2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include <net/bluetooth/mgmt_tizen.h>
39 #include "hci_request.h"
41 #include "mgmt_util.h"
43 #define MGMT_VERSION 1
44 #define MGMT_REVISION 14
46 static const u16 mgmt_commands[] = {
47 MGMT_OP_READ_INDEX_LIST,
50 MGMT_OP_SET_DISCOVERABLE,
51 MGMT_OP_SET_CONNECTABLE,
52 MGMT_OP_SET_FAST_CONNECTABLE,
54 MGMT_OP_SET_LINK_SECURITY,
58 MGMT_OP_SET_DEV_CLASS,
59 MGMT_OP_SET_LOCAL_NAME,
62 MGMT_OP_LOAD_LINK_KEYS,
63 MGMT_OP_LOAD_LONG_TERM_KEYS,
65 MGMT_OP_GET_CONNECTIONS,
66 MGMT_OP_PIN_CODE_REPLY,
67 MGMT_OP_PIN_CODE_NEG_REPLY,
68 MGMT_OP_SET_IO_CAPABILITY,
70 MGMT_OP_CANCEL_PAIR_DEVICE,
71 MGMT_OP_UNPAIR_DEVICE,
72 MGMT_OP_USER_CONFIRM_REPLY,
73 MGMT_OP_USER_CONFIRM_NEG_REPLY,
74 MGMT_OP_USER_PASSKEY_REPLY,
75 MGMT_OP_USER_PASSKEY_NEG_REPLY,
76 MGMT_OP_READ_LOCAL_OOB_DATA,
77 MGMT_OP_ADD_REMOTE_OOB_DATA,
78 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
79 MGMT_OP_START_DISCOVERY,
80 MGMT_OP_STOP_DISCOVERY,
83 MGMT_OP_UNBLOCK_DEVICE,
84 MGMT_OP_SET_DEVICE_ID,
85 MGMT_OP_SET_ADVERTISING,
87 MGMT_OP_SET_STATIC_ADDRESS,
88 MGMT_OP_SET_SCAN_PARAMS,
89 MGMT_OP_SET_SECURE_CONN,
90 MGMT_OP_SET_DEBUG_KEYS,
93 MGMT_OP_GET_CONN_INFO,
94 MGMT_OP_GET_CLOCK_INFO,
96 MGMT_OP_REMOVE_DEVICE,
97 MGMT_OP_LOAD_CONN_PARAM,
98 MGMT_OP_READ_UNCONF_INDEX_LIST,
99 MGMT_OP_READ_CONFIG_INFO,
100 MGMT_OP_SET_EXTERNAL_CONFIG,
101 MGMT_OP_SET_PUBLIC_ADDRESS,
102 MGMT_OP_START_SERVICE_DISCOVERY,
103 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
104 MGMT_OP_READ_EXT_INDEX_LIST,
105 MGMT_OP_READ_ADV_FEATURES,
106 MGMT_OP_ADD_ADVERTISING,
107 MGMT_OP_REMOVE_ADVERTISING,
108 MGMT_OP_GET_ADV_SIZE_INFO,
109 MGMT_OP_START_LIMITED_DISCOVERY,
110 MGMT_OP_READ_EXT_INFO,
111 MGMT_OP_SET_APPEARANCE,
114 static const u16 mgmt_events[] = {
115 MGMT_EV_CONTROLLER_ERROR,
117 MGMT_EV_INDEX_REMOVED,
118 MGMT_EV_NEW_SETTINGS,
119 MGMT_EV_CLASS_OF_DEV_CHANGED,
120 MGMT_EV_LOCAL_NAME_CHANGED,
121 MGMT_EV_NEW_LINK_KEY,
122 MGMT_EV_NEW_LONG_TERM_KEY,
123 MGMT_EV_DEVICE_CONNECTED,
124 MGMT_EV_DEVICE_DISCONNECTED,
125 MGMT_EV_CONNECT_FAILED,
126 MGMT_EV_PIN_CODE_REQUEST,
127 MGMT_EV_USER_CONFIRM_REQUEST,
128 MGMT_EV_USER_PASSKEY_REQUEST,
130 MGMT_EV_DEVICE_FOUND,
132 MGMT_EV_DEVICE_BLOCKED,
133 MGMT_EV_DEVICE_UNBLOCKED,
134 MGMT_EV_DEVICE_UNPAIRED,
135 MGMT_EV_PASSKEY_NOTIFY,
138 MGMT_EV_DEVICE_ADDED,
139 MGMT_EV_DEVICE_REMOVED,
140 MGMT_EV_NEW_CONN_PARAM,
141 MGMT_EV_UNCONF_INDEX_ADDED,
142 MGMT_EV_UNCONF_INDEX_REMOVED,
143 MGMT_EV_NEW_CONFIG_OPTIONS,
144 MGMT_EV_EXT_INDEX_ADDED,
145 MGMT_EV_EXT_INDEX_REMOVED,
146 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
147 MGMT_EV_ADVERTISING_ADDED,
148 MGMT_EV_ADVERTISING_REMOVED,
149 MGMT_EV_EXT_INFO_CHANGED,
152 static const u16 mgmt_untrusted_commands[] = {
153 MGMT_OP_READ_INDEX_LIST,
155 MGMT_OP_READ_UNCONF_INDEX_LIST,
156 MGMT_OP_READ_CONFIG_INFO,
157 MGMT_OP_READ_EXT_INDEX_LIST,
158 MGMT_OP_READ_EXT_INFO,
161 static const u16 mgmt_untrusted_events[] = {
163 MGMT_EV_INDEX_REMOVED,
164 MGMT_EV_NEW_SETTINGS,
165 MGMT_EV_CLASS_OF_DEV_CHANGED,
166 MGMT_EV_LOCAL_NAME_CHANGED,
167 MGMT_EV_UNCONF_INDEX_ADDED,
168 MGMT_EV_UNCONF_INDEX_REMOVED,
169 MGMT_EV_NEW_CONFIG_OPTIONS,
170 MGMT_EV_EXT_INDEX_ADDED,
171 MGMT_EV_EXT_INDEX_REMOVED,
172 MGMT_EV_EXT_INFO_CHANGED,
175 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
177 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
178 "\x00\x00\x00\x00\x00\x00\x00\x00"
180 /* HCI to MGMT error code conversion table */
181 static u8 mgmt_status_table[] = {
183 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
184 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
185 MGMT_STATUS_FAILED, /* Hardware Failure */
186 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
187 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
188 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
189 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
190 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
191 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
192 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
193 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
194 MGMT_STATUS_BUSY, /* Command Disallowed */
195 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
196 MGMT_STATUS_REJECTED, /* Rejected Security */
197 MGMT_STATUS_REJECTED, /* Rejected Personal */
198 MGMT_STATUS_TIMEOUT, /* Host Timeout */
199 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
200 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
201 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
202 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
203 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
204 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
205 MGMT_STATUS_BUSY, /* Repeated Attempts */
206 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
207 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
208 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
209 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
210 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
211 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
212 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
213 MGMT_STATUS_FAILED, /* Unspecified Error */
214 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
215 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
216 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
217 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
218 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
219 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
220 MGMT_STATUS_FAILED, /* Unit Link Key Used */
221 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
222 MGMT_STATUS_TIMEOUT, /* Instant Passed */
223 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
224 MGMT_STATUS_FAILED, /* Transaction Collision */
225 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
226 MGMT_STATUS_REJECTED, /* QoS Rejected */
227 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
228 MGMT_STATUS_REJECTED, /* Insufficient Security */
229 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
230 MGMT_STATUS_BUSY, /* Role Switch Pending */
231 MGMT_STATUS_FAILED, /* Slot Violation */
232 MGMT_STATUS_FAILED, /* Role Switch Failed */
233 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
234 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
235 MGMT_STATUS_BUSY, /* Host Busy Pairing */
236 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
237 MGMT_STATUS_BUSY, /* Controller Busy */
238 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
239 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
240 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
241 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
242 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
245 static u8 mgmt_status(u8 hci_status)
247 if (hci_status < ARRAY_SIZE(mgmt_status_table))
248 return mgmt_status_table[hci_status];
250 return MGMT_STATUS_FAILED;
253 static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
256 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
260 static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
261 u16 len, int flag, struct sock *skip_sk)
263 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
267 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
268 struct sock *skip_sk)
270 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
271 HCI_SOCK_TRUSTED, skip_sk);
274 static u8 le_addr_type(u8 mgmt_addr_type)
276 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
277 return ADDR_LE_DEV_PUBLIC;
279 return ADDR_LE_DEV_RANDOM;
282 void mgmt_fill_version_info(void *ver)
284 struct mgmt_rp_read_version *rp = ver;
286 rp->version = MGMT_VERSION;
287 rp->revision = cpu_to_le16(MGMT_REVISION);
290 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
293 struct mgmt_rp_read_version rp;
295 BT_DBG("sock %p", sk);
297 mgmt_fill_version_info(&rp);
299 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
303 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
306 struct mgmt_rp_read_commands *rp;
307 u16 num_commands, num_events;
311 BT_DBG("sock %p", sk);
313 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
314 num_commands = ARRAY_SIZE(mgmt_commands);
315 num_events = ARRAY_SIZE(mgmt_events);
317 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
318 num_events = ARRAY_SIZE(mgmt_untrusted_events);
321 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
323 rp = kmalloc(rp_size, GFP_KERNEL);
327 rp->num_commands = cpu_to_le16(num_commands);
328 rp->num_events = cpu_to_le16(num_events);
330 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
331 __le16 *opcode = rp->opcodes;
333 for (i = 0; i < num_commands; i++, opcode++)
334 put_unaligned_le16(mgmt_commands[i], opcode);
336 for (i = 0; i < num_events; i++, opcode++)
337 put_unaligned_le16(mgmt_events[i], opcode);
339 __le16 *opcode = rp->opcodes;
341 for (i = 0; i < num_commands; i++, opcode++)
342 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
344 for (i = 0; i < num_events; i++, opcode++)
345 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
348 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
355 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
358 struct mgmt_rp_read_index_list *rp;
364 BT_DBG("sock %p", sk);
366 read_lock(&hci_dev_list_lock);
369 list_for_each_entry(d, &hci_dev_list, list) {
370 if (d->dev_type == HCI_PRIMARY &&
371 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
375 rp_len = sizeof(*rp) + (2 * count);
376 rp = kmalloc(rp_len, GFP_ATOMIC);
378 read_unlock(&hci_dev_list_lock);
383 list_for_each_entry(d, &hci_dev_list, list) {
384 if (hci_dev_test_flag(d, HCI_SETUP) ||
385 hci_dev_test_flag(d, HCI_CONFIG) ||
386 hci_dev_test_flag(d, HCI_USER_CHANNEL))
389 /* Devices marked as raw-only are neither configured
390 * nor unconfigured controllers.
392 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
395 if (d->dev_type == HCI_PRIMARY &&
396 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
397 rp->index[count++] = cpu_to_le16(d->id);
398 BT_DBG("Added hci%u", d->id);
402 rp->num_controllers = cpu_to_le16(count);
403 rp_len = sizeof(*rp) + (2 * count);
405 read_unlock(&hci_dev_list_lock);
407 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
415 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
416 void *data, u16 data_len)
418 struct mgmt_rp_read_unconf_index_list *rp;
424 BT_DBG("sock %p", sk);
426 read_lock(&hci_dev_list_lock);
429 list_for_each_entry(d, &hci_dev_list, list) {
430 if (d->dev_type == HCI_PRIMARY &&
431 hci_dev_test_flag(d, HCI_UNCONFIGURED))
435 rp_len = sizeof(*rp) + (2 * count);
436 rp = kmalloc(rp_len, GFP_ATOMIC);
438 read_unlock(&hci_dev_list_lock);
443 list_for_each_entry(d, &hci_dev_list, list) {
444 if (hci_dev_test_flag(d, HCI_SETUP) ||
445 hci_dev_test_flag(d, HCI_CONFIG) ||
446 hci_dev_test_flag(d, HCI_USER_CHANNEL))
449 /* Devices marked as raw-only are neither configured
450 * nor unconfigured controllers.
452 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
455 if (d->dev_type == HCI_PRIMARY &&
456 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
457 rp->index[count++] = cpu_to_le16(d->id);
458 BT_DBG("Added hci%u", d->id);
462 rp->num_controllers = cpu_to_le16(count);
463 rp_len = sizeof(*rp) + (2 * count);
465 read_unlock(&hci_dev_list_lock);
467 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
468 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
475 static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
476 void *data, u16 data_len)
478 struct mgmt_rp_read_ext_index_list *rp;
484 BT_DBG("sock %p", sk);
486 read_lock(&hci_dev_list_lock);
489 list_for_each_entry(d, &hci_dev_list, list) {
490 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
494 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
495 rp = kmalloc(rp_len, GFP_ATOMIC);
497 read_unlock(&hci_dev_list_lock);
502 list_for_each_entry(d, &hci_dev_list, list) {
503 if (hci_dev_test_flag(d, HCI_SETUP) ||
504 hci_dev_test_flag(d, HCI_CONFIG) ||
505 hci_dev_test_flag(d, HCI_USER_CHANNEL))
508 /* Devices marked as raw-only are neither configured
509 * nor unconfigured controllers.
511 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
514 if (d->dev_type == HCI_PRIMARY) {
515 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
516 rp->entry[count].type = 0x01;
518 rp->entry[count].type = 0x00;
519 } else if (d->dev_type == HCI_AMP) {
520 rp->entry[count].type = 0x02;
525 rp->entry[count].bus = d->bus;
526 rp->entry[count++].index = cpu_to_le16(d->id);
527 BT_DBG("Added hci%u", d->id);
530 rp->num_controllers = cpu_to_le16(count);
531 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
533 read_unlock(&hci_dev_list_lock);
535 /* If this command is called at least once, then all the
536 * default index and unconfigured index events are disabled
537 * and from now on only extended index events are used.
539 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
540 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
541 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
543 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
544 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
551 static bool is_configured(struct hci_dev *hdev)
553 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
554 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
557 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
558 !bacmp(&hdev->public_addr, BDADDR_ANY))
564 static __le32 get_missing_options(struct hci_dev *hdev)
568 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
569 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
570 options |= MGMT_OPTION_EXTERNAL_CONFIG;
572 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
573 !bacmp(&hdev->public_addr, BDADDR_ANY))
574 options |= MGMT_OPTION_PUBLIC_ADDRESS;
576 return cpu_to_le32(options);
579 static int new_options(struct hci_dev *hdev, struct sock *skip)
581 __le32 options = get_missing_options(hdev);
583 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
584 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
587 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
589 __le32 options = get_missing_options(hdev);
591 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
595 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
596 void *data, u16 data_len)
598 struct mgmt_rp_read_config_info rp;
601 BT_DBG("sock %p %s", sk, hdev->name);
605 memset(&rp, 0, sizeof(rp));
606 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
608 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
609 options |= MGMT_OPTION_EXTERNAL_CONFIG;
611 if (hdev->set_bdaddr)
612 options |= MGMT_OPTION_PUBLIC_ADDRESS;
614 rp.supported_options = cpu_to_le32(options);
615 rp.missing_options = get_missing_options(hdev);
617 hci_dev_unlock(hdev);
619 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
623 static u32 get_supported_settings(struct hci_dev *hdev)
627 settings |= MGMT_SETTING_POWERED;
628 settings |= MGMT_SETTING_BONDABLE;
629 settings |= MGMT_SETTING_DEBUG_KEYS;
630 settings |= MGMT_SETTING_CONNECTABLE;
631 settings |= MGMT_SETTING_DISCOVERABLE;
633 if (lmp_bredr_capable(hdev)) {
634 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
635 settings |= MGMT_SETTING_FAST_CONNECTABLE;
636 settings |= MGMT_SETTING_BREDR;
637 settings |= MGMT_SETTING_LINK_SECURITY;
639 if (lmp_ssp_capable(hdev)) {
640 settings |= MGMT_SETTING_SSP;
641 if (IS_ENABLED(CONFIG_BT_HS))
642 settings |= MGMT_SETTING_HS;
645 if (lmp_sc_capable(hdev))
646 settings |= MGMT_SETTING_SECURE_CONN;
649 if (lmp_le_capable(hdev)) {
650 settings |= MGMT_SETTING_LE;
651 settings |= MGMT_SETTING_ADVERTISING;
652 settings |= MGMT_SETTING_SECURE_CONN;
653 settings |= MGMT_SETTING_PRIVACY;
654 settings |= MGMT_SETTING_STATIC_ADDRESS;
657 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
659 settings |= MGMT_SETTING_CONFIGURATION;
664 static u32 get_current_settings(struct hci_dev *hdev)
668 if (hdev_is_powered(hdev))
669 settings |= MGMT_SETTING_POWERED;
671 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
672 settings |= MGMT_SETTING_CONNECTABLE;
674 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
675 settings |= MGMT_SETTING_FAST_CONNECTABLE;
677 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
678 settings |= MGMT_SETTING_DISCOVERABLE;
680 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
681 settings |= MGMT_SETTING_BONDABLE;
683 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
684 settings |= MGMT_SETTING_BREDR;
686 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
687 settings |= MGMT_SETTING_LE;
689 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
690 settings |= MGMT_SETTING_LINK_SECURITY;
692 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
693 settings |= MGMT_SETTING_SSP;
695 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
696 settings |= MGMT_SETTING_HS;
698 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
699 settings |= MGMT_SETTING_ADVERTISING;
701 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
702 settings |= MGMT_SETTING_SECURE_CONN;
704 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
705 settings |= MGMT_SETTING_DEBUG_KEYS;
707 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
708 settings |= MGMT_SETTING_PRIVACY;
710 /* The current setting for static address has two purposes. The
711 * first is to indicate if the static address will be used and
712 * the second is to indicate if it is actually set.
714 * This means if the static address is not configured, this flag
715 * will never be set. If the address is configured, then if the
716 * address is actually used decides if the flag is set or not.
718 * For single mode LE only controllers and dual-mode controllers
719 * with BR/EDR disabled, the existence of the static address will
722 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
723 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
724 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
725 if (bacmp(&hdev->static_addr, BDADDR_ANY))
726 settings |= MGMT_SETTING_STATIC_ADDRESS;
732 static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
734 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
737 static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
738 struct hci_dev *hdev,
741 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
744 u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
746 struct mgmt_pending_cmd *cmd;
748 /* If there's a pending mgmt command the flags will not yet have
749 * their final values, so check for this first.
