd_complete(sk, hdev->id,
6191 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6194 eir_len = 9 + 3 + 18 + 18 + 3;
6197 return mgmt_cmd_complete(sk, hdev->id,
6198 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6199 MGMT_STATUS_INVALID_PARAMS,
6200 &cp->type, sizeof(cp->type));
6205 rp_len = sizeof(*rp) + eir_len;
6206 rp = kmalloc(rp_len, GFP_ATOMIC);
6208 hci_dev_unlock(hdev);
6214 case BIT(BDADDR_BREDR):
6215 eir_len = eir_append_data(rp->eir, eir_len, EIR_CLASS_OF_DEV,
6216 hdev->dev_class, 3);
6218 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6219 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6220 smp_generate_oob(hdev, hash, rand) < 0) {
6221 hci_dev_unlock(hdev);
6222 err = mgmt_cmd_complete(sk, hdev->id,
6223 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6225 &cp->type, sizeof(cp->type));
6229 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6230 memcpy(addr, &hdev->rpa, 6);
6232 } else if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6233 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6234 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6235 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6236 memcpy(addr, &hdev->static_addr, 6);
6239 memcpy(addr, &hdev->bdaddr, 6);
6243 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6244 addr, sizeof(addr));
6246 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6251 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6252 &role, sizeof(role));
6254 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6255 eir_len = eir_append_data(rp->eir, eir_len,
6257 hash, sizeof(hash));
6259 eir_len = eir_append_data(rp->eir, eir_len,
6261 rand, sizeof(rand));
6264 flags = get_adv_discov_flags(hdev);
6266 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6267 flags |= LE_AD_NO_BREDR;
6269 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6270 &flags, sizeof(flags));
6274 rp->type = cp->type;
6275 rp->eir_len = cpu_to_le16(eir_len);
6277 hci_dev_unlock(hdev);
6279 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6281 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6282 MGMT_STATUS_SUCCESS, rp, sizeof(*rp) + eir_len);
6286 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6287 rp, sizeof(*rp) + eir_len,
6288 HCI_MGMT_OOB_DATA_EVENTS, sk);
6296 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6297 void *data, u16 data_len)
6299 struct mgmt_rp_read_adv_features *rp;
6303 BT_DBG("%s", hdev->name);
6307 rp_len = sizeof(*rp);
6308 rp = kmalloc(rp_len, GFP_ATOMIC);
6310 hci_dev_unlock(hdev);
6314 rp->supported_flags = cpu_to_le32(0);
6315 rp->max_adv_data_len = 31;
6316 rp->max_scan_rsp_len = 31;
6317 rp->max_instances = 0;
6318 rp->num_instances = 0;
6320 hci_dev_unlock(hdev);
6322 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6323 MGMT_STATUS_SUCCESS, rp, rp_len);
6330 static const struct hci_mgmt_handler mgmt_handlers[] = {
6331 { NULL }, /* 0x0000 (no command) */
6332 { read_version, MGMT_READ_VERSION_SIZE,
6334 HCI_MGMT_UNTRUSTED },
6335 { read_commands, MGMT_READ_COMMANDS_SIZE,
6337 HCI_MGMT_UNTRUSTED },
6338 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6340 HCI_MGMT_UNTRUSTED },
6341 { read_controller_info, MGMT_READ_INFO_SIZE,
6342 HCI_MGMT_UNTRUSTED },
6343 { set_powered, MGMT_SETTING_SIZE },
6344 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6345 { set_connectable, MGMT_SETTING_SIZE },
6346 { set_fast_connectable, MGMT_SETTING_SIZE },
6347 { set_bondable, MGMT_SETTING_SIZE },
6348 { set_link_security, MGMT_SETTING_SIZE },
6349 { set_ssp, MGMT_SETTING_SIZE },
6350 { set_hs, MGMT_SETTING_SIZE },
6351 { set_le, MGMT_SETTING_SIZE },
6352 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6353 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6354 { add_uuid, MGMT_ADD_UUID_SIZE },
6355 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6356 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6358 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6360 { disconnect, MGMT_DISCONNECT_SIZE },
6361 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6362 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6363 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6364 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6365 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6366 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6367 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6368 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6369 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6370 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6371 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6372 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6373 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6375 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6376 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6377 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6378 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6379 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6380 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6381 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6382 { set_advertising, MGMT_SETTING_SIZE },
