2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
39 #include "mgmt_config.h"
44 #define MGMT_VERSION 1
45 #define MGMT_REVISION 22
47 static const u16 mgmt_commands[] = {
48 MGMT_OP_READ_INDEX_LIST,
51 MGMT_OP_SET_DISCOVERABLE,
52 MGMT_OP_SET_CONNECTABLE,
53 MGMT_OP_SET_FAST_CONNECTABLE,
55 MGMT_OP_SET_LINK_SECURITY,
59 MGMT_OP_SET_DEV_CLASS,
60 MGMT_OP_SET_LOCAL_NAME,
63 MGMT_OP_LOAD_LINK_KEYS,
64 MGMT_OP_LOAD_LONG_TERM_KEYS,
66 MGMT_OP_GET_CONNECTIONS,
67 MGMT_OP_PIN_CODE_REPLY,
68 MGMT_OP_PIN_CODE_NEG_REPLY,
69 MGMT_OP_SET_IO_CAPABILITY,
71 MGMT_OP_CANCEL_PAIR_DEVICE,
72 MGMT_OP_UNPAIR_DEVICE,
73 MGMT_OP_USER_CONFIRM_REPLY,
74 MGMT_OP_USER_CONFIRM_NEG_REPLY,
75 MGMT_OP_USER_PASSKEY_REPLY,
76 MGMT_OP_USER_PASSKEY_NEG_REPLY,
77 MGMT_OP_READ_LOCAL_OOB_DATA,
78 MGMT_OP_ADD_REMOTE_OOB_DATA,
79 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
80 MGMT_OP_START_DISCOVERY,
81 MGMT_OP_STOP_DISCOVERY,
84 MGMT_OP_UNBLOCK_DEVICE,
85 MGMT_OP_SET_DEVICE_ID,
86 MGMT_OP_SET_ADVERTISING,
88 MGMT_OP_SET_STATIC_ADDRESS,
89 MGMT_OP_SET_SCAN_PARAMS,
90 MGMT_OP_SET_SECURE_CONN,
91 MGMT_OP_SET_DEBUG_KEYS,
94 MGMT_OP_GET_CONN_INFO,
95 MGMT_OP_GET_CLOCK_INFO,
97 MGMT_OP_REMOVE_DEVICE,
98 MGMT_OP_LOAD_CONN_PARAM,
99 MGMT_OP_READ_UNCONF_INDEX_LIST,
100 MGMT_OP_READ_CONFIG_INFO,
101 MGMT_OP_SET_EXTERNAL_CONFIG,
102 MGMT_OP_SET_PUBLIC_ADDRESS,
103 MGMT_OP_START_SERVICE_DISCOVERY,
104 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
105 MGMT_OP_READ_EXT_INDEX_LIST,
106 MGMT_OP_READ_ADV_FEATURES,
107 MGMT_OP_ADD_ADVERTISING,
108 MGMT_OP_REMOVE_ADVERTISING,
109 MGMT_OP_GET_ADV_SIZE_INFO,
110 MGMT_OP_START_LIMITED_DISCOVERY,
111 MGMT_OP_READ_EXT_INFO,
112 MGMT_OP_SET_APPEARANCE,
113 MGMT_OP_GET_PHY_CONFIGURATION,
114 MGMT_OP_SET_PHY_CONFIGURATION,
115 MGMT_OP_SET_BLOCKED_KEYS,
116 MGMT_OP_SET_WIDEBAND_SPEECH,
117 MGMT_OP_READ_CONTROLLER_CAP,
118 MGMT_OP_READ_EXP_FEATURES_INFO,
119 MGMT_OP_SET_EXP_FEATURE,
120 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
121 MGMT_OP_SET_DEF_SYSTEM_CONFIG,
122 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
123 MGMT_OP_SET_DEF_RUNTIME_CONFIG,
124 MGMT_OP_GET_DEVICE_FLAGS,
125 MGMT_OP_SET_DEVICE_FLAGS,
126 MGMT_OP_READ_ADV_MONITOR_FEATURES,
127 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
128 MGMT_OP_REMOVE_ADV_MONITOR,
129 MGMT_OP_ADD_EXT_ADV_PARAMS,
130 MGMT_OP_ADD_EXT_ADV_DATA,
131 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI,
134 static const u16 mgmt_events[] = {
135 MGMT_EV_CONTROLLER_ERROR,
137 MGMT_EV_INDEX_REMOVED,
138 MGMT_EV_NEW_SETTINGS,
139 MGMT_EV_CLASS_OF_DEV_CHANGED,
140 MGMT_EV_LOCAL_NAME_CHANGED,
141 MGMT_EV_NEW_LINK_KEY,
142 MGMT_EV_NEW_LONG_TERM_KEY,
143 MGMT_EV_DEVICE_CONNECTED,
144 MGMT_EV_DEVICE_DISCONNECTED,
145 MGMT_EV_CONNECT_FAILED,
146 MGMT_EV_PIN_CODE_REQUEST,
147 MGMT_EV_USER_CONFIRM_REQUEST,
148 MGMT_EV_USER_PASSKEY_REQUEST,
150 MGMT_EV_DEVICE_FOUND,
152 MGMT_EV_DEVICE_BLOCKED,
153 MGMT_EV_DEVICE_UNBLOCKED,
154 MGMT_EV_DEVICE_UNPAIRED,
155 MGMT_EV_PASSKEY_NOTIFY,
158 MGMT_EV_DEVICE_ADDED,
159 MGMT_EV_DEVICE_REMOVED,
160 MGMT_EV_NEW_CONN_PARAM,
161 MGMT_EV_UNCONF_INDEX_ADDED,
162 MGMT_EV_UNCONF_INDEX_REMOVED,
163 MGMT_EV_NEW_CONFIG_OPTIONS,
164 MGMT_EV_EXT_INDEX_ADDED,
165 MGMT_EV_EXT_INDEX_REMOVED,
166 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
167 MGMT_EV_ADVERTISING_ADDED,
168 MGMT_EV_ADVERTISING_REMOVED,
169 MGMT_EV_EXT_INFO_CHANGED,
170 MGMT_EV_PHY_CONFIGURATION_CHANGED,
171 MGMT_EV_EXP_FEATURE_CHANGED,
172 MGMT_EV_DEVICE_FLAGS_CHANGED,
173 MGMT_EV_ADV_MONITOR_ADDED,
174 MGMT_EV_ADV_MONITOR_REMOVED,
175 MGMT_EV_CONTROLLER_SUSPEND,
176 MGMT_EV_CONTROLLER_RESUME,
177 MGMT_EV_ADV_MONITOR_DEVICE_FOUND,
178 MGMT_EV_ADV_MONITOR_DEVICE_LOST,
181 static const u16 mgmt_untrusted_commands[] = {
182 MGMT_OP_READ_INDEX_LIST,
184 MGMT_OP_READ_UNCONF_INDEX_LIST,
185 MGMT_OP_READ_CONFIG_INFO,
186 MGMT_OP_READ_EXT_INDEX_LIST,
187 MGMT_OP_READ_EXT_INFO,
188 MGMT_OP_READ_CONTROLLER_CAP,
189 MGMT_OP_READ_EXP_FEATURES_INFO,
190 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
191 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
194 static const u16 mgmt_untrusted_events[] = {
196 MGMT_EV_INDEX_REMOVED,
197 MGMT_EV_NEW_SETTINGS,
198 MGMT_EV_CLASS_OF_DEV_CHANGED,
199 MGMT_EV_LOCAL_NAME_CHANGED,
200 MGMT_EV_UNCONF_INDEX_ADDED,
201 MGMT_EV_UNCONF_INDEX_REMOVED,
202 MGMT_EV_NEW_CONFIG_OPTIONS,
203 MGMT_EV_EXT_INDEX_ADDED,
204 MGMT_EV_EXT_INDEX_REMOVED,
205 MGMT_EV_EXT_INFO_CHANGED,
206 MGMT_EV_EXP_FEATURE_CHANGED,
209 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
211 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
212 "\x00\x00\x00\x00\x00\x00\x00\x00"
214 /* HCI to MGMT error code conversion table */
215 static const u8 mgmt_status_table[] = {
217 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
218 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
219 MGMT_STATUS_FAILED, /* Hardware Failure */
220 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
221 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
222 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
223 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
224 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
225 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
226 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
227 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
228 MGMT_STATUS_BUSY, /* Command Disallowed */
229 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
230 MGMT_STATUS_REJECTED, /* Rejected Security */
231 MGMT_STATUS_REJECTED, /* Rejected Personal */
232 MGMT_STATUS_TIMEOUT, /* Host Timeout */
233 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
234 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
235 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
236 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
237 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
238 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
239 MGMT_STATUS_BUSY, /* Repeated Attempts */
240 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
241 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
242 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
243 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
244 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
245 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
246 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
247 MGMT_STATUS_FAILED, /* Unspecified Error */
248 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
249 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
250 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
251 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
252 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
253 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
254 MGMT_STATUS_FAILED, /* Unit Link Key Used */
255 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
256 MGMT_STATUS_TIMEOUT, /* Instant Passed */
257 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
258 MGMT_STATUS_FAILED, /* Transaction Collision */
259 MGMT_STATUS_FAILED, /* Reserved for future use */
260 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
261 MGMT_STATUS_REJECTED, /* QoS Rejected */
262 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
263 MGMT_STATUS_REJECTED, /* Insufficient Security */
264 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
265 MGMT_STATUS_FAILED, /* Reserved for future use */
266 MGMT_STATUS_BUSY, /* Role Switch Pending */
267 MGMT_STATUS_FAILED, /* Reserved for future use */
268 MGMT_STATUS_FAILED, /* Slot Violation */
269 MGMT_STATUS_FAILED, /* Role Switch Failed */
270 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
271 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
272 MGMT_STATUS_BUSY, /* Host Busy Pairing */
273 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
274 MGMT_STATUS_BUSY, /* Controller Busy */
275 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
276 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
277 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
278 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
279 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
282 static u8 mgmt_errno_status(int err)
286 return MGMT_STATUS_SUCCESS;
288 return MGMT_STATUS_REJECTED;
290 return MGMT_STATUS_INVALID_PARAMS;
292 return MGMT_STATUS_NOT_SUPPORTED;
294 return MGMT_STATUS_BUSY;
296 return MGMT_STATUS_AUTH_FAILED;
298 return MGMT_STATUS_NO_RESOURCES;
300 return MGMT_STATUS_ALREADY_CONNECTED;
302 return MGMT_STATUS_DISCONNECTED;
305 return MGMT_STATUS_FAILED;
308 static u8 mgmt_status(int err)
311 return mgmt_errno_status(err);
313 if (err < ARRAY_SIZE(mgmt_status_table))
314 return mgmt_status_table[err];
316 return MGMT_STATUS_FAILED;
319 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
322 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
326 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
327 u16 len, int flag, struct sock *skip_sk)
329 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
333 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
334 struct sock *skip_sk)
336 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
337 HCI_SOCK_TRUSTED, skip_sk);
340 static int mgmt_event_skb(struct sk_buff *skb, struct sock *skip_sk)
342 return mgmt_send_event_skb(HCI_CHANNEL_CONTROL, skb, HCI_SOCK_TRUSTED,
346 static u8 le_addr_type(u8 mgmt_addr_type)
348 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
349 return ADDR_LE_DEV_PUBLIC;
351 return ADDR_LE_DEV_RANDOM;
354 void mgmt_fill_version_info(void *ver)
356 struct mgmt_rp_read_version *rp = ver;
358 rp->version = MGMT_VERSION;
359 rp->revision = cpu_to_le16(MGMT_REVISION);
362 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
365 struct mgmt_rp_read_version rp;
367 bt_dev_dbg(hdev, "sock %p", sk);
369 mgmt_fill_version_info(&rp);
371 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
375 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
378 struct mgmt_rp_read_commands *rp;
379 u16 num_commands, num_events;
383 bt_dev_dbg(hdev, "sock %p", sk);
385 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
386 num_commands = ARRAY_SIZE(mgmt_commands);
387 num_events = ARRAY_SIZE(mgmt_events);
389 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
390 num_events = ARRAY_SIZE(mgmt_untrusted_events);
393 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
395 rp = kmalloc(rp_size, GFP_KERNEL);
399 rp->num_commands = cpu_to_le16(num_commands);
400 rp->num_events = cpu_to_le16(num_events);
402 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
403 __le16 *opcode = rp->opcodes;
405 for (i = 0; i < num_commands; i++, opcode++)
406 put_unaligned_le16(mgmt_commands[i], opcode);
408 for (i = 0; i < num_events; i++, opcode++)
409 put_unaligned_le16(mgmt_events[i], opcode);
411 __le16 *opcode = rp->opcodes;
413 for (i = 0; i < num_commands; i++, opcode++)
414 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
416 for (i = 0; i < num_events; i++, opcode++)
417 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
420 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
427 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
430 struct mgmt_rp_read_index_list *rp;
436 bt_dev_dbg(hdev, "sock %p", sk);
438 read_lock(&hci_dev_list_lock);
441 list_for_each_entry(d, &hci_dev_list, list) {
442 if (d->dev_type == HCI_PRIMARY &&
443 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
447 rp_len = sizeof(*rp) + (2 * count);
448 rp = kmalloc(rp_len, GFP_ATOMIC);
450 read_unlock(&hci_dev_list_lock);
455 list_for_each_entry(d, &hci_dev_list, list) {
456 if (hci_dev_test_flag(d, HCI_SETUP) ||
457 hci_dev_test_flag(d, HCI_CONFIG) ||
458 hci_dev_test_flag(d, HCI_USER_CHANNEL))
461 /* Devices marked as raw-only are neither configured
462 * nor unconfigured controllers.
464 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
467 if (d->dev_type == HCI_PRIMARY &&
468 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
469 rp->index[count++] = cpu_to_le16(d->id);
470 bt_dev_dbg(hdev, "Added hci%u", d->id);
474 rp->num_controllers = cpu_to_le16(count);
475 rp_len = sizeof(*rp) + (2 * count);
477 read_unlock(&hci_dev_list_lock);
479 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
487 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
488 void *data, u16 data_len)
490 struct mgmt_rp_read_unconf_index_list *rp;
496 bt_dev_dbg(hdev, "sock %p", sk);
498 read_lock(&hci_dev_list_lock);
501 list_for_each_entry(d, &hci_dev_list, list) {
502 if (d->dev_type == HCI_PRIMARY &&
503 hci_dev_test_flag(d, HCI_UNCONFIGURED))
507 rp_len = sizeof(*rp) + (2 * count);
508 rp = kmalloc(rp_len, GFP_ATOMIC);
510 read_unlock(&hci_dev_list_lock);
515 list_for_each_entry(d, &hci_dev_list, list) {
516 if (hci_dev_test_flag(d, HCI_SETUP) ||
517 hci_dev_test_flag(d, HCI_CONFIG) ||
518 hci_dev_test_flag(d, HCI_USER_CHANNEL))
521 /* Devices marked as raw-only are neither configured
522 * nor unconfigured controllers.
524 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
527 if (d->dev_type == HCI_PRIMARY &&
528 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
529 rp->index[count++] = cpu_to_le16(d->id);
530 bt_dev_dbg(hdev, "Added hci%u", d->id);
534 rp->num_controllers = cpu_to_le16(count);
535 rp_len = sizeof(*rp) + (2 * count);
537 read_unlock(&hci_dev_list_lock);
539 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
540 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
547 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
548 void *data, u16 data_len)
550 struct mgmt_rp_read_ext_index_list *rp;
555 bt_dev_dbg(hdev, "sock %p", sk);
557 read_lock(&hci_dev_list_lock);
560 list_for_each_entry(d, &hci_dev_list, list) {
561 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
565 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
567 read_unlock(&hci_dev_list_lock);
572 list_for_each_entry(d, &hci_dev_list, list) {
573 if (hci_dev_test_flag(d, HCI_SETUP) ||
574 hci_dev_test_flag(d, HCI_CONFIG) ||
575 hci_dev_test_flag(d, HCI_USER_CHANNEL))
578 /* Devices marked as raw-only are neither configured
579 * nor unconfigured controllers.
581 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
584 if (d->dev_type == HCI_PRIMARY) {
585 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
586 rp->entry[count].type = 0x01;
588 rp->entry[count].type = 0x00;
589 } else if (d->dev_type == HCI_AMP) {
590 rp->entry[count].type = 0x02;
595 rp->entry[count].bus = d->bus;
596 rp->entry[count++].index = cpu_to_le16(d->id);
597 bt_dev_dbg(hdev, "Added hci%u", d->id);
600 rp->num_controllers = cpu_to_le16(count);
602 read_unlock(&hci_dev_list_lock);
604 /* If this command is called at least once, then all the
605 * default index and unconfigured index events are disabled
606 * and from now on only extended index events are used.
608 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
609 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
610 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
612 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
613 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
614 struct_size(rp, entry, count));
621 static bool is_configured(struct hci_dev *hdev)
623 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
624 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
627 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
628 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
629 !bacmp(&hdev->public_addr, BDADDR_ANY))
635 static __le32 get_missing_options(struct hci_dev *hdev)
639 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
640 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
641 options |= MGMT_OPTION_EXTERNAL_CONFIG;
643 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
644 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
645 !bacmp(&hdev->public_addr, BDADDR_ANY))
646 options |= MGMT_OPTION_PUBLIC_ADDRESS;
648 return cpu_to_le32(options);
651 static int new_options(struct hci_dev *hdev, struct sock *skip)
653 __le32 options = get_missing_options(hdev);
655 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
656 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
659 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
661 __le32 options = get_missing_options(hdev);
663 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
667 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
668 void *data, u16 data_len)
670 struct mgmt_rp_read_config_info rp;
673 bt_dev_dbg(hdev, "sock %p", sk);
677 memset(&rp, 0, sizeof(rp));
678 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
680 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
681 options |= MGMT_OPTION_EXTERNAL_CONFIG;
683 if (hdev->set_bdaddr)
684 options |= MGMT_OPTION_PUBLIC_ADDRESS;
686 rp.supported_options = cpu_to_le32(options);
687 rp.missing_options = get_missing_options(hdev);
689 hci_dev_unlock(hdev);
691 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
695 static u32 get_supported_phys(struct hci_dev *hdev)
697 u32 supported_phys = 0;
699 if (lmp_bredr_capable(hdev)) {
700 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
702 if (hdev->features[0][0] & LMP_3SLOT)
703 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
705 if (hdev->features[0][0] & LMP_5SLOT)
706 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
708 if (lmp_edr_2m_capable(hdev)) {
709 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
711 if (lmp_edr_3slot_capable(hdev))
712 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
714 if (lmp_edr_5slot_capable(hdev))
715 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
717 if (lmp_edr_3m_capable(hdev)) {
718 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
720 if (lmp_edr_3slot_capable(hdev))
721 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
723 if (lmp_edr_5slot_capable(hdev))
724 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
729 if (lmp_le_capable(hdev)) {
730 supported_phys |= MGMT_PHY_LE_1M_TX;
731 supported_phys |= MGMT_PHY_LE_1M_RX;
733 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
734 supported_phys |= MGMT_PHY_LE_2M_TX;
735 supported_phys |= MGMT_PHY_LE_2M_RX;
738 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
739 supported_phys |= MGMT_PHY_LE_CODED_TX;
740 supported_phys |= MGMT_PHY_LE_CODED_RX;
744 return supported_phys;
747 static u32 get_selected_phys(struct hci_dev *hdev)
749 u32 selected_phys = 0;
751 if (lmp_bredr_capable(hdev)) {
752 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
754 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
755 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
757 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
758 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
760 if (lmp_edr_2m_capable(hdev)) {
761 if (!(hdev->pkt_type & HCI_2DH1))
762 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
764 if (lmp_edr_3slot_capable(hdev) &&
765 !(hdev->pkt_type & HCI_2DH3))
766 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
768 if (lmp_edr_5slot_capable(hdev) &&
769 !(hdev->pkt_type & HCI_2DH5))
770 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
772 if (lmp_edr_3m_capable(hdev)) {
773 if (!(hdev->pkt_type & HCI_3DH1))
774 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
776 if (lmp_edr_3slot_capable(hdev) &&
777 !(hdev->pkt_type & HCI_3DH3))
778 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
780 if (lmp_edr_5slot_capable(hdev) &&
781 !(hdev->pkt_type & HCI_3DH5))
782 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
787 if (lmp_le_capable(hdev)) {
788 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
789 selected_phys |= MGMT_PHY_LE_1M_TX;
791 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
792 selected_phys |= MGMT_PHY_LE_1M_RX;
794 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
795 selected_phys |= MGMT_PHY_LE_2M_TX;
797 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
798 selected_phys |= MGMT_PHY_LE_2M_RX;
800 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
801 selected_phys |= MGMT_PHY_LE_CODED_TX;
803 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
804 selected_phys |= MGMT_PHY_LE_CODED_RX;
807 return selected_phys;
810 static u32 get_configurable_phys(struct hci_dev *hdev)
812 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
813 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
816 static u32 get_supported_settings(struct hci_dev *hdev)
820 settings |= MGMT_SETTING_POWERED;
821 settings |= MGMT_SETTING_BONDABLE;
822 settings |= MGMT_SETTING_DEBUG_KEYS;
823 settings |= MGMT_SETTING_CONNECTABLE;
824 settings |= MGMT_SETTING_DISCOVERABLE;
826 if (lmp_bredr_capable(hdev)) {
827 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
828 settings |= MGMT_SETTING_FAST_CONNECTABLE;
829 settings |= MGMT_SETTING_BREDR;
830 settings |= MGMT_SETTING_LINK_SECURITY;
832 if (lmp_ssp_capable(hdev)) {
833 settings |= MGMT_SETTING_SSP;
834 if (IS_ENABLED(CONFIG_BT_HS))
835 settings |= MGMT_SETTING_HS;
838 if (lmp_sc_capable(hdev))
839 settings |= MGMT_SETTING_SECURE_CONN;
841 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
843 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
846 if (lmp_le_capable(hdev)) {
847 settings |= MGMT_SETTING_LE;
848 settings |= MGMT_SETTING_SECURE_CONN;
849 settings |= MGMT_SETTING_PRIVACY;
850 settings |= MGMT_SETTING_STATIC_ADDRESS;
851 settings |= MGMT_SETTING_ADVERTISING;
854 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
856 settings |= MGMT_SETTING_CONFIGURATION;
858 settings |= MGMT_SETTING_PHY_CONFIGURATION;
863 static u32 get_current_settings(struct hci_dev *hdev)
867 if (hdev_is_powered(hdev))
868 settings |= MGMT_SETTING_POWERED;
870 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
871 settings |= MGMT_SETTING_CONNECTABLE;
873 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
874 settings |= MGMT_SETTING_FAST_CONNECTABLE;
876 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
877 settings |= MGMT_SETTING_DISCOVERABLE;
879 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
880 settings |= MGMT_SETTING_BONDABLE;
882 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
883 settings |= MGMT_SETTING_BREDR;
885 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
886 settings |= MGMT_SETTING_LE;
888 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
889 settings |= MGMT_SETTING_LINK_SECURITY;
891 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
892 settings |= MGMT_SETTING_SSP;
894 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
895 settings |= MGMT_SETTING_HS;
897 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
898 settings |= MGMT_SETTING_ADVERTISING;
900 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
901 settings |= MGMT_SETTING_SECURE_CONN;
903 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
904 settings |= MGMT_SETTING_DEBUG_KEYS;
906 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
907 settings |= MGMT_SETTING_PRIVACY;
909 /* The current setting for static address has two purposes. The
910 * first is to indicate if the static address will be used and
911 * the second is to indicate if it is actually set.
913 * This means if the static address is not configured, this flag
914 * will never be set. If the address is configured, then if the
915 * address is actually used decides if the flag is set or not.
917 * For single mode LE only controllers and dual-mode controllers
918 * with BR/EDR disabled, the existence of the static address will
921 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
922 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
923 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
924 if (bacmp(&hdev->static_addr, BDADDR_ANY))
925 settings |= MGMT_SETTING_STATIC_ADDRESS;
928 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED))
929 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
934 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
936 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
939 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
941 struct mgmt_pending_cmd *cmd;
943 /* If there's a pending mgmt command the flags will not yet have
944 * their final values, so check for this first.
946 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
948 struct mgmt_mode *cp = cmd->param;
950 return LE_AD_GENERAL;
951 else if (cp->val == 0x02)
952 return LE_AD_LIMITED;
954 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
955 return LE_AD_LIMITED;
956 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
957 return LE_AD_GENERAL;
963 bool mgmt_get_connectable(struct hci_dev *hdev)
965 struct mgmt_pending_cmd *cmd;
967 /* If there's a pending mgmt command the flag will not yet have
968 * it's final value, so check for this first.
970 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
972 struct mgmt_mode *cp = cmd->param;
977 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
980 static int service_cache_sync(struct hci_dev *hdev, void *data)
982 hci_update_eir_sync(hdev);
983 hci_update_class_sync(hdev);
988 static void service_cache_off(struct work_struct *work)
990 struct hci_dev *hdev = container_of(work, struct hci_dev,
993 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
996 hci_cmd_sync_queue(hdev, service_cache_sync, NULL, NULL);
999 static int rpa_expired_sync(struct hci_dev *hdev, void *data)
1001 /* The generation of a new RPA and programming it into the
1002 * controller happens in the hci_req_enable_advertising()
1005 if (ext_adv_capable(hdev))
1006 return hci_start_ext_adv_sync(hdev, hdev->cur_adv_instance);
1008 return hci_enable_advertising_sync(hdev);
1011 static void rpa_expired(struct work_struct *work)
1013 struct hci_dev *hdev = container_of(work, struct hci_dev,
1016 bt_dev_dbg(hdev, "");
1018 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
1020 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
1023 hci_cmd_sync_queue(hdev, rpa_expired_sync, NULL, NULL);
1026 static void discov_off(struct work_struct *work)
1028 struct hci_dev *hdev = container_of(work, struct hci_dev,
1031 bt_dev_dbg(hdev, "");
1035 /* When discoverable timeout triggers, then just make sure
1036 * the limited discoverable flag is cleared. Even in the case
1037 * of a timeout triggered from general discoverable, it is
1038 * safe to unconditionally clear the flag.