751 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
753 struct mgmt_mode *cp = cmd->param;
755 return LE_AD_GENERAL;
756 else if (cp->val == 0x02)
757 return LE_AD_LIMITED;
759 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
760 return LE_AD_LIMITED;
761 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
762 return LE_AD_GENERAL;
768 bool mgmt_get_connectable(struct hci_dev *hdev)
770 struct mgmt_pending_cmd *cmd;
772 /* If there's a pending mgmt command the flag will not yet have
773 * it's final value, so check for this first.
775 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
777 struct mgmt_mode *cp = cmd->param;
782 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
785 static void service_cache_off(struct work_struct *work)
787 struct hci_dev *hdev = container_of(work, struct hci_dev,
789 struct hci_request req;
791 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
794 hci_req_init(&req, hdev);
798 __hci_req_update_eir(&req);
799 __hci_req_update_class(&req);
801 hci_dev_unlock(hdev);
803 hci_req_run(&req, NULL);
806 static void rpa_expired(struct work_struct *work)
808 struct hci_dev *hdev = container_of(work, struct hci_dev,
810 struct hci_request req;
814 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
816 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
819 /* The generation of a new RPA and programming it into the
820 * controller happens in the hci_req_enable_advertising()
823 hci_req_init(&req, hdev);
824 __hci_req_enable_advertising(&req);
825 hci_req_run(&req, NULL);
828 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
830 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
833 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
834 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
836 /* Non-mgmt controlled devices get this bit set
837 * implicitly so that pairing works for them, however
838 * for mgmt we require user-space to explicitly enable
841 hci_dev_clear_flag(hdev, HCI_BONDABLE);
844 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
845 void *data, u16 data_len)
847 struct mgmt_rp_read_info rp;
849 BT_DBG("sock %p %s", sk, hdev->name);
853 memset(&rp, 0, sizeof(rp));
855 bacpy(&rp.bdaddr, &hdev->bdaddr);
857 rp.version = hdev->hci_ver;
858 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
860 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
861 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
863 memcpy(rp.dev_class, hdev->dev_class, 3);
865 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
866 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
868 hci_dev_unlock(hdev);
870 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
874 static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
879 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
880 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
883 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
884 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
887 name_len = strlen(hdev->dev_name);
888 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
889 hdev->dev_name, name_len);
891 name_len = strlen(hdev->short_name);
892 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
893 hdev->short_name, name_len);
898 static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
899 void *data, u16 data_len)
902 struct mgmt_rp_read_ext_info *rp = (void *)buf;
905 BT_DBG("sock %p %s", sk, hdev->name);
907 memset(&buf, 0, sizeof(buf));
911 bacpy(&rp->bdaddr, &hdev->bdaddr);
913 rp->version = hdev->hci_ver;
914 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
916 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
917 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
920 eir_len = append_eir_data_to_buf(hdev, rp->eir);
921 rp->eir_len = cpu_to_le16(eir_len);
923 hci_dev_unlock(hdev);
925 /* If this command is called at least once, then the events
926 * for class of device and local name changes are disabled
927 * and only the new extended controller information event
930 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
931 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
932 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
934 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
935 sizeof(*rp) + eir_len);
938 static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
941 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
944 memset(buf, 0, sizeof(buf));
946 eir_len = append_eir_data_to_buf(hdev, ev->eir);
947 ev->eir_len = cpu_to_le16(eir_len);
949 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
950 sizeof(*ev) + eir_len,
951 HCI_MGMT_EXT_INFO_EVENTS, skip);
954 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
956 __le32 settings = cpu_to_le32(get_current_settings(hdev));
958 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
962 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
964 BT_DBG("%s status 0x%02x", hdev->name, status);
966 if (hci_conn_count(hdev) == 0) {
967 cancel_delayed_work(&hdev->power_off);
968 queue_work(hdev->req_workqueue, &hdev->power_off.work);
972 void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
974 struct mgmt_ev_advertising_added ev;
976 ev.instance = instance;
978 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
981 void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
984 struct mgmt_ev_advertising_removed ev;
986 ev.instance = instance;
988 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
991 static void cancel_adv_timeout(struct hci_dev *hdev)
993 if (hdev->adv_instance_timeout) {
994 hdev->adv_instance_timeout = 0;
995 cancel_delayed_work(&hdev->adv_instance_expire);
999 static int clean_up_hci_state(struct hci_dev *hdev)
1001 struct hci_request req;
1002 struct hci_conn *conn;
1003 bool discov_stopped;
1006 hci_req_init(&req, hdev);
1008 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1009 test_bit(HCI_PSCAN, &hdev->flags)) {
1011 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1014 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
1016 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1017 __hci_req_disable_advertising(&req);
1019 discov_stopped = hci_req_stop_discovery(&req);
1021 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1022 /* 0x15 == Terminated due to Power Off */
1023 __hci_abort_conn(&req, conn, 0x15);
1026 err = hci_req_run(&req, clean_up_hci_complete);
1027 if (!err && discov_stopped)
1028 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1033 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1036 struct mgmt_mode *cp = data;
1037 struct mgmt_pending_cmd *cmd;
1040 BT_DBG("request for %s", hdev->name);
1042 if (cp->val != 0x00 && cp->val != 0x01)
1043 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1044 MGMT_STATUS_INVALID_PARAMS);
1048 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
1049 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1054 if (!!cp->val == hdev_is_powered(hdev)) {
1055 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1059 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1066 queue_work(hdev->req_workqueue, &hdev->power_on);
1069 /* Disconnect connections, stop scans, etc */
1070 err = clean_up_hci_state(hdev);
1072 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1073 HCI_POWER_OFF_TIMEOUT);
1075 /* ENODATA means there were no HCI commands queued */
1076 if (err == -ENODATA) {
1077 cancel_delayed_work(&hdev->power_off);
1078 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1084 hci_dev_unlock(hdev);
1088 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1090 __le32 ev = cpu_to_le32(get_current_settings(hdev));
1092 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1093 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1096 int mgmt_new_settings(struct hci_dev *hdev)
1098 return new_settings(hdev, NULL);
1103 struct hci_dev *hdev;
1107 static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
1109 struct cmd_lookup *match = data;
1111 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1113 list_del(&cmd->list);
1115 if (match->sk == NULL) {
1116 match->sk = cmd->sk;
1117 sock_hold(match->sk);
1120 mgmt_pending_free(cmd);
1123 static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
1127 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1128 mgmt_pending_remove(cmd);
1131 static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1133 if (cmd->cmd_complete) {
1136 cmd->cmd_complete(cmd, *status);
1137 mgmt_pending_remove(cmd);
1142 cmd_status_rsp(cmd, data);
1145 static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1147 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1148 cmd->param, cmd->param_len);
1151 static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
1153 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1154 cmd->param, sizeof(struct mgmt_addr_info));
1157 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1159 if (!lmp_bredr_capable(hdev))
1160 return MGMT_STATUS_NOT_SUPPORTED;
1161 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1162 return MGMT_STATUS_REJECTED;
1164 return MGMT_STATUS_SUCCESS;
1167 static u8 mgmt_le_support(struct hci_dev *hdev)
1169 if (!lmp_le_capable(hdev))
1170 return MGMT_STATUS_NOT_SUPPORTED;
1171 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1172 return MGMT_STATUS_REJECTED;
1174 return MGMT_STATUS_SUCCESS;
1177 void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
1179 struct mgmt_pending_cmd *cmd;
1181 BT_DBG("status 0x%02x", status);
1185 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1190 u8 mgmt_err = mgmt_status(status);
1191 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1192 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1196 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1197 hdev->discov_timeout > 0) {
1198 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1199 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
1202 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1203 new_settings(hdev, cmd->sk);
1206 mgmt_pending_remove(cmd);
1209 hci_dev_unlock(hdev);
1212 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1215 struct mgmt_cp_set_discoverable *cp = data;
1216 struct mgmt_pending_cmd *cmd;
1220 BT_DBG("request for %s", hdev->name);
1222 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1223 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1224 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1225 MGMT_STATUS_REJECTED);
1227 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1228 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1229 MGMT_STATUS_INVALID_PARAMS);
1231 timeout = __le16_to_cpu(cp->timeout);
1233 /* Disabling discoverable requires that no timeout is set,
1234 * and enabling limited discoverable requires a timeout.
1236 if ((cp->val == 0x00 && timeout > 0) ||
1237 (cp->val == 0x02 && timeout == 0))
1238 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1239 MGMT_STATUS_INVALID_PARAMS);
1243 if (!hdev_is_powered(hdev) && timeout > 0) {
1244 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1245 MGMT_STATUS_NOT_POWERED);
1249 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1250 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1251 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1256 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
1257 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1258 MGMT_STATUS_REJECTED);
1262 if (!hdev_is_powered(hdev)) {
1263 bool changed = false;
1265 /* Setting limited discoverable when powered off is
1266 * not a valid operation since it requires a timeout
1267 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1269 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
1270 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
1274 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1279 err = new_settings(hdev, sk);
1284 /* If the current mode is the same, then just update the timeout
1285 * value with the new value. And if only the timeout gets updated,
1286 * then no need for any HCI transactions.
1288 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1289 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1290 HCI_LIMITED_DISCOVERABLE)) {
1291 cancel_delayed_work(&hdev->discov_off);
1292 hdev->discov_timeout = timeout;
1294 if (cp->val && hdev->discov_timeout > 0) {
1295 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1296 queue_delayed_work(hdev->req_workqueue,
1297 &hdev->discov_off, to);
1300 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1304 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1310 /* Cancel any potential discoverable timeout that might be
1311 * still active and store new timeout value. The arming of
1312 * the timeout happens in the complete handler.
1314 cancel_delayed_work(&hdev->discov_off);
1315 hdev->discov_timeout = timeout;
1318 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1320 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1322 /* Limited discoverable mode */
1323 if (cp->val == 0x02)
1324 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1326 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1328 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1332 hci_dev_unlock(hdev);
1336 void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
1338 struct mgmt_pending_cmd *cmd;
1340 BT_DBG("status 0x%02x", status);
1344 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1349 u8 mgmt_err = mgmt_status(status);
1350 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1354 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1355 new_settings(hdev, cmd->sk);
1358 mgmt_pending_remove(cmd);
1361 hci_dev_unlock(hdev);
1364 static int set_connectable_update_settings(struct hci_dev *hdev,
1365 struct sock *sk, u8 val)
1367 bool changed = false;
1370 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
1374 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1376 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1377 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1380 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1385 hci_req_update_scan(hdev);
1386 hci_update_background_scan(hdev);
1387 return new_settings(hdev, sk);
1393 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1396 struct mgmt_mode *cp = data;
1397 struct mgmt_pending_cmd *cmd;
1400 BT_DBG("request for %s", hdev->name);
1402 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1403 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1405 MGMT_STATUS_REJECTED);
1407 if (cp->val != 0x00 && cp->val != 0x01)
1408 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1409 MGMT_STATUS_INVALID_PARAMS);
1413 if (!hdev_is_powered(hdev)) {
1414 err = set_connectable_update_settings(hdev, sk, cp->val);
1418 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1419 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1420 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1425 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1432 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1434 if (hdev->discov_timeout > 0)
1435 cancel_delayed_work(&hdev->discov_off);
1437 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1438 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1439 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1442 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1446 hci_dev_unlock(hdev);
1450 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1453 struct mgmt_mode *cp = data;
1457 BT_DBG("request for %s", hdev->name);
1459 if (cp->val != 0x00 && cp->val != 0x01)
1460 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1461 MGMT_STATUS_INVALID_PARAMS);
1466 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
1468 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
1470 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1475 /* In limited privacy mode the change of bondable mode
1476 * may affect the local advertising address.
1478 if (hdev_is_powered(hdev) &&
1479 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1480 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1481 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1482 queue_work(hdev->req_workqueue,
1483 &hdev->discoverable_update);
1485 err = new_settings(hdev, sk);
1489 hci_dev_unlock(hdev);
1493 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1496 struct mgmt_mode *cp = data;
1497 struct mgmt_pending_cmd *cmd;
1501 BT_DBG("request for %s", hdev->name);
1503 status = mgmt_bredr_support(hdev);
1505 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1508 if (cp->val != 0x00 && cp->val != 0x01)
1509 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1510 MGMT_STATUS_INVALID_PARAMS);
1514 if (!hdev_is_powered(hdev)) {
1515 bool changed = false;
1517 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
1518 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
1522 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1527 err = new_settings(hdev, sk);
1532 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1533 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1540 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1541 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1545 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1551 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1553 mgmt_pending_remove(cmd);
1558 hci_dev_unlock(hdev);
1562 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1564 struct mgmt_mode *cp = data;
1565 struct mgmt_pending_cmd *cmd;
1569 BT_DBG("request for %s", hdev->name);
1571 status = mgmt_bredr_support(hdev);
1573 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1575 if (!lmp_ssp_capable(hdev))
1576 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1577 MGMT_STATUS_NOT_SUPPORTED);
1579 if (cp->val != 0x00 && cp->val != 0x01)
1580 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1581 MGMT_STATUS_INVALID_PARAMS);
1585 if (!hdev_is_powered(hdev)) {
1589 changed = !hci_dev_test_and_set_flag(hdev,
1592 changed = hci_dev_test_and_clear_flag(hdev,
1595 changed = hci_dev_test_and_clear_flag(hdev,
1598 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1601 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1606 err = new_settings(hdev, sk);
1611 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1612 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1617 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
1618 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1622 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1628 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
1629 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1630 sizeof(cp->val), &cp->val);
1632 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1634 mgmt_pending_remove(cmd);
1639 hci_dev_unlock(hdev);
1643 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1645 struct mgmt_mode *cp = data;
1650 BT_DBG("request for %s", hdev->name);
1652 if (!IS_ENABLED(CONFIG_BT_HS))
1653 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1654 MGMT_STATUS_NOT_SUPPORTED);
1656 status = mgmt_bredr_support(hdev);
1658 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1660 if (!lmp_ssp_capable(hdev))
1661 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1662 MGMT_STATUS_NOT_SUPPORTED);
1664 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
1665 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1666 MGMT_STATUS_REJECTED);
1668 if (cp->val != 0x00 && cp->val != 0x01)
1669 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1670 MGMT_STATUS_INVALID_PARAMS);
1674 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
1675 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1681 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
1683 if (hdev_is_powered(hdev)) {
1684 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1685 MGMT_STATUS_REJECTED);
1689 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
1692 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1697 err = new_settings(hdev, sk);
1700 hci_dev_unlock(hdev);
1704 static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1706 struct cmd_lookup match = { NULL, hdev };
1711 u8 mgmt_err = mgmt_status(status);
1713 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1718 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1720 new_settings(hdev, match.sk);
1725 /* Make sure the controller has a good default for
1726 * advertising data. Restrict the update to when LE
1727 * has actually been enabled. During power on, the
1728 * update in powered_update_hci will take care of it.
1730 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1731 struct hci_request req;
1733 hci_req_init(&req, hdev);
1734 __hci_req_update_adv_data(&req, 0x00);
1735 __hci_req_update_scan_rsp_data(&req, 0x00);
1736 hci_req_run(&req, NULL);
1737 hci_update_background_scan(hdev);
1741 hci_dev_unlock(hdev);
1744 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1746 struct mgmt_mode *cp = data;
1747 struct hci_cp_write_le_host_supported hci_cp;
1748 struct mgmt_pending_cmd *cmd;
1749 struct hci_request req;
1753 BT_DBG("request for %s", hdev->name);
1755 if (!lmp_le_capable(hdev))
1756 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1757 MGMT_STATUS_NOT_SUPPORTED);
1759 if (cp->val != 0x00 && cp->val != 0x01)
1760 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1761 MGMT_STATUS_INVALID_PARAMS);
1763 /* Bluetooth single mode LE only controllers or dual-mode
1764 * controllers configured as LE only devices, do not allow
1765 * switching LE off. These have either LE enabled explicitly
1766 * or BR/EDR has been previously switched off.
1768 * When trying to enable an already enabled LE, then gracefully
1769 * send a positive response. Trying to disable it however will
1770 * result into rejection.
1772 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1773 if (cp->val == 0x01)
1774 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1776 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1777 MGMT_STATUS_REJECTED);
1783 enabled = lmp_host_le_capable(hdev);
1786 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
1788 if (!hdev_is_powered(hdev) || val == enabled) {
1789 bool changed = false;
1791 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
1792 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
1796 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
1797 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
1801 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1806 err = new_settings(hdev, sk);
1811 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1812 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1813 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1818 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1824 hci_req_init(&req, hdev);
1826 memset(&hci_cp, 0, sizeof(hci_cp));
1830 hci_cp.simul = 0x00;
1832 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1833 __hci_req_disable_advertising(&req);
1836 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1839 err = hci_req_run(&req, le_enable_complete);
1841 mgmt_pending_remove(cmd);
1844 hci_dev_unlock(hdev);
1848 /* This is a helper function to test for pending mgmt commands that can
1849 * cause CoD or EIR HCI commands. We can only allow one such pending
1850 * mgmt command at a time since otherwise we cannot easily track what
1851 * the current values are, will be, and based on that calculate if a new
1852 * HCI command needs to be sent and if yes with what value.