6383 { set_bredr, MGMT_SETTING_SIZE },
6384 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6385 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6386 { set_secure_conn, MGMT_SETTING_SIZE },
6387 { set_debug_keys, MGMT_SETTING_SIZE },
6388 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6389 { load_irks, MGMT_LOAD_IRKS_SIZE,
6391 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6392 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6393 { add_device, MGMT_ADD_DEVICE_SIZE },
6394 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6395 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6397 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6399 HCI_MGMT_UNTRUSTED },
6400 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6401 HCI_MGMT_UNCONFIGURED |
6402 HCI_MGMT_UNTRUSTED },
6403 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6404 HCI_MGMT_UNCONFIGURED },
6405 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6406 HCI_MGMT_UNCONFIGURED },
6407 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6409 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6410 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6412 HCI_MGMT_UNTRUSTED },
6413 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6416 void mgmt_index_added(struct hci_dev *hdev)
6418 struct mgmt_ev_ext_index ev;
6420 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6423 switch (hdev->dev_type) {
6425 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6426 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6427 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6430 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6431 HCI_MGMT_INDEX_EVENTS);
6444 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6445 HCI_MGMT_EXT_INDEX_EVENTS);
6448 void mgmt_index_removed(struct hci_dev *hdev)
6450 struct mgmt_ev_ext_index ev;
6451 u8 status = MGMT_STATUS_INVALID_INDEX;
6453 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6456 switch (hdev->dev_type) {
6458 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6460 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6461 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6462 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6465 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6466 HCI_MGMT_INDEX_EVENTS);
6479 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6480 HCI_MGMT_EXT_INDEX_EVENTS);
6483 /* This function requires the caller holds hdev->lock */
6484 static void restart_le_actions(struct hci_request *req)
6486 struct hci_dev *hdev = req->hdev;
6487 struct hci_conn_params *p;
6489 list_for_each_entry(p, &hdev->le_conn_params, list) {
6490 /* Needed for AUTO_OFF case where might not "really"
6491 * have been powered off.
6493 list_del_init(&p->action);
6495 switch (p->auto_connect) {
6496 case HCI_AUTO_CONN_DIRECT:
6497 case HCI_AUTO_CONN_ALWAYS:
6498 list_add(&p->action, &hdev->pend_le_conns);
6500 case HCI_AUTO_CONN_REPORT:
6501 list_add(&p->action, &hdev->pend_le_reports);
6508 __hci_update_background_scan(req);
6511 static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6513 struct cmd_lookup match = { NULL, hdev };
6515 BT_DBG("status 0x%02x", status);
6518 /* Register the available SMP channels (BR/EDR and LE) only
6519 * when successfully powering on the controller. This late
6520 * registration is required so that LE SMP can clearly
6521 * decide if the public address or static address is used.
6528 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6530 new_settings(hdev, match.sk);
6532 hci_dev_unlock(hdev);
6538 static int powered_update_hci(struct hci_dev *hdev)
6540 struct hci_request req;
6543 hci_req_init(&req, hdev);
6545 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
6546 !lmp_host_ssp_capable(hdev)) {
6549 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6551 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6554 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6555 sizeof(support), &support);
6559 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
6560 lmp_bredr_capable(hdev)) {
6561 struct hci_cp_write_le_host_supported cp;
6566 /* Check first if we already have the right
6567 * host state (host features set)
6569 if (cp.le != lmp_host_le_capable(hdev) ||
6570 cp.simul != lmp_host_le_br_capable(hdev))
6571 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6575 if (lmp_le_capable(hdev)) {
6576 /* Make sure the controller has a good default for
6577 * advertising data. This also applies to the case
6578 * where BR/EDR was toggled during the AUTO_OFF phase.