1040 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1041 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1042 hdev->discov_timeout = 0;
1044 hci_update_discoverable(hdev);
1046 mgmt_new_settings(hdev);
1048 hci_dev_unlock(hdev);
1051 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1053 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
1056 BT_INFO("MGMT ver %d.%d", MGMT_VERSION, MGMT_REVISION);
1058 INIT_DELAYED_WORK(&hdev->discov_off, discov_off);
1059 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1060 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1062 /* Non-mgmt controlled devices get this bit set
1063 * implicitly so that pairing works for them, however
1064 * for mgmt we require user-space to explicitly enable
1067 hci_dev_clear_flag(hdev, HCI_BONDABLE);
1070 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1071 void *data, u16 data_len)
1073 struct mgmt_rp_read_info rp;
1075 bt_dev_dbg(hdev, "sock %p", sk);
1079 memset(&rp, 0, sizeof(rp));
1081 bacpy(&rp.bdaddr, &hdev->bdaddr);
1083 rp.version = hdev->hci_ver;
1084 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1086 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1087 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1089 memcpy(rp.dev_class, hdev->dev_class, 3);
1091 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1092 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1094 hci_dev_unlock(hdev);
1096 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1100 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1105 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1106 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1107 hdev->dev_class, 3);
1109 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1110 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1113 name_len = strnlen(hdev->dev_name, sizeof(hdev->dev_name));
1114 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1115 hdev->dev_name, name_len);
1117 name_len = strnlen(hdev->short_name, sizeof(hdev->short_name));
1118 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1119 hdev->short_name, name_len);
1124 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1125 void *data, u16 data_len)
1128 struct mgmt_rp_read_ext_info *rp = (void *)buf;
1131 bt_dev_dbg(hdev, "sock %p", sk);
1133 memset(&buf, 0, sizeof(buf));
1137 bacpy(&rp->bdaddr, &hdev->bdaddr);
1139 rp->version = hdev->hci_ver;
1140 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1142 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1143 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1146 eir_len = append_eir_data_to_buf(hdev, rp->eir);
1147 rp->eir_len = cpu_to_le16(eir_len);
1149 hci_dev_unlock(hdev);
1151 /* If this command is called at least once, then the events
1152 * for class of device and local name changes are disabled
1153 * and only the new extended controller information event
1156 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1157 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1158 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1160 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1161 sizeof(*rp) + eir_len);
1164 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1167 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1170 memset(buf, 0, sizeof(buf));
1172 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1173 ev->eir_len = cpu_to_le16(eir_len);
1175 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1176 sizeof(*ev) + eir_len,
1177 HCI_MGMT_EXT_INFO_EVENTS, skip);
1180 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1182 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1184 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1188 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
1190 struct mgmt_ev_advertising_added ev;
1192 ev.instance = instance;
1194 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1197 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1200 struct mgmt_ev_advertising_removed ev;
1202 ev.instance = instance;
1204 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1207 static void cancel_adv_timeout(struct hci_dev *hdev)
1209 if (hdev->adv_instance_timeout) {
1210 hdev->adv_instance_timeout = 0;
1211 cancel_delayed_work(&hdev->adv_instance_expire);
1215 /* This function requires the caller holds hdev->lock */
1216 static void restart_le_actions(struct hci_dev *hdev)
1218 struct hci_conn_params *p;
1220 list_for_each_entry(p, &hdev->le_conn_params, list) {
1221 /* Needed for AUTO_OFF case where might not "really"
1222 * have been powered off.
1224 list_del_init(&p->action);
1226 switch (p->auto_connect) {
1227 case HCI_AUTO_CONN_DIRECT:
1228 case HCI_AUTO_CONN_ALWAYS:
1229 list_add(&p->action, &hdev->pend_le_conns);
1231 case HCI_AUTO_CONN_REPORT:
1232 list_add(&p->action, &hdev->pend_le_reports);
1240 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1242 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1244 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1245 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1248 static void mgmt_set_powered_complete(struct hci_dev *hdev, void *data, int err)
1250 struct mgmt_pending_cmd *cmd = data;
1251 struct mgmt_mode *cp;
1253 /* Make sure cmd still outstanding. */
1254 if (cmd != pending_find(MGMT_OP_SET_POWERED, hdev))
1259 bt_dev_dbg(hdev, "err %d", err);
1264 restart_le_actions(hdev);
1265 hci_update_passive_scan(hdev);
1266 hci_dev_unlock(hdev);
1269 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
1271 /* Only call new_setting for power on as power off is deferred
1272 * to hdev->power_off work which does call hci_dev_do_close.
1275 new_settings(hdev, cmd->sk);
1277 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED,
1281 mgmt_pending_remove(cmd);
1284 static int set_powered_sync(struct hci_dev *hdev, void *data)
1286 struct mgmt_pending_cmd *cmd = data;
1287 struct mgmt_mode *cp = cmd->param;
1289 BT_DBG("%s", hdev->name);
1291 return hci_set_powered_sync(hdev, cp->val);
1294 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1297 struct mgmt_mode *cp = data;
1298 struct mgmt_pending_cmd *cmd;
1301 bt_dev_dbg(hdev, "sock %p", sk);
1303 if (cp->val != 0x00 && cp->val != 0x01)
1304 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1305 MGMT_STATUS_INVALID_PARAMS);
1309 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1310 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1315 if (!!cp->val == hdev_is_powered(hdev)) {
1316 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1320 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1326 err = hci_cmd_sync_queue(hdev, set_powered_sync, cmd,
1327 mgmt_set_powered_complete);
1330 mgmt_pending_remove(cmd);
1333 hci_dev_unlock(hdev);
1337 int mgmt_new_settings(struct hci_dev *hdev)
1339 return new_settings(hdev, NULL);
1344 struct hci_dev *hdev;
1348 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1350 struct cmd_lookup *match = data;
1352 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1354 list_del(&cmd->list);
1356 if (match->sk == NULL) {
1357 match->sk = cmd->sk;
1358 sock_hold(match->sk);
1361 mgmt_pending_free(cmd);
1364 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1368 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1369 mgmt_pending_remove(cmd);
1372 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1374 if (cmd->cmd_complete) {
1377 cmd->cmd_complete(cmd, *status);
1378 mgmt_pending_remove(cmd);
1383 cmd_status_rsp(cmd, data);
1386 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1388 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1389 cmd->param, cmd->param_len);
1392 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1394 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1395 cmd->param, sizeof(struct mgmt_addr_info));
1398 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1400 if (!lmp_bredr_capable(hdev))
1401 return MGMT_STATUS_NOT_SUPPORTED;
1402 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1403 return MGMT_STATUS_REJECTED;
1405 return MGMT_STATUS_SUCCESS;
1408 static u8 mgmt_le_support(struct hci_dev *hdev)
1410 if (!lmp_le_capable(hdev))
1411 return MGMT_STATUS_NOT_SUPPORTED;
1412 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1413 return MGMT_STATUS_REJECTED;
1415 return MGMT_STATUS_SUCCESS;
1418 static void mgmt_set_discoverable_complete(struct hci_dev *hdev, void *data,
1421 struct mgmt_pending_cmd *cmd = data;
1423 bt_dev_dbg(hdev, "err %d", err);
1425 /* Make sure cmd still outstanding. */
1426 if (cmd != pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
1432 u8 mgmt_err = mgmt_status(err);
1433 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1434 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1438 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1439 hdev->discov_timeout > 0) {
1440 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1441 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1444 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1445 new_settings(hdev, cmd->sk);
1448 mgmt_pending_remove(cmd);
1449 hci_dev_unlock(hdev);
1452 static int set_discoverable_sync(struct hci_dev *hdev, void *data)
1454 BT_DBG("%s", hdev->name);
1456 return hci_update_discoverable_sync(hdev);
1459 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1462 struct mgmt_cp_set_discoverable *cp = data;
1463 struct mgmt_pending_cmd *cmd;
1467 bt_dev_dbg(hdev, "sock %p", sk);
1469 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1470 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1471 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1472 MGMT_STATUS_REJECTED);
1474 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1475 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1476 MGMT_STATUS_INVALID_PARAMS);
1478 timeout = __le16_to_cpu(cp->timeout);
1480 /* Disabling discoverable requires that no timeout is set,
1481 * and enabling limited discoverable requires a timeout.
1483 if ((cp->val == 0x00 && timeout > 0) ||
1484 (cp->val == 0x02 && timeout == 0))
1485 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1486 MGMT_STATUS_INVALID_PARAMS);
1490 if (!hdev_is_powered(hdev) && timeout > 0) {
1491 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1492 MGMT_STATUS_NOT_POWERED);
1496 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1497 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1498 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1503 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1504 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1505 MGMT_STATUS_REJECTED);
1509 if (hdev->advertising_paused) {
1510 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1515 if (!hdev_is_powered(hdev)) {
1516 bool changed = false;
1518 /* Setting limited discoverable when powered off is
1519 * not a valid operation since it requires a timeout
1520 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1522 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1523 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1527 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1532 err = new_settings(hdev, sk);
1537 /* If the current mode is the same, then just update the timeout
1538 * value with the new value. And if only the timeout gets updated,
1539 * then no need for any HCI transactions.
1541 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1542 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1543 HCI_LIMITED_DISCOVERABLE)) {
1544 cancel_delayed_work(&hdev->discov_off);
1545 hdev->discov_timeout = timeout;
1547 if (cp->val && hdev->discov_timeout > 0) {
1548 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1549 queue_delayed_work(hdev->req_workqueue,
1550 &hdev->discov_off, to);
1553 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1557 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1563 /* Cancel any potential discoverable timeout that might be
1564 * still active and store new timeout value. The arming of
1565 * the timeout happens in the complete handler.
1567 cancel_delayed_work(&hdev->discov_off);
1568 hdev->discov_timeout = timeout;
1571 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1573 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1575 /* Limited discoverable mode */
1576 if (cp->val == 0x02)
1577 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1579 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1581 err = hci_cmd_sync_queue(hdev, set_discoverable_sync, cmd,
1582 mgmt_set_discoverable_complete);
1585 mgmt_pending_remove(cmd);
1588 hci_dev_unlock(hdev);
1592 static void mgmt_set_connectable_complete(struct hci_dev *hdev, void *data,
1595 struct mgmt_pending_cmd *cmd = data;
1597 bt_dev_dbg(hdev, "err %d", err);
1599 /* Make sure cmd still outstanding. */
1600 if (cmd != pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
1606 u8 mgmt_err = mgmt_status(err);
1607 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1611 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1612 new_settings(hdev, cmd->sk);
1616 mgmt_pending_remove(cmd);
1618 hci_dev_unlock(hdev);
1621 static int set_connectable_update_settings(struct hci_dev *hdev,
1622 struct sock *sk, u8 val)
1624 bool changed = false;
1627 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1631 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1633 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1634 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1637 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1642 hci_update_scan(hdev);
1643 hci_update_passive_scan(hdev);
1644 return new_settings(hdev, sk);
1650 static int set_connectable_sync(struct hci_dev *hdev, void *data)
1652 BT_DBG("%s", hdev->name);
1654 return hci_update_connectable_sync(hdev);
1657 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1660 struct mgmt_mode *cp = data;
1661 struct mgmt_pending_cmd *cmd;
1664 bt_dev_dbg(hdev, "sock %p", sk);
1666 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1667 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1668 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1669 MGMT_STATUS_REJECTED);
1671 if (cp->val != 0x00 && cp->val != 0x01)
1672 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1673 MGMT_STATUS_INVALID_PARAMS);
1677 if (!hdev_is_powered(hdev)) {
1678 err = set_connectable_update_settings(hdev, sk, cp->val);
1682 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1683 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1684 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1689 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1696 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1698 if (hdev->discov_timeout > 0)
1699 cancel_delayed_work(&hdev->discov_off);
1701 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1702 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1703 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1706 err = hci_cmd_sync_queue(hdev, set_connectable_sync, cmd,
1707 mgmt_set_connectable_complete);
1710 mgmt_pending_remove(cmd);
1713 hci_dev_unlock(hdev);
1717 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1720 struct mgmt_mode *cp = data;
1724 bt_dev_dbg(hdev, "sock %p", sk);
1726 if (cp->val != 0x00 && cp->val != 0x01)
1727 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1728 MGMT_STATUS_INVALID_PARAMS);
1733 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1735 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1737 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1742 /* In limited privacy mode the change of bondable mode
1743 * may affect the local advertising address.
1745 hci_update_discoverable(hdev);
1747 err = new_settings(hdev, sk);
1751 hci_dev_unlock(hdev);
1755 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1758 struct mgmt_mode *cp = data;
1759 struct mgmt_pending_cmd *cmd;
1763 bt_dev_dbg(hdev, "sock %p", sk);
1765 status = mgmt_bredr_support(hdev);
1767 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1770 if (cp->val != 0x00 && cp->val != 0x01)
1771 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1772 MGMT_STATUS_INVALID_PARAMS);
1776 if (!hdev_is_powered(hdev)) {
1777 bool changed = false;
1779 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1780 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1784 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1789 err = new_settings(hdev, sk);
1794 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1795 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1802 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1803 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1807 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1813 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1815 mgmt_pending_remove(cmd);
1820 hci_dev_unlock(hdev);
1824 static void set_ssp_complete(struct hci_dev *hdev, void *data, int err)
1826 struct cmd_lookup match = { NULL, hdev };
1827 struct mgmt_pending_cmd *cmd = data;
1828 struct mgmt_mode *cp = cmd->param;
1829 u8 enable = cp->val;
1832 /* Make sure cmd still outstanding. */
1833 if (cmd != pending_find(MGMT_OP_SET_SSP, hdev))
1837 u8 mgmt_err = mgmt_status(err);
1839 if (enable && hci_dev_test_and_clear_flag(hdev,
1841 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1842 new_settings(hdev, NULL);
1845 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
1851 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
1853 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
1856 changed = hci_dev_test_and_clear_flag(hdev,
1859 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1862 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
1865 new_settings(hdev, match.sk);
1870 hci_update_eir_sync(hdev);
1873 static int set_ssp_sync(struct hci_dev *hdev, void *data)
1875 struct mgmt_pending_cmd *cmd = data;
1876 struct mgmt_mode *cp = cmd->param;
1877 bool changed = false;
1881 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
1883 err = hci_write_ssp_mode_sync(hdev, cp->val);
1885 if (!err && changed)
1886 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
1891 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1893 struct mgmt_mode *cp = data;
1894 struct mgmt_pending_cmd *cmd;
1898 bt_dev_dbg(hdev, "sock %p", sk);
1900 status = mgmt_bredr_support(hdev);
1902 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1904 if (!lmp_ssp_capable(hdev))
1905 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1906 MGMT_STATUS_NOT_SUPPORTED);
1908 if (cp->val != 0x00 && cp->val != 0x01)
1909 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1910 MGMT_STATUS_INVALID_PARAMS);
1914 if (!hdev_is_powered(hdev)) {
1918 changed = !hci_dev_test_and_set_flag(hdev,
1921 changed = hci_dev_test_and_clear_flag(hdev,
1924 changed = hci_dev_test_and_clear_flag(hdev,
1927 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1930 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1935 err = new_settings(hdev, sk);
1940 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1941 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1946 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1947 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1951 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1955 err = hci_cmd_sync_queue(hdev, set_ssp_sync, cmd,
1959 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1960 MGMT_STATUS_FAILED);
1963 mgmt_pending_remove(cmd);
1967 hci_dev_unlock(hdev);
1971 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1973 struct mgmt_mode *cp = data;
1978 bt_dev_dbg(hdev, "sock %p", sk);
1980 if (!IS_ENABLED(CONFIG_BT_HS))
1981 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1982 MGMT_STATUS_NOT_SUPPORTED);
1984 status = mgmt_bredr_support(hdev);
1986 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1988 if (!lmp_ssp_capable(hdev))
1989 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1990 MGMT_STATUS_NOT_SUPPORTED);
1992 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1993 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1994 MGMT_STATUS_REJECTED);
1996 if (cp->val != 0x00 && cp->val != 0x01)
1997 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1998 MGMT_STATUS_INVALID_PARAMS);
2002 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
2003 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2009 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
2011 if (hdev_is_powered(hdev)) {
2012 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2013 MGMT_STATUS_REJECTED);
2017 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
2020 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2025 err = new_settings(hdev, sk);
2028 hci_dev_unlock(hdev);
2032 static void set_le_complete(struct hci_dev *hdev, void *data, int err)
2034 struct cmd_lookup match = { NULL, hdev };
2035 u8 status = mgmt_status(err);
2037 bt_dev_dbg(hdev, "err %d", err);
2040 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2045 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2047 new_settings(hdev, match.sk);
2053 static int set_le_sync(struct hci_dev *hdev, void *data)
2055 struct mgmt_pending_cmd *cmd = data;
2056 struct mgmt_mode *cp = cmd->param;
2061 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2062 hci_disable_advertising_sync(hdev);
2064 if (ext_adv_capable(hdev))
2065 hci_remove_ext_adv_instance_sync(hdev, 0, cmd->sk);
2067 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
2070 err = hci_write_le_host_supported_sync(hdev, val, 0);
2072 /* Make sure the controller has a good default for
2073 * advertising data. Restrict the update to when LE
2074 * has actually been enabled. During power on, the
2075 * update in powered_update_hci will take care of it.
2077 if (!err && hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2078 if (ext_adv_capable(hdev)) {
2081 status = hci_setup_ext_adv_instance_sync(hdev, 0x00);
2083 hci_update_scan_rsp_data_sync(hdev, 0x00);
2085 hci_update_adv_data_sync(hdev, 0x00);
2086 hci_update_scan_rsp_data_sync(hdev, 0x00);
2089 hci_update_passive_scan(hdev);
2095 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2097 struct mgmt_mode *cp = data;
2098 struct mgmt_pending_cmd *cmd;
2102 bt_dev_dbg(hdev, "sock %p", sk);
2104 if (!lmp_le_capable(hdev))
2105 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2106 MGMT_STATUS_NOT_SUPPORTED);
2108 if (cp->val != 0x00 && cp->val != 0x01)
2109 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2110 MGMT_STATUS_INVALID_PARAMS);
2112 /* Bluetooth single mode LE only controllers or dual-mode
2113 * controllers configured as LE only devices, do not allow
2114 * switching LE off. These have either LE enabled explicitly
2115 * or BR/EDR has been previously switched off.
2117 * When trying to enable an already enabled LE, then gracefully
2118 * send a positive response. Trying to disable it however will
2119 * result into rejection.
2121 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2122 if (cp->val == 0x01)
2123 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2125 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2126 MGMT_STATUS_REJECTED);
2132 enabled = lmp_host_le_capable(hdev);
2135 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
2137 if (!hdev_is_powered(hdev) || val == enabled) {
2138 bool changed = false;
2140 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
2141 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
2145 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
2146 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
2150 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2155 err = new_settings(hdev, sk);
2160 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2161 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2162 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2167 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2171 err = hci_cmd_sync_queue(hdev, set_le_sync, cmd,
2175 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2176 MGMT_STATUS_FAILED);
2179 mgmt_pending_remove(cmd);
2183 hci_dev_unlock(hdev);
2187 /* This is a helper function to test for pending mgmt commands that can
2188 * cause CoD or EIR HCI commands. We can only allow one such pending
2189 * mgmt command at a time since otherwise we cannot easily track what
2190 * the current values are, will be, and based on that calculate if a new
2191 * HCI command needs to be sent and if yes with what value.
2193 static bool pending_eir_or_class(struct hci_dev *hdev)
2195 struct mgmt_pending_cmd *cmd;
2197 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2198 switch (cmd->opcode) {
2199 case MGMT_OP_ADD_UUID:
2200 case MGMT_OP_REMOVE_UUID:
2201 case MGMT_OP_SET_DEV_CLASS:
2202 case MGMT_OP_SET_POWERED:
2210 static const u8 bluetooth_base_uuid[] = {
2211 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2212 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2215 static u8 get_uuid_size(const u8 *uuid)
2219 if (memcmp(uuid, bluetooth_base_uuid, 12))
2222 val = get_unaligned_le32(&uuid[12]);
2229 static void mgmt_class_complete(struct hci_dev *hdev, void *data, int err)
2231 struct mgmt_pending_cmd *cmd = data;
2233 bt_dev_dbg(hdev, "err %d", err);
2235 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2236 mgmt_status(err), hdev->dev_class, 3);
2238 mgmt_pending_free(cmd);
2241 static int add_uuid_sync(struct hci_dev *hdev, void *data)
2245 err = hci_update_class_sync(hdev);
2249 return hci_update_eir_sync(hdev);
2252 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2254 struct mgmt_cp_add_uuid *cp = data;
2255 struct mgmt_pending_cmd *cmd;
2256 struct bt_uuid *uuid;
2259 bt_dev_dbg(hdev, "sock %p", sk);
2263 if (pending_eir_or_class(hdev)) {
2264 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2269 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2275 memcpy(uuid->uuid, cp->uuid, 16);
2276 uuid->svc_hint = cp->svc_hint;
2277 uuid->size = get_uuid_size(cp->uuid);
2279 list_add_tail(&uuid->list, &hdev->uuids);
2281 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2287 err = hci_cmd_sync_queue(hdev, add_uuid_sync, cmd, mgmt_class_complete);
2289 mgmt_pending_free(cmd);
2294 hci_dev_unlock(hdev);
2298 static bool enable_service_cache(struct hci_dev *hdev)
2300 if (!hdev_is_powered(hdev))
2303 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
2304 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2312 static int remove_uuid_sync(struct hci_dev *hdev, void *data)
2316 err = hci_update_class_sync(hdev);
2320 return hci_update_eir_sync(hdev);
2323 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2326 struct mgmt_cp_remove_uuid *cp = data;
2327 struct mgmt_pending_cmd *cmd;
2328 struct bt_uuid *match, *tmp;
2329 static const u8 bt_uuid_any[] = {
2330 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
2334 bt_dev_dbg(hdev, "sock %p", sk);
2338 if (pending_eir_or_class(hdev)) {
2339 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2344 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2345 hci_uuids_clear(hdev);
2347 if (enable_service_cache(hdev)) {
2348 err = mgmt_cmd_complete(sk, hdev->id,
2349 MGMT_OP_REMOVE_UUID,
2350 0, hdev->dev_class, 3);
2359 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2360 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2363 list_del(&match->list);
2369 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2370 MGMT_STATUS_INVALID_PARAMS);
2375 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2381 err = hci_cmd_sync_queue(hdev, remove_uuid_sync, cmd,
2382 mgmt_class_complete);
2384 mgmt_pending_free(cmd);
2387 hci_dev_unlock(hdev);
2391 static int set_class_sync(struct hci_dev *hdev, void *data)
2395 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2396 cancel_delayed_work_sync(&hdev->service_cache);
2397 err = hci_update_eir_sync(hdev);
2403 return hci_update_class_sync(hdev);
2406 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2409 struct mgmt_cp_set_dev_class *cp = data;
2410 struct mgmt_pending_cmd *cmd;
2413 bt_dev_dbg(hdev, "sock %p", sk);
2415 if (!lmp_bredr_capable(hdev))
2416 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2417 MGMT_STATUS_NOT_SUPPORTED);
2421 if (pending_eir_or_class(hdev)) {
2422 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2427 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2428 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2429 MGMT_STATUS_INVALID_PARAMS);
2433 hdev->major_class = cp->major;
2434 hdev->minor_class = cp->minor;
2436 if (!hdev_is_powered(hdev)) {
2437 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2438 hdev->dev_class, 3);
2442 cmd = mgmt_pending_new(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2448 err = hci_cmd_sync_queue(hdev, set_class_sync, cmd,
2449 mgmt_class_complete);
2451 mgmt_pending_free(cmd);
2454 hci_dev_unlock(hdev);
2458 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2461 struct mgmt_cp_load_link_keys *cp = data;
2462 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2463 sizeof(struct mgmt_link_key_info));
2464 u16 key_count, expected_len;
2468 bt_dev_dbg(hdev, "sock %p", sk);
2470 if (!lmp_bredr_capable(hdev))
2471 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2472 MGMT_STATUS_NOT_SUPPORTED);
2474 key_count = __le16_to_cpu(cp->key_count);
2475 if (key_count > max_key_count) {
2476 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2478 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2479 MGMT_STATUS_INVALID_PARAMS);
2482 expected_len = struct_size(cp, keys, key_count);
2483 if (expected_len != len) {
2484 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2486 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2487 MGMT_STATUS_INVALID_PARAMS);
2490 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2491 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2492 MGMT_STATUS_INVALID_PARAMS);
2494 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys,
2497 for (i = 0; i < key_count; i++) {
2498 struct mgmt_link_key_info *key = &cp->keys[i];
2500 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2501 return mgmt_cmd_status(sk, hdev->id,
2502 MGMT_OP_LOAD_LINK_KEYS,
2503 MGMT_STATUS_INVALID_PARAMS);
2508 hci_link_keys_clear(hdev);
2511 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2513 changed = hci_dev_test_and_clear_flag(hdev,
2514 HCI_KEEP_DEBUG_KEYS);
2517 new_settings(hdev, NULL);
2519 for (i = 0; i < key_count; i++) {
2520 struct mgmt_link_key_info *key = &cp->keys[i];
2522 if (hci_is_blocked_key(hdev,
2523 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2525 bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2530 /* Always ignore debug keys and require a new pairing if
2531 * the user wants to use them.
2533 if (key->type == HCI_LK_DEBUG_COMBINATION)
2536 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2537 key->type, key->pin_len, NULL);
2540 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2542 hci_dev_unlock(hdev);
2547 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2548 u8 addr_type, struct sock *skip_sk)
2550 struct mgmt_ev_device_unpaired ev;
2552 bacpy(&ev.addr.bdaddr, bdaddr);
2553 ev.addr.type = addr_type;
2555 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2559 static void unpair_device_complete(struct hci_dev *hdev, void *data, int err)
2561 struct mgmt_pending_cmd *cmd = data;
2562 struct mgmt_cp_unpair_device *cp = cmd->param;
2565 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2567 cmd->cmd_complete(cmd, err);
2568 mgmt_pending_free(cmd);
2571 static int unpair_device_sync(struct hci_dev *hdev, void *data)
2573 struct mgmt_pending_cmd *cmd = data;
2574 struct mgmt_cp_unpair_device *cp = cmd->param;
2575 struct hci_conn *conn;
2577 if (cp->addr.type == BDADDR_BREDR)
2578 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2581 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2582 le_addr_type(cp->addr.type));
2587 return hci_abort_conn_sync(hdev, conn, HCI_ERROR_REMOTE_USER_TERM);
2590 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2593 struct mgmt_cp_unpair_device *cp = data;
2594 struct mgmt_rp_unpair_device rp;
2595 struct hci_conn_params *params;
2596 struct mgmt_pending_cmd *cmd;
2597 struct hci_conn *conn;
2601 memset(&rp, 0, sizeof(rp));
2602 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2603 rp.addr.type = cp->addr.type;
2605 if (!bdaddr_type_is_valid(cp->addr.type))
2606 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2607 MGMT_STATUS_INVALID_PARAMS,
2610 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2611 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2612 MGMT_STATUS_INVALID_PARAMS,
2617 if (!hdev_is_powered(hdev)) {
2618 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2619 MGMT_STATUS_NOT_POWERED, &rp,
2624 if (cp->addr.type == BDADDR_BREDR) {
2625 /* If disconnection is requested, then look up the
2626 * connection. If the remote device is connected, it
2627 * will be later used to terminate the link.
2629 * Setting it to NULL explicitly will cause no
2630 * termination of the link.
2633 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2638 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2640 err = mgmt_cmd_complete(sk, hdev->id,
2641 MGMT_OP_UNPAIR_DEVICE,
2642 MGMT_STATUS_NOT_PAIRED, &rp,
2650 /* LE address type */
2651 addr_type = le_addr_type(cp->addr.type);
2653 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2654 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
2656 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2657 MGMT_STATUS_NOT_PAIRED, &rp,
2662 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2664 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2669 /* Defer clearing up the connection parameters until closing to
2670 * give a chance of keeping them if a repairing happens.
2672 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2674 /* Disable auto-connection parameters if present */
2675 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2677 if (params->explicit_connect)
2678 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2680 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2683 /* If disconnection is not requested, then clear the connection
2684 * variable so that the link is not terminated.
2686 if (!cp->disconnect)
2690 /* If the connection variable is set, then termination of the
2691 * link is requested.