1854 static bool pending_eir_or_class(struct hci_dev *hdev)
1856 struct mgmt_pending_cmd *cmd;
1858 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1859 switch (cmd->opcode) {
1860 case MGMT_OP_ADD_UUID:
1861 case MGMT_OP_REMOVE_UUID:
1862 case MGMT_OP_SET_DEV_CLASS:
1863 case MGMT_OP_SET_POWERED:
1871 static const u8 bluetooth_base_uuid[] = {
1872 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1873 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1876 static u8 get_uuid_size(const u8 *uuid)
1880 if (memcmp(uuid, bluetooth_base_uuid, 12))
1883 val = get_unaligned_le32(&uuid[12]);
1890 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1892 struct mgmt_pending_cmd *cmd;
1896 cmd = pending_find(mgmt_op, hdev);
1900 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
1901 mgmt_status(status), hdev->dev_class, 3);
1903 mgmt_pending_remove(cmd);
1906 hci_dev_unlock(hdev);
1909 static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1911 BT_DBG("status 0x%02x", status);
1913 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1916 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1918 struct mgmt_cp_add_uuid *cp = data;
1919 struct mgmt_pending_cmd *cmd;
1920 struct hci_request req;
1921 struct bt_uuid *uuid;
1924 BT_DBG("request for %s", hdev->name);
1928 if (pending_eir_or_class(hdev)) {
1929 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1934 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1940 memcpy(uuid->uuid, cp->uuid, 16);
1941 uuid->svc_hint = cp->svc_hint;
1942 uuid->size = get_uuid_size(cp->uuid);
1944 list_add_tail(&uuid->list, &hdev->uuids);
1946 hci_req_init(&req, hdev);
1948 __hci_req_update_class(&req);
1949 __hci_req_update_eir(&req);
1951 err = hci_req_run(&req, add_uuid_complete);
1953 if (err != -ENODATA)
1956 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1957 hdev->dev_class, 3);
1961 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1970 hci_dev_unlock(hdev);
1974 static bool enable_service_cache(struct hci_dev *hdev)
1976 if (!hdev_is_powered(hdev))
1979 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
1980 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1988 static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1990 BT_DBG("status 0x%02x", status);
1992 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1995 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1998 struct mgmt_cp_remove_uuid *cp = data;
1999 struct mgmt_pending_cmd *cmd;
2000 struct bt_uuid *match, *tmp;
2001 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2002 struct hci_request req;
2005 BT_DBG("request for %s", hdev->name);
2009 if (pending_eir_or_class(hdev)) {
2010 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2015 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2016 hci_uuids_clear(hdev);
2018 if (enable_service_cache(hdev)) {
2019 err = mgmt_cmd_complete(sk, hdev->id,
2020 MGMT_OP_REMOVE_UUID,
2021 0, hdev->dev_class, 3);
2030 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2031 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2034 list_del(&match->list);
2040 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2041 MGMT_STATUS_INVALID_PARAMS);
2046 hci_req_init(&req, hdev);
2048 __hci_req_update_class(&req);
2049 __hci_req_update_eir(&req);
2051 err = hci_req_run(&req, remove_uuid_complete);
2053 if (err != -ENODATA)
2056 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2057 hdev->dev_class, 3);
2061 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2070 hci_dev_unlock(hdev);
2074 static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
2076 BT_DBG("status 0x%02x", status);
2078 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2081 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2084 struct mgmt_cp_set_dev_class *cp = data;
2085 struct mgmt_pending_cmd *cmd;
2086 struct hci_request req;
2089 BT_DBG("request for %s", hdev->name);
2091 if (!lmp_bredr_capable(hdev))
2092 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2093 MGMT_STATUS_NOT_SUPPORTED);
2097 if (pending_eir_or_class(hdev)) {
2098 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2103 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2104 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2105 MGMT_STATUS_INVALID_PARAMS);
2109 hdev->major_class = cp->major;
2110 hdev->minor_class = cp->minor;
2112 if (!hdev_is_powered(hdev)) {
2113 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2114 hdev->dev_class, 3);
2118 hci_req_init(&req, hdev);
2120 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2121 hci_dev_unlock(hdev);
2122 cancel_delayed_work_sync(&hdev->service_cache);
2124 __hci_req_update_eir(&req);
2127 __hci_req_update_class(&req);
2129 err = hci_req_run(&req, set_class_complete);
2131 if (err != -ENODATA)
2134 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2135 hdev->dev_class, 3);
2139 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2148 hci_dev_unlock(hdev);
2152 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2155 struct mgmt_cp_load_link_keys *cp = data;
2156 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2157 sizeof(struct mgmt_link_key_info));
2158 u16 key_count, expected_len;
2162 BT_DBG("request for %s", hdev->name);
2164 if (!lmp_bredr_capable(hdev))
2165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2166 MGMT_STATUS_NOT_SUPPORTED);
2168 key_count = __le16_to_cpu(cp->key_count);
2169 if (key_count > max_key_count) {
2170 BT_ERR("load_link_keys: too big key_count value %u",
2172 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2173 MGMT_STATUS_INVALID_PARAMS);
2176 expected_len = sizeof(*cp) + key_count *
2177 sizeof(struct mgmt_link_key_info);
2178 if (expected_len != len) {
2179 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2181 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2182 MGMT_STATUS_INVALID_PARAMS);
2185 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2186 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2187 MGMT_STATUS_INVALID_PARAMS);
2189 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2192 for (i = 0; i < key_count; i++) {
2193 struct mgmt_link_key_info *key = &cp->keys[i];
2195 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2196 return mgmt_cmd_status(sk, hdev->id,
2197 MGMT_OP_LOAD_LINK_KEYS,
2198 MGMT_STATUS_INVALID_PARAMS);
2203 hci_link_keys_clear(hdev);
2206 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
2208 changed = hci_dev_test_and_clear_flag(hdev,
2209 HCI_KEEP_DEBUG_KEYS);
2212 new_settings(hdev, NULL);
2214 for (i = 0; i < key_count; i++) {
2215 struct mgmt_link_key_info *key = &cp->keys[i];
2217 /* Always ignore debug keys and require a new pairing if
2218 * the user wants to use them.
2220 if (key->type == HCI_LK_DEBUG_COMBINATION)
2223 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2224 key->type, key->pin_len, NULL);
2227 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2229 hci_dev_unlock(hdev);
2234 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2235 u8 addr_type, struct sock *skip_sk)
2237 struct mgmt_ev_device_unpaired ev;
2239 bacpy(&ev.addr.bdaddr, bdaddr);
2240 ev.addr.type = addr_type;
2242 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2246 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2249 struct mgmt_cp_unpair_device *cp = data;
2250 struct mgmt_rp_unpair_device rp;
2251 struct hci_conn_params *params;
2252 struct mgmt_pending_cmd *cmd;
2253 struct hci_conn *conn;
2257 memset(&rp, 0, sizeof(rp));
2258 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2259 rp.addr.type = cp->addr.type;
2261 if (!bdaddr_type_is_valid(cp->addr.type))
2262 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2263 MGMT_STATUS_INVALID_PARAMS,
2266 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2267 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2268 MGMT_STATUS_INVALID_PARAMS,
2273 if (!hdev_is_powered(hdev)) {
2274 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2275 MGMT_STATUS_NOT_POWERED, &rp,
2280 if (cp->addr.type == BDADDR_BREDR) {
2281 /* If disconnection is requested, then look up the
2282 * connection. If the remote device is connected, it
2283 * will be later used to terminate the link.
2285 * Setting it to NULL explicitly will cause no
2286 * termination of the link.
2289 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2294 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2296 err = mgmt_cmd_complete(sk, hdev->id,
2297 MGMT_OP_UNPAIR_DEVICE,
2298 MGMT_STATUS_NOT_PAIRED, &rp,
2306 /* LE address type */
2307 addr_type = le_addr_type(cp->addr.type);
2309 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2310 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
2312 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2313 MGMT_STATUS_NOT_PAIRED, &rp,
2318 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2320 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2325 /* Defer clearing up the connection parameters until closing to
2326 * give a chance of keeping them if a repairing happens.
2328 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2330 /* Disable auto-connection parameters if present */
2331 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2333 if (params->explicit_connect)
2334 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2336 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2339 /* If disconnection is not requested, then clear the connection
2340 * variable so that the link is not terminated.
2342 if (!cp->disconnect)
2346 /* If the connection variable is set, then termination of the
2347 * link is requested.
2350 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2352 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2356 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2363 cmd->cmd_complete = addr_cmd_complete;
2365 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
2367 mgmt_pending_remove(cmd);
2370 hci_dev_unlock(hdev);
2374 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2377 struct mgmt_cp_disconnect *cp = data;
2378 struct mgmt_rp_disconnect rp;
2379 struct mgmt_pending_cmd *cmd;
2380 struct hci_conn *conn;
2385 memset(&rp, 0, sizeof(rp));
2386 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2387 rp.addr.type = cp->addr.type;
2389 if (!bdaddr_type_is_valid(cp->addr.type))
2390 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2391 MGMT_STATUS_INVALID_PARAMS,
2396 if (!test_bit(HCI_UP, &hdev->flags)) {
2397 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2398 MGMT_STATUS_NOT_POWERED, &rp,
2403 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2404 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2405 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2409 if (cp->addr.type == BDADDR_BREDR)
2410 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2413 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2414 le_addr_type(cp->addr.type));
2416 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2417 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2418 MGMT_STATUS_NOT_CONNECTED, &rp,
2423 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2429 cmd->cmd_complete = generic_cmd_complete;
2431 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2433 mgmt_pending_remove(cmd);
2436 hci_dev_unlock(hdev);
2440 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2442 switch (link_type) {
2444 switch (addr_type) {
2445 case ADDR_LE_DEV_PUBLIC:
2446 return BDADDR_LE_PUBLIC;
2449 /* Fallback to LE Random address type */
2450 return BDADDR_LE_RANDOM;
2454 /* Fallback to BR/EDR type */
2455 return BDADDR_BREDR;
2459 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2462 struct mgmt_rp_get_connections *rp;
2472 if (!hdev_is_powered(hdev)) {
2473 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2474 MGMT_STATUS_NOT_POWERED);
2479 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2480 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2484 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2485 rp = kmalloc(rp_len, GFP_KERNEL);
2492 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2493 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2495 bacpy(&rp->addr[i].bdaddr, &c->dst);
2496 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2497 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2502 rp->conn_count = cpu_to_le16(i);
2504 /* Recalculate length in case of filtered SCO connections, etc */
2505 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2507 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2513 hci_dev_unlock(hdev);
2517 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2518 struct mgmt_cp_pin_code_neg_reply *cp)
2520 struct mgmt_pending_cmd *cmd;
2523 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2528 cmd->cmd_complete = addr_cmd_complete;
2530 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2531 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2533 mgmt_pending_remove(cmd);
2538 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2541 struct hci_conn *conn;
2542 struct mgmt_cp_pin_code_reply *cp = data;
2543 struct hci_cp_pin_code_reply reply;
2544 struct mgmt_pending_cmd *cmd;
2551 if (!hdev_is_powered(hdev)) {
2552 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2553 MGMT_STATUS_NOT_POWERED);
2557 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2559 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2560 MGMT_STATUS_NOT_CONNECTED);
2564 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2565 struct mgmt_cp_pin_code_neg_reply ncp;
2567 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2569 BT_ERR("PIN code is not 16 bytes long");
2571 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2573 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2574 MGMT_STATUS_INVALID_PARAMS);
2579 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2585 cmd->cmd_complete = addr_cmd_complete;
2587 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2588 reply.pin_len = cp->pin_len;
2589 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2591 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2593 mgmt_pending_remove(cmd);
2596 hci_dev_unlock(hdev);
2600 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2603 struct mgmt_cp_set_io_capability *cp = data;
2607 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2608 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2609 MGMT_STATUS_INVALID_PARAMS);
2613 hdev->io_capability = cp->io_capability;
2615 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2616 hdev->io_capability);
2618 hci_dev_unlock(hdev);
2620 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2624 static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
2626 struct hci_dev *hdev = conn->hdev;
2627 struct mgmt_pending_cmd *cmd;
2629 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2630 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2633 if (cmd->user_data != conn)
2642 static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
2644 struct mgmt_rp_pair_device rp;
2645 struct hci_conn *conn = cmd->user_data;
2648 bacpy(&rp.addr.bdaddr, &conn->dst);
2649 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2651 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2652 status, &rp, sizeof(rp));
2654 /* So we don't get further callbacks for this connection */
2655 conn->connect_cfm_cb = NULL;
2656 conn->security_cfm_cb = NULL;
2657 conn->disconn_cfm_cb = NULL;
2659 hci_conn_drop(conn);
2661 /* The device is paired so there is no need to remove
2662 * its connection parameters anymore.
2664 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2671 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2673 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2674 struct mgmt_pending_cmd *cmd;
2676 cmd = find_pairing(conn);
2678 cmd->cmd_complete(cmd, status);
2679 mgmt_pending_remove(cmd);
2683 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2685 struct mgmt_pending_cmd *cmd;
2687 BT_DBG("status %u", status);
2689 cmd = find_pairing(conn);
2691 BT_DBG("Unable to find a pending command");
2695 cmd->cmd_complete(cmd, mgmt_status(status));
2696 mgmt_pending_remove(cmd);
2699 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2701 struct mgmt_pending_cmd *cmd;
2703 BT_DBG("status %u", status);
2708 cmd = find_pairing(conn);
2710 BT_DBG("Unable to find a pending command");
2714 cmd->cmd_complete(cmd, mgmt_status(status));
2715 mgmt_pending_remove(cmd);
2718 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2721 struct mgmt_cp_pair_device *cp = data;
2722 struct mgmt_rp_pair_device rp;
2723 struct mgmt_pending_cmd *cmd;
2724 u8 sec_level, auth_type;
2725 struct hci_conn *conn;
2730 memset(&rp, 0, sizeof(rp));
2731 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2732 rp.addr.type = cp->addr.type;
2734 if (!bdaddr_type_is_valid(cp->addr.type))
2735 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2736 MGMT_STATUS_INVALID_PARAMS,
2739 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2740 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2741 MGMT_STATUS_INVALID_PARAMS,
2746 if (!hdev_is_powered(hdev)) {
2747 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2748 MGMT_STATUS_NOT_POWERED, &rp,
2753 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2754 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2755 MGMT_STATUS_ALREADY_PAIRED, &rp,
2760 sec_level = BT_SECURITY_MEDIUM;
2761 auth_type = HCI_AT_DEDICATED_BONDING;
2763 if (cp->addr.type == BDADDR_BREDR) {
2764 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2767 u8 addr_type = le_addr_type(cp->addr.type);
2768 struct hci_conn_params *p;
2770 /* When pairing a new device, it is expected to remember
2771 * this device for future connections. Adding the connection
2772 * parameter information ahead of time allows tracking
2773 * of the slave preferred values and will speed up any
2774 * further connection establishment.
2776 * If connection parameters already exist, then they
2777 * will be kept and this function does nothing.
2779 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2781 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2782 p->auto_connect = HCI_AUTO_CONN_DISABLED;
2784 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2785 addr_type, sec_level,
2786 HCI_LE_CONN_TIMEOUT);
2792 if (PTR_ERR(conn) == -EBUSY)
2793 status = MGMT_STATUS_BUSY;
2794 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2795 status = MGMT_STATUS_NOT_SUPPORTED;
2796 else if (PTR_ERR(conn) == -ECONNREFUSED)
2797 status = MGMT_STATUS_REJECTED;
2799 status = MGMT_STATUS_CONNECT_FAILED;
2801 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2802 status, &rp, sizeof(rp));
2806 if (conn->connect_cfm_cb) {
2807 hci_conn_drop(conn);
2808 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2809 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2813 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2816 hci_conn_drop(conn);
2820 cmd->cmd_complete = pairing_complete;
2822 /* For LE, just connecting isn't a proof that the pairing finished */
2823 if (cp->addr.type == BDADDR_BREDR) {
2824 conn->connect_cfm_cb = pairing_complete_cb;
2825 conn->security_cfm_cb = pairing_complete_cb;
2826 conn->disconn_cfm_cb = pairing_complete_cb;
2828 conn->connect_cfm_cb = le_pairing_complete_cb;
2829 conn->security_cfm_cb = le_pairing_complete_cb;
2830 conn->disconn_cfm_cb = le_pairing_complete_cb;
2833 conn->io_capability = cp->io_cap;
2834 cmd->user_data = hci_conn_get(conn);
2836 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
2837 hci_conn_security(conn, sec_level, auth_type, true)) {
2838 cmd->cmd_complete(cmd, 0);
2839 mgmt_pending_remove(cmd);
2845 hci_dev_unlock(hdev);
2849 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2852 struct mgmt_addr_info *addr = data;
2853 struct mgmt_pending_cmd *cmd;
2854 struct hci_conn *conn;
2861 if (!hdev_is_powered(hdev)) {
2862 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2863 MGMT_STATUS_NOT_POWERED);
2867 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2869 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2870 MGMT_STATUS_INVALID_PARAMS);
2874 conn = cmd->user_data;
2876 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2877 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2878 MGMT_STATUS_INVALID_PARAMS);
2882 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
2883 mgmt_pending_remove(cmd);
2885 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2886 addr, sizeof(*addr));
2888 hci_dev_unlock(hdev);
2892 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2893 struct mgmt_addr_info *addr, u16 mgmt_op,
2894 u16 hci_op, __le32 passkey)
2896 struct mgmt_pending_cmd *cmd;
2897 struct hci_conn *conn;
2902 if (!hdev_is_powered(hdev)) {
2903 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2904 MGMT_STATUS_NOT_POWERED, addr,
2909 if (addr->type == BDADDR_BREDR)
2910 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2912 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
2913 le_addr_type(addr->type));
2916 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2917 MGMT_STATUS_NOT_CONNECTED, addr,
2922 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2923 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2925 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2926 MGMT_STATUS_SUCCESS, addr,
2929 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2930 MGMT_STATUS_FAILED, addr,
2936 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2942 cmd->cmd_complete = addr_cmd_complete;
2944 /* Continue with pairing via HCI */
2945 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2946 struct hci_cp_user_passkey_reply cp;
2948 bacpy(&cp.bdaddr, &addr->bdaddr);
2949 cp.passkey = passkey;
2950 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2952 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2956 mgmt_pending_remove(cmd);
2959 hci_dev_unlock(hdev);
2963 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2964 void *data, u16 len)
2966 struct mgmt_cp_pin_code_neg_reply *cp = data;
2970 return user_pairing_resp(sk, hdev, &cp->addr,
2971 MGMT_OP_PIN_CODE_NEG_REPLY,
2972 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2975 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2978 struct mgmt_cp_user_confirm_reply *cp = data;
2982 if (len != sizeof(*cp))
2983 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2984 MGMT_STATUS_INVALID_PARAMS);
2986 return user_pairing_resp(sk, hdev, &cp->addr,
2987 MGMT_OP_USER_CONFIRM_REPLY,
2988 HCI_OP_USER_CONFIRM_REPLY, 0);
2991 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2992 void *data, u16 len)
2994 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2998 return user_pairing_resp(sk, hdev, &cp->addr,
2999 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3000 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3003 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3006 struct mgmt_cp_user_passkey_reply *cp = data;
3010 return user_pairing_resp(sk, hdev, &cp->addr,
3011 MGMT_OP_USER_PASSKEY_REPLY,
3012 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3015 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3016 void *data, u16 len)
3018 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3022 return user_pairing_resp(sk, hdev, &cp->addr,
3023 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3024 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3027 static void adv_expire(struct hci_dev *hdev, u32 flags)
3029 struct adv_info *adv_instance;
3030 struct hci_request req;
3033 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3037 /* stop if current instance doesn't need to be changed */
3038 if (!(adv_instance->flags & flags))
3041 cancel_adv_timeout(hdev);
3043 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3047 hci_req_init(&req, hdev);
3048 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3053 hci_req_run(&req, NULL);
3056 static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
3058 struct mgmt_cp_set_local_name *cp;
3059 struct mgmt_pending_cmd *cmd;
3061 BT_DBG("status 0x%02x", status);
3065 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3072 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3073 mgmt_status(status));
3075 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3078 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3079 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3082 mgmt_pending_remove(cmd);
3085 hci_dev_unlock(hdev);
3088 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3091 struct mgmt_cp_set_local_name *cp = data;
3092 struct mgmt_pending_cmd *cmd;
3093 struct hci_request req;
3100 /* If the old values are the same as the new ones just return a
3101 * direct command complete event.