6580 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
6581 update_adv_data(&req);
6582 update_scan_rsp_data(&req);
6585 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6586 enable_advertising(&req);
6588 restart_le_actions(&req);
6591 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
6592 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
6593 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6594 sizeof(link_sec), &link_sec);
6596 if (lmp_bredr_capable(hdev)) {
6597 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
6598 write_fast_connectable(&req, true);
6600 write_fast_connectable(&req, false);
6601 __hci_update_page_scan(&req);
6607 return hci_req_run(&req, powered_complete);
6610 int mgmt_powered(struct hci_dev *hdev, u8 powered)
6612 struct cmd_lookup match = { NULL, hdev };
6613 u8 status, zero_cod[] = { 0, 0, 0 };
6616 if (!hci_dev_test_flag(hdev, HCI_MGMT))
6620 if (powered_update_hci(hdev) == 0)
6623 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6628 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6630 /* If the power off is because of hdev unregistration let
6631 * use the appropriate INVALID_INDEX status. Otherwise use
6632 * NOT_POWERED. We cover both scenarios here since later in
6633 * mgmt_index_removed() any hci_conn callbacks will have already
6634 * been triggered, potentially causing misleading DISCONNECTED
6637 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
6638 status = MGMT_STATUS_INVALID_INDEX;
6640 status = MGMT_STATUS_NOT_POWERED;
6642 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
6644 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6645 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6646 zero_cod, sizeof(zero_cod), NULL);
6649 err = new_settings(hdev, match.sk);
6657 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
6659 struct mgmt_pending_cmd *cmd;
6662 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6666 if (err == -ERFKILL)
6667 status = MGMT_STATUS_RFKILLED;
6669 status = MGMT_STATUS_FAILED;
6671 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
6673 mgmt_pending_remove(cmd);
6676 void mgmt_discoverable_timeout(struct hci_dev *hdev)
6678 struct hci_request req;
6682 /* When discoverable timeout triggers, then just make sure
6683 * the limited discoverable flag is cleared. Even in the case
6684 * of a timeout triggered from general discoverable, it is
6685 * safe to unconditionally clear the flag.
6687 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
6688 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
6690 hci_req_init(&req, hdev);
6691 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
6692 u8 scan = SCAN_PAGE;
6693 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6694 sizeof(scan), &scan);
6697 update_adv_data(&req);
6698 hci_req_run(&req, NULL);
6700 hdev->discov_timeout = 0;
6702 new_settings(hdev, NULL);
6704 hci_dev_unlock(hdev);
6707 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6710 struct mgmt_ev_new_link_key ev;
6712 memset(&ev, 0, sizeof(ev));
6714 ev.store_hint = persistent;
6715 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6716 ev.key.addr.type = BDADDR_BREDR;
6717 ev.key.type = key->type;
6718 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
6719 ev.key.pin_len = key->pin_len;
6721 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
6724 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6726 switch (ltk->type) {
6729 if (ltk->authenticated)
6730 return MGMT_LTK_AUTHENTICATED;
6731 return MGMT_LTK_UNAUTHENTICATED;
6733 if (ltk->authenticated)
6734 return MGMT_LTK_P256_AUTH;
6735 return MGMT_LTK_P256_UNAUTH;
6736 case SMP_LTK_P256_DEBUG:
6737 return MGMT_LTK_P256_DEBUG;
6740 return MGMT_LTK_UNAUTHENTICATED;
6743 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
6745 struct mgmt_ev_new_long_term_key ev;
6747 memset(&ev, 0, sizeof(ev));
6749 /* Devices using resolvable or non-resolvable random addresses
6750 * without providing an indentity resolving key don't require
6751 * to store long term keys. Their addresses will change the
6754 * Only when a remote device provides an identity address
6755 * make sure the long term key is stored. If the remote
6756 * identity is known, the long term keys are internally
6757 * mapped to the identity address. So allow static random
6758 * and public addresses here.