2694 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2696 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2700 cmd = mgmt_pending_new(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2707 cmd->cmd_complete = addr_cmd_complete;
2709 err = hci_cmd_sync_queue(hdev, unpair_device_sync, cmd,
2710 unpair_device_complete);
2712 mgmt_pending_free(cmd);
2715 hci_dev_unlock(hdev);
2719 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2722 struct mgmt_cp_disconnect *cp = data;
2723 struct mgmt_rp_disconnect rp;
2724 struct mgmt_pending_cmd *cmd;
2725 struct hci_conn *conn;
2728 bt_dev_dbg(hdev, "sock %p", sk);
2730 memset(&rp, 0, sizeof(rp));
2731 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2732 rp.addr.type = cp->addr.type;
2734 if (!bdaddr_type_is_valid(cp->addr.type))
2735 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2736 MGMT_STATUS_INVALID_PARAMS,
2741 if (!test_bit(HCI_UP, &hdev->flags)) {
2742 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2743 MGMT_STATUS_NOT_POWERED, &rp,
2748 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2749 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2750 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2754 if (cp->addr.type == BDADDR_BREDR)
2755 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2758 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2759 le_addr_type(cp->addr.type));
2761 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2762 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2763 MGMT_STATUS_NOT_CONNECTED, &rp,
2768 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2774 cmd->cmd_complete = generic_cmd_complete;
2776 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2778 mgmt_pending_remove(cmd);
2781 hci_dev_unlock(hdev);
2785 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2787 switch (link_type) {
2789 switch (addr_type) {
2790 case ADDR_LE_DEV_PUBLIC:
2791 return BDADDR_LE_PUBLIC;
2794 /* Fallback to LE Random address type */
2795 return BDADDR_LE_RANDOM;
2799 /* Fallback to BR/EDR type */
2800 return BDADDR_BREDR;
2804 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2807 struct mgmt_rp_get_connections *rp;
2812 bt_dev_dbg(hdev, "sock %p", sk);
2816 if (!hdev_is_powered(hdev)) {
2817 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2818 MGMT_STATUS_NOT_POWERED);
2823 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2824 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2828 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
2835 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2836 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2838 bacpy(&rp->addr[i].bdaddr, &c->dst);
2839 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2840 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2845 rp->conn_count = cpu_to_le16(i);
2847 /* Recalculate length in case of filtered SCO connections, etc */
2848 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2849 struct_size(rp, addr, i));
2854 hci_dev_unlock(hdev);
2858 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2859 struct mgmt_cp_pin_code_neg_reply *cp)
2861 struct mgmt_pending_cmd *cmd;
2864 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2869 cmd->cmd_complete = addr_cmd_complete;
2871 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2872 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2874 mgmt_pending_remove(cmd);
2879 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2882 struct hci_conn *conn;
2883 struct mgmt_cp_pin_code_reply *cp = data;
2884 struct hci_cp_pin_code_reply reply;
2885 struct mgmt_pending_cmd *cmd;
2888 bt_dev_dbg(hdev, "sock %p", sk);
2892 if (!hdev_is_powered(hdev)) {
2893 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2894 MGMT_STATUS_NOT_POWERED);
2898 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2900 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2901 MGMT_STATUS_NOT_CONNECTED);
2905 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2906 struct mgmt_cp_pin_code_neg_reply ncp;
2908 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2910 bt_dev_err(hdev, "PIN code is not 16 bytes long");
2912 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2914 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2915 MGMT_STATUS_INVALID_PARAMS);
2920 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2926 cmd->cmd_complete = addr_cmd_complete;
2928 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2929 reply.pin_len = cp->pin_len;
2930 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2932 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2934 mgmt_pending_remove(cmd);
2937 hci_dev_unlock(hdev);
2941 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2944 struct mgmt_cp_set_io_capability *cp = data;
2946 bt_dev_dbg(hdev, "sock %p", sk);
2948 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2949 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2950 MGMT_STATUS_INVALID_PARAMS);
2954 hdev->io_capability = cp->io_capability;
2956 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability);
2958 hci_dev_unlock(hdev);
2960 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2964 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2966 struct hci_dev *hdev = conn->hdev;
2967 struct mgmt_pending_cmd *cmd;
2969 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2970 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2973 if (cmd->user_data != conn)
2982 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2984 struct mgmt_rp_pair_device rp;
2985 struct hci_conn *conn = cmd->user_data;
2988 bacpy(&rp.addr.bdaddr, &conn->dst);
2989 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2991 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2992 status, &rp, sizeof(rp));
2994 /* So we don't get further callbacks for this connection */
2995 conn->connect_cfm_cb = NULL;
2996 conn->security_cfm_cb = NULL;
2997 conn->disconn_cfm_cb = NULL;
2999 hci_conn_drop(conn);
3001 /* The device is paired so there is no need to remove
3002 * its connection parameters anymore.
3004 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3011 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3013 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3014 struct mgmt_pending_cmd *cmd;
3016 cmd = find_pairing(conn);
3018 cmd->cmd_complete(cmd, status);
3019 mgmt_pending_remove(cmd);
3023 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3025 struct mgmt_pending_cmd *cmd;
3027 BT_DBG("status %u", status);
3029 cmd = find_pairing(conn);
3031 BT_DBG("Unable to find a pending command");
3035 cmd->cmd_complete(cmd, mgmt_status(status));
3036 mgmt_pending_remove(cmd);
3039 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3041 struct mgmt_pending_cmd *cmd;
3043 BT_DBG("status %u", status);
3048 cmd = find_pairing(conn);
3050 BT_DBG("Unable to find a pending command");
3054 cmd->cmd_complete(cmd, mgmt_status(status));
3055 mgmt_pending_remove(cmd);
3058 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3061 struct mgmt_cp_pair_device *cp = data;
3062 struct mgmt_rp_pair_device rp;
3063 struct mgmt_pending_cmd *cmd;
3064 u8 sec_level, auth_type;
3065 struct hci_conn *conn;
3068 bt_dev_dbg(hdev, "sock %p", sk);
3070 memset(&rp, 0, sizeof(rp));
3071 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3072 rp.addr.type = cp->addr.type;
3074 if (!bdaddr_type_is_valid(cp->addr.type))
3075 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3076 MGMT_STATUS_INVALID_PARAMS,
3079 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3080 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3081 MGMT_STATUS_INVALID_PARAMS,
3086 if (!hdev_is_powered(hdev)) {
3087 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3088 MGMT_STATUS_NOT_POWERED, &rp,
3093 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3094 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3095 MGMT_STATUS_ALREADY_PAIRED, &rp,
3100 sec_level = BT_SECURITY_MEDIUM;
3101 auth_type = HCI_AT_DEDICATED_BONDING;
3103 if (cp->addr.type == BDADDR_BREDR) {
3104 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3105 auth_type, CONN_REASON_PAIR_DEVICE);
3107 u8 addr_type = le_addr_type(cp->addr.type);
3108 struct hci_conn_params *p;
3110 /* When pairing a new device, it is expected to remember
3111 * this device for future connections. Adding the connection
3112 * parameter information ahead of time allows tracking
3113 * of the peripheral preferred values and will speed up any
3114 * further connection establishment.
3116 * If connection parameters already exist, then they
3117 * will be kept and this function does nothing.
3119 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3121 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
3122 p->auto_connect = HCI_AUTO_CONN_DISABLED;
3124 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type,
3125 sec_level, HCI_LE_CONN_TIMEOUT,
3126 CONN_REASON_PAIR_DEVICE);
3132 if (PTR_ERR(conn) == -EBUSY)
3133 status = MGMT_STATUS_BUSY;
3134 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3135 status = MGMT_STATUS_NOT_SUPPORTED;
3136 else if (PTR_ERR(conn) == -ECONNREFUSED)
3137 status = MGMT_STATUS_REJECTED;
3139 status = MGMT_STATUS_CONNECT_FAILED;
3141 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3142 status, &rp, sizeof(rp));
3146 if (conn->connect_cfm_cb) {
3147 hci_conn_drop(conn);
3148 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3149 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3153 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3156 hci_conn_drop(conn);
3160 cmd->cmd_complete = pairing_complete;
3162 /* For LE, just connecting isn't a proof that the pairing finished */
3163 if (cp->addr.type == BDADDR_BREDR) {
3164 conn->connect_cfm_cb = pairing_complete_cb;
3165 conn->security_cfm_cb = pairing_complete_cb;
3166 conn->disconn_cfm_cb = pairing_complete_cb;
3168 conn->connect_cfm_cb = le_pairing_complete_cb;
3169 conn->security_cfm_cb = le_pairing_complete_cb;
3170 conn->disconn_cfm_cb = le_pairing_complete_cb;
3173 conn->io_capability = cp->io_cap;
3174 cmd->user_data = hci_conn_get(conn);
3176 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3177 hci_conn_security(conn, sec_level, auth_type, true)) {
3178 cmd->cmd_complete(cmd, 0);
3179 mgmt_pending_remove(cmd);
3185 hci_dev_unlock(hdev);
3189 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3192 struct mgmt_addr_info *addr = data;
3193 struct mgmt_pending_cmd *cmd;
3194 struct hci_conn *conn;
3197 bt_dev_dbg(hdev, "sock %p", sk);
3201 if (!hdev_is_powered(hdev)) {
3202 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3203 MGMT_STATUS_NOT_POWERED);
3207 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3209 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3210 MGMT_STATUS_INVALID_PARAMS);
3214 conn = cmd->user_data;
3216 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3217 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3218 MGMT_STATUS_INVALID_PARAMS);
3222 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3223 mgmt_pending_remove(cmd);
3225 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3226 addr, sizeof(*addr));
3228 /* Since user doesn't want to proceed with the connection, abort any
3229 * ongoing pairing and then terminate the link if it was created
3230 * because of the pair device action.
3232 if (addr->type == BDADDR_BREDR)
3233 hci_remove_link_key(hdev, &addr->bdaddr);
3235 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr,
3236 le_addr_type(addr->type));
3238 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE)
3239 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
3242 hci_dev_unlock(hdev);
3246 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3247 struct mgmt_addr_info *addr, u16 mgmt_op,
3248 u16 hci_op, __le32 passkey)
3250 struct mgmt_pending_cmd *cmd;
3251 struct hci_conn *conn;
3256 if (!hdev_is_powered(hdev)) {
3257 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3258 MGMT_STATUS_NOT_POWERED, addr,
3263 if (addr->type == BDADDR_BREDR)
3264 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3266 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3267 le_addr_type(addr->type));
3270 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3271 MGMT_STATUS_NOT_CONNECTED, addr,
3276 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3277 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3279 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3280 MGMT_STATUS_SUCCESS, addr,
3283 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3284 MGMT_STATUS_FAILED, addr,
3290 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3296 cmd->cmd_complete = addr_cmd_complete;
3298 /* Continue with pairing via HCI */
3299 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3300 struct hci_cp_user_passkey_reply cp;
3302 bacpy(&cp.bdaddr, &addr->bdaddr);
3303 cp.passkey = passkey;
3304 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3306 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3310 mgmt_pending_remove(cmd);
3313 hci_dev_unlock(hdev);
3317 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3318 void *data, u16 len)
3320 struct mgmt_cp_pin_code_neg_reply *cp = data;
3322 bt_dev_dbg(hdev, "sock %p", sk);
3324 return user_pairing_resp(sk, hdev, &cp->addr,
3325 MGMT_OP_PIN_CODE_NEG_REPLY,
3326 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3329 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3332 struct mgmt_cp_user_confirm_reply *cp = data;
3334 bt_dev_dbg(hdev, "sock %p", sk);
3336 if (len != sizeof(*cp))
3337 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3338 MGMT_STATUS_INVALID_PARAMS);
3340 return user_pairing_resp(sk, hdev, &cp->addr,
3341 MGMT_OP_USER_CONFIRM_REPLY,
3342 HCI_OP_USER_CONFIRM_REPLY, 0);
3345 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3346 void *data, u16 len)
3348 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3350 bt_dev_dbg(hdev, "sock %p", sk);
3352 return user_pairing_resp(sk, hdev, &cp->addr,
3353 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3354 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3357 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3360 struct mgmt_cp_user_passkey_reply *cp = data;
3362 bt_dev_dbg(hdev, "sock %p", sk);
3364 return user_pairing_resp(sk, hdev, &cp->addr,
3365 MGMT_OP_USER_PASSKEY_REPLY,
3366 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3369 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3370 void *data, u16 len)
3372 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3374 bt_dev_dbg(hdev, "sock %p", sk);
3376 return user_pairing_resp(sk, hdev, &cp->addr,
3377 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3378 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3381 static int adv_expire_sync(struct hci_dev *hdev, u32 flags)
3383 struct adv_info *adv_instance;
3385 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3389 /* stop if current instance doesn't need to be changed */
3390 if (!(adv_instance->flags & flags))
3393 cancel_adv_timeout(hdev);
3395 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3399 hci_schedule_adv_instance_sync(hdev, adv_instance->instance, true);
3404 static int name_changed_sync(struct hci_dev *hdev, void *data)
3406 return adv_expire_sync(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3409 static void set_name_complete(struct hci_dev *hdev, void *data, int err)
3411 struct mgmt_pending_cmd *cmd = data;
3412 struct mgmt_cp_set_local_name *cp = cmd->param;
3413 u8 status = mgmt_status(err);
3415 bt_dev_dbg(hdev, "err %d", err);
3417 if (cmd != pending_find(MGMT_OP_SET_LOCAL_NAME, hdev))
3421 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3424 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3427 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3428 hci_cmd_sync_queue(hdev, name_changed_sync, NULL, NULL);
3431 mgmt_pending_remove(cmd);
3434 static int set_name_sync(struct hci_dev *hdev, void *data)
3436 if (lmp_bredr_capable(hdev)) {
3437 hci_update_name_sync(hdev);
3438 hci_update_eir_sync(hdev);
3441 /* The name is stored in the scan response data and so
3442 * no need to update the advertising data here.
3444 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3445 hci_update_scan_rsp_data_sync(hdev, hdev->cur_adv_instance);
3450 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3453 struct mgmt_cp_set_local_name *cp = data;
3454 struct mgmt_pending_cmd *cmd;
3457 bt_dev_dbg(hdev, "sock %p", sk);
3461 /* If the old values are the same as the new ones just return a
3462 * direct command complete event.
3464 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3465 !memcmp(hdev->short_name, cp->short_name,
3466 sizeof(hdev->short_name))) {
3467 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3472 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3474 if (!hdev_is_powered(hdev)) {
3475 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3477 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3482 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3483 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3484 ext_info_changed(hdev, sk);
3489 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3493 err = hci_cmd_sync_queue(hdev, set_name_sync, cmd,
3497 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3498 MGMT_STATUS_FAILED);
3501 mgmt_pending_remove(cmd);
3506 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3509 hci_dev_unlock(hdev);
3513 static int appearance_changed_sync(struct hci_dev *hdev, void *data)
3515 return adv_expire_sync(hdev, MGMT_ADV_FLAG_APPEARANCE);
3518 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3521 struct mgmt_cp_set_appearance *cp = data;
3525 bt_dev_dbg(hdev, "sock %p", sk);
3527 if (!lmp_le_capable(hdev))
3528 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3529 MGMT_STATUS_NOT_SUPPORTED);
3531 appearance = le16_to_cpu(cp->appearance);
3535 if (hdev->appearance != appearance) {
3536 hdev->appearance = appearance;
3538 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3539 hci_cmd_sync_queue(hdev, appearance_changed_sync, NULL,
3542 ext_info_changed(hdev, sk);
3545 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3548 hci_dev_unlock(hdev);
3553 static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3554 void *data, u16 len)
3556 struct mgmt_rp_get_phy_configuration rp;
3558 bt_dev_dbg(hdev, "sock %p", sk);
3562 memset(&rp, 0, sizeof(rp));
3564 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3565 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3566 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3568 hci_dev_unlock(hdev);
3570 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3574 int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3576 struct mgmt_ev_phy_configuration_changed ev;
3578 memset(&ev, 0, sizeof(ev));
3580 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3582 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3586 static void set_default_phy_complete(struct hci_dev *hdev, void *data, int err)
3588 struct mgmt_pending_cmd *cmd = data;
3589 struct sk_buff *skb = cmd->skb;
3590 u8 status = mgmt_status(err);
3592 if (cmd != pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev))
3597 status = MGMT_STATUS_FAILED;
3598 else if (IS_ERR(skb))
3599 status = mgmt_status(PTR_ERR(skb));
3601 status = mgmt_status(skb->data[0]);
3604 bt_dev_dbg(hdev, "status %d", status);
3607 mgmt_cmd_status(cmd->sk, hdev->id,
3608 MGMT_OP_SET_PHY_CONFIGURATION, status);
3610 mgmt_cmd_complete(cmd->sk, hdev->id,
3611 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3614 mgmt_phy_configuration_changed(hdev, cmd->sk);
3617 if (skb && !IS_ERR(skb))
3620 mgmt_pending_remove(cmd);
3623 static int set_default_phy_sync(struct hci_dev *hdev, void *data)
3625 struct mgmt_pending_cmd *cmd = data;
3626 struct mgmt_cp_set_phy_configuration *cp = cmd->param;
3627 struct hci_cp_le_set_default_phy cp_phy;
3628 u32 selected_phys = __le32_to_cpu(cp->selected_phys);
3630 memset(&cp_phy, 0, sizeof(cp_phy));
3632 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3633 cp_phy.all_phys |= 0x01;
3635 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3636 cp_phy.all_phys |= 0x02;
3638 if (selected_phys & MGMT_PHY_LE_1M_TX)
3639 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3641 if (selected_phys & MGMT_PHY_LE_2M_TX)
3642 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3644 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3645 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3647 if (selected_phys & MGMT_PHY_LE_1M_RX)
3648 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3650 if (selected_phys & MGMT_PHY_LE_2M_RX)
3651 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3653 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3654 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3656 cmd->skb = __hci_cmd_sync(hdev, HCI_OP_LE_SET_DEFAULT_PHY,
3657 sizeof(cp_phy), &cp_phy, HCI_CMD_TIMEOUT);
3662 static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3663 void *data, u16 len)
3665 struct mgmt_cp_set_phy_configuration *cp = data;
3666 struct mgmt_pending_cmd *cmd;
3667 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3668 u16 pkt_type = (HCI_DH1 | HCI_DM1);
3669 bool changed = false;
3672 bt_dev_dbg(hdev, "sock %p", sk);
3674 configurable_phys = get_configurable_phys(hdev);
3675 supported_phys = get_supported_phys(hdev);
3676 selected_phys = __le32_to_cpu(cp->selected_phys);
3678 if (selected_phys & ~supported_phys)
3679 return mgmt_cmd_status(sk, hdev->id,
3680 MGMT_OP_SET_PHY_CONFIGURATION,
3681 MGMT_STATUS_INVALID_PARAMS);
3683 unconfigure_phys = supported_phys & ~configurable_phys;
3685 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3686 return mgmt_cmd_status(sk, hdev->id,
3687 MGMT_OP_SET_PHY_CONFIGURATION,
3688 MGMT_STATUS_INVALID_PARAMS);
3690 if (selected_phys == get_selected_phys(hdev))
3691 return mgmt_cmd_complete(sk, hdev->id,
3692 MGMT_OP_SET_PHY_CONFIGURATION,
3697 if (!hdev_is_powered(hdev)) {
3698 err = mgmt_cmd_status(sk, hdev->id,
3699 MGMT_OP_SET_PHY_CONFIGURATION,
3700 MGMT_STATUS_REJECTED);
3704 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3705 err = mgmt_cmd_status(sk, hdev->id,
3706 MGMT_OP_SET_PHY_CONFIGURATION,
3711 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3712 pkt_type |= (HCI_DH3 | HCI_DM3);
3714 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3716 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3717 pkt_type |= (HCI_DH5 | HCI_DM5);
3719 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3721 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3722 pkt_type &= ~HCI_2DH1;
3724 pkt_type |= HCI_2DH1;
3726 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3727 pkt_type &= ~HCI_2DH3;
3729 pkt_type |= HCI_2DH3;
3731 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3732 pkt_type &= ~HCI_2DH5;
3734 pkt_type |= HCI_2DH5;
3736 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3737 pkt_type &= ~HCI_3DH1;
3739 pkt_type |= HCI_3DH1;
3741 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3742 pkt_type &= ~HCI_3DH3;
3744 pkt_type |= HCI_3DH3;
3746 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3747 pkt_type &= ~HCI_3DH5;
3749 pkt_type |= HCI_3DH5;
3751 if (pkt_type != hdev->pkt_type) {
3752 hdev->pkt_type = pkt_type;
3756 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3757 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
3759 mgmt_phy_configuration_changed(hdev, sk);
3761 err = mgmt_cmd_complete(sk, hdev->id,
3762 MGMT_OP_SET_PHY_CONFIGURATION,
3768 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3773 err = hci_cmd_sync_queue(hdev, set_default_phy_sync, cmd,
3774 set_default_phy_complete);
3777 err = mgmt_cmd_status(sk, hdev->id,
3778 MGMT_OP_SET_PHY_CONFIGURATION,
3779 MGMT_STATUS_FAILED);
3782 mgmt_pending_remove(cmd);
3786 hci_dev_unlock(hdev);
3791 static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
3794 int err = MGMT_STATUS_SUCCESS;
3795 struct mgmt_cp_set_blocked_keys *keys = data;
3796 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
3797 sizeof(struct mgmt_blocked_key_info));
3798 u16 key_count, expected_len;
3801 bt_dev_dbg(hdev, "sock %p", sk);
3803 key_count = __le16_to_cpu(keys->key_count);
3804 if (key_count > max_key_count) {
3805 bt_dev_err(hdev, "too big key_count value %u", key_count);
3806 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3807 MGMT_STATUS_INVALID_PARAMS);
3810 expected_len = struct_size(keys, keys, key_count);
3811 if (expected_len != len) {
3812 bt_dev_err(hdev, "expected %u bytes, got %u bytes",
3814 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3815 MGMT_STATUS_INVALID_PARAMS);
3820 hci_blocked_keys_clear(hdev);
3822 for (i = 0; i < key_count; ++i) {
3823 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
3826 err = MGMT_STATUS_NO_RESOURCES;
3830 b->type = keys->keys[i].type;
3831 memcpy(b->val, keys->keys[i].val, sizeof(b->val));
3832 list_add_rcu(&b->list, &hdev->blocked_keys);
3834 hci_dev_unlock(hdev);
3836 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3840 static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev,
3841 void *data, u16 len)
3843 struct mgmt_mode *cp = data;
3845 bool changed = false;
3847 bt_dev_dbg(hdev, "sock %p", sk);
3849 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks))
3850 return mgmt_cmd_status(sk, hdev->id,
3851 MGMT_OP_SET_WIDEBAND_SPEECH,
3852 MGMT_STATUS_NOT_SUPPORTED);
3854 if (cp->val != 0x00 && cp->val != 0x01)
3855 return mgmt_cmd_status(sk, hdev->id,
3856 MGMT_OP_SET_WIDEBAND_SPEECH,
3857 MGMT_STATUS_INVALID_PARAMS);
3861 if (hdev_is_powered(hdev) &&
3862 !!cp->val != hci_dev_test_flag(hdev,
3863 HCI_WIDEBAND_SPEECH_ENABLED)) {
3864 err = mgmt_cmd_status(sk, hdev->id,
3865 MGMT_OP_SET_WIDEBAND_SPEECH,
3866 MGMT_STATUS_REJECTED);
3871 changed = !hci_dev_test_and_set_flag(hdev,
3872 HCI_WIDEBAND_SPEECH_ENABLED);
3874 changed = hci_dev_test_and_clear_flag(hdev,
3875 HCI_WIDEBAND_SPEECH_ENABLED);
3877 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev);
3882 err = new_settings(hdev, sk);
3885 hci_dev_unlock(hdev);
3889 static int read_controller_cap(struct sock *sk, struct hci_dev *hdev,
3890 void *data, u16 data_len)
3893 struct mgmt_rp_read_controller_cap *rp = (void *)buf;
3896 u8 tx_power_range[2];
3898 bt_dev_dbg(hdev, "sock %p", sk);
3900 memset(&buf, 0, sizeof(buf));
3904 /* When the Read Simple Pairing Options command is supported, then
3905 * the remote public key validation is supported.
3907 * Alternatively, when Microsoft extensions are available, they can
3908 * indicate support for public key validation as well.
3910 if ((hdev->commands[41] & 0x08) || msft_curve_validity(hdev))
3911 flags |= 0x01; /* Remote public key validation (BR/EDR) */
3913 flags |= 0x02; /* Remote public key validation (LE) */
3915 /* When the Read Encryption Key Size command is supported, then the
3916 * encryption key size is enforced.
3918 if (hdev->commands[20] & 0x10)
3919 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */
3921 flags |= 0x08; /* Encryption key size enforcement (LE) */
3923 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_SEC_FLAGS,
3926 /* When the Read Simple Pairing Options command is supported, then
3927 * also max encryption key size information is provided.
3929 if (hdev->commands[41] & 0x08)
3930 cap_len = eir_append_le16(rp->cap, cap_len,
3931 MGMT_CAP_MAX_ENC_KEY_SIZE,
3932 hdev->max_enc_key_size);
3934 cap_len = eir_append_le16(rp->cap, cap_len,
3935 MGMT_CAP_SMP_MAX_ENC_KEY_SIZE,
3936 SMP_MAX_ENC_KEY_SIZE);
3938 /* Append the min/max LE tx power parameters if we were able to fetch
3939 * it from the controller
3941 if (hdev->commands[38] & 0x80) {
3942 memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1);
3943 memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1);
3944 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR,
3948 rp->cap_len = cpu_to_le16(cap_len);
3950 hci_dev_unlock(hdev);
3952 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONTROLLER_CAP, 0,
3953 rp, sizeof(*rp) + cap_len);
3956 #ifdef CONFIG_BT_FEATURE_DEBUG
3957 /* d4992530-b9ec-469f-ab01-6c481c47da1c */
3958 static const u8 debug_uuid[16] = {
3959 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab,
3960 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4,
3964 /* 330859bc-7506-492d-9370-9a6f0614037f */
3965 static const u8 quality_report_uuid[16] = {
3966 0x7f, 0x03, 0x14, 0x06, 0x6f, 0x9a, 0x70, 0x93,
3967 0x2d, 0x49, 0x06, 0x75, 0xbc, 0x59, 0x08, 0x33,
3970 /* a6695ace-ee7f-4fb9-881a-5fac66c629af */
3971 static const u8 offload_codecs_uuid[16] = {
3972 0xaf, 0x29, 0xc6, 0x66, 0xac, 0x5f, 0x1a, 0x88,
3973 0xb9, 0x4f, 0x7f, 0xee, 0xce, 0x5a, 0x69, 0xa6,
3976 /* 671b10b5-42c0-4696-9227-eb28d1b049d6 */
3977 static const u8 le_simultaneous_roles_uuid[16] = {
3978 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92,
3979 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67,
3982 /* 15c0a148-c273-11ea-b3de-0242ac130004 */
3983 static const u8 rpa_resolution_uuid[16] = {
3984 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3,
3985 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15,
3988 /* 6fbaf188-05e0-496a-9885-d6ddfdb4e03e */
3989 static const u8 iso_socket_uuid[16] = {
3990 0x3e, 0xe0, 0xb4, 0xfd, 0xdd, 0xd6, 0x85, 0x98,
3991 0x6a, 0x49, 0xe0, 0x05, 0x88, 0xf1, 0xba, 0x6f,
3994 static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev,
3995 void *data, u16 data_len)
3997 char buf[122]; /* Enough space for 6 features: 2 + 20 * 6 */
3998 struct mgmt_rp_read_exp_features_info *rp = (void *)buf;
4002 bt_dev_dbg(hdev, "sock %p", sk);
4004 memset(&buf, 0, sizeof(buf));
4006 #ifdef CONFIG_BT_FEATURE_DEBUG
4008 flags = bt_dbg_get() ? BIT(0) : 0;
4010 memcpy(rp->features[idx].uuid, debug_uuid, 16);
4011 rp->features[idx].flags = cpu_to_le32(flags);
4016 if (hdev && hci_dev_le_state_simultaneous(hdev)) {
4017 if (hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES))
4022 memcpy(rp->features[idx].uuid, le_simultaneous_roles_uuid, 16);
4023 rp->features[idx].flags = cpu_to_le32(flags);
4027 if (hdev && ll_privacy_capable(hdev)) {
4028 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
4029 flags = BIT(0) | BIT(1);
4033 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16);
4034 rp->features[idx].flags = cpu_to_le32(flags);
4038 if (hdev && (aosp_has_quality_report(hdev) ||
4039 hdev->set_quality_report)) {
4040 if (hci_dev_test_flag(hdev, HCI_QUALITY_REPORT))
4045 memcpy(rp->features[idx].uuid, quality_report_uuid, 16);
4046 rp->features[idx].flags = cpu_to_le32(flags);
4050 if (hdev && hdev->get_data_path_id) {
4051 if (hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED))
4056 memcpy(rp->features[idx].uuid, offload_codecs_uuid, 16);
4057 rp->features[idx].flags = cpu_to_le32(flags);
4061 if (IS_ENABLED(CONFIG_BT_LE)) {
4062 flags = iso_enabled() ? BIT(0) : 0;
4063 memcpy(rp->features[idx].uuid, iso_socket_uuid, 16);
4064 rp->features[idx].flags = cpu_to_le32(flags);
4068 rp->feature_count = cpu_to_le16(idx);
4070 /* After reading the experimental features information, enable
4071 * the events to update client on any future change.