3103 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3104 !memcmp(hdev->short_name, cp->short_name,
3105 sizeof(hdev->short_name))) {
3106 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3111 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3113 if (!hdev_is_powered(hdev)) {
3114 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3116 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3121 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3122 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
3123 ext_info_changed(hdev, sk);
3128 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3134 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3136 hci_req_init(&req, hdev);
3138 if (lmp_bredr_capable(hdev)) {
3139 __hci_req_update_name(&req);
3140 __hci_req_update_eir(&req);
3143 /* The name is stored in the scan response data and so
3144 * no need to udpate the advertising data here.
3146 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3147 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3149 err = hci_req_run(&req, set_name_complete);
3151 mgmt_pending_remove(cmd);
3154 hci_dev_unlock(hdev);
3158 static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3161 struct mgmt_cp_set_appearance *cp = data;
3167 if (!lmp_le_capable(hdev))
3168 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3169 MGMT_STATUS_NOT_SUPPORTED);
3171 apperance = le16_to_cpu(cp->appearance);
3175 if (hdev->appearance != apperance) {
3176 hdev->appearance = apperance;
3178 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3179 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3181 ext_info_changed(hdev, sk);
3184 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3187 hci_dev_unlock(hdev);
3192 static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3193 u16 opcode, struct sk_buff *skb)
3195 struct mgmt_rp_read_local_oob_data mgmt_rp;
3196 size_t rp_size = sizeof(mgmt_rp);
3197 struct mgmt_pending_cmd *cmd;
3199 BT_DBG("%s status %u", hdev->name, status);
3201 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3205 if (status || !skb) {
3206 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3207 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3211 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3213 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3214 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3216 if (skb->len < sizeof(*rp)) {
3217 mgmt_cmd_status(cmd->sk, hdev->id,
3218 MGMT_OP_READ_LOCAL_OOB_DATA,
3219 MGMT_STATUS_FAILED);
3223 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3224 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3226 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3228 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3230 if (skb->len < sizeof(*rp)) {
3231 mgmt_cmd_status(cmd->sk, hdev->id,
3232 MGMT_OP_READ_LOCAL_OOB_DATA,
3233 MGMT_STATUS_FAILED);
3237 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3238 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3240 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3241 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3244 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3245 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3248 mgmt_pending_remove(cmd);
3251 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3252 void *data, u16 data_len)
3254 struct mgmt_pending_cmd *cmd;
3255 struct hci_request req;
3258 BT_DBG("%s", hdev->name);
3262 if (!hdev_is_powered(hdev)) {
3263 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3264 MGMT_STATUS_NOT_POWERED);
3268 if (!lmp_ssp_capable(hdev)) {
3269 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3270 MGMT_STATUS_NOT_SUPPORTED);
3274 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3275 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3280 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3286 hci_req_init(&req, hdev);
3288 if (bredr_sc_enabled(hdev))
3289 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
3291 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3293 err = hci_req_run_skb(&req, read_local_oob_data_complete);
3295 mgmt_pending_remove(cmd);
3298 hci_dev_unlock(hdev);
3302 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3303 void *data, u16 len)
3305 struct mgmt_addr_info *addr = data;
3308 BT_DBG("%s ", hdev->name);
3310 if (!bdaddr_type_is_valid(addr->type))
3311 return mgmt_cmd_complete(sk, hdev->id,
3312 MGMT_OP_ADD_REMOTE_OOB_DATA,
3313 MGMT_STATUS_INVALID_PARAMS,
3314 addr, sizeof(*addr));
3318 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3319 struct mgmt_cp_add_remote_oob_data *cp = data;
3322 if (cp->addr.type != BDADDR_BREDR) {
3323 err = mgmt_cmd_complete(sk, hdev->id,
3324 MGMT_OP_ADD_REMOTE_OOB_DATA,
3325 MGMT_STATUS_INVALID_PARAMS,
3326 &cp->addr, sizeof(cp->addr));
3330 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3331 cp->addr.type, cp->hash,
3332 cp->rand, NULL, NULL);
3334 status = MGMT_STATUS_FAILED;
3336 status = MGMT_STATUS_SUCCESS;
3338 err = mgmt_cmd_complete(sk, hdev->id,
3339 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3340 &cp->addr, sizeof(cp->addr));
3341 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3342 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3343 u8 *rand192, *hash192, *rand256, *hash256;
3346 if (bdaddr_type_is_le(cp->addr.type)) {
3347 /* Enforce zero-valued 192-bit parameters as
3348 * long as legacy SMP OOB isn't implemented.
3350 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3351 memcmp(cp->hash192, ZERO_KEY, 16)) {
3352 err = mgmt_cmd_complete(sk, hdev->id,
3353 MGMT_OP_ADD_REMOTE_OOB_DATA,
3354 MGMT_STATUS_INVALID_PARAMS,
3355 addr, sizeof(*addr));
3362 /* In case one of the P-192 values is set to zero,
3363 * then just disable OOB data for P-192.
3365 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3366 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3370 rand192 = cp->rand192;
3371 hash192 = cp->hash192;
3375 /* In case one of the P-256 values is set to zero, then just
3376 * disable OOB data for P-256.
3378 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3379 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3383 rand256 = cp->rand256;
3384 hash256 = cp->hash256;
3387 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3388 cp->addr.type, hash192, rand192,
3391 status = MGMT_STATUS_FAILED;
3393 status = MGMT_STATUS_SUCCESS;
3395 err = mgmt_cmd_complete(sk, hdev->id,
3396 MGMT_OP_ADD_REMOTE_OOB_DATA,
3397 status, &cp->addr, sizeof(cp->addr));
3399 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3400 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3401 MGMT_STATUS_INVALID_PARAMS);
3405 hci_dev_unlock(hdev);
3409 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3410 void *data, u16 len)
3412 struct mgmt_cp_remove_remote_oob_data *cp = data;
3416 BT_DBG("%s", hdev->name);
3418 if (cp->addr.type != BDADDR_BREDR)
3419 return mgmt_cmd_complete(sk, hdev->id,
3420 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3421 MGMT_STATUS_INVALID_PARAMS,
3422 &cp->addr, sizeof(cp->addr));
3426 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3427 hci_remote_oob_data_clear(hdev);
3428 status = MGMT_STATUS_SUCCESS;
3432 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
3434 status = MGMT_STATUS_INVALID_PARAMS;
3436 status = MGMT_STATUS_SUCCESS;
3439 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3440 status, &cp->addr, sizeof(cp->addr));
3442 hci_dev_unlock(hdev);
3446 void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
3448 struct mgmt_pending_cmd *cmd;
3450 BT_DBG("status %d", status);
3454 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
3456 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3459 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3462 cmd->cmd_complete(cmd, mgmt_status(status));
3463 mgmt_pending_remove(cmd);
3466 hci_dev_unlock(hdev);
3469 static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3470 uint8_t *mgmt_status)
3473 case DISCOV_TYPE_LE:
3474 *mgmt_status = mgmt_le_support(hdev);
3478 case DISCOV_TYPE_INTERLEAVED:
3479 *mgmt_status = mgmt_le_support(hdev);
3482 /* Intentional fall-through */
3483 case DISCOV_TYPE_BREDR:
3484 *mgmt_status = mgmt_bredr_support(hdev);
3489 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3496 static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3497 u16 op, void *data, u16 len)
3499 struct mgmt_cp_start_discovery *cp = data;
3500 struct mgmt_pending_cmd *cmd;
3504 BT_DBG("%s", hdev->name);
3508 if (!hdev_is_powered(hdev)) {
3509 err = mgmt_cmd_complete(sk, hdev->id, op,
3510 MGMT_STATUS_NOT_POWERED,
3511 &cp->type, sizeof(cp->type));
3515 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3516 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3517 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3518 &cp->type, sizeof(cp->type));
3522 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3523 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3524 &cp->type, sizeof(cp->type));
3528 /* Clear the discovery filter first to free any previously
3529 * allocated memory for the UUID list.
3531 hci_discovery_filter_clear(hdev);
3533 hdev->discovery.type = cp->type;
3534 hdev->discovery.report_invalid_rssi = false;
3535 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3536 hdev->discovery.limited = true;
3538 hdev->discovery.limited = false;
3540 cmd = mgmt_pending_add(sk, op, hdev, data, len);
3546 cmd->cmd_complete = generic_cmd_complete;
3548 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3549 queue_work(hdev->req_workqueue, &hdev->discov_update);
3553 hci_dev_unlock(hdev);
3557 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3558 void *data, u16 len)
3560 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3564 static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3565 void *data, u16 len)
3567 return start_discovery_internal(sk, hdev,
3568 MGMT_OP_START_LIMITED_DISCOVERY,
3572 static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3575 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3579 static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3580 void *data, u16 len)
3582 struct mgmt_cp_start_service_discovery *cp = data;
3583 struct mgmt_pending_cmd *cmd;
3584 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3585 u16 uuid_count, expected_len;
3589 BT_DBG("%s", hdev->name);
3593 if (!hdev_is_powered(hdev)) {
3594 err = mgmt_cmd_complete(sk, hdev->id,
3595 MGMT_OP_START_SERVICE_DISCOVERY,
3596 MGMT_STATUS_NOT_POWERED,
3597 &cp->type, sizeof(cp->type));
3601 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3602 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
3603 err = mgmt_cmd_complete(sk, hdev->id,
3604 MGMT_OP_START_SERVICE_DISCOVERY,
3605 MGMT_STATUS_BUSY, &cp->type,
3610 uuid_count = __le16_to_cpu(cp->uuid_count);
3611 if (uuid_count > max_uuid_count) {
3612 BT_ERR("service_discovery: too big uuid_count value %u",
3614 err = mgmt_cmd_complete(sk, hdev->id,
3615 MGMT_OP_START_SERVICE_DISCOVERY,
3616 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3621 expected_len = sizeof(*cp) + uuid_count * 16;
3622 if (expected_len != len) {
3623 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3625 err = mgmt_cmd_complete(sk, hdev->id,
3626 MGMT_OP_START_SERVICE_DISCOVERY,
3627 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3632 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3633 err = mgmt_cmd_complete(sk, hdev->id,
3634 MGMT_OP_START_SERVICE_DISCOVERY,
3635 status, &cp->type, sizeof(cp->type));
3639 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
3646 cmd->cmd_complete = service_discovery_cmd_complete;
3648 /* Clear the discovery filter first to free any previously
3649 * allocated memory for the UUID list.
3651 hci_discovery_filter_clear(hdev);
3653 hdev->discovery.result_filtering = true;
3654 hdev->discovery.type = cp->type;
3655 hdev->discovery.rssi = cp->rssi;
3656 hdev->discovery.uuid_count = uuid_count;
3658 if (uuid_count > 0) {
3659 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3661 if (!hdev->discovery.uuids) {
3662 err = mgmt_cmd_complete(sk, hdev->id,
3663 MGMT_OP_START_SERVICE_DISCOVERY,
3665 &cp->type, sizeof(cp->type));
3666 mgmt_pending_remove(cmd);
3671 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3672 queue_work(hdev->req_workqueue, &hdev->discov_update);
3676 hci_dev_unlock(hdev);
3680 void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
3682 struct mgmt_pending_cmd *cmd;
3684 BT_DBG("status %d", status);
3688 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3690 cmd->cmd_complete(cmd, mgmt_status(status));
3691 mgmt_pending_remove(cmd);
3694 hci_dev_unlock(hdev);
3697 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3700 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3701 struct mgmt_pending_cmd *cmd;
3704 BT_DBG("%s", hdev->name);
3708 if (!hci_discovery_active(hdev)) {
3709 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3710 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3711 sizeof(mgmt_cp->type));
3715 if (hdev->discovery.type != mgmt_cp->type) {
3716 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3717 MGMT_STATUS_INVALID_PARAMS,
3718 &mgmt_cp->type, sizeof(mgmt_cp->type));
3722 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
3728 cmd->cmd_complete = generic_cmd_complete;
3730 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3731 queue_work(hdev->req_workqueue, &hdev->discov_update);
3735 hci_dev_unlock(hdev);
3739 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3742 struct mgmt_cp_confirm_name *cp = data;
3743 struct inquiry_entry *e;
3746 BT_DBG("%s", hdev->name);
3750 if (!hci_discovery_active(hdev)) {
3751 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3752 MGMT_STATUS_FAILED, &cp->addr,
3757 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3759 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3760 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3765 if (cp->name_known) {
3766 e->name_state = NAME_KNOWN;
3769 e->name_state = NAME_NEEDED;
3770 hci_inquiry_cache_update_resolve(hdev, e);
3773 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
3774 &cp->addr, sizeof(cp->addr));
3777 hci_dev_unlock(hdev);
3781 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3784 struct mgmt_cp_block_device *cp = data;
3788 BT_DBG("%s", hdev->name);
3790 if (!bdaddr_type_is_valid(cp->addr.type))
3791 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3792 MGMT_STATUS_INVALID_PARAMS,
3793 &cp->addr, sizeof(cp->addr));
3797 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3800 status = MGMT_STATUS_FAILED;
3804 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3806 status = MGMT_STATUS_SUCCESS;
3809 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3810 &cp->addr, sizeof(cp->addr));
3812 hci_dev_unlock(hdev);
3817 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3820 struct mgmt_cp_unblock_device *cp = data;
3824 BT_DBG("%s", hdev->name);
3826 if (!bdaddr_type_is_valid(cp->addr.type))
3827 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3828 MGMT_STATUS_INVALID_PARAMS,
3829 &cp->addr, sizeof(cp->addr));
3833 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3836 status = MGMT_STATUS_INVALID_PARAMS;
3840 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3842 status = MGMT_STATUS_SUCCESS;
3845 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3846 &cp->addr, sizeof(cp->addr));
3848 hci_dev_unlock(hdev);
3853 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3856 struct mgmt_cp_set_device_id *cp = data;
3857 struct hci_request req;
3861 BT_DBG("%s", hdev->name);
3863 source = __le16_to_cpu(cp->source);
3865 if (source > 0x0002)
3866 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3867 MGMT_STATUS_INVALID_PARAMS);
3871 hdev->devid_source = source;
3872 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3873 hdev->devid_product = __le16_to_cpu(cp->product);
3874 hdev->devid_version = __le16_to_cpu(cp->version);
3876 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
3879 hci_req_init(&req, hdev);
3880 __hci_req_update_eir(&req);
3881 hci_req_run(&req, NULL);
3883 hci_dev_unlock(hdev);
3888 static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
3891 BT_DBG("status %d", status);
3894 static void set_advertising_complete(struct hci_dev *hdev, u8 status,
3897 struct cmd_lookup match = { NULL, hdev };
3898 struct hci_request req;
3900 struct adv_info *adv_instance;
3906 u8 mgmt_err = mgmt_status(status);
3908 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3909 cmd_status_rsp, &mgmt_err);
3913 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3914 hci_dev_set_flag(hdev, HCI_ADVERTISING);
3916 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
3918 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3921 new_settings(hdev, match.sk);
3926 /* If "Set Advertising" was just disabled and instance advertising was
3927 * set up earlier, then re-enable multi-instance advertising.
3929 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
3930 list_empty(&hdev->adv_instances))
3933 instance = hdev->cur_adv_instance;
3935 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
3936 struct adv_info, list);
3940 instance = adv_instance->instance;
3943 hci_req_init(&req, hdev);
3945 err = __hci_req_schedule_adv_instance(&req, instance, true);
3948 err = hci_req_run(&req, enable_advertising_instance);
3951 BT_ERR("Failed to re-configure advertising");
3954 hci_dev_unlock(hdev);
3957 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3960 struct mgmt_mode *cp = data;
3961 struct mgmt_pending_cmd *cmd;
3962 struct hci_request req;
3966 BT_DBG("request for %s", hdev->name);
3968 status = mgmt_le_support(hdev);
3970 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3973 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
3974 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3975 MGMT_STATUS_INVALID_PARAMS);
3981 /* The following conditions are ones which mean that we should
3982 * not do any HCI communication but directly send a mgmt
3983 * response to user space (after toggling the flag if
3986 if (!hdev_is_powered(hdev) ||
3987 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
3988 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
3989 hci_conn_num(hdev, LE_LINK) > 0 ||
3990 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
3991 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
3995 hdev->cur_adv_instance = 0x00;
3996 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
3997 if (cp->val == 0x02)
3998 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4000 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4002 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
4003 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4006 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4011 err = new_settings(hdev, sk);
4016 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4017 pending_find(MGMT_OP_SET_LE, hdev)) {
4018 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4023 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4029 hci_req_init(&req, hdev);
4031 if (cp->val == 0x02)
4032 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4034 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4036 cancel_adv_timeout(hdev);
4039 /* Switch to instance "0" for the Set Advertising setting.
4040 * We cannot use update_[adv|scan_rsp]_data() here as the
4041 * HCI_ADVERTISING flag is not yet set.