6760 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6761 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6762 ev.store_hint = 0x00;
6764 ev.store_hint = persistent;
6766 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6767 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
6768 ev.key.type = mgmt_ltk_type(key);
6769 ev.key.enc_size = key->enc_size;
6770 ev.key.ediv = key->ediv;
6771 ev.key.rand = key->rand;
6773 if (key->type == SMP_LTK)
6776 memcpy(ev.key.val, key->val, sizeof(key->val));
6778 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
6781 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6783 struct mgmt_ev_new_irk ev;
6785 memset(&ev, 0, sizeof(ev));
6787 /* For identity resolving keys from devices that are already
6788 * using a public address or static random address, do not
6789 * ask for storing this key. The identity resolving key really
6790 * is only mandatory for devices using resovlable random
6793 * Storing all identity resolving keys has the downside that
6794 * they will be also loaded on next boot of they system. More
6795 * identity resolving keys, means more time during scanning is
6796 * needed to actually resolve these addresses.
6798 if (bacmp(&irk->rpa, BDADDR_ANY))
6799 ev.store_hint = 0x01;
6801 ev.store_hint = 0x00;
6803 bacpy(&ev.rpa, &irk->rpa);
6804 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6805 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6806 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6808 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6811 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6814 struct mgmt_ev_new_csrk ev;
6816 memset(&ev, 0, sizeof(ev));
6818 /* Devices using resolvable or non-resolvable random addresses
6819 * without providing an indentity resolving key don't require
6820 * to store signature resolving keys. Their addresses will change
6821 * the next time around.
6823 * Only when a remote device provides an identity address
6824 * make sure the signature resolving key is stored. So allow
6825 * static random and public addresses here.
6827 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6828 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6829 ev.store_hint = 0x00;
6831 ev.store_hint = persistent;
6833 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6834 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6835 ev.key.type = csrk->type;
6836 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6838 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6841 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
6842 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6843 u16 max_interval, u16 latency, u16 timeout)
6845 struct mgmt_ev_new_conn_param ev;
6847 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6850 memset(&ev, 0, sizeof(ev));
6851 bacpy(&ev.addr.bdaddr, bdaddr);
6852 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
6853 ev.store_hint = store_hint;
6854 ev.min_interval = cpu_to_le16(min_interval);
6855 ev.max_interval = cpu_to_le16(max_interval);
6856 ev.latency = cpu_to_le16(latency);
6857 ev.timeout = cpu_to_le16(timeout);
6859 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6862 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6863 u32 flags, u8 *name, u8 name_len)
6866 struct mgmt_ev_device_connected *ev = (void *) buf;
6869 bacpy(&ev->addr.bdaddr, &conn->dst);
6870 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6872 ev->flags = __cpu_to_le32(flags);
6874 /* We must ensure that the EIR Data fields are ordered and
6875 * unique. Keep it simple for now and avoid the problem by not
6876 * adding any BR/EDR data to the LE adv.
6878 if (conn->le_adv_data_len > 0) {
6879 memcpy(&ev->eir[eir_len],
6880 conn->le_adv_data, conn->le_adv_data_len);
6881 eir_len = conn->le_adv_data_len;
6884 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6887 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
6888 eir_len = eir_append_data(ev->eir, eir_len,
6890 conn->dev_class, 3);
6893 ev->eir_len = cpu_to_le16(eir_len);
6895 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6896 sizeof(*ev) + eir_len, NULL);
6899 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
6901 struct sock **sk = data;
6903 cmd->cmd_complete(cmd, 0);
6908 mgmt_pending_remove(cmd);
6911 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
6913 struct hci_dev *hdev = data;
6914 struct mgmt_cp_unpair_device *cp = cmd->param;
6916 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6918 cmd->cmd_complete(cmd, 0);
6919 mgmt_pending_remove(cmd);
6922 bool mgmt_powering_down(struct hci_dev *hdev)
6924 struct mgmt_pending_cmd *cmd;
6925 struct mgmt_mode *cp;
6927 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
6938 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
6939 u8 link_type, u8 addr_type, u8 reason,
6940 bool mgmt_connected)
6942 struct mgmt_ev_device_disconnected ev;
6943 struct sock *sk = NULL;
6945 /* The connection is still in hci_conn_hash so test for 1
6946 * instead of 0 to know if this is the last one.