4073 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4075 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4076 MGMT_OP_READ_EXP_FEATURES_INFO,
4077 0, rp, sizeof(*rp) + (20 * idx));
4080 static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev,
4083 struct mgmt_ev_exp_feature_changed ev;
4085 memset(&ev, 0, sizeof(ev));
4086 memcpy(ev.uuid, rpa_resolution_uuid, 16);
4087 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1));
4089 // Do we need to be atomic with the conn_flags?
4090 if (enabled && privacy_mode_capable(hdev))
4091 hdev->conn_flags |= HCI_CONN_FLAG_DEVICE_PRIVACY;
4093 hdev->conn_flags &= ~HCI_CONN_FLAG_DEVICE_PRIVACY;
4095 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
4097 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4101 static int exp_feature_changed(struct hci_dev *hdev, const u8 *uuid,
4102 bool enabled, struct sock *skip)
4104 struct mgmt_ev_exp_feature_changed ev;
4106 memset(&ev, 0, sizeof(ev));
4107 memcpy(ev.uuid, uuid, 16);
4108 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
4110 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
4112 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4115 #define EXP_FEAT(_uuid, _set_func) \
4118 .set_func = _set_func, \
4121 /* The zero key uuid is special. Multiple exp features are set through it. */
4122 static int set_zero_key_func(struct sock *sk, struct hci_dev *hdev,
4123 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4125 struct mgmt_rp_set_exp_feature rp;
4127 memset(rp.uuid, 0, 16);
4128 rp.flags = cpu_to_le32(0);
4130 #ifdef CONFIG_BT_FEATURE_DEBUG
4132 bool changed = bt_dbg_get();
4137 exp_feature_changed(NULL, ZERO_KEY, false, sk);
4141 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) {
4144 changed = hci_dev_test_and_clear_flag(hdev,
4145 HCI_ENABLE_LL_PRIVACY);
4147 exp_feature_changed(hdev, rpa_resolution_uuid, false,
4151 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4153 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4154 MGMT_OP_SET_EXP_FEATURE, 0,
4158 #ifdef CONFIG_BT_FEATURE_DEBUG
4159 static int set_debug_func(struct sock *sk, struct hci_dev *hdev,
4160 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4162 struct mgmt_rp_set_exp_feature rp;
4167 /* Command requires to use the non-controller index */
4169 return mgmt_cmd_status(sk, hdev->id,
4170 MGMT_OP_SET_EXP_FEATURE,
4171 MGMT_STATUS_INVALID_INDEX);
4173 /* Parameters are limited to a single octet */
4174 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4175 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4176 MGMT_OP_SET_EXP_FEATURE,
4177 MGMT_STATUS_INVALID_PARAMS);
4179 /* Only boolean on/off is supported */
4180 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4181 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4182 MGMT_OP_SET_EXP_FEATURE,
4183 MGMT_STATUS_INVALID_PARAMS);
4185 val = !!cp->param[0];
4186 changed = val ? !bt_dbg_get() : bt_dbg_get();
4189 memcpy(rp.uuid, debug_uuid, 16);
4190 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4192 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4194 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4195 MGMT_OP_SET_EXP_FEATURE, 0,
4199 exp_feature_changed(hdev, debug_uuid, val, sk);
4205 static int set_rpa_resolution_func(struct sock *sk, struct hci_dev *hdev,
4206 struct mgmt_cp_set_exp_feature *cp,
4209 struct mgmt_rp_set_exp_feature rp;
4214 /* Command requires to use the controller index */
4216 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4217 MGMT_OP_SET_EXP_FEATURE,
4218 MGMT_STATUS_INVALID_INDEX);
4220 /* Changes can only be made when controller is powered down */
4221 if (hdev_is_powered(hdev))
4222 return mgmt_cmd_status(sk, hdev->id,
4223 MGMT_OP_SET_EXP_FEATURE,
4224 MGMT_STATUS_REJECTED);
4226 /* Parameters are limited to a single octet */
4227 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4228 return mgmt_cmd_status(sk, hdev->id,
4229 MGMT_OP_SET_EXP_FEATURE,
4230 MGMT_STATUS_INVALID_PARAMS);
4232 /* Only boolean on/off is supported */
4233 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4234 return mgmt_cmd_status(sk, hdev->id,
4235 MGMT_OP_SET_EXP_FEATURE,
4236 MGMT_STATUS_INVALID_PARAMS);
4238 val = !!cp->param[0];
4241 changed = !hci_dev_test_and_set_flag(hdev,
4242 HCI_ENABLE_LL_PRIVACY);
4243 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
4245 /* Enable LL privacy + supported settings changed */
4246 flags = BIT(0) | BIT(1);
4248 changed = hci_dev_test_and_clear_flag(hdev,
4249 HCI_ENABLE_LL_PRIVACY);
4251 /* Disable LL privacy + supported settings changed */
4255 memcpy(rp.uuid, rpa_resolution_uuid, 16);
4256 rp.flags = cpu_to_le32(flags);
4258 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4260 err = mgmt_cmd_complete(sk, hdev->id,
4261 MGMT_OP_SET_EXP_FEATURE, 0,
4265 exp_ll_privacy_feature_changed(val, hdev, sk);
4270 static int set_quality_report_func(struct sock *sk, struct hci_dev *hdev,
4271 struct mgmt_cp_set_exp_feature *cp,
4274 struct mgmt_rp_set_exp_feature rp;
4278 /* Command requires to use a valid controller index */
4280 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4281 MGMT_OP_SET_EXP_FEATURE,
4282 MGMT_STATUS_INVALID_INDEX);
4284 /* Parameters are limited to a single octet */
4285 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4286 return mgmt_cmd_status(sk, hdev->id,
4287 MGMT_OP_SET_EXP_FEATURE,
4288 MGMT_STATUS_INVALID_PARAMS);
4290 /* Only boolean on/off is supported */
4291 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4292 return mgmt_cmd_status(sk, hdev->id,
4293 MGMT_OP_SET_EXP_FEATURE,
4294 MGMT_STATUS_INVALID_PARAMS);
4296 hci_req_sync_lock(hdev);
4298 val = !!cp->param[0];
4299 changed = (val != hci_dev_test_flag(hdev, HCI_QUALITY_REPORT));
4301 if (!aosp_has_quality_report(hdev) && !hdev->set_quality_report) {
4302 err = mgmt_cmd_status(sk, hdev->id,
4303 MGMT_OP_SET_EXP_FEATURE,
4304 MGMT_STATUS_NOT_SUPPORTED);
4305 goto unlock_quality_report;
4309 if (hdev->set_quality_report)
4310 err = hdev->set_quality_report(hdev, val);
4312 err = aosp_set_quality_report(hdev, val);
4315 err = mgmt_cmd_status(sk, hdev->id,
4316 MGMT_OP_SET_EXP_FEATURE,
4317 MGMT_STATUS_FAILED);
4318 goto unlock_quality_report;
4322 hci_dev_set_flag(hdev, HCI_QUALITY_REPORT);
4324 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT);
4327 bt_dev_dbg(hdev, "quality report enable %d changed %d", val, changed);
4329 memcpy(rp.uuid, quality_report_uuid, 16);
4330 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4331 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4333 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_EXP_FEATURE, 0,
4337 exp_feature_changed(hdev, quality_report_uuid, val, sk);
4339 unlock_quality_report:
4340 hci_req_sync_unlock(hdev);
4344 static int set_offload_codec_func(struct sock *sk, struct hci_dev *hdev,
4345 struct mgmt_cp_set_exp_feature *cp,
4350 struct mgmt_rp_set_exp_feature rp;
4352 /* Command requires to use a valid controller index */
4354 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4355 MGMT_OP_SET_EXP_FEATURE,
4356 MGMT_STATUS_INVALID_INDEX);
4358 /* Parameters are limited to a single octet */
4359 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4360 return mgmt_cmd_status(sk, hdev->id,
4361 MGMT_OP_SET_EXP_FEATURE,
4362 MGMT_STATUS_INVALID_PARAMS);
4364 /* Only boolean on/off is supported */
4365 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4366 return mgmt_cmd_status(sk, hdev->id,
4367 MGMT_OP_SET_EXP_FEATURE,
4368 MGMT_STATUS_INVALID_PARAMS);
4370 val = !!cp->param[0];
4371 changed = (val != hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED));
4373 if (!hdev->get_data_path_id) {
4374 return mgmt_cmd_status(sk, hdev->id,
4375 MGMT_OP_SET_EXP_FEATURE,
4376 MGMT_STATUS_NOT_SUPPORTED);
4381 hci_dev_set_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4383 hci_dev_clear_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4386 bt_dev_info(hdev, "offload codecs enable %d changed %d",
4389 memcpy(rp.uuid, offload_codecs_uuid, 16);
4390 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4391 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4392 err = mgmt_cmd_complete(sk, hdev->id,
4393 MGMT_OP_SET_EXP_FEATURE, 0,
4397 exp_feature_changed(hdev, offload_codecs_uuid, val, sk);
4402 static int set_le_simultaneous_roles_func(struct sock *sk, struct hci_dev *hdev,
4403 struct mgmt_cp_set_exp_feature *cp,
4408 struct mgmt_rp_set_exp_feature rp;
4410 /* Command requires to use a valid controller index */
4412 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4413 MGMT_OP_SET_EXP_FEATURE,
4414 MGMT_STATUS_INVALID_INDEX);
4416 /* Parameters are limited to a single octet */
4417 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4418 return mgmt_cmd_status(sk, hdev->id,
4419 MGMT_OP_SET_EXP_FEATURE,
4420 MGMT_STATUS_INVALID_PARAMS);
4422 /* Only boolean on/off is supported */
4423 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4424 return mgmt_cmd_status(sk, hdev->id,
4425 MGMT_OP_SET_EXP_FEATURE,
4426 MGMT_STATUS_INVALID_PARAMS);
4428 val = !!cp->param[0];
4429 changed = (val != hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES));
4431 if (!hci_dev_le_state_simultaneous(hdev)) {
4432 return mgmt_cmd_status(sk, hdev->id,
4433 MGMT_OP_SET_EXP_FEATURE,
4434 MGMT_STATUS_NOT_SUPPORTED);
4439 hci_dev_set_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES);
4441 hci_dev_clear_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES);
4444 bt_dev_info(hdev, "LE simultaneous roles enable %d changed %d",
4447 memcpy(rp.uuid, le_simultaneous_roles_uuid, 16);
4448 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4449 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4450 err = mgmt_cmd_complete(sk, hdev->id,
4451 MGMT_OP_SET_EXP_FEATURE, 0,
4455 exp_feature_changed(hdev, le_simultaneous_roles_uuid, val, sk);
4461 static int set_iso_socket_func(struct sock *sk, struct hci_dev *hdev,
4462 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4464 struct mgmt_rp_set_exp_feature rp;
4465 bool val, changed = false;
4468 /* Command requires to use the non-controller index */
4470 return mgmt_cmd_status(sk, hdev->id,
4471 MGMT_OP_SET_EXP_FEATURE,
4472 MGMT_STATUS_INVALID_INDEX);
4474 /* Parameters are limited to a single octet */
4475 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4476 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4477 MGMT_OP_SET_EXP_FEATURE,
4478 MGMT_STATUS_INVALID_PARAMS);
4480 /* Only boolean on/off is supported */
4481 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4482 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4483 MGMT_OP_SET_EXP_FEATURE,
4484 MGMT_STATUS_INVALID_PARAMS);
4486 val = cp->param[0] ? true : false;
4495 memcpy(rp.uuid, iso_socket_uuid, 16);
4496 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4498 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4500 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4501 MGMT_OP_SET_EXP_FEATURE, 0,
4505 exp_feature_changed(hdev, iso_socket_uuid, val, sk);
4511 static const struct mgmt_exp_feature {
4513 int (*set_func)(struct sock *sk, struct hci_dev *hdev,
4514 struct mgmt_cp_set_exp_feature *cp, u16 data_len);
4515 } exp_features[] = {
4516 EXP_FEAT(ZERO_KEY, set_zero_key_func),
4517 #ifdef CONFIG_BT_FEATURE_DEBUG
4518 EXP_FEAT(debug_uuid, set_debug_func),
4520 EXP_FEAT(rpa_resolution_uuid, set_rpa_resolution_func),
4521 EXP_FEAT(quality_report_uuid, set_quality_report_func),
4522 EXP_FEAT(offload_codecs_uuid, set_offload_codec_func),
4523 EXP_FEAT(le_simultaneous_roles_uuid, set_le_simultaneous_roles_func),
4525 EXP_FEAT(iso_socket_uuid, set_iso_socket_func),
4528 /* end with a null feature */
4529 EXP_FEAT(NULL, NULL)
4532 static int set_exp_feature(struct sock *sk, struct hci_dev *hdev,
4533 void *data, u16 data_len)
4535 struct mgmt_cp_set_exp_feature *cp = data;
4538 bt_dev_dbg(hdev, "sock %p", sk);
4540 for (i = 0; exp_features[i].uuid; i++) {
4541 if (!memcmp(cp->uuid, exp_features[i].uuid, 16))
4542 return exp_features[i].set_func(sk, hdev, cp, data_len);
4545 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4546 MGMT_OP_SET_EXP_FEATURE,
4547 MGMT_STATUS_NOT_SUPPORTED);
4550 static u32 get_params_flags(struct hci_dev *hdev,
4551 struct hci_conn_params *params)
4553 u32 flags = hdev->conn_flags;
4555 /* Devices using RPAs can only be programmed in the acceptlist if
4556 * LL Privacy has been enable otherwise they cannot mark
4557 * HCI_CONN_FLAG_REMOTE_WAKEUP.
4559 if ((flags & HCI_CONN_FLAG_REMOTE_WAKEUP) && !use_ll_privacy(hdev) &&
4560 hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type))
4561 flags &= ~HCI_CONN_FLAG_REMOTE_WAKEUP;
4566 static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
4569 struct mgmt_cp_get_device_flags *cp = data;
4570 struct mgmt_rp_get_device_flags rp;
4571 struct bdaddr_list_with_flags *br_params;
4572 struct hci_conn_params *params;
4573 u32 supported_flags;
4574 u32 current_flags = 0;
4575 u8 status = MGMT_STATUS_INVALID_PARAMS;
4577 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n",
4578 &cp->addr.bdaddr, cp->addr.type);
4582 supported_flags = hdev->conn_flags;
4584 memset(&rp, 0, sizeof(rp));
4586 if (cp->addr.type == BDADDR_BREDR) {
4587 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
4593 current_flags = br_params->flags;
4595 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
4596 le_addr_type(cp->addr.type));
4600 supported_flags = get_params_flags(hdev, params);
4601 current_flags = params->flags;
4604 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4605 rp.addr.type = cp->addr.type;
4606 rp.supported_flags = cpu_to_le32(supported_flags);
4607 rp.current_flags = cpu_to_le32(current_flags);
4609 status = MGMT_STATUS_SUCCESS;
4612 hci_dev_unlock(hdev);
4614 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status,
4618 static void device_flags_changed(struct sock *sk, struct hci_dev *hdev,
4619 bdaddr_t *bdaddr, u8 bdaddr_type,
4620 u32 supported_flags, u32 current_flags)
4622 struct mgmt_ev_device_flags_changed ev;
4624 bacpy(&ev.addr.bdaddr, bdaddr);
4625 ev.addr.type = bdaddr_type;
4626 ev.supported_flags = cpu_to_le32(supported_flags);
4627 ev.current_flags = cpu_to_le32(current_flags);
4629 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk);
4632 static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
4635 struct mgmt_cp_set_device_flags *cp = data;
4636 struct bdaddr_list_with_flags *br_params;
4637 struct hci_conn_params *params;
4638 u8 status = MGMT_STATUS_INVALID_PARAMS;
4639 u32 supported_flags;
4640 u32 current_flags = __le32_to_cpu(cp->current_flags);
4642 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x",
4643 &cp->addr.bdaddr, cp->addr.type, current_flags);
4645 // We should take hci_dev_lock() early, I think.. conn_flags can change
4646 supported_flags = hdev->conn_flags;
4648 if ((supported_flags | current_flags) != supported_flags) {
4649 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
4650 current_flags, supported_flags);
4656 if (cp->addr.type == BDADDR_BREDR) {
4657 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
4662 br_params->flags = current_flags;
4663 status = MGMT_STATUS_SUCCESS;
4665 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)",
4666 &cp->addr.bdaddr, cp->addr.type);
4672 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
4673 le_addr_type(cp->addr.type));
4675 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)",
4676 &cp->addr.bdaddr, le_addr_type(cp->addr.type));
4680 supported_flags = get_params_flags(hdev, params);
4682 if ((supported_flags | current_flags) != supported_flags) {
4683 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
4684 current_flags, supported_flags);
4688 params->flags = current_flags;
4689 status = MGMT_STATUS_SUCCESS;
4691 /* Update passive scan if HCI_CONN_FLAG_DEVICE_PRIVACY
4694 if (params->flags & HCI_CONN_FLAG_DEVICE_PRIVACY)
4695 hci_update_passive_scan(hdev);
4698 hci_dev_unlock(hdev);
4701 if (status == MGMT_STATUS_SUCCESS)
4702 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
4703 supported_flags, current_flags);
4705 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status,
4706 &cp->addr, sizeof(cp->addr));
4709 static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev,
4712 struct mgmt_ev_adv_monitor_added ev;
4714 ev.monitor_handle = cpu_to_le16(handle);
4716 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk);
4719 void mgmt_adv_monitor_removed(struct hci_dev *hdev, u16 handle)
4721 struct mgmt_ev_adv_monitor_removed ev;
4722 struct mgmt_pending_cmd *cmd;
4723 struct sock *sk_skip = NULL;
4724 struct mgmt_cp_remove_adv_monitor *cp;
4726 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev);
4730 if (cp->monitor_handle)
4734 ev.monitor_handle = cpu_to_le16(handle);
4736 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk_skip);
4739 static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev,
4740 void *data, u16 len)
4742 struct adv_monitor *monitor = NULL;
4743 struct mgmt_rp_read_adv_monitor_features *rp = NULL;
4746 __u32 supported = 0;
4748 __u16 num_handles = 0;
4749 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES];
4751 BT_DBG("request for %s", hdev->name);
4755 if (msft_monitor_supported(hdev))
4756 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS;
4758 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle)
4759 handles[num_handles++] = monitor->handle;
4761 hci_dev_unlock(hdev);
4763 rp_size = sizeof(*rp) + (num_handles * sizeof(u16));
4764 rp = kmalloc(rp_size, GFP_KERNEL);
4768 /* All supported features are currently enabled */
4769 enabled = supported;
4771 rp->supported_features = cpu_to_le32(supported);
4772 rp->enabled_features = cpu_to_le32(enabled);
4773 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES);
4774 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS;
4775 rp->num_handles = cpu_to_le16(num_handles);
4777 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16)));
4779 err = mgmt_cmd_complete(sk, hdev->id,
4780 MGMT_OP_READ_ADV_MONITOR_FEATURES,
4781 MGMT_STATUS_SUCCESS, rp, rp_size);
4788 static void mgmt_add_adv_patterns_monitor_complete(struct hci_dev *hdev,
4789 void *data, int status)
4791 struct mgmt_rp_add_adv_patterns_monitor rp;
4792 struct mgmt_pending_cmd *cmd = data;
4793 struct adv_monitor *monitor = cmd->user_data;
4797 rp.monitor_handle = cpu_to_le16(monitor->handle);
4800 mgmt_adv_monitor_added(cmd->sk, hdev, monitor->handle);
4801 hdev->adv_monitors_cnt++;
4802 if (monitor->state == ADV_MONITOR_STATE_NOT_REGISTERED)
4803 monitor->state = ADV_MONITOR_STATE_REGISTERED;
4804 hci_update_passive_scan(hdev);
4807 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
4808 mgmt_status(status), &rp, sizeof(rp));
4809 mgmt_pending_remove(cmd);
4811 hci_dev_unlock(hdev);
4812 bt_dev_dbg(hdev, "add monitor %d complete, status %d",
4813 rp.monitor_handle, status);
4816 static int mgmt_add_adv_patterns_monitor_sync(struct hci_dev *hdev, void *data)
4818 struct mgmt_pending_cmd *cmd = data;
4819 struct adv_monitor *monitor = cmd->user_data;
4821 return hci_add_adv_monitor(hdev, monitor);
4824 static int __add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
4825 struct adv_monitor *m, u8 status,
4826 void *data, u16 len, u16 op)
4828 struct mgmt_pending_cmd *cmd;
4836 if (pending_find(MGMT_OP_SET_LE, hdev) ||
4837 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
4838 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev) ||
4839 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev)) {
4840 status = MGMT_STATUS_BUSY;
4844 cmd = mgmt_pending_add(sk, op, hdev, data, len);
4846 status = MGMT_STATUS_NO_RESOURCES;
4851 err = hci_cmd_sync_queue(hdev, mgmt_add_adv_patterns_monitor_sync, cmd,
4852 mgmt_add_adv_patterns_monitor_complete);
4855 status = MGMT_STATUS_NO_RESOURCES;
4857 status = MGMT_STATUS_FAILED;
4862 hci_dev_unlock(hdev);
4867 hci_free_adv_monitor(hdev, m);
4868 hci_dev_unlock(hdev);
4869 return mgmt_cmd_status(sk, hdev->id, op, status);
4872 static void parse_adv_monitor_rssi(struct adv_monitor *m,
4873 struct mgmt_adv_rssi_thresholds *rssi)
4876 m->rssi.low_threshold = rssi->low_threshold;
4877 m->rssi.low_threshold_timeout =
4878 __le16_to_cpu(rssi->low_threshold_timeout);
4879 m->rssi.high_threshold = rssi->high_threshold;
4880 m->rssi.high_threshold_timeout =
4881 __le16_to_cpu(rssi->high_threshold_timeout);
4882 m->rssi.sampling_period = rssi->sampling_period;
4884 /* Default values. These numbers are the least constricting
4885 * parameters for MSFT API to work, so it behaves as if there
4886 * are no rssi parameter to consider. May need to be changed
4887 * if other API are to be supported.