4043 hdev->cur_adv_instance = 0x00;
4044 __hci_req_update_adv_data(&req, 0x00);
4045 __hci_req_update_scan_rsp_data(&req, 0x00);
4046 __hci_req_enable_advertising(&req);
4048 __hci_req_disable_advertising(&req);
4051 err = hci_req_run(&req, set_advertising_complete);
4053 mgmt_pending_remove(cmd);
4056 hci_dev_unlock(hdev);
4060 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4061 void *data, u16 len)
4063 struct mgmt_cp_set_static_address *cp = data;
4066 BT_DBG("%s", hdev->name);
4068 if (!lmp_le_capable(hdev))
4069 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4070 MGMT_STATUS_NOT_SUPPORTED);
4072 if (hdev_is_powered(hdev))
4073 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4074 MGMT_STATUS_REJECTED);
4076 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4077 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4078 return mgmt_cmd_status(sk, hdev->id,
4079 MGMT_OP_SET_STATIC_ADDRESS,
4080 MGMT_STATUS_INVALID_PARAMS);
4082 /* Two most significant bits shall be set */
4083 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4084 return mgmt_cmd_status(sk, hdev->id,
4085 MGMT_OP_SET_STATIC_ADDRESS,
4086 MGMT_STATUS_INVALID_PARAMS);
4091 bacpy(&hdev->static_addr, &cp->bdaddr);
4093 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4097 err = new_settings(hdev, sk);
4100 hci_dev_unlock(hdev);
4104 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4105 void *data, u16 len)
4107 struct mgmt_cp_set_scan_params *cp = data;
4108 __u16 interval, window;
4111 BT_DBG("%s", hdev->name);
4113 if (!lmp_le_capable(hdev))
4114 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4115 MGMT_STATUS_NOT_SUPPORTED);
4117 interval = __le16_to_cpu(cp->interval);
4119 if (interval < 0x0004 || interval > 0x4000)
4120 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4121 MGMT_STATUS_INVALID_PARAMS);
4123 window = __le16_to_cpu(cp->window);
4125 if (window < 0x0004 || window > 0x4000)
4126 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4127 MGMT_STATUS_INVALID_PARAMS);
4129 if (window > interval)
4130 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4131 MGMT_STATUS_INVALID_PARAMS);
4135 hdev->le_scan_interval = interval;
4136 hdev->le_scan_window = window;
4138 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4141 /* If background scan is running, restart it so new parameters are
4144 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
4145 hdev->discovery.state == DISCOVERY_STOPPED) {
4146 struct hci_request req;
4148 hci_req_init(&req, hdev);
4150 hci_req_add_le_scan_disable(&req);
4151 hci_req_add_le_passive_scan(&req);
4153 hci_req_run(&req, NULL);
4156 hci_dev_unlock(hdev);
4161 static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4164 struct mgmt_pending_cmd *cmd;
4166 BT_DBG("status 0x%02x", status);
4170 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4175 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4176 mgmt_status(status));
4178 struct mgmt_mode *cp = cmd->param;
4181 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
4183 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4185 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4186 new_settings(hdev, cmd->sk);
4189 mgmt_pending_remove(cmd);
4192 hci_dev_unlock(hdev);
4195 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4196 void *data, u16 len)
4198 struct mgmt_mode *cp = data;
4199 struct mgmt_pending_cmd *cmd;
4200 struct hci_request req;
4203 BT_DBG("%s", hdev->name);
4205 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
4206 hdev->hci_ver < BLUETOOTH_VER_1_2)
4207 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4208 MGMT_STATUS_NOT_SUPPORTED);
4210 if (cp->val != 0x00 && cp->val != 0x01)
4211 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4212 MGMT_STATUS_INVALID_PARAMS);
4216 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4217 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4222 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
4223 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4228 if (!hdev_is_powered(hdev)) {
4229 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
4230 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4232 new_settings(hdev, sk);
4236 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4243 hci_req_init(&req, hdev);
4245 __hci_req_write_fast_connectable(&req, cp->val);
4247 err = hci_req_run(&req, fast_connectable_complete);
4249 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4250 MGMT_STATUS_FAILED);
4251 mgmt_pending_remove(cmd);
4255 hci_dev_unlock(hdev);
4260 static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4262 struct mgmt_pending_cmd *cmd;
4264 BT_DBG("status 0x%02x", status);
4268 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
4273 u8 mgmt_err = mgmt_status(status);
4275 /* We need to restore the flag if related HCI commands
4278 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
4280 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4282 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4283 new_settings(hdev, cmd->sk);
4286 mgmt_pending_remove(cmd);
4289 hci_dev_unlock(hdev);
4292 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4294 struct mgmt_mode *cp = data;
4295 struct mgmt_pending_cmd *cmd;
4296 struct hci_request req;
4299 BT_DBG("request for %s", hdev->name);
4301 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4302 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4303 MGMT_STATUS_NOT_SUPPORTED);
4305 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4306 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4307 MGMT_STATUS_REJECTED);
4309 if (cp->val != 0x00 && cp->val != 0x01)
4310 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4311 MGMT_STATUS_INVALID_PARAMS);
4315 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4316 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4320 if (!hdev_is_powered(hdev)) {
4322 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4323 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4324 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4325 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4326 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
4329 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
4331 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4335 err = new_settings(hdev, sk);
4339 /* Reject disabling when powered on */
4341 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4342 MGMT_STATUS_REJECTED);
4345 /* When configuring a dual-mode controller to operate
4346 * with LE only and using a static address, then switching
4347 * BR/EDR back on is not allowed.
4349 * Dual-mode controllers shall operate with the public
4350 * address as its identity address for BR/EDR and LE. So
4351 * reject the attempt to create an invalid configuration.
4353 * The same restrictions applies when secure connections
4354 * has been enabled. For BR/EDR this is a controller feature
4355 * while for LE it is a host stack feature. This means that
4356 * switching BR/EDR back on when secure connections has been
4357 * enabled is not a supported transaction.
4359 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4360 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4361 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
4362 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4363 MGMT_STATUS_REJECTED);
4368 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
4369 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4374 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4380 /* We need to flip the bit already here so that
4381 * hci_req_update_adv_data generates the correct flags.
4383 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
4385 hci_req_init(&req, hdev);
4387 __hci_req_write_fast_connectable(&req, false);
4388 __hci_req_update_scan(&req);
4390 /* Since only the advertising data flags will change, there
4391 * is no need to update the scan response data.
4393 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
4395 err = hci_req_run(&req, set_bredr_complete);
4397 mgmt_pending_remove(cmd);
4400 hci_dev_unlock(hdev);
4404 static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4406 struct mgmt_pending_cmd *cmd;
4407 struct mgmt_mode *cp;
4409 BT_DBG("%s status %u", hdev->name, status);
4413 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4418 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4419 mgmt_status(status));
4427 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4428 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4431 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4432 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4435 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4436 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4440 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4441 new_settings(hdev, cmd->sk);
4444 mgmt_pending_remove(cmd);
4446 hci_dev_unlock(hdev);
4449 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4450 void *data, u16 len)
4452 struct mgmt_mode *cp = data;
4453 struct mgmt_pending_cmd *cmd;
4454 struct hci_request req;
4458 BT_DBG("request for %s", hdev->name);
4460 if (!lmp_sc_capable(hdev) &&
4461 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
4462 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4463 MGMT_STATUS_NOT_SUPPORTED);
4465 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
4466 lmp_sc_capable(hdev) &&
4467 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
4468 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4469 MGMT_STATUS_REJECTED);
4471 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4472 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4473 MGMT_STATUS_INVALID_PARAMS);
4477 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
4478 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4482 changed = !hci_dev_test_and_set_flag(hdev,
4484 if (cp->val == 0x02)
4485 hci_dev_set_flag(hdev, HCI_SC_ONLY);
4487 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4489 changed = hci_dev_test_and_clear_flag(hdev,
4491 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
4494 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4499 err = new_settings(hdev, sk);
4504 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4505 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4512 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4513 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
4514 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4518 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4524 hci_req_init(&req, hdev);
4525 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4526 err = hci_req_run(&req, sc_enable_complete);
4528 mgmt_pending_remove(cmd);
4533 hci_dev_unlock(hdev);
4537 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4538 void *data, u16 len)
4540 struct mgmt_mode *cp = data;
4541 bool changed, use_changed;
4544 BT_DBG("request for %s", hdev->name);
4546 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4547 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4548 MGMT_STATUS_INVALID_PARAMS);
4553 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4555 changed = hci_dev_test_and_clear_flag(hdev,
4556 HCI_KEEP_DEBUG_KEYS);
4558 if (cp->val == 0x02)
4559 use_changed = !hci_dev_test_and_set_flag(hdev,
4560 HCI_USE_DEBUG_KEYS);
4562 use_changed = hci_dev_test_and_clear_flag(hdev,
4563 HCI_USE_DEBUG_KEYS);
4565 if (hdev_is_powered(hdev) && use_changed &&
4566 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
4567 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4568 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4569 sizeof(mode), &mode);
4572 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4577 err = new_settings(hdev, sk);
4580 hci_dev_unlock(hdev);
4584 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4587 struct mgmt_cp_set_privacy *cp = cp_data;
4591 BT_DBG("request for %s", hdev->name);
4593 if (!lmp_le_capable(hdev))
4594 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4595 MGMT_STATUS_NOT_SUPPORTED);
4597 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
4598 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4599 MGMT_STATUS_INVALID_PARAMS);
4601 if (hdev_is_powered(hdev))
4602 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4603 MGMT_STATUS_REJECTED);
4607 /* If user space supports this command it is also expected to
4608 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4610 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4613 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
4614 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4615 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
4616 if (cp->privacy == 0x02)
4617 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4619 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4621 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
4622 memset(hdev->irk, 0, sizeof(hdev->irk));
4623 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
4624 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
4627 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4632 err = new_settings(hdev, sk);
4635 hci_dev_unlock(hdev);
4639 static bool irk_is_valid(struct mgmt_irk_info *irk)
4641 switch (irk->addr.type) {
4642 case BDADDR_LE_PUBLIC:
4645 case BDADDR_LE_RANDOM:
4646 /* Two most significant bits shall be set */
4647 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4655 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4658 struct mgmt_cp_load_irks *cp = cp_data;
4659 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4660 sizeof(struct mgmt_irk_info));
4661 u16 irk_count, expected_len;
4664 BT_DBG("request for %s", hdev->name);
4666 if (!lmp_le_capable(hdev))
4667 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4668 MGMT_STATUS_NOT_SUPPORTED);
4670 irk_count = __le16_to_cpu(cp->irk_count);
4671 if (irk_count > max_irk_count) {
4672 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4673 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4674 MGMT_STATUS_INVALID_PARAMS);
4677 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4678 if (expected_len != len) {
4679 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4681 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4682 MGMT_STATUS_INVALID_PARAMS);
4685 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4687 for (i = 0; i < irk_count; i++) {
4688 struct mgmt_irk_info *key = &cp->irks[i];
4690 if (!irk_is_valid(key))
4691 return mgmt_cmd_status(sk, hdev->id,
4693 MGMT_STATUS_INVALID_PARAMS);
4698 hci_smp_irks_clear(hdev);
4700 for (i = 0; i < irk_count; i++) {
4701 struct mgmt_irk_info *irk = &cp->irks[i];
4703 hci_add_irk(hdev, &irk->addr.bdaddr,
4704 le_addr_type(irk->addr.type), irk->val,
4708 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
4710 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4712 hci_dev_unlock(hdev);
4718 static int set_advertising_params(struct sock *sk, struct hci_dev *hdev,
4719 void *data, u16 len)
4721 struct mgmt_cp_set_advertising_params *cp = data;
4726 BT_DBG("%s", hdev->name);
4728 if (!lmp_le_capable(hdev))
4729 return mgmt_cmd_status(sk, hdev->id,
4730 MGMT_OP_SET_ADVERTISING_PARAMS,
4731 MGMT_STATUS_NOT_SUPPORTED);
4733 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
4734 return mgmt_cmd_status(sk, hdev->id,
4735 MGMT_OP_SET_ADVERTISING_PARAMS,
4738 min_interval = __le16_to_cpu(cp->interval_min);
4739 max_interval = __le16_to_cpu(cp->interval_max);
4741 if (min_interval > max_interval ||
4742 min_interval < 0x0020 || max_interval > 0x4000)
4743 return mgmt_cmd_status(sk, hdev->id,
4744 MGMT_OP_SET_ADVERTISING_PARAMS,
4745 MGMT_STATUS_INVALID_PARAMS);
4749 hdev->le_adv_min_interval = min_interval;
4750 hdev->le_adv_max_interval = max_interval;
4751 hdev->adv_filter_policy = cp->filter_policy;
4752 hdev->adv_type = cp->type;
4754 err = mgmt_cmd_complete(sk, hdev->id,
4755 MGMT_OP_SET_ADVERTISING_PARAMS, 0, NULL, 0);
4757 hci_dev_unlock(hdev);
4762 static void set_advertising_data_complete(struct hci_dev *hdev,
4763 u8 status, u16 opcode)
4765 struct mgmt_cp_set_advertising_data *cp;
4766 struct mgmt_pending_cmd *cmd;
4768 BT_DBG("status 0x%02x", status);
4772 cmd = pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev);
4779 mgmt_cmd_status(cmd->sk, hdev->id,
4780 MGMT_OP_SET_ADVERTISING_DATA,
4781 mgmt_status(status));
4783 mgmt_cmd_complete(cmd->sk, hdev->id,
4784 MGMT_OP_SET_ADVERTISING_DATA, 0,
4787 mgmt_pending_remove(cmd);
4790 hci_dev_unlock(hdev);
4793 static int set_advertising_data(struct sock *sk, struct hci_dev *hdev,
4794 void *data, u16 len)
4796 struct mgmt_pending_cmd *cmd;
4797 struct hci_request req;
4798 struct mgmt_cp_set_advertising_data *cp = data;
4799 struct hci_cp_le_set_adv_data adv;
4802 BT_DBG("%s", hdev->name);
4804 if (!lmp_le_capable(hdev)) {
4805 return mgmt_cmd_status(sk, hdev->id,
4806 MGMT_OP_SET_ADVERTISING_DATA,
4807 MGMT_STATUS_NOT_SUPPORTED);
4812 if (pending_find(MGMT_OP_SET_ADVERTISING_DATA, hdev)) {
4813 err = mgmt_cmd_status(sk, hdev->id,
4814 MGMT_OP_SET_ADVERTISING_DATA,
4819 if (len > HCI_MAX_AD_LENGTH) {
4820 err = mgmt_cmd_status(sk, hdev->id,
4821 MGMT_OP_SET_ADVERTISING_DATA,
4822 MGMT_STATUS_INVALID_PARAMS);
4826 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING_DATA,
4833 hci_req_init(&req, hdev);
4835 memset(&adv, 0, sizeof(adv));
4836 memcpy(adv.data, cp->data, len);
4839 hci_req_add(&req, HCI_OP_LE_SET_ADV_DATA, sizeof(adv), &adv);
4841 err = hci_req_run(&req, set_advertising_data_complete);
4843 mgmt_pending_remove(cmd);
4846 hci_dev_unlock(hdev);
4851 static void set_scan_rsp_data_complete(struct hci_dev *hdev, u8 status,
4854 struct mgmt_cp_set_scan_rsp_data *cp;
4855 struct mgmt_pending_cmd *cmd;
4857 BT_DBG("status 0x%02x", status);
4861 cmd = pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev);
4868 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
4869 mgmt_status(status));
4871 mgmt_cmd_complete(cmd->sk, hdev->id,
4872 MGMT_OP_SET_SCAN_RSP_DATA, 0,
4875 mgmt_pending_remove(cmd);
4878 hci_dev_unlock(hdev);
4881 static int set_scan_rsp_data(struct sock *sk, struct hci_dev *hdev, void *data,
4884 struct mgmt_pending_cmd *cmd;
4885 struct hci_request req;
4886 struct mgmt_cp_set_scan_rsp_data *cp = data;
4887 struct hci_cp_le_set_scan_rsp_data rsp;
4890 BT_DBG("%s", hdev->name);
4892 if (!lmp_le_capable(hdev))
4893 return mgmt_cmd_status(sk, hdev->id,
4894 MGMT_OP_SET_SCAN_RSP_DATA,
4895 MGMT_STATUS_NOT_SUPPORTED);
4899 if (pending_find(MGMT_OP_SET_SCAN_RSP_DATA, hdev)) {
4900 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
4905 if (len > HCI_MAX_AD_LENGTH) {
4906 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_RSP_DATA,
4907 MGMT_STATUS_INVALID_PARAMS);
4911 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SCAN_RSP_DATA, hdev, data, len);
4917 hci_req_init(&req, hdev);
4919 memset(&rsp, 0, sizeof(rsp));
4920 memcpy(rsp.data, cp->data, len);
4923 hci_req_add(&req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(rsp), &rsp);
4925 err = hci_req_run(&req, set_scan_rsp_data_complete);
4927 mgmt_pending_remove(cmd);
4930 hci_dev_unlock(hdev);
4935 /* Adv White List feature */
4936 static void add_white_list_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4938 struct mgmt_cp_add_dev_white_list *cp;