6948 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6949 cancel_delayed_work(&hdev->power_off);
6950 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6953 if (!mgmt_connected)
6956 if (link_type != ACL_LINK && link_type != LE_LINK)
6959 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
6961 bacpy(&ev.addr.bdaddr, bdaddr);
6962 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6965 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
6970 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6974 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6975 u8 link_type, u8 addr_type, u8 status)
6977 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6978 struct mgmt_cp_disconnect *cp;
6979 struct mgmt_pending_cmd *cmd;
6981 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6984 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
6990 if (bacmp(bdaddr, &cp->addr.bdaddr))
6993 if (cp->addr.type != bdaddr_type)
6996 cmd->cmd_complete(cmd, mgmt_status(status));
6997 mgmt_pending_remove(cmd);
7000 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7001 u8 addr_type, u8 status)
7003 struct mgmt_ev_connect_failed ev;
7005 /* The connection is still in hci_conn_hash so test for 1
7006 * instead of 0 to know if this is the last one.
7008 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7009 cancel_delayed_work(&hdev->power_off);
7010 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7013 bacpy(&ev.addr.bdaddr, bdaddr);
7014 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7015 ev.status = mgmt_status(status);
7017 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7020 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7022 struct mgmt_ev_pin_code_request ev;
7024 bacpy(&ev.addr.bdaddr, bdaddr);
7025 ev.addr.type = BDADDR_BREDR;
7028 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7031 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7034 struct mgmt_pending_cmd *cmd;
7036 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7040 cmd->cmd_complete(cmd, mgmt_status(status));
7041 mgmt_pending_remove(cmd);
7044 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7047 struct mgmt_pending_cmd *cmd;
7049 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7053 cmd->cmd_complete(cmd, mgmt_status(status));
7054 mgmt_pending_remove(cmd);
7057 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7058 u8 link_type, u8 addr_type, u32 value,
7061 struct mgmt_ev_user_confirm_request ev;
7063 BT_DBG("%s", hdev->name);
7065 bacpy(&ev.addr.bdaddr, bdaddr);
7066 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7067 ev.confirm_hint = confirm_hint;
7068 ev.value = cpu_to_le32(value);
7070 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7074 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7075 u8 link_type, u8 addr_type)
7077 struct mgmt_ev_user_passkey_request ev;
7079 BT_DBG("%s", hdev->name);
7081 bacpy(&ev.addr.bdaddr, bdaddr);
7082 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7084 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7088 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7089 u8 link_type, u8 addr_type, u8 status,
7092 struct mgmt_pending_cmd *cmd;
7094 cmd = pending_find(opcode, hdev);
7098 cmd->cmd_complete(cmd, mgmt_status(status));
7099 mgmt_pending_remove(cmd);
7104 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7105 u8 link_type, u8 addr_type, u8 status)
7107 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7108 status, MGMT_OP_USER_CONFIRM_REPLY);
7111 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7112 u8 link_type, u8 addr_type, u8 status)
7114 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7116 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7119 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7120 u8 link_type, u8 addr_type, u8 status)
7122 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7123 status, MGMT_OP_USER_PASSKEY_REPLY);
7126 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7127 u8 link_type, u8 addr_type, u8 status)
7129 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7131 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7134 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7135 u8 link_type, u8 addr_type, u32 passkey,
7138 struct mgmt_ev_passkey_notify ev;
7140 BT_DBG("%s", hdev->name);
7142 bacpy(&ev.addr.bdaddr, bdaddr);
7143 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7144 ev.passkey = __cpu_to_le32(passkey);
7145 ev.entered = entered;
7147 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7150 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7152 struct mgmt_ev_auth_failed ev;
7153 struct mgmt_pending_cmd *cmd;
7154 u8 status = mgmt_status(hci_status);
7156 bacpy(&ev.addr.bdaddr, &conn->dst);
7157 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7160 cmd = find_pairing(conn);
7162 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7163 cmd ? cmd->sk : NULL);
7166 cmd->cmd_complete(cmd, status);
7167 mgmt_pending_remove(cmd);
7171 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7173 struct cmd_lookup match = { NULL, hdev };
7177 u8 mgmt_err = mgmt_status(status);
7178 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7179 cmd_status_rsp, &mgmt_err);
7183 if (test_bit(HCI_AUTH, &hdev->flags))
7184 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7186 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7188 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7192 new_settings(hdev, match.sk);