4889 m->rssi.low_threshold = -127;
4890 m->rssi.low_threshold_timeout = 60;
4891 m->rssi.high_threshold = -127;
4892 m->rssi.high_threshold_timeout = 0;
4893 m->rssi.sampling_period = 0;
4897 static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count,
4898 struct mgmt_adv_pattern *patterns)
4900 u8 offset = 0, length = 0;
4901 struct adv_pattern *p = NULL;
4904 for (i = 0; i < pattern_count; i++) {
4905 offset = patterns[i].offset;
4906 length = patterns[i].length;
4907 if (offset >= HCI_MAX_AD_LENGTH ||
4908 length > HCI_MAX_AD_LENGTH ||
4909 (offset + length) > HCI_MAX_AD_LENGTH)
4910 return MGMT_STATUS_INVALID_PARAMS;
4912 p = kmalloc(sizeof(*p), GFP_KERNEL);
4914 return MGMT_STATUS_NO_RESOURCES;
4916 p->ad_type = patterns[i].ad_type;
4917 p->offset = patterns[i].offset;
4918 p->length = patterns[i].length;
4919 memcpy(p->value, patterns[i].value, p->length);
4921 INIT_LIST_HEAD(&p->list);
4922 list_add(&p->list, &m->patterns);
4925 return MGMT_STATUS_SUCCESS;
4928 static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
4929 void *data, u16 len)
4931 struct mgmt_cp_add_adv_patterns_monitor *cp = data;
4932 struct adv_monitor *m = NULL;
4933 u8 status = MGMT_STATUS_SUCCESS;
4934 size_t expected_size = sizeof(*cp);
4936 BT_DBG("request for %s", hdev->name);
4938 if (len <= sizeof(*cp)) {
4939 status = MGMT_STATUS_INVALID_PARAMS;
4943 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
4944 if (len != expected_size) {
4945 status = MGMT_STATUS_INVALID_PARAMS;
4949 m = kzalloc(sizeof(*m), GFP_KERNEL);
4951 status = MGMT_STATUS_NO_RESOURCES;
4955 INIT_LIST_HEAD(&m->patterns);
4957 parse_adv_monitor_rssi(m, NULL);
4958 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
4961 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
4962 MGMT_OP_ADD_ADV_PATTERNS_MONITOR);
4965 static int add_adv_patterns_monitor_rssi(struct sock *sk, struct hci_dev *hdev,
4966 void *data, u16 len)
4968 struct mgmt_cp_add_adv_patterns_monitor_rssi *cp = data;
4969 struct adv_monitor *m = NULL;
4970 u8 status = MGMT_STATUS_SUCCESS;
4971 size_t expected_size = sizeof(*cp);
4973 BT_DBG("request for %s", hdev->name);
4975 if (len <= sizeof(*cp)) {
4976 status = MGMT_STATUS_INVALID_PARAMS;
4980 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
4981 if (len != expected_size) {
4982 status = MGMT_STATUS_INVALID_PARAMS;
4986 m = kzalloc(sizeof(*m), GFP_KERNEL);
4988 status = MGMT_STATUS_NO_RESOURCES;
4992 INIT_LIST_HEAD(&m->patterns);
4994 parse_adv_monitor_rssi(m, &cp->rssi);
4995 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
4998 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
4999 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI);
5002 static void mgmt_remove_adv_monitor_complete(struct hci_dev *hdev,
5003 void *data, int status)
5005 struct mgmt_rp_remove_adv_monitor rp;
5006 struct mgmt_pending_cmd *cmd = data;
5007 struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
5011 rp.monitor_handle = cp->monitor_handle;
5014 hci_update_passive_scan(hdev);
5016 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5017 mgmt_status(status), &rp, sizeof(rp));
5018 mgmt_pending_remove(cmd);
5020 hci_dev_unlock(hdev);
5021 bt_dev_dbg(hdev, "remove monitor %d complete, status %d",
5022 rp.monitor_handle, status);
5025 static int mgmt_remove_adv_monitor_sync(struct hci_dev *hdev, void *data)
5027 struct mgmt_pending_cmd *cmd = data;
5028 struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
5029 u16 handle = __le16_to_cpu(cp->monitor_handle);
5032 return hci_remove_all_adv_monitor(hdev);
5034 return hci_remove_single_adv_monitor(hdev, handle);
5037 static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev,
5038 void *data, u16 len)
5040 struct mgmt_pending_cmd *cmd;
5045 if (pending_find(MGMT_OP_SET_LE, hdev) ||
5046 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev) ||
5047 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
5048 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev)) {
5049 status = MGMT_STATUS_BUSY;
5053 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADV_MONITOR, hdev, data, len);
5055 status = MGMT_STATUS_NO_RESOURCES;
5059 err = hci_cmd_sync_queue(hdev, mgmt_remove_adv_monitor_sync, cmd,
5060 mgmt_remove_adv_monitor_complete);
5063 mgmt_pending_remove(cmd);
5066 status = MGMT_STATUS_NO_RESOURCES;
5068 status = MGMT_STATUS_FAILED;
5073 hci_dev_unlock(hdev);
5078 hci_dev_unlock(hdev);
5079 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR,
5083 static void read_local_oob_data_complete(struct hci_dev *hdev, void *data, int err)
5085 struct mgmt_rp_read_local_oob_data mgmt_rp;
5086 size_t rp_size = sizeof(mgmt_rp);
5087 struct mgmt_pending_cmd *cmd = data;
5088 struct sk_buff *skb = cmd->skb;
5089 u8 status = mgmt_status(err);
5093 status = MGMT_STATUS_FAILED;
5094 else if (IS_ERR(skb))
5095 status = mgmt_status(PTR_ERR(skb));
5097 status = mgmt_status(skb->data[0]);
5100 bt_dev_dbg(hdev, "status %d", status);
5103 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, status);
5107 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
5109 if (!bredr_sc_enabled(hdev)) {
5110 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
5112 if (skb->len < sizeof(*rp)) {
5113 mgmt_cmd_status(cmd->sk, hdev->id,
5114 MGMT_OP_READ_LOCAL_OOB_DATA,
5115 MGMT_STATUS_FAILED);
5119 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
5120 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
5122 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
5124 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
5126 if (skb->len < sizeof(*rp)) {
5127 mgmt_cmd_status(cmd->sk, hdev->id,
5128 MGMT_OP_READ_LOCAL_OOB_DATA,
5129 MGMT_STATUS_FAILED);
5133 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
5134 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
5136 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
5137 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
5140 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5141 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
5144 if (skb && !IS_ERR(skb))
5147 mgmt_pending_free(cmd);
5150 static int read_local_oob_data_sync(struct hci_dev *hdev, void *data)
5152 struct mgmt_pending_cmd *cmd = data;
5154 if (bredr_sc_enabled(hdev))
5155 cmd->skb = hci_read_local_oob_data_sync(hdev, true, cmd->sk);
5157 cmd->skb = hci_read_local_oob_data_sync(hdev, false, cmd->sk);
5159 if (IS_ERR(cmd->skb))
5160 return PTR_ERR(cmd->skb);
5165 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
5166 void *data, u16 data_len)
5168 struct mgmt_pending_cmd *cmd;
5171 bt_dev_dbg(hdev, "sock %p", sk);
5175 if (!hdev_is_powered(hdev)) {
5176 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5177 MGMT_STATUS_NOT_POWERED);
5181 if (!lmp_ssp_capable(hdev)) {
5182 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5183 MGMT_STATUS_NOT_SUPPORTED);
5187 cmd = mgmt_pending_new(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
5191 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd,
5192 read_local_oob_data_complete);
5195 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5196 MGMT_STATUS_FAILED);
5199 mgmt_pending_free(cmd);
5203 hci_dev_unlock(hdev);
5207 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
5208 void *data, u16 len)
5210 struct mgmt_addr_info *addr = data;
5213 bt_dev_dbg(hdev, "sock %p", sk);
5215 if (!bdaddr_type_is_valid(addr->type))
5216 return mgmt_cmd_complete(sk, hdev->id,
5217 MGMT_OP_ADD_REMOTE_OOB_DATA,
5218 MGMT_STATUS_INVALID_PARAMS,
5219 addr, sizeof(*addr));
5223 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
5224 struct mgmt_cp_add_remote_oob_data *cp = data;
5227 if (cp->addr.type != BDADDR_BREDR) {
5228 err = mgmt_cmd_complete(sk, hdev->id,
5229 MGMT_OP_ADD_REMOTE_OOB_DATA,
5230 MGMT_STATUS_INVALID_PARAMS,
5231 &cp->addr, sizeof(cp->addr));
5235 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
5236 cp->addr.type, cp->hash,
5237 cp->rand, NULL, NULL);
5239 status = MGMT_STATUS_FAILED;
5241 status = MGMT_STATUS_SUCCESS;
5243 err = mgmt_cmd_complete(sk, hdev->id,
5244 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
5245 &cp->addr, sizeof(cp->addr));
5246 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
5247 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
5248 u8 *rand192, *hash192, *rand256, *hash256;
5251 if (bdaddr_type_is_le(cp->addr.type)) {
5252 /* Enforce zero-valued 192-bit parameters as
5253 * long as legacy SMP OOB isn't implemented.
5255 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
5256 memcmp(cp->hash192, ZERO_KEY, 16)) {
5257 err = mgmt_cmd_complete(sk, hdev->id,
5258 MGMT_OP_ADD_REMOTE_OOB_DATA,
5259 MGMT_STATUS_INVALID_PARAMS,
5260 addr, sizeof(*addr));
5267 /* In case one of the P-192 values is set to zero,
5268 * then just disable OOB data for P-192.
5270 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
5271 !memcmp(cp->hash192, ZERO_KEY, 16)) {
5275 rand192 = cp->rand192;
5276 hash192 = cp->hash192;
5280 /* In case one of the P-256 values is set to zero, then just
5281 * disable OOB data for P-256.
5283 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
5284 !memcmp(cp->hash256, ZERO_KEY, 16)) {
5288 rand256 = cp->rand256;
5289 hash256 = cp->hash256;
5292 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
5293 cp->addr.type, hash192, rand192,
5296 status = MGMT_STATUS_FAILED;
5298 status = MGMT_STATUS_SUCCESS;
5300 err = mgmt_cmd_complete(sk, hdev->id,
5301 MGMT_OP_ADD_REMOTE_OOB_DATA,
5302 status, &cp->addr, sizeof(cp->addr));
5304 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
5306 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
5307 MGMT_STATUS_INVALID_PARAMS);
5311 hci_dev_unlock(hdev);
5315 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
5316 void *data, u16 len)
5318 struct mgmt_cp_remove_remote_oob_data *cp = data;
5322 bt_dev_dbg(hdev, "sock %p", sk);
5324 if (cp->addr.type != BDADDR_BREDR)
5325 return mgmt_cmd_complete(sk, hdev->id,
5326 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5327 MGMT_STATUS_INVALID_PARAMS,
5328 &cp->addr, sizeof(cp->addr));
5332 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5333 hci_remote_oob_data_clear(hdev);
5334 status = MGMT_STATUS_SUCCESS;
5338 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
5340 status = MGMT_STATUS_INVALID_PARAMS;
5342 status = MGMT_STATUS_SUCCESS;
5345 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5346 status, &cp->addr, sizeof(cp->addr));
5348 hci_dev_unlock(hdev);
5352 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
5354 struct mgmt_pending_cmd *cmd;
5356 bt_dev_dbg(hdev, "status %u", status);
5360 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
5362 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
5365 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
5368 cmd->cmd_complete(cmd, mgmt_status(status));
5369 mgmt_pending_remove(cmd);
5372 hci_dev_unlock(hdev);
5375 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
5376 uint8_t *mgmt_status)
5379 case DISCOV_TYPE_LE:
5380 *mgmt_status = mgmt_le_support(hdev);
5384 case DISCOV_TYPE_INTERLEAVED:
5385 *mgmt_status = mgmt_le_support(hdev);
5389 case DISCOV_TYPE_BREDR:
5390 *mgmt_status = mgmt_bredr_support(hdev);
5395 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
5402 static void start_discovery_complete(struct hci_dev *hdev, void *data, int err)
5404 struct mgmt_pending_cmd *cmd = data;
5406 if (cmd != pending_find(MGMT_OP_START_DISCOVERY, hdev) &&
5407 cmd != pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev) &&
5408 cmd != pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev))
5411 bt_dev_dbg(hdev, "err %d", err);
5413 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
5415 mgmt_pending_remove(cmd);
5417 hci_discovery_set_state(hdev, err ? DISCOVERY_STOPPED:
5421 static int start_discovery_sync(struct hci_dev *hdev, void *data)
5423 return hci_start_discovery_sync(hdev);
5426 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
5427 u16 op, void *data, u16 len)
5429 struct mgmt_cp_start_discovery *cp = data;
5430 struct mgmt_pending_cmd *cmd;
5434 bt_dev_dbg(hdev, "sock %p", sk);
5438 if (!hdev_is_powered(hdev)) {
5439 err = mgmt_cmd_complete(sk, hdev->id, op,
5440 MGMT_STATUS_NOT_POWERED,
5441 &cp->type, sizeof(cp->type));
5445 if (hdev->discovery.state != DISCOVERY_STOPPED ||
5446 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
5447 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5448 &cp->type, sizeof(cp->type));
5452 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
5453 err = mgmt_cmd_complete(sk, hdev->id, op, status,
5454 &cp->type, sizeof(cp->type));
5458 /* Can't start discovery when it is paused */
5459 if (hdev->discovery_paused) {
5460 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5461 &cp->type, sizeof(cp->type));
5465 /* Clear the discovery filter first to free any previously
5466 * allocated memory for the UUID list.
5468 hci_discovery_filter_clear(hdev);
5470 hdev->discovery.type = cp->type;
5471 hdev->discovery.report_invalid_rssi = false;
5472 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
5473 hdev->discovery.limited = true;
5475 hdev->discovery.limited = false;
5477 cmd = mgmt_pending_add(sk, op, hdev, data, len);
5483 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
5484 start_discovery_complete);
5486 mgmt_pending_remove(cmd);
5490 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
5493 hci_dev_unlock(hdev);
5497 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
5498 void *data, u16 len)
5500 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
5504 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
5505 void *data, u16 len)
5507 return start_discovery_internal(sk, hdev,
5508 MGMT_OP_START_LIMITED_DISCOVERY,
5512 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
5513 void *data, u16 len)
5515 struct mgmt_cp_start_service_discovery *cp = data;
5516 struct mgmt_pending_cmd *cmd;
5517 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
5518 u16 uuid_count, expected_len;
5522 bt_dev_dbg(hdev, "sock %p", sk);
5526 if (!hdev_is_powered(hdev)) {
5527 err = mgmt_cmd_complete(sk, hdev->id,
5528 MGMT_OP_START_SERVICE_DISCOVERY,
5529 MGMT_STATUS_NOT_POWERED,
5530 &cp->type, sizeof(cp->type));
5534 if (hdev->discovery.state != DISCOVERY_STOPPED ||
5535 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
5536 err = mgmt_cmd_complete(sk, hdev->id,
5537 MGMT_OP_START_SERVICE_DISCOVERY,
5538 MGMT_STATUS_BUSY, &cp->type,
5543 if (hdev->discovery_paused) {
5544 err = mgmt_cmd_complete(sk, hdev->id,
5545 MGMT_OP_START_SERVICE_DISCOVERY,
5546 MGMT_STATUS_BUSY, &cp->type,
5551 uuid_count = __le16_to_cpu(cp->uuid_count);
5552 if (uuid_count > max_uuid_count) {
5553 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
5555 err = mgmt_cmd_complete(sk, hdev->id,
5556 MGMT_OP_START_SERVICE_DISCOVERY,
5557 MGMT_STATUS_INVALID_PARAMS, &cp->type,
5562 expected_len = sizeof(*cp) + uuid_count * 16;
5563 if (expected_len != len) {
5564 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
5566 err = mgmt_cmd_complete(sk, hdev->id,
5567 MGMT_OP_START_SERVICE_DISCOVERY,
5568 MGMT_STATUS_INVALID_PARAMS, &cp->type,
5573 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
5574 err = mgmt_cmd_complete(sk, hdev->id,
5575 MGMT_OP_START_SERVICE_DISCOVERY,
5576 status, &cp->type, sizeof(cp->type));
5580 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
5587 /* Clear the discovery filter first to free any previously
5588 * allocated memory for the UUID list.
5590 hci_discovery_filter_clear(hdev);
5592 hdev->discovery.result_filtering = true;
5593 hdev->discovery.type = cp->type;
5594 hdev->discovery.rssi = cp->rssi;
5595 hdev->discovery.uuid_count = uuid_count;
5597 if (uuid_count > 0) {
5598 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
5600 if (!hdev->discovery.uuids) {
5601 err = mgmt_cmd_complete(sk, hdev->id,
5602 MGMT_OP_START_SERVICE_DISCOVERY,
5604 &cp->type, sizeof(cp->type));
5605 mgmt_pending_remove(cmd);
5610 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
5611 start_discovery_complete);
5613 mgmt_pending_remove(cmd);
5617 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
5620 hci_dev_unlock(hdev);
5624 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
5626 struct mgmt_pending_cmd *cmd;
5628 bt_dev_dbg(hdev, "status %u", status);
5632 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
5634 cmd->cmd_complete(cmd, mgmt_status(status));
5635 mgmt_pending_remove(cmd);
5638 hci_dev_unlock(hdev);
5641 static void stop_discovery_complete(struct hci_dev *hdev, void *data, int err)
5643 struct mgmt_pending_cmd *cmd = data;
5645 if (cmd != pending_find(MGMT_OP_STOP_DISCOVERY, hdev))
5648 bt_dev_dbg(hdev, "err %d", err);
5650 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
5652 mgmt_pending_remove(cmd);
5655 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
5658 static int stop_discovery_sync(struct hci_dev *hdev, void *data)
5660 return hci_stop_discovery_sync(hdev);
5663 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
5666 struct mgmt_cp_stop_discovery *mgmt_cp = data;
5667 struct mgmt_pending_cmd *cmd;
5670 bt_dev_dbg(hdev, "sock %p", sk);
5674 if (!hci_discovery_active(hdev)) {
5675 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
5676 MGMT_STATUS_REJECTED, &mgmt_cp->type,
5677 sizeof(mgmt_cp->type));
5681 if (hdev->discovery.type != mgmt_cp->type) {
5682 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
5683 MGMT_STATUS_INVALID_PARAMS,
5684 &mgmt_cp->type, sizeof(mgmt_cp->type));
5688 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
5694 err = hci_cmd_sync_queue(hdev, stop_discovery_sync, cmd,
5695 stop_discovery_complete);
5697 mgmt_pending_remove(cmd);
5701 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
5704 hci_dev_unlock(hdev);
5708 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
5711 struct mgmt_cp_confirm_name *cp = data;
5712 struct inquiry_entry *e;
5715 bt_dev_dbg(hdev, "sock %p", sk);
5719 if (!hci_discovery_active(hdev)) {
5720 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
5721 MGMT_STATUS_FAILED, &cp->addr,
5726 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
5728 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
5729 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
5734 if (cp->name_known) {
5735 e->name_state = NAME_KNOWN;
5738 e->name_state = NAME_NEEDED;
5739 hci_inquiry_cache_update_resolve(hdev, e);
5742 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
5743 &cp->addr, sizeof(cp->addr));
5746 hci_dev_unlock(hdev);
5750 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
5753 struct mgmt_cp_block_device *cp = data;
5757 bt_dev_dbg(hdev, "sock %p", sk);
5759 if (!bdaddr_type_is_valid(cp->addr.type))
5760 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
5761 MGMT_STATUS_INVALID_PARAMS,
5762 &cp->addr, sizeof(cp->addr));
5766 err = hci_bdaddr_list_add(&hdev->reject_list, &cp->addr.bdaddr,
5769 status = MGMT_STATUS_FAILED;
5773 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
5775 status = MGMT_STATUS_SUCCESS;
5778 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
5779 &cp->addr, sizeof(cp->addr));
5781 hci_dev_unlock(hdev);
5786 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
5789 struct mgmt_cp_unblock_device *cp = data;
5793 bt_dev_dbg(hdev, "sock %p", sk);
5795 if (!bdaddr_type_is_valid(cp->addr.type))
5796 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
5797 MGMT_STATUS_INVALID_PARAMS,
5798 &cp->addr, sizeof(cp->addr));
5802 err = hci_bdaddr_list_del(&hdev->reject_list, &cp->addr.bdaddr,
5805 status = MGMT_STATUS_INVALID_PARAMS;
5809 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
5811 status = MGMT_STATUS_SUCCESS;
5814 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
5815 &cp->addr, sizeof(cp->addr));
5817 hci_dev_unlock(hdev);
5822 static int set_device_id_sync(struct hci_dev *hdev, void *data)
5824 return hci_update_eir_sync(hdev);
5827 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
5830 struct mgmt_cp_set_device_id *cp = data;
5834 bt_dev_dbg(hdev, "sock %p", sk);
5836 source = __le16_to_cpu(cp->source);
5838 if (source > 0x0002)
5839 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
5840 MGMT_STATUS_INVALID_PARAMS);
5844 hdev->devid_source = source;
5845 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
5846 hdev->devid_product = __le16_to_cpu(cp->product);
5847 hdev->devid_version = __le16_to_cpu(cp->version);
5849 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
5852 hci_cmd_sync_queue(hdev, set_device_id_sync, NULL, NULL);
5854 hci_dev_unlock(hdev);
5859 static void enable_advertising_instance(struct hci_dev *hdev, int err)
5862 bt_dev_err(hdev, "failed to re-configure advertising %d", err);
5864 bt_dev_dbg(hdev, "status %d", err);
5867 static void set_advertising_complete(struct hci_dev *hdev, void *data, int err)
5869 struct cmd_lookup match = { NULL, hdev };
5871 struct adv_info *adv_instance;
5872 u8 status = mgmt_status(err);
5875 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
5876 cmd_status_rsp, &status);
5880 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
5881 hci_dev_set_flag(hdev, HCI_ADVERTISING);
5883 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
5885 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
5888 new_settings(hdev, match.sk);
5893 /* If "Set Advertising" was just disabled and instance advertising was
5894 * set up earlier, then re-enable multi-instance advertising.
5896 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
5897 list_empty(&hdev->adv_instances))
5900 instance = hdev->cur_adv_instance;
5902 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
5903 struct adv_info, list);
5907 instance = adv_instance->instance;
5910 err = hci_schedule_adv_instance_sync(hdev, instance, true);
5912 enable_advertising_instance(hdev, err);
5915 static int set_adv_sync(struct hci_dev *hdev, void *data)
5917 struct mgmt_pending_cmd *cmd = data;
5918 struct mgmt_mode *cp = cmd->param;
5921 if (cp->val == 0x02)
5922 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5924 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5926 cancel_adv_timeout(hdev);
5929 /* Switch to instance "0" for the Set Advertising setting.
5930 * We cannot use update_[adv|scan_rsp]_data() here as the
5931 * HCI_ADVERTISING flag is not yet set.
5933 hdev->cur_adv_instance = 0x00;
5935 if (ext_adv_capable(hdev)) {
5936 hci_start_ext_adv_sync(hdev, 0x00);
5938 hci_update_adv_data_sync(hdev, 0x00);
5939 hci_update_scan_rsp_data_sync(hdev, 0x00);
5940 hci_enable_advertising_sync(hdev);
5943 hci_disable_advertising_sync(hdev);
5949 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
5952 struct mgmt_mode *cp = data;
5953 struct mgmt_pending_cmd *cmd;
5957 bt_dev_dbg(hdev, "sock %p", sk);
5959 status = mgmt_le_support(hdev);
5961 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5964 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
5965 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5966 MGMT_STATUS_INVALID_PARAMS);
5968 if (hdev->advertising_paused)
5969 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5976 /* The following conditions are ones which mean that we should
5977 * not do any HCI communication but directly send a mgmt
5978 * response to user space (after toggling the flag if
5981 if (!hdev_is_powered(hdev) ||
5982 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
5983 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
5984 hci_conn_num(hdev, LE_LINK) > 0 ||
5985 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
5986 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
5990 hdev->cur_adv_instance = 0x00;
5991 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
5992 if (cp->val == 0x02)
5993 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5995 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5997 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
5998 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6001 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
6006 err = new_settings(hdev, sk);
6011 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
6012 pending_find(MGMT_OP_SET_LE, hdev)) {
6013 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6018 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
6022 err = hci_cmd_sync_queue(hdev, set_adv_sync, cmd,
6023 set_advertising_complete);
6026 mgmt_pending_remove(cmd);
6029 hci_dev_unlock(hdev);
6033 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
6034 void *data, u16 len)
6036 struct mgmt_cp_set_static_address *cp = data;
6039 bt_dev_dbg(hdev, "sock %p", sk);
6041 if (!lmp_le_capable(hdev))
6042 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
6043 MGMT_STATUS_NOT_SUPPORTED);
6045 if (hdev_is_powered(hdev))
6046 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
6047 MGMT_STATUS_REJECTED);
6049 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
6050 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
6051 return mgmt_cmd_status(sk, hdev->id,
6052 MGMT_OP_SET_STATIC_ADDRESS,
6053 MGMT_STATUS_INVALID_PARAMS);
6055 /* Two most significant bits shall be set */
6056 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
6057 return mgmt_cmd_status(sk, hdev->id,
6058 MGMT_OP_SET_STATIC_ADDRESS,
6059 MGMT_STATUS_INVALID_PARAMS);
6064 bacpy(&hdev->static_addr, &cp->bdaddr);
6066 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
6070 err = new_settings(hdev, sk);
6073 hci_dev_unlock(hdev);
6077 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
6078 void *data, u16 len)
6080 struct mgmt_cp_set_scan_params *cp = data;
6081 __u16 interval, window;
6084 bt_dev_dbg(hdev, "sock %p", sk);
6086 if (!lmp_le_capable(hdev))
6087 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6088 MGMT_STATUS_NOT_SUPPORTED);
6090 interval = __le16_to_cpu(cp->interval);
6092 if (interval < 0x0004 || interval > 0x4000)
6093 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6094 MGMT_STATUS_INVALID_PARAMS);
6096 window = __le16_to_cpu(cp->window);
6098 if (window < 0x0004 || window > 0x4000)
6099 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6100 MGMT_STATUS_INVALID_PARAMS);
6102 if (window > interval)
6103 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6104 MGMT_STATUS_INVALID_PARAMS);
6108 hdev->le_scan_interval = interval;
6109 hdev->le_scan_window = window;
6111 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
6114 /* If background scan is running, restart it so new parameters are
6117 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
6118 hdev->discovery.state == DISCOVERY_STOPPED)
6119 hci_update_passive_scan(hdev);
6121 hci_dev_unlock(hdev);
6126 static void fast_connectable_complete(struct hci_dev *hdev, void *data, int err)
6128 struct mgmt_pending_cmd *cmd = data;
6130 bt_dev_dbg(hdev, "err %d", err);
6133 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
6136 struct mgmt_mode *cp = cmd->param;
6139 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
6141 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
6143 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6144 new_settings(hdev, cmd->sk);
6147 mgmt_pending_free(cmd);
6150 static int write_fast_connectable_sync(struct hci_dev *hdev, void *data)
6152 struct mgmt_pending_cmd *cmd = data;
6153 struct mgmt_mode *cp = cmd->param;
6155 return hci_write_fast_connectable_sync(hdev, cp->val);
6158 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
6159 void *data, u16 len)
6161 struct mgmt_mode *cp = data;
6162 struct mgmt_pending_cmd *cmd;
6165 bt_dev_dbg(hdev, "sock %p", sk);
6167 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
6168 hdev->hci_ver < BLUETOOTH_VER_1_2)
6169 return mgmt_cmd_status(sk, hdev->id,
6170 MGMT_OP_SET_FAST_CONNECTABLE,
6171 MGMT_STATUS_NOT_SUPPORTED);
6173 if (cp->val != 0x00 && cp->val != 0x01)
6174 return mgmt_cmd_status(sk, hdev->id,
6175 MGMT_OP_SET_FAST_CONNECTABLE,
6176 MGMT_STATUS_INVALID_PARAMS);
6180 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
6181 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6185 if (!hdev_is_powered(hdev)) {
6186 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
6187 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6188 new_settings(hdev, sk);
6192 cmd = mgmt_pending_new(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, data,
6197 err = hci_cmd_sync_queue(hdev, write_fast_connectable_sync, cmd,
6198 fast_connectable_complete);
6201 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
6202 MGMT_STATUS_FAILED);
6205 mgmt_pending_free(cmd);
6209 hci_dev_unlock(hdev);
6214 static void set_bredr_complete(struct hci_dev *hdev, void *data, int err)
6216 struct mgmt_pending_cmd *cmd = data;
6218 bt_dev_dbg(hdev, "err %d", err);
6221 u8 mgmt_err = mgmt_status(err);
6223 /* We need to restore the flag if related HCI commands
6226 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
6228 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
6230 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
6231 new_settings(hdev, cmd->sk);
6234 mgmt_pending_free(cmd);
6237 static int set_bredr_sync(struct hci_dev *hdev, void *data)
6241 status = hci_write_fast_connectable_sync(hdev, false);
6244 status = hci_update_scan_sync(hdev);
6246 /* Since only the advertising data flags will change, there
6247 * is no need to update the scan response data.
6250 status = hci_update_adv_data_sync(hdev, hdev->cur_adv_instance);
6255 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6257 struct mgmt_mode *cp = data;
6258 struct mgmt_pending_cmd *cmd;
6261 bt_dev_dbg(hdev, "sock %p", sk);
6263 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
6264 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6265 MGMT_STATUS_NOT_SUPPORTED);
6267 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
6268 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6269 MGMT_STATUS_REJECTED);
6271 if (cp->val != 0x00 && cp->val != 0x01)
6272 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6273 MGMT_STATUS_INVALID_PARAMS);
6277 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
6278 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6282 if (!hdev_is_powered(hdev)) {
6284 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
6285 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
6286 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
6287 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
6288 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
6291 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
6293 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6297 err = new_settings(hdev, sk);
6301 /* Reject disabling when powered on */
6303 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6304 MGMT_STATUS_REJECTED);
6307 /* When configuring a dual-mode controller to operate
6308 * with LE only and using a static address, then switching
6309 * BR/EDR back on is not allowed.
6311 * Dual-mode controllers shall operate with the public
6312 * address as its identity address for BR/EDR and LE. So
6313 * reject the attempt to create an invalid configuration.
6315 * The same restrictions applies when secure connections
6316 * has been enabled. For BR/EDR this is a controller feature
6317 * while for LE it is a host stack feature. This means that
6318 * switching BR/EDR back on when secure connections has been
6319 * enabled is not a supported transaction.