4939 struct mgmt_pending_cmd *cmd;
4941 BT_DBG("status 0x%02x", status);
4945 cmd = pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev);
4952 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4953 mgmt_status(status));
4955 mgmt_cmd_complete(cmd->sk, hdev->id,
4956 MGMT_OP_ADD_DEV_WHITE_LIST, 0, cp, sizeof(*cp));
4958 mgmt_pending_remove(cmd);
4961 hci_dev_unlock(hdev);
4964 static int add_white_list(struct sock *sk, struct hci_dev *hdev,
4965 void *data, u16 len)
4967 struct mgmt_pending_cmd *cmd;
4968 struct mgmt_cp_add_dev_white_list *cp = data;
4969 struct hci_request req;
4972 BT_DBG("%s", hdev->name);
4974 if (!lmp_le_capable(hdev))
4975 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4976 MGMT_STATUS_NOT_SUPPORTED);
4978 if (!hdev_is_powered(hdev))
4979 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4980 MGMT_STATUS_REJECTED);
4984 if (pending_find(MGMT_OP_ADD_DEV_WHITE_LIST, hdev)) {
4985 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_DEV_WHITE_LIST,
4990 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEV_WHITE_LIST, hdev, data, len);
4996 hci_req_init(&req, hdev);
4998 hci_req_add(&req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(*cp), cp);
5000 err = hci_req_run(&req, add_white_list_complete);
5002 mgmt_pending_remove(cmd);
5007 hci_dev_unlock(hdev);
5012 static void remove_from_white_list_complete(struct hci_dev *hdev,
5013 u8 status, u16 opcode)
5015 struct mgmt_cp_remove_dev_from_white_list *cp;
5016 struct mgmt_pending_cmd *cmd;
5018 BT_DBG("status 0x%02x", status);
5022 cmd = pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev);
5029 mgmt_cmd_status(cmd->sk, hdev->id,
5030 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
5031 mgmt_status(status));
5033 mgmt_cmd_complete(cmd->sk, hdev->id,
5034 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, 0,
5037 mgmt_pending_remove(cmd);
5040 hci_dev_unlock(hdev);
5043 static int remove_from_white_list(struct sock *sk, struct hci_dev *hdev,
5044 void *data, u16 len)
5046 struct mgmt_pending_cmd *cmd;
5047 struct mgmt_cp_remove_dev_from_white_list *cp = data;
5048 struct hci_request req;
5051 BT_DBG("%s", hdev->name);
5053 if (!lmp_le_capable(hdev))
5054 return mgmt_cmd_status(sk, hdev->id,
5055 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
5056 MGMT_STATUS_NOT_SUPPORTED);
5058 if (!hdev_is_powered(hdev))
5059 return mgmt_cmd_status(sk, hdev->id,
5060 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
5061 MGMT_STATUS_REJECTED);
5065 if (pending_find(MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST, hdev)) {
5066 err = mgmt_cmd_status(sk, hdev->id,
5067 MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
5072 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEV_FROM_WHITE_LIST,
5079 hci_req_init(&req, hdev);
5081 hci_req_add(&req, HCI_OP_LE_DEL_FROM_WHITE_LIST, sizeof(*cp), cp);
5083 err = hci_req_run(&req, remove_from_white_list_complete);
5085 mgmt_pending_remove(cmd);
5090 hci_dev_unlock(hdev);
5095 static void clear_white_list_complete(struct hci_dev *hdev, u8 status,
5098 struct mgmt_pending_cmd *cmd;
5100 BT_DBG("status 0x%02x", status);
5104 cmd = pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev);
5109 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_CLEAR_DEV_WHITE_LIST,
5110 mgmt_status(status));
5112 mgmt_cmd_complete(cmd->sk, hdev->id,
5113 MGMT_OP_CLEAR_DEV_WHITE_LIST,
5116 mgmt_pending_remove(cmd);
5119 hci_dev_unlock(hdev);
5122 static int clear_white_list(struct sock *sk, struct hci_dev *hdev,
5123 void *data, u16 len)
5125 struct mgmt_pending_cmd *cmd;
5126 struct hci_request req;
5129 BT_DBG("%s", hdev->name);
5131 if (!lmp_le_capable(hdev))
5132 return mgmt_cmd_status(sk, hdev->id,
5133 MGMT_OP_CLEAR_DEV_WHITE_LIST,
5134 MGMT_STATUS_NOT_SUPPORTED);
5136 if (!hdev_is_powered(hdev))
5137 return mgmt_cmd_status(sk, hdev->id,
5138 MGMT_OP_CLEAR_DEV_WHITE_LIST,
5139 MGMT_STATUS_REJECTED);
5143 if (pending_find(MGMT_OP_CLEAR_DEV_WHITE_LIST, hdev)) {
5144 err = mgmt_cmd_status(sk, hdev->id,
5145 MGMT_OP_CLEAR_DEV_WHITE_LIST,
5150 cmd = mgmt_pending_add(sk, MGMT_OP_CLEAR_DEV_WHITE_LIST,
5157 hci_req_init(&req, hdev);
5159 hci_req_add(&req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
5161 err = hci_req_run(&req, clear_white_list_complete);
5163 mgmt_pending_remove(cmd);
5168 hci_dev_unlock(hdev);
5172 #endif /* TIZEN_BT */
5174 static bool ltk_is_valid(struct mgmt_ltk_info *key)
5176 if (key->master != 0x00 && key->master != 0x01)
5179 switch (key->addr.type) {
5180 case BDADDR_LE_PUBLIC:
5183 case BDADDR_LE_RANDOM:
5184 /* Two most significant bits shall be set */
5185 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5193 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
5194 void *cp_data, u16 len)
5196 struct mgmt_cp_load_long_term_keys *cp = cp_data;
5197 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5198 sizeof(struct mgmt_ltk_info));
5199 u16 key_count, expected_len;
5202 BT_DBG("request for %s", hdev->name);
5204 if (!lmp_le_capable(hdev))
5205 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5206 MGMT_STATUS_NOT_SUPPORTED);
5208 key_count = __le16_to_cpu(cp->key_count);
5209 if (key_count > max_key_count) {
5210 BT_ERR("load_ltks: too big key_count value %u", key_count);
5211 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5212 MGMT_STATUS_INVALID_PARAMS);
5215 expected_len = sizeof(*cp) + key_count *
5216 sizeof(struct mgmt_ltk_info);
5217 if (expected_len != len) {
5218 BT_ERR("load_keys: expected %u bytes, got %u bytes",
5220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5221 MGMT_STATUS_INVALID_PARAMS);
5224 BT_DBG("%s key_count %u", hdev->name, key_count);
5226 for (i = 0; i < key_count; i++) {
5227 struct mgmt_ltk_info *key = &cp->keys[i];
5229 if (!ltk_is_valid(key))
5230 return mgmt_cmd_status(sk, hdev->id,
5231 MGMT_OP_LOAD_LONG_TERM_KEYS,
5232 MGMT_STATUS_INVALID_PARAMS);
5237 hci_smp_ltks_clear(hdev);
5239 for (i = 0; i < key_count; i++) {
5240 struct mgmt_ltk_info *key = &cp->keys[i];
5241 u8 type, authenticated;
5243 switch (key->type) {
5244 case MGMT_LTK_UNAUTHENTICATED:
5245 authenticated = 0x00;
5246 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5248 case MGMT_LTK_AUTHENTICATED:
5249 authenticated = 0x01;
5250 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5252 case MGMT_LTK_P256_UNAUTH:
5253 authenticated = 0x00;
5254 type = SMP_LTK_P256;
5256 case MGMT_LTK_P256_AUTH:
5257 authenticated = 0x01;
5258 type = SMP_LTK_P256;
5260 case MGMT_LTK_P256_DEBUG:
5261 authenticated = 0x00;
5262 type = SMP_LTK_P256_DEBUG;
5267 hci_add_ltk(hdev, &key->addr.bdaddr,
5268 le_addr_type(key->addr.type), type, authenticated,
5269 key->val, key->enc_size, key->ediv, key->rand);
5272 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5275 hci_dev_unlock(hdev);
5280 static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5282 struct hci_conn *conn = cmd->user_data;
5283 struct mgmt_rp_get_conn_info rp;
5286 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5288 if (status == MGMT_STATUS_SUCCESS) {
5289 rp.rssi = conn->rssi;
5290 rp.tx_power = conn->tx_power;
5291 rp.max_tx_power = conn->max_tx_power;
5293 rp.rssi = HCI_RSSI_INVALID;
5294 rp.tx_power = HCI_TX_POWER_INVALID;
5295 rp.max_tx_power = HCI_TX_POWER_INVALID;
5298 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5299 status, &rp, sizeof(rp));
5301 hci_conn_drop(conn);
5307 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5310 struct hci_cp_read_rssi *cp;
5311 struct mgmt_pending_cmd *cmd;
5312 struct hci_conn *conn;
5316 BT_DBG("status 0x%02x", hci_status);
5320 /* Commands sent in request are either Read RSSI or Read Transmit Power
5321 * Level so we check which one was last sent to retrieve connection
5322 * handle. Both commands have handle as first parameter so it's safe to
5323 * cast data on the same command struct.
5325 * First command sent is always Read RSSI and we fail only if it fails.
5326 * In other case we simply override error to indicate success as we
5327 * already remembered if TX power value is actually valid.
5329 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5331 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5332 status = MGMT_STATUS_SUCCESS;
5334 status = mgmt_status(hci_status);
5338 BT_ERR("invalid sent_cmd in conn_info response");
5342 handle = __le16_to_cpu(cp->handle);
5343 conn = hci_conn_hash_lookup_handle(hdev, handle);
5345 BT_ERR("unknown handle (%d) in conn_info response", handle);
5349 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5353 cmd->cmd_complete(cmd, status);
5354 mgmt_pending_remove(cmd);
5357 hci_dev_unlock(hdev);
5360 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5363 struct mgmt_cp_get_conn_info *cp = data;
5364 struct mgmt_rp_get_conn_info rp;
5365 struct hci_conn *conn;
5366 unsigned long conn_info_age;
5369 BT_DBG("%s", hdev->name);
5371 memset(&rp, 0, sizeof(rp));
5372 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5373 rp.addr.type = cp->addr.type;
5375 if (!bdaddr_type_is_valid(cp->addr.type))
5376 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5377 MGMT_STATUS_INVALID_PARAMS,
5382 if (!hdev_is_powered(hdev)) {
5383 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5384 MGMT_STATUS_NOT_POWERED, &rp,
5389 if (cp->addr.type == BDADDR_BREDR)
5390 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5393 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5395 if (!conn || conn->state != BT_CONNECTED) {
5396 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5397 MGMT_STATUS_NOT_CONNECTED, &rp,
5402 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5403 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5404 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5408 /* To avoid client trying to guess when to poll again for information we
5409 * calculate conn info age as random value between min/max set in hdev.
5411 conn_info_age = hdev->conn_info_min_age +
5412 prandom_u32_max(hdev->conn_info_max_age -
5413 hdev->conn_info_min_age);
5415 /* Query controller to refresh cached values if they are too old or were
5418 if (time_after(jiffies, conn->conn_info_timestamp +
5419 msecs_to_jiffies(conn_info_age)) ||
5420 !conn->conn_info_timestamp) {
5421 struct hci_request req;
5422 struct hci_cp_read_tx_power req_txp_cp;
5423 struct hci_cp_read_rssi req_rssi_cp;
5424 struct mgmt_pending_cmd *cmd;
5426 hci_req_init(&req, hdev);
5427 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5428 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5431 /* For LE links TX power does not change thus we don't need to
5432 * query for it once value is known.
5434 if (!bdaddr_type_is_le(cp->addr.type) ||
5435 conn->tx_power == HCI_TX_POWER_INVALID) {
5436 req_txp_cp.handle = cpu_to_le16(conn->handle);
5437 req_txp_cp.type = 0x00;
5438 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5439 sizeof(req_txp_cp), &req_txp_cp);
5442 /* Max TX power needs to be read only once per connection */
5443 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5444 req_txp_cp.handle = cpu_to_le16(conn->handle);
5445 req_txp_cp.type = 0x01;
5446 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5447 sizeof(req_txp_cp), &req_txp_cp);
5450 err = hci_req_run(&req, conn_info_refresh_complete);
5454 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5461 hci_conn_hold(conn);
5462 cmd->user_data = hci_conn_get(conn);
5463 cmd->cmd_complete = conn_info_cmd_complete;
5465 conn->conn_info_timestamp = jiffies;
5467 /* Cache is valid, just reply with values cached in hci_conn */
5468 rp.rssi = conn->rssi;
5469 rp.tx_power = conn->tx_power;
5470 rp.max_tx_power = conn->max_tx_power;
5472 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5473 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5477 hci_dev_unlock(hdev);
5481 static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
5483 struct hci_conn *conn = cmd->user_data;
5484 struct mgmt_rp_get_clock_info rp;
5485 struct hci_dev *hdev;
5488 memset(&rp, 0, sizeof(rp));
5489 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
5494 hdev = hci_dev_get(cmd->index);
5496 rp.local_clock = cpu_to_le32(hdev->clock);
5501 rp.piconet_clock = cpu_to_le32(conn->clock);
5502 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5506 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5510 hci_conn_drop(conn);
5517 static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5519 struct hci_cp_read_clock *hci_cp;
5520 struct mgmt_pending_cmd *cmd;
5521 struct hci_conn *conn;
5523 BT_DBG("%s status %u", hdev->name, status);
5527 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5531 if (hci_cp->which) {
5532 u16 handle = __le16_to_cpu(hci_cp->handle);
5533 conn = hci_conn_hash_lookup_handle(hdev, handle);
5538 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5542 cmd->cmd_complete(cmd, mgmt_status(status));
5543 mgmt_pending_remove(cmd);
5546 hci_dev_unlock(hdev);
5549 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5552 struct mgmt_cp_get_clock_info *cp = data;
5553 struct mgmt_rp_get_clock_info rp;
5554 struct hci_cp_read_clock hci_cp;
5555 struct mgmt_pending_cmd *cmd;
5556 struct hci_request req;
5557 struct hci_conn *conn;
5560 BT_DBG("%s", hdev->name);
5562 memset(&rp, 0, sizeof(rp));
5563 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5564 rp.addr.type = cp->addr.type;
5566 if (cp->addr.type != BDADDR_BREDR)
5567 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5568 MGMT_STATUS_INVALID_PARAMS,
5573 if (!hdev_is_powered(hdev)) {
5574 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5575 MGMT_STATUS_NOT_POWERED, &rp,
5580 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5581 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5583 if (!conn || conn->state != BT_CONNECTED) {
5584 err = mgmt_cmd_complete(sk, hdev->id,
5585 MGMT_OP_GET_CLOCK_INFO,
5586 MGMT_STATUS_NOT_CONNECTED,
5594 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5600 cmd->cmd_complete = clock_info_cmd_complete;
5602 hci_req_init(&req, hdev);
5604 memset(&hci_cp, 0, sizeof(hci_cp));
5605 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5608 hci_conn_hold(conn);
5609 cmd->user_data = hci_conn_get(conn);
5611 hci_cp.handle = cpu_to_le16(conn->handle);
5612 hci_cp.which = 0x01; /* Piconet clock */
5613 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5616 err = hci_req_run(&req, get_clock_info_complete);
5618 mgmt_pending_remove(cmd);
5621 hci_dev_unlock(hdev);
5625 static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5627 struct hci_conn *conn;
5629 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5633 if (conn->dst_type != type)
5636 if (conn->state != BT_CONNECTED)
5642 /* This function requires the caller holds hdev->lock */
5643 static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5644 u8 addr_type, u8 auto_connect)
5646 struct hci_conn_params *params;
5648 params = hci_conn_params_add(hdev, addr, addr_type);
5652 if (params->auto_connect == auto_connect)
5655 list_del_init(¶ms->action);
5657 switch (auto_connect) {
5658 case HCI_AUTO_CONN_DISABLED:
5659 case HCI_AUTO_CONN_LINK_LOSS:
5660 /* If auto connect is being disabled when we're trying to
5661 * connect to device, keep connecting.
5663 if (params->explicit_connect)
5664 list_add(¶ms->action, &hdev->pend_le_conns);
5666 case HCI_AUTO_CONN_REPORT:
5667 if (params->explicit_connect)
5668 list_add(¶ms->action, &hdev->pend_le_conns);
5670 list_add(¶ms->action, &hdev->pend_le_reports);
5672 case HCI_AUTO_CONN_DIRECT:
5673 case HCI_AUTO_CONN_ALWAYS:
5674 if (!is_connected(hdev, addr, addr_type))
5675 list_add(¶ms->action, &hdev->pend_le_conns);
5679 params->auto_connect = auto_connect;
5681 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5687 static void device_added(struct sock *sk, struct hci_dev *hdev,
5688 bdaddr_t *bdaddr, u8 type, u8 action)
5690 struct mgmt_ev_device_added ev;
5692 bacpy(&ev.addr.bdaddr, bdaddr);
5693 ev.addr.type = type;
5696 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5699 static int add_device(struct sock *sk, struct hci_dev *hdev,
5700 void *data, u16 len)
5702 struct mgmt_cp_add_device *cp = data;
5703 u8 auto_conn, addr_type;
5706 BT_DBG("%s", hdev->name);
5708 if (!bdaddr_type_is_valid(cp->addr.type) ||
5709 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5710 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5711 MGMT_STATUS_INVALID_PARAMS,
5712 &cp->addr, sizeof(cp->addr));
5714 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5715 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5716 MGMT_STATUS_INVALID_PARAMS,
5717 &cp->addr, sizeof(cp->addr));
5721 if (cp->addr.type == BDADDR_BREDR) {
5722 /* Only incoming connections action is supported for now */
5723 if (cp->action != 0x01) {
5724 err = mgmt_cmd_complete(sk, hdev->id,
5726 MGMT_STATUS_INVALID_PARAMS,
5727 &cp->addr, sizeof(cp->addr));
5731 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5736 hci_req_update_scan(hdev);
5741 addr_type = le_addr_type(cp->addr.type);
5743 if (cp->action == 0x02)
5744 auto_conn = HCI_AUTO_CONN_ALWAYS;
5745 else if (cp->action == 0x01)
5746 auto_conn = HCI_AUTO_CONN_DIRECT;
5748 auto_conn = HCI_AUTO_CONN_REPORT;
5750 /* Kernel internally uses conn_params with resolvable private
5751 * address, but Add Device allows only identity addresses.
5752 * Make sure it is enforced before calling
5753 * hci_conn_params_lookup.
5755 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5756 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5757 MGMT_STATUS_INVALID_PARAMS,
5758 &cp->addr, sizeof(cp->addr));
5762 /* If the connection parameters don't exist for this device,
5763 * they will be created and configured with defaults.
5765 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5767 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5768 MGMT_STATUS_FAILED, &cp->addr,
5773 hci_update_background_scan(hdev);
5776 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5778 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5779 MGMT_STATUS_SUCCESS, &cp->addr,
5783 hci_dev_unlock(hdev);
5787 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5788 bdaddr_t *bdaddr, u8 type)
5790 struct mgmt_ev_device_removed ev;
5792 bacpy(&ev.addr.bdaddr, bdaddr);
5793 ev.addr.type = type;
5795 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5798 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5799 void *data, u16 len)
5801 struct mgmt_cp_remove_device *cp = data;
5804 BT_DBG("%s", hdev->name);
5808 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5809 struct hci_conn_params *params;
5812 if (!bdaddr_type_is_valid(cp->addr.type)) {
5813 err = mgmt_cmd_complete(sk, hdev->id,
5814 MGMT_OP_REMOVE_DEVICE,
5815 MGMT_STATUS_INVALID_PARAMS,
5816 &cp->addr, sizeof(cp->addr));
5820 if (cp->addr.type == BDADDR_BREDR) {
5821 err = hci_bdaddr_list_del(&hdev->whitelist,
5825 err = mgmt_cmd_complete(sk, hdev->id,
5826 MGMT_OP_REMOVE_DEVICE,
5827 MGMT_STATUS_INVALID_PARAMS,
5833 hci_req_update_scan(hdev);
5835 device_removed(sk, hdev, &cp->addr.bdaddr,
5840 addr_type = le_addr_type(cp->addr.type);
5842 /* Kernel internally uses conn_params with resolvable private
5843 * address, but Remove Device allows only identity addresses.
5844 * Make sure it is enforced before calling
5845 * hci_conn_params_lookup.