7198 static void clear_eir(struct hci_request *req)
7200 struct hci_dev *hdev = req->hdev;
7201 struct hci_cp_write_eir cp;
7203 if (!lmp_ext_inq_capable(hdev))
7206 memset(hdev->eir, 0, sizeof(hdev->eir));
7208 memset(&cp, 0, sizeof(cp));
7210 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7213 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7215 struct cmd_lookup match = { NULL, hdev };
7216 struct hci_request req;
7217 bool changed = false;
7220 u8 mgmt_err = mgmt_status(status);
7222 if (enable && hci_dev_test_and_clear_flag(hdev,
7224 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7225 new_settings(hdev, NULL);
7228 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7234 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7236 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7238 changed = hci_dev_test_and_clear_flag(hdev,
7241 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7244 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7247 new_settings(hdev, match.sk);
7252 hci_req_init(&req, hdev);
7254 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7255 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7256 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7257 sizeof(enable), &enable);
7263 hci_req_run(&req, NULL);
7266 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7268 struct cmd_lookup *match = data;
7270 if (match->sk == NULL) {
7271 match->sk = cmd->sk;
7272 sock_hold(match->sk);
7276 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7279 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7281 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7282 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7283 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7286 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7287 dev_class, 3, NULL);
7293 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7295 struct mgmt_cp_set_local_name ev;
7296 struct mgmt_pending_cmd *cmd;
7301 memset(&ev, 0, sizeof(ev));
7302 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7303 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7305 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7307 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7309 /* If this is a HCI command related to powering on the
7310 * HCI dev don't send any mgmt signals.
7312 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7316 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7317 cmd ? cmd->sk : NULL);
7320 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
7321 u8 *rand192, u8 *hash256, u8 *rand256,
7324 struct mgmt_pending_cmd *cmd;
7326 BT_DBG("%s status %u", hdev->name, status);
7328 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
7333 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7334 mgmt_status(status));
7336 struct mgmt_rp_read_local_oob_data rp;
7337 size_t rp_size = sizeof(rp);
7339 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7340 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
7342 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
7343 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
7344 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
7346 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
7349 mgmt_cmd_complete(cmd->sk, hdev->id,
7350 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7354 mgmt_pending_remove(cmd);
7357 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7361 for (i = 0; i < uuid_count; i++) {
7362 if (!memcmp(uuid, uuids[i], 16))
7369 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7373 while (parsed < eir_len) {
7374 u8 field_len = eir[0];
7381 if (eir_len - parsed < field_len + 1)
7385 case EIR_UUID16_ALL:
7386 case EIR_UUID16_SOME:
7387 for (i = 0; i + 3 <= field_len; i += 2) {
7388 memcpy(uuid, bluetooth_base_uuid, 16);
7389 uuid[13] = eir[i + 3];
7390 uuid[12] = eir[i + 2];
7391 if (has_uuid(uuid, uuid_count, uuids))
7395 case EIR_UUID32_ALL:
7396 case EIR_UUID32_SOME:
7397 for (i = 0; i + 5 <= field_len; i += 4) {
7398 memcpy(uuid, bluetooth_base_uuid, 16);
7399 uuid[15] = eir[i + 5];
7400 uuid[14] = eir[i + 4];
7401 uuid[13] = eir[i + 3];
7402 uuid[12] = eir[i + 2];
7403 if (has_uuid(uuid, uuid_count, uuids))
7407 case EIR_UUID128_ALL:
7408 case EIR_UUID128_SOME:
7409 for (i = 0; i + 17 <= field_len; i += 16) {
7410 memcpy(uuid, eir + i + 2, 16);
7411 if (has_uuid(uuid, uuid_count, uuids))
7417 parsed += field_len + 1;
7418 eir += field_len + 1;
7424 static void restart_le_scan(struct hci_dev *hdev)
7426 /* If controller is not scanning we are done. */
7427 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7430 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7431 hdev->discovery.scan_start +
7432 hdev->discovery.scan_duration))
7435 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7436 DISCOV_LE_RESTART_DELAY);
7439 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7440 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7442 /* If a RSSI threshold has been specified, and
7443 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7444 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7445 * is set, let it through for further processing, as we might need to
7448 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7449 * the results are also dropped.