6321 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6322 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
6323 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
6324 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6325 MGMT_STATUS_REJECTED);
6330 cmd = mgmt_pending_new(sk, MGMT_OP_SET_BREDR, hdev, data, len);
6334 err = hci_cmd_sync_queue(hdev, set_bredr_sync, cmd,
6335 set_bredr_complete);
6338 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6339 MGMT_STATUS_FAILED);
6341 mgmt_pending_free(cmd);
6346 /* We need to flip the bit already here so that
6347 * hci_req_update_adv_data generates the correct flags.
6349 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
6352 hci_dev_unlock(hdev);
6356 static void set_secure_conn_complete(struct hci_dev *hdev, void *data, int err)
6358 struct mgmt_pending_cmd *cmd = data;
6359 struct mgmt_mode *cp;
6361 bt_dev_dbg(hdev, "err %d", err);
6364 u8 mgmt_err = mgmt_status(err);
6366 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
6374 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
6375 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6378 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6379 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6382 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6383 hci_dev_set_flag(hdev, HCI_SC_ONLY);
6387 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
6388 new_settings(hdev, cmd->sk);
6391 mgmt_pending_free(cmd);
6394 static int set_secure_conn_sync(struct hci_dev *hdev, void *data)
6396 struct mgmt_pending_cmd *cmd = data;
6397 struct mgmt_mode *cp = cmd->param;
6400 /* Force write of val */
6401 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6403 return hci_write_sc_support_sync(hdev, val);
6406 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
6407 void *data, u16 len)
6409 struct mgmt_mode *cp = data;
6410 struct mgmt_pending_cmd *cmd;
6414 bt_dev_dbg(hdev, "sock %p", sk);
6416 if (!lmp_sc_capable(hdev) &&
6417 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
6418 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6419 MGMT_STATUS_NOT_SUPPORTED);
6421 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6422 lmp_sc_capable(hdev) &&
6423 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
6424 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6425 MGMT_STATUS_REJECTED);
6427 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
6428 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6429 MGMT_STATUS_INVALID_PARAMS);
6433 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
6434 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
6438 changed = !hci_dev_test_and_set_flag(hdev,
6440 if (cp->val == 0x02)
6441 hci_dev_set_flag(hdev, HCI_SC_ONLY);
6443 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6445 changed = hci_dev_test_and_clear_flag(hdev,
6447 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
6450 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6455 err = new_settings(hdev, sk);
6462 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6463 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6464 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6468 cmd = mgmt_pending_new(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
6472 err = hci_cmd_sync_queue(hdev, set_secure_conn_sync, cmd,
6473 set_secure_conn_complete);
6476 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6477 MGMT_STATUS_FAILED);
6479 mgmt_pending_free(cmd);
6483 hci_dev_unlock(hdev);
6487 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
6488 void *data, u16 len)
6490 struct mgmt_mode *cp = data;
6491 bool changed, use_changed;
6494 bt_dev_dbg(hdev, "sock %p", sk);
6496 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
6497 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
6498 MGMT_STATUS_INVALID_PARAMS);
6503 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
6505 changed = hci_dev_test_and_clear_flag(hdev,
6506 HCI_KEEP_DEBUG_KEYS);
6508 if (cp->val == 0x02)
6509 use_changed = !hci_dev_test_and_set_flag(hdev,
6510 HCI_USE_DEBUG_KEYS);
6512 use_changed = hci_dev_test_and_clear_flag(hdev,
6513 HCI_USE_DEBUG_KEYS);
6515 if (hdev_is_powered(hdev) && use_changed &&
6516 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6517 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
6518 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
6519 sizeof(mode), &mode);
6522 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
6527 err = new_settings(hdev, sk);
6530 hci_dev_unlock(hdev);
6534 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
6537 struct mgmt_cp_set_privacy *cp = cp_data;
6541 bt_dev_dbg(hdev, "sock %p", sk);
6543 if (!lmp_le_capable(hdev))
6544 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
6545 MGMT_STATUS_NOT_SUPPORTED);
6547 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
6548 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
6549 MGMT_STATUS_INVALID_PARAMS);
6551 if (hdev_is_powered(hdev))
6552 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
6553 MGMT_STATUS_REJECTED);
6557 /* If user space supports this command it is also expected to
6558 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
6560 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
6563 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
6564 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
6565 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
6566 hci_adv_instances_set_rpa_expired(hdev, true);
6567 if (cp->privacy == 0x02)
6568 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
6570 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
6572 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
6573 memset(hdev->irk, 0, sizeof(hdev->irk));
6574 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
6575 hci_adv_instances_set_rpa_expired(hdev, false);
6576 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
6579 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
6584 err = new_settings(hdev, sk);
6587 hci_dev_unlock(hdev);
6591 static bool irk_is_valid(struct mgmt_irk_info *irk)
6593 switch (irk->addr.type) {
6594 case BDADDR_LE_PUBLIC:
6597 case BDADDR_LE_RANDOM:
6598 /* Two most significant bits shall be set */
6599 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
6607 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
6610 struct mgmt_cp_load_irks *cp = cp_data;
6611 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
6612 sizeof(struct mgmt_irk_info));
6613 u16 irk_count, expected_len;
6616 bt_dev_dbg(hdev, "sock %p", sk);
6618 if (!lmp_le_capable(hdev))
6619 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
6620 MGMT_STATUS_NOT_SUPPORTED);
6622 irk_count = __le16_to_cpu(cp->irk_count);
6623 if (irk_count > max_irk_count) {
6624 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
6626 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
6627 MGMT_STATUS_INVALID_PARAMS);
6630 expected_len = struct_size(cp, irks, irk_count);
6631 if (expected_len != len) {
6632 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
6634 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
6635 MGMT_STATUS_INVALID_PARAMS);
6638 bt_dev_dbg(hdev, "irk_count %u", irk_count);
6640 for (i = 0; i < irk_count; i++) {
6641 struct mgmt_irk_info *key = &cp->irks[i];
6643 if (!irk_is_valid(key))
6644 return mgmt_cmd_status(sk, hdev->id,
6646 MGMT_STATUS_INVALID_PARAMS);
6651 hci_smp_irks_clear(hdev);
6653 for (i = 0; i < irk_count; i++) {
6654 struct mgmt_irk_info *irk = &cp->irks[i];
6656 if (hci_is_blocked_key(hdev,
6657 HCI_BLOCKED_KEY_TYPE_IRK,
6659 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
6664 hci_add_irk(hdev, &irk->addr.bdaddr,
6665 le_addr_type(irk->addr.type), irk->val,
6669 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
6671 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
6673 hci_dev_unlock(hdev);
6678 static bool ltk_is_valid(struct mgmt_ltk_info *key)
6680 if (key->initiator != 0x00 && key->initiator != 0x01)
6683 switch (key->addr.type) {
6684 case BDADDR_LE_PUBLIC:
6687 case BDADDR_LE_RANDOM:
6688 /* Two most significant bits shall be set */
6689 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
6697 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
6698 void *cp_data, u16 len)
6700 struct mgmt_cp_load_long_term_keys *cp = cp_data;
6701 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
6702 sizeof(struct mgmt_ltk_info));
6703 u16 key_count, expected_len;
6706 bt_dev_dbg(hdev, "sock %p", sk);
6708 if (!lmp_le_capable(hdev))
6709 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6710 MGMT_STATUS_NOT_SUPPORTED);
6712 key_count = __le16_to_cpu(cp->key_count);
6713 if (key_count > max_key_count) {
6714 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
6716 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6717 MGMT_STATUS_INVALID_PARAMS);
6720 expected_len = struct_size(cp, keys, key_count);
6721 if (expected_len != len) {
6722 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
6724 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6725 MGMT_STATUS_INVALID_PARAMS);
6728 bt_dev_dbg(hdev, "key_count %u", key_count);
6730 for (i = 0; i < key_count; i++) {
6731 struct mgmt_ltk_info *key = &cp->keys[i];
6733 if (!ltk_is_valid(key))
6734 return mgmt_cmd_status(sk, hdev->id,
6735 MGMT_OP_LOAD_LONG_TERM_KEYS,
6736 MGMT_STATUS_INVALID_PARAMS);
6741 hci_smp_ltks_clear(hdev);
6743 for (i = 0; i < key_count; i++) {
6744 struct mgmt_ltk_info *key = &cp->keys[i];
6745 u8 type, authenticated;
6747 if (hci_is_blocked_key(hdev,
6748 HCI_BLOCKED_KEY_TYPE_LTK,
6750 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
6755 switch (key->type) {
6756 case MGMT_LTK_UNAUTHENTICATED:
6757 authenticated = 0x00;
6758 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
6760 case MGMT_LTK_AUTHENTICATED:
6761 authenticated = 0x01;
6762 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
6764 case MGMT_LTK_P256_UNAUTH:
6765 authenticated = 0x00;
6766 type = SMP_LTK_P256;
6768 case MGMT_LTK_P256_AUTH:
6769 authenticated = 0x01;
6770 type = SMP_LTK_P256;
6772 case MGMT_LTK_P256_DEBUG:
6773 authenticated = 0x00;
6774 type = SMP_LTK_P256_DEBUG;
6780 hci_add_ltk(hdev, &key->addr.bdaddr,
6781 le_addr_type(key->addr.type), type, authenticated,
6782 key->val, key->enc_size, key->ediv, key->rand);
6785 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
6788 hci_dev_unlock(hdev);
6793 static void get_conn_info_complete(struct hci_dev *hdev, void *data, int err)
6795 struct mgmt_pending_cmd *cmd = data;
6796 struct hci_conn *conn = cmd->user_data;
6797 struct mgmt_cp_get_conn_info *cp = cmd->param;
6798 struct mgmt_rp_get_conn_info rp;
6801 bt_dev_dbg(hdev, "err %d", err);
6803 memcpy(&rp.addr, &cp->addr.bdaddr, sizeof(rp.addr));
6805 status = mgmt_status(err);
6806 if (status == MGMT_STATUS_SUCCESS) {
6807 rp.rssi = conn->rssi;
6808 rp.tx_power = conn->tx_power;
6809 rp.max_tx_power = conn->max_tx_power;
6811 rp.rssi = HCI_RSSI_INVALID;
6812 rp.tx_power = HCI_TX_POWER_INVALID;
6813 rp.max_tx_power = HCI_TX_POWER_INVALID;
6816 mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
6819 mgmt_pending_free(cmd);
6822 static int get_conn_info_sync(struct hci_dev *hdev, void *data)
6824 struct mgmt_pending_cmd *cmd = data;
6825 struct mgmt_cp_get_conn_info *cp = cmd->param;
6826 struct hci_conn *conn;
6830 /* Make sure we are still connected */
6831 if (cp->addr.type == BDADDR_BREDR)
6832 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6835 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
6837 if (!conn || conn->state != BT_CONNECTED)
6838 return MGMT_STATUS_NOT_CONNECTED;
6840 cmd->user_data = conn;
6841 handle = cpu_to_le16(conn->handle);
6843 /* Refresh RSSI each time */
6844 err = hci_read_rssi_sync(hdev, handle);
6846 /* For LE links TX power does not change thus we don't need to
6847 * query for it once value is known.
6849 if (!err && (!bdaddr_type_is_le(cp->addr.type) ||
6850 conn->tx_power == HCI_TX_POWER_INVALID))
6851 err = hci_read_tx_power_sync(hdev, handle, 0x00);
6853 /* Max TX power needs to be read only once per connection */
6854 if (!err && conn->max_tx_power == HCI_TX_POWER_INVALID)
6855 err = hci_read_tx_power_sync(hdev, handle, 0x01);
6860 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
6863 struct mgmt_cp_get_conn_info *cp = data;
6864 struct mgmt_rp_get_conn_info rp;
6865 struct hci_conn *conn;
6866 unsigned long conn_info_age;
6869 bt_dev_dbg(hdev, "sock %p", sk);
6871 memset(&rp, 0, sizeof(rp));
6872 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6873 rp.addr.type = cp->addr.type;
6875 if (!bdaddr_type_is_valid(cp->addr.type))
6876 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6877 MGMT_STATUS_INVALID_PARAMS,
6882 if (!hdev_is_powered(hdev)) {
6883 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6884 MGMT_STATUS_NOT_POWERED, &rp,
6889 if (cp->addr.type == BDADDR_BREDR)
6890 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6893 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
6895 if (!conn || conn->state != BT_CONNECTED) {
6896 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6897 MGMT_STATUS_NOT_CONNECTED, &rp,
6902 /* To avoid client trying to guess when to poll again for information we
6903 * calculate conn info age as random value between min/max set in hdev.
6905 conn_info_age = hdev->conn_info_min_age +
6906 prandom_u32_max(hdev->conn_info_max_age -
6907 hdev->conn_info_min_age);
6909 /* Query controller to refresh cached values if they are too old or were
6912 if (time_after(jiffies, conn->conn_info_timestamp +
6913 msecs_to_jiffies(conn_info_age)) ||
6914 !conn->conn_info_timestamp) {
6915 struct mgmt_pending_cmd *cmd;
6917 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CONN_INFO, hdev, data,
6922 err = hci_cmd_sync_queue(hdev, get_conn_info_sync,
6923 cmd, get_conn_info_complete);
6927 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6928 MGMT_STATUS_FAILED, &rp, sizeof(rp));
6931 mgmt_pending_free(cmd);
6936 conn->conn_info_timestamp = jiffies;
6938 /* Cache is valid, just reply with values cached in hci_conn */
6939 rp.rssi = conn->rssi;
6940 rp.tx_power = conn->tx_power;
6941 rp.max_tx_power = conn->max_tx_power;
6943 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6944 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6948 hci_dev_unlock(hdev);
6952 static void get_clock_info_complete(struct hci_dev *hdev, void *data, int err)
6954 struct mgmt_pending_cmd *cmd = data;
6955 struct mgmt_cp_get_clock_info *cp = cmd->param;
6956 struct mgmt_rp_get_clock_info rp;
6957 struct hci_conn *conn = cmd->user_data;
6958 u8 status = mgmt_status(err);
6960 bt_dev_dbg(hdev, "err %d", err);
6962 memset(&rp, 0, sizeof(rp));
6963 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6964 rp.addr.type = cp->addr.type;
6969 rp.local_clock = cpu_to_le32(hdev->clock);
6972 rp.piconet_clock = cpu_to_le32(conn->clock);
6973 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
6977 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
6980 mgmt_pending_free(cmd);
6983 static int get_clock_info_sync(struct hci_dev *hdev, void *data)
6985 struct mgmt_pending_cmd *cmd = data;
6986 struct mgmt_cp_get_clock_info *cp = cmd->param;
6987 struct hci_cp_read_clock hci_cp;
6988 struct hci_conn *conn;
6990 memset(&hci_cp, 0, sizeof(hci_cp));
6991 hci_read_clock_sync(hdev, &hci_cp);
6993 /* Make sure connection still exists */
6994 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
6995 if (!conn || conn->state != BT_CONNECTED)
6996 return MGMT_STATUS_NOT_CONNECTED;
6998 cmd->user_data = conn;
6999 hci_cp.handle = cpu_to_le16(conn->handle);
7000 hci_cp.which = 0x01; /* Piconet clock */
7002 return hci_read_clock_sync(hdev, &hci_cp);
7005 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
7008 struct mgmt_cp_get_clock_info *cp = data;
7009 struct mgmt_rp_get_clock_info rp;
7010 struct mgmt_pending_cmd *cmd;
7011 struct hci_conn *conn;
7014 bt_dev_dbg(hdev, "sock %p", sk);
7016 memset(&rp, 0, sizeof(rp));
7017 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7018 rp.addr.type = cp->addr.type;
7020 if (cp->addr.type != BDADDR_BREDR)
7021 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7022 MGMT_STATUS_INVALID_PARAMS,
7027 if (!hdev_is_powered(hdev)) {
7028 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7029 MGMT_STATUS_NOT_POWERED, &rp,
7034 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
7035 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7037 if (!conn || conn->state != BT_CONNECTED) {
7038 err = mgmt_cmd_complete(sk, hdev->id,
7039 MGMT_OP_GET_CLOCK_INFO,
7040 MGMT_STATUS_NOT_CONNECTED,
7048 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
7052 err = hci_cmd_sync_queue(hdev, get_clock_info_sync, cmd,
7053 get_clock_info_complete);
7056 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7057 MGMT_STATUS_FAILED, &rp, sizeof(rp));
7060 mgmt_pending_free(cmd);
7065 hci_dev_unlock(hdev);
7069 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
7071 struct hci_conn *conn;
7073 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
7077 if (conn->dst_type != type)
7080 if (conn->state != BT_CONNECTED)
7086 /* This function requires the caller holds hdev->lock */
7087 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
7088 u8 addr_type, u8 auto_connect)
7090 struct hci_conn_params *params;
7092 params = hci_conn_params_add(hdev, addr, addr_type);
7096 if (params->auto_connect == auto_connect)
7099 list_del_init(¶ms->action);
7101 switch (auto_connect) {
7102 case HCI_AUTO_CONN_DISABLED:
7103 case HCI_AUTO_CONN_LINK_LOSS:
7104 /* If auto connect is being disabled when we're trying to
7105 * connect to device, keep connecting.
7107 if (params->explicit_connect)
7108 list_add(¶ms->action, &hdev->pend_le_conns);
7110 case HCI_AUTO_CONN_REPORT:
7111 if (params->explicit_connect)
7112 list_add(¶ms->action, &hdev->pend_le_conns);
7114 list_add(¶ms->action, &hdev->pend_le_reports);
7116 case HCI_AUTO_CONN_DIRECT:
7117 case HCI_AUTO_CONN_ALWAYS:
7118 if (!is_connected(hdev, addr, addr_type))
7119 list_add(¶ms->action, &hdev->pend_le_conns);
7123 params->auto_connect = auto_connect;
7125 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u",
7126 addr, addr_type, auto_connect);
7131 static void device_added(struct sock *sk, struct hci_dev *hdev,
7132 bdaddr_t *bdaddr, u8 type, u8 action)
7134 struct mgmt_ev_device_added ev;
7136 bacpy(&ev.addr.bdaddr, bdaddr);
7137 ev.addr.type = type;
7140 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
7143 static int add_device_sync(struct hci_dev *hdev, void *data)
7145 return hci_update_passive_scan_sync(hdev);
7148 static int add_device(struct sock *sk, struct hci_dev *hdev,
7149 void *data, u16 len)
7151 struct mgmt_cp_add_device *cp = data;
7152 u8 auto_conn, addr_type;
7153 struct hci_conn_params *params;
7155 u32 current_flags = 0;
7156 u32 supported_flags;
7158 bt_dev_dbg(hdev, "sock %p", sk);
7160 if (!bdaddr_type_is_valid(cp->addr.type) ||
7161 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
7162 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7163 MGMT_STATUS_INVALID_PARAMS,
7164 &cp->addr, sizeof(cp->addr));
7166 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
7167 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7168 MGMT_STATUS_INVALID_PARAMS,
7169 &cp->addr, sizeof(cp->addr));
7173 if (cp->addr.type == BDADDR_BREDR) {
7174 /* Only incoming connections action is supported for now */
7175 if (cp->action != 0x01) {
7176 err = mgmt_cmd_complete(sk, hdev->id,
7178 MGMT_STATUS_INVALID_PARAMS,
7179 &cp->addr, sizeof(cp->addr));
7183 err = hci_bdaddr_list_add_with_flags(&hdev->accept_list,
7189 hci_update_scan(hdev);
7194 addr_type = le_addr_type(cp->addr.type);
7196 if (cp->action == 0x02)
7197 auto_conn = HCI_AUTO_CONN_ALWAYS;
7198 else if (cp->action == 0x01)
7199 auto_conn = HCI_AUTO_CONN_DIRECT;
7201 auto_conn = HCI_AUTO_CONN_REPORT;
7203 /* Kernel internally uses conn_params with resolvable private
7204 * address, but Add Device allows only identity addresses.
7205 * Make sure it is enforced before calling
7206 * hci_conn_params_lookup.
7208 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
7209 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7210 MGMT_STATUS_INVALID_PARAMS,
7211 &cp->addr, sizeof(cp->addr));
7215 /* If the connection parameters don't exist for this device,
7216 * they will be created and configured with defaults.
7218 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
7220 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7221 MGMT_STATUS_FAILED, &cp->addr,
7225 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
7228 current_flags = params->flags;
7231 err = hci_cmd_sync_queue(hdev, add_device_sync, NULL, NULL);
7236 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
7237 supported_flags = hdev->conn_flags;
7238 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type,
7239 supported_flags, current_flags);
7241 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7242 MGMT_STATUS_SUCCESS, &cp->addr,
7246 hci_dev_unlock(hdev);
7250 static void device_removed(struct sock *sk, struct hci_dev *hdev,
7251 bdaddr_t *bdaddr, u8 type)
7253 struct mgmt_ev_device_removed ev;
7255 bacpy(&ev.addr.bdaddr, bdaddr);
7256 ev.addr.type = type;
7258 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
7261 static int remove_device_sync(struct hci_dev *hdev, void *data)
7263 return hci_update_passive_scan_sync(hdev);
7266 static int remove_device(struct sock *sk, struct hci_dev *hdev,
7267 void *data, u16 len)
7269 struct mgmt_cp_remove_device *cp = data;
7272 bt_dev_dbg(hdev, "sock %p", sk);
7276 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
7277 struct hci_conn_params *params;
7280 if (!bdaddr_type_is_valid(cp->addr.type)) {
7281 err = mgmt_cmd_complete(sk, hdev->id,
7282 MGMT_OP_REMOVE_DEVICE,
7283 MGMT_STATUS_INVALID_PARAMS,
7284 &cp->addr, sizeof(cp->addr));
7288 if (cp->addr.type == BDADDR_BREDR) {
7289 err = hci_bdaddr_list_del(&hdev->accept_list,
7293 err = mgmt_cmd_complete(sk, hdev->id,
7294 MGMT_OP_REMOVE_DEVICE,
7295 MGMT_STATUS_INVALID_PARAMS,
7301 hci_update_scan(hdev);
7303 device_removed(sk, hdev, &cp->addr.bdaddr,
7308 addr_type = le_addr_type(cp->addr.type);
7310 /* Kernel internally uses conn_params with resolvable private
7311 * address, but Remove Device allows only identity addresses.
7312 * Make sure it is enforced before calling
7313 * hci_conn_params_lookup.
7315 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
7316 err = mgmt_cmd_complete(sk, hdev->id,
7317 MGMT_OP_REMOVE_DEVICE,
7318 MGMT_STATUS_INVALID_PARAMS,
7319 &cp->addr, sizeof(cp->addr));
7323 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
7326 err = mgmt_cmd_complete(sk, hdev->id,
7327 MGMT_OP_REMOVE_DEVICE,
7328 MGMT_STATUS_INVALID_PARAMS,
7329 &cp->addr, sizeof(cp->addr));
7333 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
7334 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
7335 err = mgmt_cmd_complete(sk, hdev->id,
7336 MGMT_OP_REMOVE_DEVICE,
7337 MGMT_STATUS_INVALID_PARAMS,
7338 &cp->addr, sizeof(cp->addr));
7342 list_del(¶ms->action);
7343 list_del(¶ms->list);
7346 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
7348 struct hci_conn_params *p, *tmp;
7349 struct bdaddr_list *b, *btmp;
7351 if (cp->addr.type) {
7352 err = mgmt_cmd_complete(sk, hdev->id,
7353 MGMT_OP_REMOVE_DEVICE,
7354 MGMT_STATUS_INVALID_PARAMS,
7355 &cp->addr, sizeof(cp->addr));
7359 list_for_each_entry_safe(b, btmp, &hdev->accept_list, list) {
7360 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
7365 hci_update_scan(hdev);
7367 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
7368 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
7370 device_removed(sk, hdev, &p->addr, p->addr_type);
7371 if (p->explicit_connect) {
7372 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
7375 list_del(&p->action);
7380 bt_dev_dbg(hdev, "All LE connection parameters were removed");
7383 hci_cmd_sync_queue(hdev, remove_device_sync, NULL, NULL);
7386 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
7387 MGMT_STATUS_SUCCESS, &cp->addr,
7390 hci_dev_unlock(hdev);
7394 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
7397 struct mgmt_cp_load_conn_param *cp = data;
7398 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
7399 sizeof(struct mgmt_conn_param));
7400 u16 param_count, expected_len;
7403 if (!lmp_le_capable(hdev))
7404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7405 MGMT_STATUS_NOT_SUPPORTED);
7407 param_count = __le16_to_cpu(cp->param_count);
7408 if (param_count > max_param_count) {
7409 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
7411 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7412 MGMT_STATUS_INVALID_PARAMS);
7415 expected_len = struct_size(cp, params, param_count);
7416 if (expected_len != len) {
7417 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
7419 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7420 MGMT_STATUS_INVALID_PARAMS);
7423 bt_dev_dbg(hdev, "param_count %u", param_count);
7427 hci_conn_params_clear_disabled(hdev);
7429 for (i = 0; i < param_count; i++) {
7430 struct mgmt_conn_param *param = &cp->params[i];
7431 struct hci_conn_params *hci_param;
7432 u16 min, max, latency, timeout;
7435 bt_dev_dbg(hdev, "Adding %pMR (type %u)", ¶m->addr.bdaddr,
7438 if (param->addr.type == BDADDR_LE_PUBLIC) {
7439 addr_type = ADDR_LE_DEV_PUBLIC;
7440 } else if (param->addr.type == BDADDR_LE_RANDOM) {
7441 addr_type = ADDR_LE_DEV_RANDOM;
7443 bt_dev_err(hdev, "ignoring invalid connection parameters");
7447 min = le16_to_cpu(param->min_interval);
7448 max = le16_to_cpu(param->max_interval);
7449 latency = le16_to_cpu(param->latency);
7450 timeout = le16_to_cpu(param->timeout);
7452 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
7453 min, max, latency, timeout);
7455 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
7456 bt_dev_err(hdev, "ignoring invalid connection parameters");
7460 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
7463 bt_dev_err(hdev, "failed to add connection parameters");
7467 hci_param->conn_min_interval = min;
7468 hci_param->conn_max_interval = max;
7469 hci_param->conn_latency = latency;
7470 hci_param->supervision_timeout = timeout;
7473 hci_dev_unlock(hdev);
7475 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
7479 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
7480 void *data, u16 len)
7482 struct mgmt_cp_set_external_config *cp = data;
7486 bt_dev_dbg(hdev, "sock %p", sk);
7488 if (hdev_is_powered(hdev))
7489 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7490 MGMT_STATUS_REJECTED);
7492 if (cp->config != 0x00 && cp->config != 0x01)
7493 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7494 MGMT_STATUS_INVALID_PARAMS);
7496 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
7497 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7498 MGMT_STATUS_NOT_SUPPORTED);
7503 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
7505 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
7507 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
7514 err = new_options(hdev, sk);
7516 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
7517 mgmt_index_removed(hdev);
7519 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
7520 hci_dev_set_flag(hdev, HCI_CONFIG);
7521 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
7523 queue_work(hdev->req_workqueue, &hdev->power_on);
7525 set_bit(HCI_RAW, &hdev->flags);
7526 mgmt_index_added(hdev);
7531 hci_dev_unlock(hdev);
7535 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
7536 void *data, u16 len)
7538 struct mgmt_cp_set_public_address *cp = data;
7542 bt_dev_dbg(hdev, "sock %p", sk);
7544 if (hdev_is_powered(hdev))
7545 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7546 MGMT_STATUS_REJECTED);
7548 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
7549 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7550 MGMT_STATUS_INVALID_PARAMS);
7552 if (!hdev->set_bdaddr)
7553 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7554 MGMT_STATUS_NOT_SUPPORTED);
7558 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
7559 bacpy(&hdev->public_addr, &cp->bdaddr);
7561 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
7568 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
7569 err = new_options(hdev, sk);
7571 if (is_configured(hdev)) {
7572 mgmt_index_removed(hdev);
7574 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
7576 hci_dev_set_flag(hdev, HCI_CONFIG);
7577 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
7579 queue_work(hdev->req_workqueue, &hdev->power_on);
7583 hci_dev_unlock(hdev);
7587 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, void *data,
7590 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
7591 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
7592 u8 *h192, *r192, *h256, *r256;
7593 struct mgmt_pending_cmd *cmd = data;
7594 struct sk_buff *skb = cmd->skb;
7595 u8 status = mgmt_status(err);
7598 if (cmd != pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev))
7603 status = MGMT_STATUS_FAILED;
7604 else if (IS_ERR(skb))
7605 status = mgmt_status(PTR_ERR(skb));
7607 status = mgmt_status(skb->data[0]);
7610 bt_dev_dbg(hdev, "status %u", status);
7612 mgmt_cp = cmd->param;
7615 status = mgmt_status(status);
7622 } else if (!bredr_sc_enabled(hdev)) {
7623 struct hci_rp_read_local_oob_data *rp;
7625 if (skb->len != sizeof(*rp)) {
7626 status = MGMT_STATUS_FAILED;
7629 status = MGMT_STATUS_SUCCESS;
7630 rp = (void *)skb->data;
7632 eir_len = 5 + 18 + 18;
7639 struct hci_rp_read_local_oob_ext_data *rp;
7641 if (skb->len != sizeof(*rp)) {
7642 status = MGMT_STATUS_FAILED;
7645 status = MGMT_STATUS_SUCCESS;
7646 rp = (void *)skb->data;
7648 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
7649 eir_len = 5 + 18 + 18;
7653 eir_len = 5 + 18 + 18 + 18 + 18;
7663 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
7670 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
7671 hdev->dev_class, 3);
7674 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7675 EIR_SSP_HASH_C192, h192, 16);
7676 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7677 EIR_SSP_RAND_R192, r192, 16);
7681 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7682 EIR_SSP_HASH_C256, h256, 16);
7683 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7684 EIR_SSP_RAND_R256, r256, 16);
7688 mgmt_rp->type = mgmt_cp->type;
7689 mgmt_rp->eir_len = cpu_to_le16(eir_len);
7691 err = mgmt_cmd_complete(cmd->sk, hdev->id,
7692 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
7693 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
7694 if (err < 0 || status)
7697 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
7699 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
7700 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
7701 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
7703 if (skb && !IS_ERR(skb))
7707 mgmt_pending_remove(cmd);
7710 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
7711 struct mgmt_cp_read_local_oob_ext_data *cp)
7713 struct mgmt_pending_cmd *cmd;
7716 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
7721 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd,
7722 read_local_oob_ext_data_complete);
7725 mgmt_pending_remove(cmd);
7732 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
7733 void *data, u16 data_len)
7735 struct mgmt_cp_read_local_oob_ext_data *cp = data;
7736 struct mgmt_rp_read_local_oob_ext_data *rp;
7739 u8 status, flags, role, addr[7], hash[16], rand[16];
7742 bt_dev_dbg(hdev, "sock %p", sk);
7744 if (hdev_is_powered(hdev)) {
7746 case BIT(BDADDR_BREDR):
7747 status = mgmt_bredr_support(hdev);
7753 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
7754 status = mgmt_le_support(hdev);
7758 eir_len = 9 + 3 + 18 + 18 + 3;
7761 status = MGMT_STATUS_INVALID_PARAMS;
7766 status = MGMT_STATUS_NOT_POWERED;
7770 rp_len = sizeof(*rp) + eir_len;
7771 rp = kmalloc(rp_len, GFP_ATOMIC);
7775 if (!status && !lmp_ssp_capable(hdev)) {
7776 status = MGMT_STATUS_NOT_SUPPORTED;
7787 case BIT(BDADDR_BREDR):
7788 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7789 err = read_local_ssp_oob_req(hdev, sk, cp);
7790 hci_dev_unlock(hdev);
7794 status = MGMT_STATUS_FAILED;
7797 eir_len = eir_append_data(rp->eir, eir_len,
7799 hdev->dev_class, 3);
7802 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
7803 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
7804 smp_generate_oob(hdev, hash, rand) < 0) {
7805 hci_dev_unlock(hdev);
7806 status = MGMT_STATUS_FAILED;
7810 /* This should return the active RPA, but since the RPA
7811 * is only programmed on demand, it is really hard to fill
7812 * this in at the moment. For now disallow retrieving
7813 * local out-of-band data when privacy is in use.