5847 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
5848 err = mgmt_cmd_complete(sk, hdev->id,
5849 MGMT_OP_REMOVE_DEVICE,
5850 MGMT_STATUS_INVALID_PARAMS,
5851 &cp->addr, sizeof(cp->addr));
5855 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5858 err = mgmt_cmd_complete(sk, hdev->id,
5859 MGMT_OP_REMOVE_DEVICE,
5860 MGMT_STATUS_INVALID_PARAMS,
5861 &cp->addr, sizeof(cp->addr));
5865 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5866 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
5867 err = mgmt_cmd_complete(sk, hdev->id,
5868 MGMT_OP_REMOVE_DEVICE,
5869 MGMT_STATUS_INVALID_PARAMS,
5870 &cp->addr, sizeof(cp->addr));
5874 list_del(¶ms->action);
5875 list_del(¶ms->list);
5877 hci_update_background_scan(hdev);
5879 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5881 struct hci_conn_params *p, *tmp;
5882 struct bdaddr_list *b, *btmp;
5884 if (cp->addr.type) {
5885 err = mgmt_cmd_complete(sk, hdev->id,
5886 MGMT_OP_REMOVE_DEVICE,
5887 MGMT_STATUS_INVALID_PARAMS,
5888 &cp->addr, sizeof(cp->addr));
5892 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5893 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5898 hci_req_update_scan(hdev);
5900 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5901 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5903 device_removed(sk, hdev, &p->addr, p->addr_type);
5904 if (p->explicit_connect) {
5905 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5908 list_del(&p->action);
5913 BT_DBG("All LE connection parameters were removed");
5915 hci_update_background_scan(hdev);
5919 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5920 MGMT_STATUS_SUCCESS, &cp->addr,
5923 hci_dev_unlock(hdev);
5927 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5930 struct mgmt_cp_load_conn_param *cp = data;
5931 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5932 sizeof(struct mgmt_conn_param));
5933 u16 param_count, expected_len;
5936 if (!lmp_le_capable(hdev))
5937 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5938 MGMT_STATUS_NOT_SUPPORTED);
5940 param_count = __le16_to_cpu(cp->param_count);
5941 if (param_count > max_param_count) {
5942 BT_ERR("load_conn_param: too big param_count value %u",
5944 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5945 MGMT_STATUS_INVALID_PARAMS);
5948 expected_len = sizeof(*cp) + param_count *
5949 sizeof(struct mgmt_conn_param);
5950 if (expected_len != len) {
5951 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5953 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5954 MGMT_STATUS_INVALID_PARAMS);
5957 BT_DBG("%s param_count %u", hdev->name, param_count);
5961 hci_conn_params_clear_disabled(hdev);
5963 for (i = 0; i < param_count; i++) {
5964 struct mgmt_conn_param *param = &cp->params[i];
5965 struct hci_conn_params *hci_param;
5966 u16 min, max, latency, timeout;
5969 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5972 if (param->addr.type == BDADDR_LE_PUBLIC) {
5973 addr_type = ADDR_LE_DEV_PUBLIC;
5974 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5975 addr_type = ADDR_LE_DEV_RANDOM;
5977 BT_ERR("Ignoring invalid connection parameters");
5981 min = le16_to_cpu(param->min_interval);
5982 max = le16_to_cpu(param->max_interval);
5983 latency = le16_to_cpu(param->latency);
5984 timeout = le16_to_cpu(param->timeout);
5986 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5987 min, max, latency, timeout);
5989 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5990 BT_ERR("Ignoring invalid connection parameters");
5994 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5997 BT_ERR("Failed to add connection parameters");
6001 hci_param->conn_min_interval = min;
6002 hci_param->conn_max_interval = max;
6003 hci_param->conn_latency = latency;
6004 hci_param->supervision_timeout = timeout;
6007 hci_dev_unlock(hdev);
6009 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6013 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6014 void *data, u16 len)
6016 struct mgmt_cp_set_external_config *cp = data;
6020 BT_DBG("%s", hdev->name);
6022 if (hdev_is_powered(hdev))
6023 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6024 MGMT_STATUS_REJECTED);
6026 if (cp->config != 0x00 && cp->config != 0x01)
6027 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6028 MGMT_STATUS_INVALID_PARAMS);
6030 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6031 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6032 MGMT_STATUS_NOT_SUPPORTED);
6037 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
6039 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
6041 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6048 err = new_options(hdev, sk);
6050 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
6051 mgmt_index_removed(hdev);
6053 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
6054 hci_dev_set_flag(hdev, HCI_CONFIG);
6055 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6057 queue_work(hdev->req_workqueue, &hdev->power_on);
6059 set_bit(HCI_RAW, &hdev->flags);
6060 mgmt_index_added(hdev);
6065 hci_dev_unlock(hdev);
6069 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6070 void *data, u16 len)
6072 struct mgmt_cp_set_public_address *cp = data;
6076 BT_DBG("%s", hdev->name);
6078 if (hdev_is_powered(hdev))
6079 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6080 MGMT_STATUS_REJECTED);
6082 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6083 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6084 MGMT_STATUS_INVALID_PARAMS);
6086 if (!hdev->set_bdaddr)
6087 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6088 MGMT_STATUS_NOT_SUPPORTED);
6092 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6093 bacpy(&hdev->public_addr, &cp->bdaddr);
6095 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6102 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
6103 err = new_options(hdev, sk);
6105 if (is_configured(hdev)) {
6106 mgmt_index_removed(hdev);
6108 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
6110 hci_dev_set_flag(hdev, HCI_CONFIG);
6111 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
6113 queue_work(hdev->req_workqueue, &hdev->power_on);
6117 hci_dev_unlock(hdev);
6121 static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6122 u16 opcode, struct sk_buff *skb)
6124 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6125 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6126 u8 *h192, *r192, *h256, *r256;
6127 struct mgmt_pending_cmd *cmd;
6131 BT_DBG("%s status %u", hdev->name, status);
6133 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6137 mgmt_cp = cmd->param;
6140 status = mgmt_status(status);
6147 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6148 struct hci_rp_read_local_oob_data *rp;
6150 if (skb->len != sizeof(*rp)) {
6151 status = MGMT_STATUS_FAILED;
6154 status = MGMT_STATUS_SUCCESS;
6155 rp = (void *)skb->data;
6157 eir_len = 5 + 18 + 18;
6164 struct hci_rp_read_local_oob_ext_data *rp;
6166 if (skb->len != sizeof(*rp)) {
6167 status = MGMT_STATUS_FAILED;
6170 status = MGMT_STATUS_SUCCESS;
6171 rp = (void *)skb->data;
6173 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6174 eir_len = 5 + 18 + 18;
6178 eir_len = 5 + 18 + 18 + 18 + 18;
6188 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6195 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6196 hdev->dev_class, 3);
6199 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6200 EIR_SSP_HASH_C192, h192, 16);
6201 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6202 EIR_SSP_RAND_R192, r192, 16);
6206 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6207 EIR_SSP_HASH_C256, h256, 16);
6208 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6209 EIR_SSP_RAND_R256, r256, 16);
6213 mgmt_rp->type = mgmt_cp->type;
6214 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6216 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6217 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6218 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6219 if (err < 0 || status)
6222 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6224 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6225 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6226 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6229 mgmt_pending_remove(cmd);
6232 static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6233 struct mgmt_cp_read_local_oob_ext_data *cp)
6235 struct mgmt_pending_cmd *cmd;
6236 struct hci_request req;
6239 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6244 hci_req_init(&req, hdev);
6246 if (bredr_sc_enabled(hdev))
6247 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6249 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6251 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6253 mgmt_pending_remove(cmd);
6260 static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6261 void *data, u16 data_len)
6263 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6264 struct mgmt_rp_read_local_oob_ext_data *rp;
6267 u8 status, flags, role, addr[7], hash[16], rand[16];
6270 BT_DBG("%s", hdev->name);
6272 if (hdev_is_powered(hdev)) {
6274 case BIT(BDADDR_BREDR):
6275 status = mgmt_bredr_support(hdev);
6281 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6282 status = mgmt_le_support(hdev);
6286 eir_len = 9 + 3 + 18 + 18 + 3;
6289 status = MGMT_STATUS_INVALID_PARAMS;
6294 status = MGMT_STATUS_NOT_POWERED;
6298 rp_len = sizeof(*rp) + eir_len;
6299 rp = kmalloc(rp_len, GFP_ATOMIC);
6310 case BIT(BDADDR_BREDR):
6311 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6312 err = read_local_ssp_oob_req(hdev, sk, cp);
6313 hci_dev_unlock(hdev);
6317 status = MGMT_STATUS_FAILED;
6320 eir_len = eir_append_data(rp->eir, eir_len,
6322 hdev->dev_class, 3);
6325 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6326 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6327 smp_generate_oob(hdev, hash, rand) < 0) {
6328 hci_dev_unlock(hdev);
6329 status = MGMT_STATUS_FAILED;
6333 /* This should return the active RPA, but since the RPA
6334 * is only programmed on demand, it is really hard to fill
6335 * this in at the moment. For now disallow retrieving
6336 * local out-of-band data when privacy is in use.
6338 * Returning the identity address will not help here since
6339 * pairing happens before the identity resolving key is
6340 * known and thus the connection establishment happens
6341 * based on the RPA and not the identity address.
6343 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6344 hci_dev_unlock(hdev);
6345 status = MGMT_STATUS_REJECTED;
6349 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6350 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6351 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6352 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6353 memcpy(addr, &hdev->static_addr, 6);
6356 memcpy(addr, &hdev->bdaddr, 6);
6360 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6361 addr, sizeof(addr));
6363 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6368 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6369 &role, sizeof(role));
6371 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6372 eir_len = eir_append_data(rp->eir, eir_len,
6374 hash, sizeof(hash));
6376 eir_len = eir_append_data(rp->eir, eir_len,
6378 rand, sizeof(rand));
6381 flags = mgmt_get_adv_discov_flags(hdev);
6383 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6384 flags |= LE_AD_NO_BREDR;
6386 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6387 &flags, sizeof(flags));
6391 hci_dev_unlock(hdev);
6393 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6395 status = MGMT_STATUS_SUCCESS;
6398 rp->type = cp->type;
6399 rp->eir_len = cpu_to_le16(eir_len);
6401 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6402 status, rp, sizeof(*rp) + eir_len);
6403 if (err < 0 || status)
6406 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6407 rp, sizeof(*rp) + eir_len,
6408 HCI_MGMT_OOB_DATA_EVENTS, sk);
6416 static u32 get_supported_adv_flags(struct hci_dev *hdev)
6420 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6421 flags |= MGMT_ADV_FLAG_DISCOV;
6422 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6423 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6424 flags |= MGMT_ADV_FLAG_APPEARANCE;
6425 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
6427 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
6428 flags |= MGMT_ADV_FLAG_TX_POWER;
6433 static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6434 void *data, u16 data_len)
6436 struct mgmt_rp_read_adv_features *rp;
6439 struct adv_info *adv_instance;
6440 u32 supported_flags;
6443 BT_DBG("%s", hdev->name);
6445 if (!lmp_le_capable(hdev))
6446 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6447 MGMT_STATUS_REJECTED);
6451 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
6452 rp = kmalloc(rp_len, GFP_ATOMIC);
6454 hci_dev_unlock(hdev);
6458 supported_flags = get_supported_adv_flags(hdev);
6460 rp->supported_flags = cpu_to_le32(supported_flags);
6461 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6462 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
6463 rp->max_instances = HCI_MAX_ADV_INSTANCES;
6464 rp->num_instances = hdev->adv_instance_cnt;
6466 instance = rp->instance;
6467 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6468 *instance = adv_instance->instance;
6472 hci_dev_unlock(hdev);
6474 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6475 MGMT_STATUS_SUCCESS, rp, rp_len);
6482 static u8 calculate_name_len(struct hci_dev *hdev)
6484 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
6486 return append_local_name(hdev, buf, 0);
6489 static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
6492 u8 max_len = HCI_MAX_AD_LENGTH;
6495 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6496 MGMT_ADV_FLAG_LIMITED_DISCOV |
6497 MGMT_ADV_FLAG_MANAGED_FLAGS))
6500 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6503 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6504 max_len -= calculate_name_len(hdev);
6506 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
6513 static bool flags_managed(u32 adv_flags)
6515 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6516 MGMT_ADV_FLAG_LIMITED_DISCOV |
6517 MGMT_ADV_FLAG_MANAGED_FLAGS);
6520 static bool tx_power_managed(u32 adv_flags)
6522 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6525 static bool name_managed(u32 adv_flags)
6527 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6530 static bool appearance_managed(u32 adv_flags)
6532 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6535 static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6536 u8 len, bool is_adv_data)
6541 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
6546 /* Make sure that the data is correctly formatted. */
6547 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6550 if (data[i + 1] == EIR_FLAGS &&
6551 (!is_adv_data || flags_managed(adv_flags)))
6554 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6557 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6560 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
6563 if (data[i + 1] == EIR_APPEARANCE &&
6564 appearance_managed(adv_flags))
6567 /* If the current field length would exceed the total data
6568 * length, then it's invalid.
6570 if (i + cur_len >= len)
6577 static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6580 struct mgmt_pending_cmd *cmd;
6581 struct mgmt_cp_add_advertising *cp;
6582 struct mgmt_rp_add_advertising rp;
6583 struct adv_info *adv_instance, *n;
6586 BT_DBG("status %d", status);
6590 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6592 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6593 if (!adv_instance->pending)
6597 adv_instance->pending = false;
6601 instance = adv_instance->instance;
6603 if (hdev->cur_adv_instance == instance)
6604 cancel_adv_timeout(hdev);
6606 hci_remove_adv_instance(hdev, instance);
6607 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
6614 rp.instance = cp->instance;
6617 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6618 mgmt_status(status));
6620 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6621 mgmt_status(status), &rp, sizeof(rp));
6623 mgmt_pending_remove(cmd);
6626 hci_dev_unlock(hdev);
6629 static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6630 void *data, u16 data_len)
6632 struct mgmt_cp_add_advertising *cp = data;
6633 struct mgmt_rp_add_advertising rp;
6635 u32 supported_flags;
6637 u16 timeout, duration;
6638 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6639 u8 schedule_instance = 0;
6640 struct adv_info *next_instance;
6642 struct mgmt_pending_cmd *cmd;
6643 struct hci_request req;
6645 BT_DBG("%s", hdev->name);
6647 status = mgmt_le_support(hdev);
6649 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6652 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6653 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6654 MGMT_STATUS_INVALID_PARAMS);
6656 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
6657 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6658 MGMT_STATUS_INVALID_PARAMS);
6660 flags = __le32_to_cpu(cp->flags);
6661 timeout = __le16_to_cpu(cp->timeout);
6662 duration = __le16_to_cpu(cp->duration);
6664 /* The current implementation only supports a subset of the specified
6667 supported_flags = get_supported_adv_flags(hdev);
6668 if (flags & ~supported_flags)
6669 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6670 MGMT_STATUS_INVALID_PARAMS);
6674 if (timeout && !hdev_is_powered(hdev)) {
6675 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6676 MGMT_STATUS_REJECTED);
6680 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6681 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6682 pending_find(MGMT_OP_SET_LE, hdev)) {
6683 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6688 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6689 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
6690 cp->scan_rsp_len, false)) {
6691 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6692 MGMT_STATUS_INVALID_PARAMS);
6696 err = hci_add_adv_instance(hdev, cp->instance, flags,
6697 cp->adv_data_len, cp->data,
6699 cp->data + cp->adv_data_len,
6702 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6703 MGMT_STATUS_FAILED);
6707 /* Only trigger an advertising added event if a new instance was
6710 if (hdev->adv_instance_cnt > prev_instance_cnt)
6711 mgmt_advertising_added(sk, hdev, cp->instance);
6713 if (hdev->cur_adv_instance == cp->instance) {
6714 /* If the currently advertised instance is being changed then
6715 * cancel the current advertising and schedule the next
6716 * instance. If there is only one instance then the overridden
6717 * advertising data will be visible right away.
6719 cancel_adv_timeout(hdev);
6721 next_instance = hci_get_next_instance(hdev, cp->instance);
6723 schedule_instance = next_instance->instance;
6724 } else if (!hdev->adv_instance_timeout) {
6725 /* Immediately advertise the new instance if no other
6726 * instance is currently being advertised.
6728 schedule_instance = cp->instance;
6731 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6732 * there is no instance to be advertised then we have no HCI
6733 * communication to make. Simply return.
6735 if (!hdev_is_powered(hdev) ||
6736 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6737 !schedule_instance) {
6738 rp.instance = cp->instance;
6739 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6740 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6744 /* We're good to go, update advertising data, parameters, and start
6747 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6754 hci_req_init(&req, hdev);
6756 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
6759 err = hci_req_run(&req, add_advertising_complete);
6762 mgmt_pending_remove(cmd);
6765 hci_dev_unlock(hdev);
6770 static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6773 struct mgmt_pending_cmd *cmd;
6774 struct mgmt_cp_remove_advertising *cp;
6775 struct mgmt_rp_remove_advertising rp;
6777 BT_DBG("status %d", status);
6781 /* A failure status here only means that we failed to disable
6782 * advertising. Otherwise, the advertising instance has been removed,
6783 * so report success.
6785 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6790 rp.instance = cp->instance;
6792 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6794 mgmt_pending_remove(cmd);
6797 hci_dev_unlock(hdev);
6800 static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6801 void *data, u16 data_len)
6803 struct mgmt_cp_remove_advertising *cp = data;
6804 struct mgmt_rp_remove_advertising rp;
6805 struct mgmt_pending_cmd *cmd;
6806 struct hci_request req;
6809 BT_DBG("%s", hdev->name);
6813 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
6814 err = mgmt_cmd_status(sk, hdev->id,
6815 MGMT_OP_REMOVE_ADVERTISING,
6816 MGMT_STATUS_INVALID_PARAMS);
6820 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6821 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6822 pending_find(MGMT_OP_SET_LE, hdev)) {
6823 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6828 if (list_empty(&hdev->adv_instances)) {
6829 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6830 MGMT_STATUS_INVALID_PARAMS);
6834 hci_req_init(&req, hdev);
6836 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
6838 if (list_empty(&hdev->adv_instances))
6839 __hci_req_disable_advertising(&req);
6841 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6842 * flag is set or the device isn't powered then we have no HCI
6843 * communication to make. Simply return.