7451 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7452 (rssi == HCI_RSSI_INVALID ||
7453 (rssi < hdev->discovery.rssi &&
7454 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7457 if (hdev->discovery.uuid_count != 0) {
7458 /* If a list of UUIDs is provided in filter, results with no
7459 * matching UUID should be dropped.
7461 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7462 hdev->discovery.uuids) &&
7463 !eir_has_uuids(scan_rsp, scan_rsp_len,
7464 hdev->discovery.uuid_count,
7465 hdev->discovery.uuids))
7469 /* If duplicate filtering does not report RSSI changes, then restart
7470 * scanning to ensure updated result with updated RSSI values.
7472 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7473 restart_le_scan(hdev);
7475 /* Validate RSSI value against the RSSI threshold once more. */
7476 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7477 rssi < hdev->discovery.rssi)
7484 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7485 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7486 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7489 struct mgmt_ev_device_found *ev = (void *)buf;
7492 /* Don't send events for a non-kernel initiated discovery. With
7493 * LE one exception is if we have pend_le_reports > 0 in which
7494 * case we're doing passive scanning and want these events.
7496 if (!hci_discovery_active(hdev)) {
7497 if (link_type == ACL_LINK)
7499 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7503 if (hdev->discovery.result_filtering) {
7504 /* We are using service discovery */
7505 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7510 /* Make sure that the buffer is big enough. The 5 extra bytes
7511 * are for the potential CoD field.
7513 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7516 memset(buf, 0, sizeof(buf));
7518 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7519 * RSSI value was reported as 0 when not available. This behavior
7520 * is kept when using device discovery. This is required for full
7521 * backwards compatibility with the API.
7523 * However when using service discovery, the value 127 will be
7524 * returned when the RSSI is not available.
7526 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7527 link_type == ACL_LINK)
7530 bacpy(&ev->addr.bdaddr, bdaddr);
7531 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7533 ev->flags = cpu_to_le32(flags);
7536 /* Copy EIR or advertising data into event */
7537 memcpy(ev->eir, eir, eir_len);
7539 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7540 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7543 if (scan_rsp_len > 0)
7544 /* Append scan response data to event */
7545 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7547 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7548 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
7550 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
7553 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7554 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
7556 struct mgmt_ev_device_found *ev;
7557 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7560 ev = (struct mgmt_ev_device_found *) buf;
7562 memset(buf, 0, sizeof(buf));
7564 bacpy(&ev->addr.bdaddr, bdaddr);
7565 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7568 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
7571 ev->eir_len = cpu_to_le16(eir_len);
7573 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
7576 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
7578 struct mgmt_ev_discovering ev;
7580 BT_DBG("%s discovering %u", hdev->name, discovering);
7582 memset(&ev, 0, sizeof(ev));
7583 ev.type = hdev->discovery.type;
7584 ev.discovering = discovering;
7586 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
7589 static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
7591 BT_DBG("%s status %u", hdev->name, status);
7594 void mgmt_reenable_advertising(struct hci_dev *hdev)
7596 struct hci_request req;
7598 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
7601 hci_req_init(&req, hdev);
7602 enable_advertising(&req);
7603 hci_req_run(&req, adv_enable_complete);
7606 static struct hci_mgmt_chan chan = {
7607 .channel = HCI_CHANNEL_CONTROL,
7608 .handler_count = ARRAY_SIZE(mgmt_handlers),
7609 .handlers = mgmt_handlers,
7610 .hdev_init = mgmt_init_hdev,
7615 return hci_mgmt_chan_register(&chan);
7618 void mgmt_exit(void)
7620 hci_mgmt_chan_unregister(&chan);
projects / firefly-linux-kernel-4.4.55.git / blob