7815 * Returning the identity address will not help here since
7816 * pairing happens before the identity resolving key is
7817 * known and thus the connection establishment happens
7818 * based on the RPA and not the identity address.
7820 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
7821 hci_dev_unlock(hdev);
7822 status = MGMT_STATUS_REJECTED;
7826 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
7827 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
7828 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
7829 bacmp(&hdev->static_addr, BDADDR_ANY))) {
7830 memcpy(addr, &hdev->static_addr, 6);
7833 memcpy(addr, &hdev->bdaddr, 6);
7837 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
7838 addr, sizeof(addr));
7840 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7845 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
7846 &role, sizeof(role));
7848 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
7849 eir_len = eir_append_data(rp->eir, eir_len,
7851 hash, sizeof(hash));
7853 eir_len = eir_append_data(rp->eir, eir_len,
7855 rand, sizeof(rand));
7858 flags = mgmt_get_adv_discov_flags(hdev);
7860 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
7861 flags |= LE_AD_NO_BREDR;
7863 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
7864 &flags, sizeof(flags));
7868 hci_dev_unlock(hdev);
7870 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
7872 status = MGMT_STATUS_SUCCESS;
7875 rp->type = cp->type;
7876 rp->eir_len = cpu_to_le16(eir_len);
7878 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
7879 status, rp, sizeof(*rp) + eir_len);
7880 if (err < 0 || status)
7883 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
7884 rp, sizeof(*rp) + eir_len,
7885 HCI_MGMT_OOB_DATA_EVENTS, sk);
7893 static u32 get_supported_adv_flags(struct hci_dev *hdev)
7897 flags |= MGMT_ADV_FLAG_CONNECTABLE;
7898 flags |= MGMT_ADV_FLAG_DISCOV;
7899 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
7900 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
7901 flags |= MGMT_ADV_FLAG_APPEARANCE;
7902 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
7903 flags |= MGMT_ADV_PARAM_DURATION;
7904 flags |= MGMT_ADV_PARAM_TIMEOUT;
7905 flags |= MGMT_ADV_PARAM_INTERVALS;
7906 flags |= MGMT_ADV_PARAM_TX_POWER;
7907 flags |= MGMT_ADV_PARAM_SCAN_RSP;
7909 /* In extended adv TX_POWER returned from Set Adv Param
7910 * will be always valid.
7912 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
7913 ext_adv_capable(hdev))
7914 flags |= MGMT_ADV_FLAG_TX_POWER;
7916 if (ext_adv_capable(hdev)) {
7917 flags |= MGMT_ADV_FLAG_SEC_1M;
7918 flags |= MGMT_ADV_FLAG_HW_OFFLOAD;
7919 flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER;
7921 if (hdev->le_features[1] & HCI_LE_PHY_2M)
7922 flags |= MGMT_ADV_FLAG_SEC_2M;
7924 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
7925 flags |= MGMT_ADV_FLAG_SEC_CODED;
7931 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
7932 void *data, u16 data_len)
7934 struct mgmt_rp_read_adv_features *rp;
7937 struct adv_info *adv_instance;
7938 u32 supported_flags;
7941 bt_dev_dbg(hdev, "sock %p", sk);
7943 if (!lmp_le_capable(hdev))
7944 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7945 MGMT_STATUS_REJECTED);
7949 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
7950 rp = kmalloc(rp_len, GFP_ATOMIC);
7952 hci_dev_unlock(hdev);
7956 supported_flags = get_supported_adv_flags(hdev);
7958 rp->supported_flags = cpu_to_le32(supported_flags);
7959 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
7960 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
7961 rp->max_instances = hdev->le_num_of_adv_sets;
7962 rp->num_instances = hdev->adv_instance_cnt;
7964 instance = rp->instance;
7965 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
7966 *instance = adv_instance->instance;
7970 hci_dev_unlock(hdev);
7972 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7973 MGMT_STATUS_SUCCESS, rp, rp_len);
7980 static u8 calculate_name_len(struct hci_dev *hdev)
7982 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
7984 return eir_append_local_name(hdev, buf, 0);
7987 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
7990 u8 max_len = HCI_MAX_AD_LENGTH;
7993 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
7994 MGMT_ADV_FLAG_LIMITED_DISCOV |
7995 MGMT_ADV_FLAG_MANAGED_FLAGS))
7998 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
8001 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
8002 max_len -= calculate_name_len(hdev);
8004 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
8011 static bool flags_managed(u32 adv_flags)
8013 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
8014 MGMT_ADV_FLAG_LIMITED_DISCOV |
8015 MGMT_ADV_FLAG_MANAGED_FLAGS);
8018 static bool tx_power_managed(u32 adv_flags)
8020 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
8023 static bool name_managed(u32 adv_flags)
8025 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
8028 static bool appearance_managed(u32 adv_flags)
8030 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
8033 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
8034 u8 len, bool is_adv_data)
8039 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
8044 /* Make sure that the data is correctly formatted. */
8045 for (i = 0; i < len; i += (cur_len + 1)) {
8051 if (data[i + 1] == EIR_FLAGS &&
8052 (!is_adv_data || flags_managed(adv_flags)))
8055 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
8058 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
8061 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
8064 if (data[i + 1] == EIR_APPEARANCE &&
8065 appearance_managed(adv_flags))
8068 /* If the current field length would exceed the total data
8069 * length, then it's invalid.
8071 if (i + cur_len >= len)
8078 static bool requested_adv_flags_are_valid(struct hci_dev *hdev, u32 adv_flags)
8080 u32 supported_flags, phy_flags;
8082 /* The current implementation only supports a subset of the specified
8083 * flags. Also need to check mutual exclusiveness of sec flags.
8085 supported_flags = get_supported_adv_flags(hdev);
8086 phy_flags = adv_flags & MGMT_ADV_FLAG_SEC_MASK;
8087 if (adv_flags & ~supported_flags ||
8088 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
8094 static bool adv_busy(struct hci_dev *hdev)
8096 return pending_find(MGMT_OP_SET_LE, hdev);
8099 static void add_adv_complete(struct hci_dev *hdev, struct sock *sk, u8 instance,
8102 struct adv_info *adv, *n;
8104 bt_dev_dbg(hdev, "err %d", err);
8108 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) {
8115 adv->pending = false;
8119 instance = adv->instance;
8121 if (hdev->cur_adv_instance == instance)
8122 cancel_adv_timeout(hdev);
8124 hci_remove_adv_instance(hdev, instance);
8125 mgmt_advertising_removed(sk, hdev, instance);
8128 hci_dev_unlock(hdev);
8131 static void add_advertising_complete(struct hci_dev *hdev, void *data, int err)
8133 struct mgmt_pending_cmd *cmd = data;
8134 struct mgmt_cp_add_advertising *cp = cmd->param;
8135 struct mgmt_rp_add_advertising rp;
8137 memset(&rp, 0, sizeof(rp));
8139 rp.instance = cp->instance;
8142 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
8145 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
8146 mgmt_status(err), &rp, sizeof(rp));
8148 add_adv_complete(hdev, cmd->sk, cp->instance, err);
8150 mgmt_pending_free(cmd);
8153 static int add_advertising_sync(struct hci_dev *hdev, void *data)
8155 struct mgmt_pending_cmd *cmd = data;
8156 struct mgmt_cp_add_advertising *cp = cmd->param;
8158 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
8161 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
8162 void *data, u16 data_len)
8164 struct mgmt_cp_add_advertising *cp = data;
8165 struct mgmt_rp_add_advertising rp;
8168 u16 timeout, duration;
8169 unsigned int prev_instance_cnt;
8170 u8 schedule_instance = 0;
8171 struct adv_info *adv, *next_instance;
8173 struct mgmt_pending_cmd *cmd;
8175 bt_dev_dbg(hdev, "sock %p", sk);
8177 status = mgmt_le_support(hdev);
8179 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8182 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
8183 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8184 MGMT_STATUS_INVALID_PARAMS);
8186 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
8187 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8188 MGMT_STATUS_INVALID_PARAMS);
8190 flags = __le32_to_cpu(cp->flags);
8191 timeout = __le16_to_cpu(cp->timeout);
8192 duration = __le16_to_cpu(cp->duration);
8194 if (!requested_adv_flags_are_valid(hdev, flags))
8195 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8196 MGMT_STATUS_INVALID_PARAMS);
8200 if (timeout && !hdev_is_powered(hdev)) {
8201 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8202 MGMT_STATUS_REJECTED);
8206 if (adv_busy(hdev)) {
8207 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8212 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
8213 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
8214 cp->scan_rsp_len, false)) {
8215 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8216 MGMT_STATUS_INVALID_PARAMS);
8220 prev_instance_cnt = hdev->adv_instance_cnt;
8222 adv = hci_add_adv_instance(hdev, cp->instance, flags,
8223 cp->adv_data_len, cp->data,
8225 cp->data + cp->adv_data_len,
8227 HCI_ADV_TX_POWER_NO_PREFERENCE,
8228 hdev->le_adv_min_interval,
8229 hdev->le_adv_max_interval);
8231 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8232 MGMT_STATUS_FAILED);
8236 /* Only trigger an advertising added event if a new instance was
8239 if (hdev->adv_instance_cnt > prev_instance_cnt)
8240 mgmt_advertising_added(sk, hdev, cp->instance);
8242 if (hdev->cur_adv_instance == cp->instance) {
8243 /* If the currently advertised instance is being changed then
8244 * cancel the current advertising and schedule the next
8245 * instance. If there is only one instance then the overridden
8246 * advertising data will be visible right away.
8248 cancel_adv_timeout(hdev);
8250 next_instance = hci_get_next_instance(hdev, cp->instance);
8252 schedule_instance = next_instance->instance;
8253 } else if (!hdev->adv_instance_timeout) {
8254 /* Immediately advertise the new instance if no other
8255 * instance is currently being advertised.
8257 schedule_instance = cp->instance;
8260 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
8261 * there is no instance to be advertised then we have no HCI
8262 * communication to make. Simply return.
8264 if (!hdev_is_powered(hdev) ||
8265 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
8266 !schedule_instance) {
8267 rp.instance = cp->instance;
8268 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8269 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8273 /* We're good to go, update advertising data, parameters, and start
8276 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
8283 cp->instance = schedule_instance;
8285 err = hci_cmd_sync_queue(hdev, add_advertising_sync, cmd,
8286 add_advertising_complete);
8288 mgmt_pending_free(cmd);
8291 hci_dev_unlock(hdev);
8296 static void add_ext_adv_params_complete(struct hci_dev *hdev, void *data,
8299 struct mgmt_pending_cmd *cmd = data;
8300 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
8301 struct mgmt_rp_add_ext_adv_params rp;
8302 struct adv_info *adv;
8305 BT_DBG("%s", hdev->name);
8309 adv = hci_find_adv_instance(hdev, cp->instance);
8313 rp.instance = cp->instance;
8314 rp.tx_power = adv->tx_power;
8316 /* While we're at it, inform userspace of the available space for this
8317 * advertisement, given the flags that will be used.
8319 flags = __le32_to_cpu(cp->flags);
8320 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8321 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8324 /* If this advertisement was previously advertising and we
8325 * failed to update it, we signal that it has been removed and
8326 * delete its structure
8329 mgmt_advertising_removed(cmd->sk, hdev, cp->instance);
8331 hci_remove_adv_instance(hdev, cp->instance);
8333 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
8336 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
8337 mgmt_status(err), &rp, sizeof(rp));
8342 mgmt_pending_free(cmd);
8344 hci_dev_unlock(hdev);
8347 static int add_ext_adv_params_sync(struct hci_dev *hdev, void *data)
8349 struct mgmt_pending_cmd *cmd = data;
8350 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
8352 return hci_setup_ext_adv_instance_sync(hdev, cp->instance);
8355 static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev,
8356 void *data, u16 data_len)
8358 struct mgmt_cp_add_ext_adv_params *cp = data;
8359 struct mgmt_rp_add_ext_adv_params rp;
8360 struct mgmt_pending_cmd *cmd = NULL;
8361 struct adv_info *adv;
8362 u32 flags, min_interval, max_interval;
8363 u16 timeout, duration;
8368 BT_DBG("%s", hdev->name);
8370 status = mgmt_le_support(hdev);
8372 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8375 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
8376 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8377 MGMT_STATUS_INVALID_PARAMS);
8379 /* The purpose of breaking add_advertising into two separate MGMT calls
8380 * for params and data is to allow more parameters to be added to this
8381 * structure in the future. For this reason, we verify that we have the
8382 * bare minimum structure we know of when the interface was defined. Any
8383 * extra parameters we don't know about will be ignored in this request.
8385 if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE)
8386 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8387 MGMT_STATUS_INVALID_PARAMS);
8389 flags = __le32_to_cpu(cp->flags);
8391 if (!requested_adv_flags_are_valid(hdev, flags))
8392 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8393 MGMT_STATUS_INVALID_PARAMS);
8397 /* In new interface, we require that we are powered to register */
8398 if (!hdev_is_powered(hdev)) {
8399 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8400 MGMT_STATUS_REJECTED);
8404 if (adv_busy(hdev)) {
8405 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8410 /* Parse defined parameters from request, use defaults otherwise */
8411 timeout = (flags & MGMT_ADV_PARAM_TIMEOUT) ?
8412 __le16_to_cpu(cp->timeout) : 0;
8414 duration = (flags & MGMT_ADV_PARAM_DURATION) ?
8415 __le16_to_cpu(cp->duration) :
8416 hdev->def_multi_adv_rotation_duration;
8418 min_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
8419 __le32_to_cpu(cp->min_interval) :
8420 hdev->le_adv_min_interval;
8422 max_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
8423 __le32_to_cpu(cp->max_interval) :
8424 hdev->le_adv_max_interval;
8426 tx_power = (flags & MGMT_ADV_PARAM_TX_POWER) ?
8428 HCI_ADV_TX_POWER_NO_PREFERENCE;
8430 /* Create advertising instance with no advertising or response data */
8431 adv = hci_add_adv_instance(hdev, cp->instance, flags, 0, NULL, 0, NULL,
8432 timeout, duration, tx_power, min_interval,
8436 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8437 MGMT_STATUS_FAILED);
8441 /* Submit request for advertising params if ext adv available */
8442 if (ext_adv_capable(hdev)) {
8443 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_PARAMS, hdev,
8447 hci_remove_adv_instance(hdev, cp->instance);
8451 err = hci_cmd_sync_queue(hdev, add_ext_adv_params_sync, cmd,
8452 add_ext_adv_params_complete);
8454 mgmt_pending_free(cmd);
8456 rp.instance = cp->instance;
8457 rp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE;
8458 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8459 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8460 err = mgmt_cmd_complete(sk, hdev->id,
8461 MGMT_OP_ADD_EXT_ADV_PARAMS,
8462 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8466 hci_dev_unlock(hdev);
8471 static void add_ext_adv_data_complete(struct hci_dev *hdev, void *data, int err)
8473 struct mgmt_pending_cmd *cmd = data;
8474 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
8475 struct mgmt_rp_add_advertising rp;
8477 add_adv_complete(hdev, cmd->sk, cp->instance, err);
8479 memset(&rp, 0, sizeof(rp));
8481 rp.instance = cp->instance;
8484 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
8487 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
8488 mgmt_status(err), &rp, sizeof(rp));
8490 mgmt_pending_free(cmd);
8493 static int add_ext_adv_data_sync(struct hci_dev *hdev, void *data)
8495 struct mgmt_pending_cmd *cmd = data;
8496 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
8499 if (ext_adv_capable(hdev)) {
8500 err = hci_update_adv_data_sync(hdev, cp->instance);
8504 err = hci_update_scan_rsp_data_sync(hdev, cp->instance);
8508 return hci_enable_ext_advertising_sync(hdev, cp->instance);
8511 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
8514 static int add_ext_adv_data(struct sock *sk, struct hci_dev *hdev, void *data,
8517 struct mgmt_cp_add_ext_adv_data *cp = data;
8518 struct mgmt_rp_add_ext_adv_data rp;
8519 u8 schedule_instance = 0;
8520 struct adv_info *next_instance;
8521 struct adv_info *adv_instance;
8523 struct mgmt_pending_cmd *cmd;
8525 BT_DBG("%s", hdev->name);
8529 adv_instance = hci_find_adv_instance(hdev, cp->instance);
8531 if (!adv_instance) {
8532 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8533 MGMT_STATUS_INVALID_PARAMS);
8537 /* In new interface, we require that we are powered to register */
8538 if (!hdev_is_powered(hdev)) {
8539 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8540 MGMT_STATUS_REJECTED);
8541 goto clear_new_instance;
8544 if (adv_busy(hdev)) {
8545 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8547 goto clear_new_instance;
8550 /* Validate new data */
8551 if (!tlv_data_is_valid(hdev, adv_instance->flags, cp->data,
8552 cp->adv_data_len, true) ||
8553 !tlv_data_is_valid(hdev, adv_instance->flags, cp->data +
8554 cp->adv_data_len, cp->scan_rsp_len, false)) {
8555 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8556 MGMT_STATUS_INVALID_PARAMS);
8557 goto clear_new_instance;
8560 /* Set the data in the advertising instance */
8561 hci_set_adv_instance_data(hdev, cp->instance, cp->adv_data_len,
8562 cp->data, cp->scan_rsp_len,
8563 cp->data + cp->adv_data_len);
8565 /* If using software rotation, determine next instance to use */
8566 if (hdev->cur_adv_instance == cp->instance) {
8567 /* If the currently advertised instance is being changed
8568 * then cancel the current advertising and schedule the
8569 * next instance. If there is only one instance then the
8570 * overridden advertising data will be visible right
8573 cancel_adv_timeout(hdev);
8575 next_instance = hci_get_next_instance(hdev, cp->instance);
8577 schedule_instance = next_instance->instance;
8578 } else if (!hdev->adv_instance_timeout) {
8579 /* Immediately advertise the new instance if no other
8580 * instance is currently being advertised.
8582 schedule_instance = cp->instance;
8585 /* If the HCI_ADVERTISING flag is set or there is no instance to
8586 * be advertised then we have no HCI communication to make.
8589 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || !schedule_instance) {
8590 if (adv_instance->pending) {
8591 mgmt_advertising_added(sk, hdev, cp->instance);
8592 adv_instance->pending = false;
8594 rp.instance = cp->instance;
8595 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8596 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8600 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_DATA, hdev, data,
8604 goto clear_new_instance;
8607 err = hci_cmd_sync_queue(hdev, add_ext_adv_data_sync, cmd,
8608 add_ext_adv_data_complete);
8610 mgmt_pending_free(cmd);
8611 goto clear_new_instance;
8614 /* We were successful in updating data, so trigger advertising_added
8615 * event if this is an instance that wasn't previously advertising. If
8616 * a failure occurs in the requests we initiated, we will remove the
8617 * instance again in add_advertising_complete
8619 if (adv_instance->pending)
8620 mgmt_advertising_added(sk, hdev, cp->instance);
8625 hci_remove_adv_instance(hdev, cp->instance);
8628 hci_dev_unlock(hdev);
8633 static void remove_advertising_complete(struct hci_dev *hdev, void *data,
8636 struct mgmt_pending_cmd *cmd = data;
8637 struct mgmt_cp_remove_advertising *cp = cmd->param;
8638 struct mgmt_rp_remove_advertising rp;
8640 bt_dev_dbg(hdev, "err %d", err);
8642 memset(&rp, 0, sizeof(rp));
8643 rp.instance = cp->instance;
8646 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
8649 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
8650 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8652 mgmt_pending_free(cmd);
8655 static int remove_advertising_sync(struct hci_dev *hdev, void *data)
8657 struct mgmt_pending_cmd *cmd = data;
8658 struct mgmt_cp_remove_advertising *cp = cmd->param;
8661 err = hci_remove_advertising_sync(hdev, cmd->sk, cp->instance, true);
8665 if (list_empty(&hdev->adv_instances))
8666 err = hci_disable_advertising_sync(hdev);
8671 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
8672 void *data, u16 data_len)
8674 struct mgmt_cp_remove_advertising *cp = data;
8675 struct mgmt_pending_cmd *cmd;
8678 bt_dev_dbg(hdev, "sock %p", sk);
8682 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
8683 err = mgmt_cmd_status(sk, hdev->id,
8684 MGMT_OP_REMOVE_ADVERTISING,
8685 MGMT_STATUS_INVALID_PARAMS);
8689 if (pending_find(MGMT_OP_SET_LE, hdev)) {
8690 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
8695 if (list_empty(&hdev->adv_instances)) {
8696 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
8697 MGMT_STATUS_INVALID_PARAMS);
8701 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
8708 err = hci_cmd_sync_queue(hdev, remove_advertising_sync, cmd,
8709 remove_advertising_complete);
8711 mgmt_pending_free(cmd);
8714 hci_dev_unlock(hdev);
8719 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
8720 void *data, u16 data_len)
8722 struct mgmt_cp_get_adv_size_info *cp = data;
8723 struct mgmt_rp_get_adv_size_info rp;
8724 u32 flags, supported_flags;
8726 bt_dev_dbg(hdev, "sock %p", sk);
8728 if (!lmp_le_capable(hdev))
8729 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8730 MGMT_STATUS_REJECTED);
8732 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
8733 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8734 MGMT_STATUS_INVALID_PARAMS);
8736 flags = __le32_to_cpu(cp->flags);
8738 /* The current implementation only supports a subset of the specified
8741 supported_flags = get_supported_adv_flags(hdev);
8742 if (flags & ~supported_flags)
8743 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8744 MGMT_STATUS_INVALID_PARAMS);
8746 rp.instance = cp->instance;
8747 rp.flags = cp->flags;
8748 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8749 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8751 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8752 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8755 static const struct hci_mgmt_handler mgmt_handlers[] = {
8756 { NULL }, /* 0x0000 (no command) */
8757 { read_version, MGMT_READ_VERSION_SIZE,
8759 HCI_MGMT_UNTRUSTED },
8760 { read_commands, MGMT_READ_COMMANDS_SIZE,
8762 HCI_MGMT_UNTRUSTED },
8763 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
8765 HCI_MGMT_UNTRUSTED },
8766 { read_controller_info, MGMT_READ_INFO_SIZE,
8767 HCI_MGMT_UNTRUSTED },
8768 { set_powered, MGMT_SETTING_SIZE },
8769 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
8770 { set_connectable, MGMT_SETTING_SIZE },
8771 { set_fast_connectable, MGMT_SETTING_SIZE },
8772 { set_bondable, MGMT_SETTING_SIZE },
8773 { set_link_security, MGMT_SETTING_SIZE },
8774 { set_ssp, MGMT_SETTING_SIZE },
8775 { set_hs, MGMT_SETTING_SIZE },
8776 { set_le, MGMT_SETTING_SIZE },
8777 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
8778 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
8779 { add_uuid, MGMT_ADD_UUID_SIZE },
8780 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
8781 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
8783 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
8785 { disconnect, MGMT_DISCONNECT_SIZE },
8786 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
8787 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
8788 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
8789 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
8790 { pair_device, MGMT_PAIR_DEVICE_SIZE },
8791 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
8792 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
8793 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
8794 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
8795 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
8796 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
8797 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
8798 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
8800 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
8801 { start_discovery, MGMT_START_DISCOVERY_SIZE },
8802 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
8803 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
8804 { block_device, MGMT_BLOCK_DEVICE_SIZE },
8805 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
8806 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
8807 { set_advertising, MGMT_SETTING_SIZE },
8808 { set_bredr, MGMT_SETTING_SIZE },
8809 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
8810 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
8811 { set_secure_conn, MGMT_SETTING_SIZE },
8812 { set_debug_keys, MGMT_SETTING_SIZE },
8813 { set_privacy, MGMT_SET_PRIVACY_SIZE },
8814 { load_irks, MGMT_LOAD_IRKS_SIZE,
8816 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
8817 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
8818 { add_device, MGMT_ADD_DEVICE_SIZE },
8819 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
8820 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
8822 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
8824 HCI_MGMT_UNTRUSTED },
8825 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
8826 HCI_MGMT_UNCONFIGURED |
8827 HCI_MGMT_UNTRUSTED },
8828 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
8829 HCI_MGMT_UNCONFIGURED },
8830 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
8831 HCI_MGMT_UNCONFIGURED },
8832 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
8834 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
8835 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
8837 HCI_MGMT_UNTRUSTED },
8838 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
8839 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
8841 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
8842 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
8843 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
8844 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
8845 HCI_MGMT_UNTRUSTED },
8846 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
8847 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
8848 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
8849 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE,
8851 { set_wideband_speech, MGMT_SETTING_SIZE },
8852 { read_controller_cap, MGMT_READ_CONTROLLER_CAP_SIZE,
8853 HCI_MGMT_UNTRUSTED },
8854 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE,
8855 HCI_MGMT_UNTRUSTED |
8856 HCI_MGMT_HDEV_OPTIONAL },
8857 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE,
8859 HCI_MGMT_HDEV_OPTIONAL },
8860 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE,
8861 HCI_MGMT_UNTRUSTED },
8862 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE,
8864 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE,
8865 HCI_MGMT_UNTRUSTED },
8866 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE,
8868 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE },
8869 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE },
8870 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE },
8871 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE,
8873 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE },
8874 { add_ext_adv_params, MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE,
8876 { add_ext_adv_data, MGMT_ADD_EXT_ADV_DATA_SIZE,
8878 { add_adv_patterns_monitor_rssi,
8879 MGMT_ADD_ADV_PATTERNS_MONITOR_RSSI_SIZE,
8883 void mgmt_index_added(struct hci_dev *hdev)
8885 struct mgmt_ev_ext_index ev;
8887 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8890 switch (hdev->dev_type) {
8892 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
8893 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
8894 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
8897 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
8898 HCI_MGMT_INDEX_EVENTS);
8911 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
8912 HCI_MGMT_EXT_INDEX_EVENTS);
8915 void mgmt_index_removed(struct hci_dev *hdev)
8917 struct mgmt_ev_ext_index ev;
8918 u8 status = MGMT_STATUS_INVALID_INDEX;
8920 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8923 switch (hdev->dev_type) {
8925 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
8927 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
8928 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
8929 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
8932 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
8933 HCI_MGMT_INDEX_EVENTS);
8946 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
8947 HCI_MGMT_EXT_INDEX_EVENTS);
8949 /* Cancel any remaining timed work */
8950 if (!hci_dev_test_flag(hdev, HCI_MGMT))
8952 cancel_delayed_work_sync(&hdev->discov_off);
8953 cancel_delayed_work_sync(&hdev->service_cache);
8954 cancel_delayed_work_sync(&hdev->rpa_expired);
8957 void mgmt_power_on(struct hci_dev *hdev, int err)
8959 struct cmd_lookup match = { NULL, hdev };
8961 bt_dev_dbg(hdev, "err %d", err);
8966 restart_le_actions(hdev);
8967 hci_update_passive_scan(hdev);
8970 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8972 new_settings(hdev, match.sk);
8977 hci_dev_unlock(hdev);
8980 void __mgmt_power_off(struct hci_dev *hdev)
8982 struct cmd_lookup match = { NULL, hdev };
8983 u8 status, zero_cod[] = { 0, 0, 0 };
8985 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8987 /* If the power off is because of hdev unregistration let
8988 * use the appropriate INVALID_INDEX status. Otherwise use
8989 * NOT_POWERED. We cover both scenarios here since later in
8990 * mgmt_index_removed() any hci_conn callbacks will have already
8991 * been triggered, potentially causing misleading DISCONNECTED
8994 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
8995 status = MGMT_STATUS_INVALID_INDEX;
8997 status = MGMT_STATUS_NOT_POWERED;
8999 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
9001 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
9002 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
9003 zero_cod, sizeof(zero_cod),
9004 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
9005 ext_info_changed(hdev, NULL);
9008 new_settings(hdev, match.sk);
9014 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
9016 struct mgmt_pending_cmd *cmd;
9019 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
9023 if (err == -ERFKILL)
9024 status = MGMT_STATUS_RFKILLED;
9026 status = MGMT_STATUS_FAILED;
9028 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
9030 mgmt_pending_remove(cmd);
9033 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
9036 struct mgmt_ev_new_link_key ev;
9038 memset(&ev, 0, sizeof(ev));
9040 ev.store_hint = persistent;
9041 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
9042 ev.key.addr.type = BDADDR_BREDR;
9043 ev.key.type = key->type;
9044 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
9045 ev.key.pin_len = key->pin_len;
9047 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
9050 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
9052 switch (ltk->type) {
9054 case SMP_LTK_RESPONDER:
9055 if (ltk->authenticated)
9056 return MGMT_LTK_AUTHENTICATED;
9057 return MGMT_LTK_UNAUTHENTICATED;
9059 if (ltk->authenticated)
9060 return MGMT_LTK_P256_AUTH;
9061 return MGMT_LTK_P256_UNAUTH;
9062 case SMP_LTK_P256_DEBUG:
9063 return MGMT_LTK_P256_DEBUG;
9066 return MGMT_LTK_UNAUTHENTICATED;
9069 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
9071 struct mgmt_ev_new_long_term_key ev;
9073 memset(&ev, 0, sizeof(ev));
9075 /* Devices using resolvable or non-resolvable random addresses
9076 * without providing an identity resolving key don't require
9077 * to store long term keys. Their addresses will change the
9080 * Only when a remote device provides an identity address
9081 * make sure the long term key is stored. If the remote
9082 * identity is known, the long term keys are internally
9083 * mapped to the identity address. So allow static random
9084 * and public addresses here.
9086 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
9087 (key->bdaddr.b[5] & 0xc0) != 0xc0)
9088 ev.store_hint = 0x00;
9090 ev.store_hint = persistent;
9092 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
9093 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
9094 ev.key.type = mgmt_ltk_type(key);
9095 ev.key.enc_size = key->enc_size;
9096 ev.key.ediv = key->ediv;
9097 ev.key.rand = key->rand;
9099 if (key->type == SMP_LTK)
9100 ev.key.initiator = 1;
9102 /* Make sure we copy only the significant bytes based on the
9103 * encryption key size, and set the rest of the value to zeroes.
9105 memcpy(ev.key.val, key->val, key->enc_size);
9106 memset(ev.key.val + key->enc_size, 0,
9107 sizeof(ev.key.val) - key->enc_size);
9109 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
9112 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
9114 struct mgmt_ev_new_irk ev;
9116 memset(&ev, 0, sizeof(ev));
9118 ev.store_hint = persistent;
9120 bacpy(&ev.rpa, &irk->rpa);
9121 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
9122 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
9123 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
9125 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
9128 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
9131 struct mgmt_ev_new_csrk ev;
9133 memset(&ev, 0, sizeof(ev));
9135 /* Devices using resolvable or non-resolvable random addresses
9136 * without providing an identity resolving key don't require
9137 * to store signature resolving keys. Their addresses will change
9138 * the next time around.
9140 * Only when a remote device provides an identity address
9141 * make sure the signature resolving key is stored. So allow
9142 * static random and public addresses here.
9144 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
9145 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
9146 ev.store_hint = 0x00;
9148 ev.store_hint = persistent;
9150 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
9151 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
9152 ev.key.type = csrk->type;
9153 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
9155 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
9158 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
9159 u8 bdaddr_type, u8 store_hint, u16 min_interval,
9160 u16 max_interval, u16 latency, u16 timeout)
9162 struct mgmt_ev_new_conn_param ev;
9164 if (!hci_is_identity_address(bdaddr, bdaddr_type))
9167 memset(&ev, 0, sizeof(ev));
9168 bacpy(&ev.addr.bdaddr, bdaddr);
9169 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
9170 ev.store_hint = store_hint;
9171 ev.min_interval = cpu_to_le16(min_interval);
9172 ev.max_interval = cpu_to_le16(max_interval);
9173 ev.latency = cpu_to_le16(latency);
9174 ev.timeout = cpu_to_le16(timeout);
9176 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
9179 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
9180 u8 *name, u8 name_len)
9182 struct sk_buff *skb;
9183 struct mgmt_ev_device_connected *ev;
9187 /* allocate buff for LE or BR/EDR adv */
9188 if (conn->le_adv_data_len > 0)
9189 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED,
9190 sizeof(*ev) + conn->le_adv_data_len);
9192 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED,
9193 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0) +
9194 eir_precalc_len(sizeof(conn->dev_class)));
9196 ev = skb_put(skb, sizeof(*ev));
9197 bacpy(&ev->addr.bdaddr, &conn->dst);
9198 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
9201 flags |= MGMT_DEV_FOUND_INITIATED_CONN;
9203 ev->flags = __cpu_to_le32(flags);
9205 /* We must ensure that the EIR Data fields are ordered and
9206 * unique. Keep it simple for now and avoid the problem by not
9207 * adding any BR/EDR data to the LE adv.
9209 if (conn->le_adv_data_len > 0) {
9210 skb_put_data(skb, conn->le_adv_data, conn->le_adv_data_len);
9211 eir_len = conn->le_adv_data_len;
9214 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len);
9216 if (memcmp(conn->dev_class, "\0\0\0", sizeof(conn->dev_class)))
9217 eir_len += eir_skb_put_data(skb, EIR_CLASS_OF_DEV,
9218 conn->dev_class, sizeof(conn->dev_class));
9221 ev->eir_len = cpu_to_le16(eir_len);
9223 mgmt_event_skb(skb, NULL);
9226 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
9228 struct sock **sk = data;
9230 cmd->cmd_complete(cmd, 0);
9235 mgmt_pending_remove(cmd);
9238 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
9240 struct hci_dev *hdev = data;
9241 struct mgmt_cp_unpair_device *cp = cmd->param;
9243 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
9245 cmd->cmd_complete(cmd, 0);
9246 mgmt_pending_remove(cmd);
9249 bool mgmt_powering_down(struct hci_dev *hdev)
9251 struct mgmt_pending_cmd *cmd;
9252 struct mgmt_mode *cp;
9254 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
9265 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
9266 u8 link_type, u8 addr_type, u8 reason,
9267 bool mgmt_connected)
9269 struct mgmt_ev_device_disconnected ev;
9270 struct sock *sk = NULL;
9272 /* The connection is still in hci_conn_hash so test for 1
9273 * instead of 0 to know if this is the last one.
9275 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
9276 cancel_delayed_work(&hdev->power_off);
9277 queue_work(hdev->req_workqueue, &hdev->power_off.work);
9280 if (!mgmt_connected)
9283 if (link_type != ACL_LINK && link_type != LE_LINK)
9286 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
9288 bacpy(&ev.addr.bdaddr, bdaddr);
9289 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9292 /* Report disconnects due to suspend */
9293 if (hdev->suspended)
9294 ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND;
9296 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
9301 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
9305 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
9306 u8 link_type, u8 addr_type, u8 status)
9308 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
9309 struct mgmt_cp_disconnect *cp;
9310 struct mgmt_pending_cmd *cmd;
9312 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
9315 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
9321 if (bacmp(bdaddr, &cp->addr.bdaddr))
9324 if (cp->addr.type != bdaddr_type)
9327 cmd->cmd_complete(cmd, mgmt_status(status));
9328 mgmt_pending_remove(cmd);
9331 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9332 u8 addr_type, u8 status)
9334 struct mgmt_ev_connect_failed ev;
9336 /* The connection is still in hci_conn_hash so test for 1
9337 * instead of 0 to know if this is the last one.
9339 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
9340 cancel_delayed_work(&hdev->power_off);
9341 queue_work(hdev->req_workqueue, &hdev->power_off.work);
9344 bacpy(&ev.addr.bdaddr, bdaddr);
9345 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9346 ev.status = mgmt_status(status);
9348 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
9351 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
9353 struct mgmt_ev_pin_code_request ev;
9355 bacpy(&ev.addr.bdaddr, bdaddr);
9356 ev.addr.type = BDADDR_BREDR;
9359 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
9362 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9365 struct mgmt_pending_cmd *cmd;
9367 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
9371 cmd->cmd_complete(cmd, mgmt_status(status));
9372 mgmt_pending_remove(cmd);
9375 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9378 struct mgmt_pending_cmd *cmd;
9380 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
9384 cmd->cmd_complete(cmd, mgmt_status(status));
9385 mgmt_pending_remove(cmd);
9388 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
9389 u8 link_type, u8 addr_type, u32 value,
9392 struct mgmt_ev_user_confirm_request ev;
9394 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
9396 bacpy(&ev.addr.bdaddr, bdaddr);
9397 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9398 ev.confirm_hint = confirm_hint;
9399 ev.value = cpu_to_le32(value);
9401 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
9405 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
9406 u8 link_type, u8 addr_type)
9408 struct mgmt_ev_user_passkey_request ev;
9410 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
9412 bacpy(&ev.addr.bdaddr, bdaddr);
9413 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9415 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
9419 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9420 u8 link_type, u8 addr_type, u8 status,
9423 struct mgmt_pending_cmd *cmd;
9425 cmd = pending_find(opcode, hdev);
9429 cmd->cmd_complete(cmd, mgmt_status(status));
9430 mgmt_pending_remove(cmd);
9435 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9436 u8 link_type, u8 addr_type, u8 status)
9438 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9439 status, MGMT_OP_USER_CONFIRM_REPLY);
9442 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9443 u8 link_type, u8 addr_type, u8 status)
9445 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9447 MGMT_OP_USER_CONFIRM_NEG_REPLY);
9450 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9451 u8 link_type, u8 addr_type, u8 status)
9453 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9454 status, MGMT_OP_USER_PASSKEY_REPLY);
9457 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9458 u8 link_type, u8 addr_type, u8 status)
9460 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
9462 MGMT_OP_USER_PASSKEY_NEG_REPLY);
9465 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
9466 u8 link_type, u8 addr_type, u32 passkey,
9469 struct mgmt_ev_passkey_notify ev;
9471 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
9473 bacpy(&ev.addr.bdaddr, bdaddr);
9474 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9475 ev.passkey = __cpu_to_le32(passkey);
9476 ev.entered = entered;
9478 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
9481 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
9483 struct mgmt_ev_auth_failed ev;
9484 struct mgmt_pending_cmd *cmd;
9485 u8 status = mgmt_status(hci_status);
9487 bacpy(&ev.addr.bdaddr, &conn->dst);
9488 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
9491 cmd = find_pairing(conn);
9493 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
9494 cmd ? cmd->sk : NULL);
9497 cmd->cmd_complete(cmd, status);
9498 mgmt_pending_remove(cmd);
9502 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
9504 struct cmd_lookup match = { NULL, hdev };
9508 u8 mgmt_err = mgmt_status(status);
9509 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
9510 cmd_status_rsp, &mgmt_err);
9514 if (test_bit(HCI_AUTH, &hdev->flags))
9515 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
9517 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
9519 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
9523 new_settings(hdev, match.sk);
9529 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
9531 struct cmd_lookup *match = data;
9533 if (match->sk == NULL) {
9534 match->sk = cmd->sk;
9535 sock_hold(match->sk);
9539 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
9542 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
9544 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
9545 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
9546 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
9549 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
9550 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
9551 ext_info_changed(hdev, NULL);
9558 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
9560 struct mgmt_cp_set_local_name ev;
9561 struct mgmt_pending_cmd *cmd;
9566 memset(&ev, 0, sizeof(ev));
9567 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
9568 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
9570 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
9572 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
9574 /* If this is a HCI command related to powering on the
9575 * HCI dev don't send any mgmt signals.
9577 if (pending_find(MGMT_OP_SET_POWERED, hdev))
9581 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
9582 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
9583 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
9586 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
9590 for (i = 0; i < uuid_count; i++) {
9591 if (!memcmp(uuid, uuids[i], 16))
9598 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
9602 while (parsed < eir_len) {
9603 u8 field_len = eir[0];
9610 if (eir_len - parsed < field_len + 1)
9614 case EIR_UUID16_ALL:
9615 case EIR_UUID16_SOME:
9616 for (i = 0; i + 3 <= field_len; i += 2) {
9617 memcpy(uuid, bluetooth_base_uuid, 16);
9618 uuid[13] = eir[i + 3];
9619 uuid[12] = eir[i + 2];
9620 if (has_uuid(uuid, uuid_count, uuids))
9624 case EIR_UUID32_ALL:
9625 case EIR_UUID32_SOME:
9626 for (i = 0; i + 5 <= field_len; i += 4) {
9627 memcpy(uuid, bluetooth_base_uuid, 16);
9628 uuid[15] = eir[i + 5];
9629 uuid[14] = eir[i + 4];
9630 uuid[13] = eir[i + 3];
9631 uuid[12] = eir[i + 2];
9632 if (has_uuid(uuid, uuid_count, uuids))
9636 case EIR_UUID128_ALL:
9637 case EIR_UUID128_SOME:
9638 for (i = 0; i + 17 <= field_len; i += 16) {
9639 memcpy(uuid, eir + i + 2, 16);
9640 if (has_uuid(uuid, uuid_count, uuids))
9646 parsed += field_len + 1;
9647 eir += field_len + 1;
9653 static void restart_le_scan(struct hci_dev *hdev)
9655 /* If controller is not scanning we are done. */
9656 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
9659 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
9660 hdev->discovery.scan_start +
9661 hdev->discovery.scan_duration))
9664 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
9665 DISCOV_LE_RESTART_DELAY);
9668 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
9669 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
9671 /* If a RSSI threshold has been specified, and
9672 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
9673 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
9674 * is set, let it through for further processing, as we might need to
9677 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
9678 * the results are also dropped.
9680 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
9681 (rssi == HCI_RSSI_INVALID ||
9682 (rssi < hdev->discovery.rssi &&
9683 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
9686 if (hdev->discovery.uuid_count != 0) {
9687 /* If a list of UUIDs is provided in filter, results with no
9688 * matching UUID should be dropped.
9690 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
9691 hdev->discovery.uuids) &&
9692 !eir_has_uuids(scan_rsp, scan_rsp_len,
9693 hdev->discovery.uuid_count,
9694 hdev->discovery.uuids))
9698 /* If duplicate filtering does not report RSSI changes, then restart
9699 * scanning to ensure updated result with updated RSSI values.
9701 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
9702 restart_le_scan(hdev);
9704 /* Validate RSSI value against the RSSI threshold once more. */
9705 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
9706 rssi < hdev->discovery.rssi)
9713 void mgmt_adv_monitor_device_lost(struct hci_dev *hdev, u16 handle,
9714 bdaddr_t *bdaddr, u8 addr_type)
9716 struct mgmt_ev_adv_monitor_device_lost ev;
9718 ev.monitor_handle = cpu_to_le16(handle);
9719 bacpy(&ev.addr.bdaddr, bdaddr);
9720 ev.addr.type = addr_type;
9722 mgmt_event(MGMT_EV_ADV_MONITOR_DEVICE_LOST, hdev, &ev, sizeof(ev),
9726 static void mgmt_send_adv_monitor_device_found(struct hci_dev *hdev,
9727 struct sk_buff *skb,
9728 struct sock *skip_sk,
9731 struct sk_buff *advmon_skb;
9732 size_t advmon_skb_len;
9733 __le16 *monitor_handle;
9738 advmon_skb_len = (sizeof(struct mgmt_ev_adv_monitor_device_found) -
9739 sizeof(struct mgmt_ev_device_found)) + skb->len;
9740 advmon_skb = mgmt_alloc_skb(hdev, MGMT_EV_ADV_MONITOR_DEVICE_FOUND,
9745 /* ADV_MONITOR_DEVICE_FOUND is similar to DEVICE_FOUND event except
9746 * that it also has 'monitor_handle'. Make a copy of DEVICE_FOUND and
9747 * store monitor_handle of the matched monitor.
9749 monitor_handle = skb_put(advmon_skb, sizeof(*monitor_handle));
9750 *monitor_handle = cpu_to_le16(handle);
9751 skb_put_data(advmon_skb, skb->data, skb->len);
9753 mgmt_event_skb(advmon_skb, skip_sk);
9756 static void mgmt_adv_monitor_device_found(struct hci_dev *hdev,
9757 bdaddr_t *bdaddr, bool report_device,
9758 struct sk_buff *skb,
9759 struct sock *skip_sk)
9761 struct monitored_device *dev, *tmp;
9762 bool matched = false;
9763 bool notified = false;
9765 /* We have received the Advertisement Report because:
9766 * 1. the kernel has initiated active discovery
9767 * 2. if not, we have pend_le_reports > 0 in which case we are doing
9769 * 3. if none of the above is true, we have one or more active
9770 * Advertisement Monitor
9772 * For case 1 and 2, report all advertisements via MGMT_EV_DEVICE_FOUND
9773 * and report ONLY one advertisement per device for the matched Monitor
9774 * via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event.
9776 * For case 3, since we are not active scanning and all advertisements
9777 * received are due to a matched Advertisement Monitor, report all
9778 * advertisements ONLY via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event.
9780 if (report_device && !hdev->advmon_pend_notify) {
9781 mgmt_event_skb(skb, skip_sk);
9785 hdev->advmon_pend_notify = false;
9787 list_for_each_entry_safe(dev, tmp, &hdev->monitored_devices, list) {
9788 if (!bacmp(&dev->bdaddr, bdaddr)) {
9791 if (!dev->notified) {
9792 mgmt_send_adv_monitor_device_found(hdev, skb,
9796 dev->notified = true;
9801 hdev->advmon_pend_notify = true;
9804 if (!report_device &&
9805 ((matched && !notified) || !msft_monitor_supported(hdev))) {
9806 /* Handle 0 indicates that we are not active scanning and this
9807 * is a subsequent advertisement report for an already matched
9808 * Advertisement Monitor or the controller offloading support
9811 mgmt_send_adv_monitor_device_found(hdev, skb, skip_sk, 0);
9815 mgmt_event_skb(skb, skip_sk);
9820 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9821 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
9822 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
9824 struct sk_buff *skb;
9825 struct mgmt_ev_device_found *ev;
9826 bool report_device = hci_discovery_active(hdev);
9828 /* Don't send events for a non-kernel initiated discovery. With
9829 * LE one exception is if we have pend_le_reports > 0 in which
9830 * case we're doing passive scanning and want these events.
9832 if (!hci_discovery_active(hdev)) {
9833 if (link_type == ACL_LINK)
9835 if (link_type == LE_LINK && !list_empty(&hdev->pend_le_reports))
9836 report_device = true;
9837 else if (!hci_is_adv_monitoring(hdev))
9841 if (hdev->discovery.result_filtering) {
9842 /* We are using service discovery */
9843 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
9848 if (hdev->discovery.limited) {
9849 /* Check for limited discoverable bit */
9851 if (!(dev_class[1] & 0x20))
9854 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
9855 if (!flags || !(flags[0] & LE_AD_LIMITED))
9860 /* Allocate skb. The 5 extra bytes are for the potential CoD field */
9861 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND,
9862 sizeof(*ev) + eir_len + scan_rsp_len + 5);
9866 ev = skb_put(skb, sizeof(*ev));
9868 /* In case of device discovery with BR/EDR devices (pre 1.2), the
9869 * RSSI value was reported as 0 when not available. This behavior
9870 * is kept when using device discovery. This is required for full
9871 * backwards compatibility with the API.
9873 * However when using service discovery, the value 127 will be
9874 * returned when the RSSI is not available.
9876 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
9877 link_type == ACL_LINK)
9880 bacpy(&ev->addr.bdaddr, bdaddr);
9881 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9883 ev->flags = cpu_to_le32(flags);
9886 /* Copy EIR or advertising data into event */
9887 skb_put_data(skb, eir, eir_len);
9889 if (dev_class && !eir_get_data(eir, eir_len, EIR_CLASS_OF_DEV, NULL)) {
9892 eir_len += eir_append_data(eir_cod, 0, EIR_CLASS_OF_DEV,
9894 skb_put_data(skb, eir_cod, sizeof(eir_cod));
9897 if (scan_rsp_len > 0)
9898 /* Append scan response data to event */
9899 skb_put_data(skb, scan_rsp, scan_rsp_len);
9901 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
9903 mgmt_adv_monitor_device_found(hdev, bdaddr, report_device, skb, NULL);
9906 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9907 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
9909 struct sk_buff *skb;
9910 struct mgmt_ev_device_found *ev;
9914 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND,
9915 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0));
9917 ev = skb_put(skb, sizeof(*ev));
9918 bacpy(&ev->addr.bdaddr, bdaddr);
9919 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9923 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len);
9925 flags = MGMT_DEV_FOUND_NAME_REQUEST_FAILED;
9927 ev->eir_len = cpu_to_le16(eir_len);
9928 ev->flags = cpu_to_le32(flags);
9930 mgmt_event_skb(skb, NULL);
9933 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
9935 struct mgmt_ev_discovering ev;
9937 bt_dev_dbg(hdev, "discovering %u", discovering);
9939 memset(&ev, 0, sizeof(ev));
9940 ev.type = hdev->discovery.type;
9941 ev.discovering = discovering;
9943 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
9946 void mgmt_suspending(struct hci_dev *hdev, u8 state)
9948 struct mgmt_ev_controller_suspend ev;
9950 ev.suspend_state = state;
9951 mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL);
9954 void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr,
9957 struct mgmt_ev_controller_resume ev;
9959 ev.wake_reason = reason;
9961 bacpy(&ev.addr.bdaddr, bdaddr);
9962 ev.addr.type = addr_type;
9964 memset(&ev.addr, 0, sizeof(ev.addr));
9967 mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL);
9970 static struct hci_mgmt_chan chan = {
9971 .channel = HCI_CHANNEL_CONTROL,
9972 .handler_count = ARRAY_SIZE(mgmt_handlers),
9973 .handlers = mgmt_handlers,
9974 .hdev_init = mgmt_init_hdev,
9979 return hci_mgmt_chan_register(&chan);
9982 void mgmt_exit(void)
9984 hci_mgmt_chan_unregister(&chan);
projects / platform / kernel / linux-starfive.git / blob