6845 if (skb_queue_empty(&req.cmd_q) ||
6846 !hdev_is_powered(hdev) ||
6847 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6848 rp.instance = cp->instance;
6849 err = mgmt_cmd_complete(sk, hdev->id,
6850 MGMT_OP_REMOVE_ADVERTISING,
6851 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6855 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6862 err = hci_req_run(&req, remove_advertising_complete);
6864 mgmt_pending_remove(cmd);
6867 hci_dev_unlock(hdev);
6872 static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6873 void *data, u16 data_len)
6875 struct mgmt_cp_get_adv_size_info *cp = data;
6876 struct mgmt_rp_get_adv_size_info rp;
6877 u32 flags, supported_flags;
6880 BT_DBG("%s", hdev->name);
6882 if (!lmp_le_capable(hdev))
6883 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6884 MGMT_STATUS_REJECTED);
6886 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6887 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6888 MGMT_STATUS_INVALID_PARAMS);
6890 flags = __le32_to_cpu(cp->flags);
6892 /* The current implementation only supports a subset of the specified
6895 supported_flags = get_supported_adv_flags(hdev);
6896 if (flags & ~supported_flags)
6897 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6898 MGMT_STATUS_INVALID_PARAMS);
6900 rp.instance = cp->instance;
6901 rp.flags = cp->flags;
6902 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
6903 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
6905 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6906 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6911 static const struct hci_mgmt_handler mgmt_handlers[] = {
6912 { NULL }, /* 0x0000 (no command) */
6913 { read_version, MGMT_READ_VERSION_SIZE,
6915 HCI_MGMT_UNTRUSTED },
6916 { read_commands, MGMT_READ_COMMANDS_SIZE,
6918 HCI_MGMT_UNTRUSTED },
6919 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6921 HCI_MGMT_UNTRUSTED },
6922 { read_controller_info, MGMT_READ_INFO_SIZE,
6923 HCI_MGMT_UNTRUSTED },
6924 { set_powered, MGMT_SETTING_SIZE },
6925 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6926 { set_connectable, MGMT_SETTING_SIZE },
6927 { set_fast_connectable, MGMT_SETTING_SIZE },
6928 { set_bondable, MGMT_SETTING_SIZE },
6929 { set_link_security, MGMT_SETTING_SIZE },
6930 { set_ssp, MGMT_SETTING_SIZE },
6931 { set_hs, MGMT_SETTING_SIZE },
6932 { set_le, MGMT_SETTING_SIZE },
6933 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6934 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6935 { add_uuid, MGMT_ADD_UUID_SIZE },
6936 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
6937 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6939 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6941 { disconnect, MGMT_DISCONNECT_SIZE },
6942 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6943 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6944 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6945 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6946 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6947 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6948 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6949 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6950 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6951 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6952 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6953 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6954 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6956 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6957 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6958 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6959 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6960 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6961 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6962 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6963 { set_advertising, MGMT_SETTING_SIZE },
6964 { set_bredr, MGMT_SETTING_SIZE },
6965 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6966 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6967 { set_secure_conn, MGMT_SETTING_SIZE },
6968 { set_debug_keys, MGMT_SETTING_SIZE },
6969 { set_privacy, MGMT_SET_PRIVACY_SIZE },
6970 { load_irks, MGMT_LOAD_IRKS_SIZE,
6972 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6973 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6974 { add_device, MGMT_ADD_DEVICE_SIZE },
6975 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
6976 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6978 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6980 HCI_MGMT_UNTRUSTED },
6981 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6982 HCI_MGMT_UNCONFIGURED |
6983 HCI_MGMT_UNTRUSTED },
6984 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6985 HCI_MGMT_UNCONFIGURED },
6986 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6987 HCI_MGMT_UNCONFIGURED },
6988 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6990 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
6991 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6993 HCI_MGMT_UNTRUSTED },
6994 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
6995 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6997 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
6998 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
6999 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
7000 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
7001 HCI_MGMT_UNTRUSTED },
7002 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
7006 static const struct hci_mgmt_handler tizen_mgmt_handlers[] = {
7007 { NULL }, /* 0x0000 (no command) */
7008 { set_advertising_params, MGMT_SET_ADVERTISING_PARAMS_SIZE },
7009 { set_advertising_data, MGMT_SET_ADV_MIN_APP_DATA_SIZE,
7011 { set_scan_rsp_data, MGMT_SET_SCAN_RSP_MIN_APP_DATA_SIZE,
7013 { add_white_list, MGMT_ADD_DEV_WHITE_LIST_SIZE },
7014 { remove_from_white_list, MGMT_REMOVE_DEV_FROM_WHITE_LIST_SIZE },
7015 { clear_white_list, MGMT_OP_CLEAR_DEV_WHITE_LIST_SIZE },
7019 void mgmt_index_added(struct hci_dev *hdev)
7021 struct mgmt_ev_ext_index ev;
7023 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7026 switch (hdev->dev_type) {
7028 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7029 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7030 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7033 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7034 HCI_MGMT_INDEX_EVENTS);
7047 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7048 HCI_MGMT_EXT_INDEX_EVENTS);
7051 void mgmt_index_removed(struct hci_dev *hdev)
7053 struct mgmt_ev_ext_index ev;
7054 u8 status = MGMT_STATUS_INVALID_INDEX;
7056 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7059 switch (hdev->dev_type) {
7061 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7063 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7064 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7065 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
7068 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7069 HCI_MGMT_INDEX_EVENTS);
7082 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7083 HCI_MGMT_EXT_INDEX_EVENTS);
7086 /* This function requires the caller holds hdev->lock */
7087 static void restart_le_actions(struct hci_dev *hdev)
7089 struct hci_conn_params *p;
7091 list_for_each_entry(p, &hdev->le_conn_params, list) {
7092 /* Needed for AUTO_OFF case where might not "really"
7093 * have been powered off.
7095 list_del_init(&p->action);
7097 switch (p->auto_connect) {
7098 case HCI_AUTO_CONN_DIRECT:
7099 case HCI_AUTO_CONN_ALWAYS:
7100 list_add(&p->action, &hdev->pend_le_conns);
7102 case HCI_AUTO_CONN_REPORT:
7103 list_add(&p->action, &hdev->pend_le_reports);
7111 void mgmt_power_on(struct hci_dev *hdev, int err)
7113 struct cmd_lookup match = { NULL, hdev };
7115 BT_DBG("err %d", err);
7120 restart_le_actions(hdev);
7121 hci_update_background_scan(hdev);
7124 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7126 new_settings(hdev, match.sk);
7131 hci_dev_unlock(hdev);
7134 void __mgmt_power_off(struct hci_dev *hdev)
7136 struct cmd_lookup match = { NULL, hdev };
7137 u8 status, zero_cod[] = { 0, 0, 0 };
7139 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7141 /* If the power off is because of hdev unregistration let
7142 * use the appropriate INVALID_INDEX status. Otherwise use
7143 * NOT_POWERED. We cover both scenarios here since later in
7144 * mgmt_index_removed() any hci_conn callbacks will have already
7145 * been triggered, potentially causing misleading DISCONNECTED
7148 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
7149 status = MGMT_STATUS_INVALID_INDEX;
7151 status = MGMT_STATUS_NOT_POWERED;
7153 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
7155 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
7156 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7157 zero_cod, sizeof(zero_cod),
7158 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7159 ext_info_changed(hdev, NULL);
7162 new_settings(hdev, match.sk);
7168 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
7170 struct mgmt_pending_cmd *cmd;
7173 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7177 if (err == -ERFKILL)
7178 status = MGMT_STATUS_RFKILLED;
7180 status = MGMT_STATUS_FAILED;
7182 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
7184 mgmt_pending_remove(cmd);
7187 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7190 struct mgmt_ev_new_link_key ev;
7192 memset(&ev, 0, sizeof(ev));
7194 ev.store_hint = persistent;
7195 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7196 ev.key.addr.type = BDADDR_BREDR;
7197 ev.key.type = key->type;
7198 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
7199 ev.key.pin_len = key->pin_len;
7201 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
7204 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7206 switch (ltk->type) {
7209 if (ltk->authenticated)
7210 return MGMT_LTK_AUTHENTICATED;
7211 return MGMT_LTK_UNAUTHENTICATED;
7213 if (ltk->authenticated)
7214 return MGMT_LTK_P256_AUTH;
7215 return MGMT_LTK_P256_UNAUTH;
7216 case SMP_LTK_P256_DEBUG:
7217 return MGMT_LTK_P256_DEBUG;
7220 return MGMT_LTK_UNAUTHENTICATED;
7223 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
7225 struct mgmt_ev_new_long_term_key ev;
7227 memset(&ev, 0, sizeof(ev));
7229 /* Devices using resolvable or non-resolvable random addresses
7230 * without providing an identity resolving key don't require
7231 * to store long term keys. Their addresses will change the
7234 * Only when a remote device provides an identity address
7235 * make sure the long term key is stored. If the remote
7236 * identity is known, the long term keys are internally
7237 * mapped to the identity address. So allow static random
7238 * and public addresses here.
7240 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7241 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7242 ev.store_hint = 0x00;
7244 ev.store_hint = persistent;
7246 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
7247 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
7248 ev.key.type = mgmt_ltk_type(key);
7249 ev.key.enc_size = key->enc_size;
7250 ev.key.ediv = key->ediv;
7251 ev.key.rand = key->rand;
7253 if (key->type == SMP_LTK)
7256 /* Make sure we copy only the significant bytes based on the
7257 * encryption key size, and set the rest of the value to zeroes.
7259 memcpy(ev.key.val, key->val, key->enc_size);
7260 memset(ev.key.val + key->enc_size, 0,
7261 sizeof(ev.key.val) - key->enc_size);
7263 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
7266 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
7268 struct mgmt_ev_new_irk ev;
7270 memset(&ev, 0, sizeof(ev));
7272 ev.store_hint = persistent;
7274 bacpy(&ev.rpa, &irk->rpa);
7275 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7276 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7277 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7279 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7282 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7285 struct mgmt_ev_new_csrk ev;
7287 memset(&ev, 0, sizeof(ev));
7289 /* Devices using resolvable or non-resolvable random addresses
7290 * without providing an identity resolving key don't require
7291 * to store signature resolving keys. Their addresses will change
7292 * the next time around.
7294 * Only when a remote device provides an identity address
7295 * make sure the signature resolving key is stored. So allow
7296 * static random and public addresses here.
7298 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7299 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7300 ev.store_hint = 0x00;
7302 ev.store_hint = persistent;
7304 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7305 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
7306 ev.key.type = csrk->type;
7307 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7309 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7312 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
7313 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7314 u16 max_interval, u16 latency, u16 timeout)
7316 struct mgmt_ev_new_conn_param ev;
7318 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7321 memset(&ev, 0, sizeof(ev));
7322 bacpy(&ev.addr.bdaddr, bdaddr);
7323 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
7324 ev.store_hint = store_hint;
7325 ev.min_interval = cpu_to_le16(min_interval);
7326 ev.max_interval = cpu_to_le16(max_interval);
7327 ev.latency = cpu_to_le16(latency);
7328 ev.timeout = cpu_to_le16(timeout);
7330 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7333 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7334 u32 flags, u8 *name, u8 name_len)
7337 struct mgmt_ev_device_connected *ev = (void *) buf;
7340 bacpy(&ev->addr.bdaddr, &conn->dst);
7341 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7343 ev->flags = __cpu_to_le32(flags);
7345 /* We must ensure that the EIR Data fields are ordered and
7346 * unique. Keep it simple for now and avoid the problem by not
7347 * adding any BR/EDR data to the LE adv.
7349 if (conn->le_adv_data_len > 0) {
7350 memcpy(&ev->eir[eir_len],
7351 conn->le_adv_data, conn->le_adv_data_len);
7352 eir_len = conn->le_adv_data_len;
7355 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7358 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
7359 eir_len = eir_append_data(ev->eir, eir_len,
7361 conn->dev_class, 3);
7364 ev->eir_len = cpu_to_le16(eir_len);
7366 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7367 sizeof(*ev) + eir_len, NULL);
7370 static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
7372 struct sock **sk = data;
7374 cmd->cmd_complete(cmd, 0);
7379 mgmt_pending_remove(cmd);
7382 static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
7384 struct hci_dev *hdev = data;
7385 struct mgmt_cp_unpair_device *cp = cmd->param;
7387 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7389 cmd->cmd_complete(cmd, 0);
7390 mgmt_pending_remove(cmd);
7393 bool mgmt_powering_down(struct hci_dev *hdev)
7395 struct mgmt_pending_cmd *cmd;
7396 struct mgmt_mode *cp;
7398 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
7409 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
7410 u8 link_type, u8 addr_type, u8 reason,
7411 bool mgmt_connected)
7413 struct mgmt_ev_device_disconnected ev;
7414 struct sock *sk = NULL;
7416 /* The connection is still in hci_conn_hash so test for 1
7417 * instead of 0 to know if this is the last one.
7419 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7420 cancel_delayed_work(&hdev->power_off);
7421 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7424 if (!mgmt_connected)
7427 if (link_type != ACL_LINK && link_type != LE_LINK)
7430 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
7432 bacpy(&ev.addr.bdaddr, bdaddr);
7433 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7436 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
7441 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7445 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7446 u8 link_type, u8 addr_type, u8 status)
7448 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7449 struct mgmt_cp_disconnect *cp;
7450 struct mgmt_pending_cmd *cmd;
7452 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7455 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
7461 if (bacmp(bdaddr, &cp->addr.bdaddr))
7464 if (cp->addr.type != bdaddr_type)
7467 cmd->cmd_complete(cmd, mgmt_status(status));
7468 mgmt_pending_remove(cmd);
7471 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7472 u8 addr_type, u8 status)
7474 struct mgmt_ev_connect_failed ev;
7476 /* The connection is still in hci_conn_hash so test for 1
7477 * instead of 0 to know if this is the last one.
7479 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7480 cancel_delayed_work(&hdev->power_off);
7481 queue_work(hdev->req_workqueue, &hdev->power_off.work);
7484 bacpy(&ev.addr.bdaddr, bdaddr);
7485 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7486 ev.status = mgmt_status(status);
7488 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
7491 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
7493 struct mgmt_ev_pin_code_request ev;
7495 bacpy(&ev.addr.bdaddr, bdaddr);
7496 ev.addr.type = BDADDR_BREDR;
7499 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
7502 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7505 struct mgmt_pending_cmd *cmd;
7507 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
7511 cmd->cmd_complete(cmd, mgmt_status(status));
7512 mgmt_pending_remove(cmd);
7515 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7518 struct mgmt_pending_cmd *cmd;
7520 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
7524 cmd->cmd_complete(cmd, mgmt_status(status));
7525 mgmt_pending_remove(cmd);
7528 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7529 u8 link_type, u8 addr_type, u32 value,
7532 struct mgmt_ev_user_confirm_request ev;
7534 BT_DBG("%s", hdev->name);
7536 bacpy(&ev.addr.bdaddr, bdaddr);
7537 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7538 ev.confirm_hint = confirm_hint;
7539 ev.value = cpu_to_le32(value);
7541 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
7545 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
7546 u8 link_type, u8 addr_type)
7548 struct mgmt_ev_user_passkey_request ev;
7550 BT_DBG("%s", hdev->name);
7552 bacpy(&ev.addr.bdaddr, bdaddr);
7553 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7555 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
7559 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7560 u8 link_type, u8 addr_type, u8 status,
7563 struct mgmt_pending_cmd *cmd;
7565 cmd = pending_find(opcode, hdev);
7569 cmd->cmd_complete(cmd, mgmt_status(status));
7570 mgmt_pending_remove(cmd);
7575 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7576 u8 link_type, u8 addr_type, u8 status)
7578 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7579 status, MGMT_OP_USER_CONFIRM_REPLY);
7582 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7583 u8 link_type, u8 addr_type, u8 status)
7585 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7587 MGMT_OP_USER_CONFIRM_NEG_REPLY);
7590 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7591 u8 link_type, u8 addr_type, u8 status)
7593 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7594 status, MGMT_OP_USER_PASSKEY_REPLY);
7597 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7598 u8 link_type, u8 addr_type, u8 status)
7600 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
7602 MGMT_OP_USER_PASSKEY_NEG_REPLY);
7605 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7606 u8 link_type, u8 addr_type, u32 passkey,
7609 struct mgmt_ev_passkey_notify ev;
7611 BT_DBG("%s", hdev->name);
7613 bacpy(&ev.addr.bdaddr, bdaddr);
7614 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7615 ev.passkey = __cpu_to_le32(passkey);
7616 ev.entered = entered;
7618 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7621 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
7623 struct mgmt_ev_auth_failed ev;
7624 struct mgmt_pending_cmd *cmd;
7625 u8 status = mgmt_status(hci_status);
7627 bacpy(&ev.addr.bdaddr, &conn->dst);
7628 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7631 cmd = find_pairing(conn);
7633 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7634 cmd ? cmd->sk : NULL);
7637 cmd->cmd_complete(cmd, status);
7638 mgmt_pending_remove(cmd);
7642 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
7644 struct cmd_lookup match = { NULL, hdev };
7648 u8 mgmt_err = mgmt_status(status);
7649 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
7650 cmd_status_rsp, &mgmt_err);
7654 if (test_bit(HCI_AUTH, &hdev->flags))
7655 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
7657 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
7659 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
7663 new_settings(hdev, match.sk);
7669 static void clear_eir(struct hci_request *req)
7671 struct hci_dev *hdev = req->hdev;
7672 struct hci_cp_write_eir cp;
7674 if (!lmp_ext_inq_capable(hdev))
7677 memset(hdev->eir, 0, sizeof(hdev->eir));
7679 memset(&cp, 0, sizeof(cp));
7681 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
7684 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7686 struct cmd_lookup match = { NULL, hdev };
7687 struct hci_request req;
7688 bool changed = false;
7691 u8 mgmt_err = mgmt_status(status);
7693 if (enable && hci_dev_test_and_clear_flag(hdev,
7695 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7696 new_settings(hdev, NULL);
7699 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7705 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
7707 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
7709 changed = hci_dev_test_and_clear_flag(hdev,
7712 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
7715 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7718 new_settings(hdev, match.sk);
7723 hci_req_init(&req, hdev);
7725 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7726 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
7727 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7728 sizeof(enable), &enable);
7729 __hci_req_update_eir(&req);
7734 hci_req_run(&req, NULL);
7737 static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
7739 struct cmd_lookup *match = data;
7741 if (match->sk == NULL) {
7742 match->sk = cmd->sk;
7743 sock_hold(match->sk);
7747 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7750 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7752 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7753 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7754 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
7757 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7758 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
7759 ext_info_changed(hdev, NULL);
7766 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
7768 struct mgmt_cp_set_local_name ev;
7769 struct mgmt_pending_cmd *cmd;
7774 memset(&ev, 0, sizeof(ev));
7775 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
7776 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
7778 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
7780 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
7782 /* If this is a HCI command related to powering on the
7783 * HCI dev don't send any mgmt signals.
7785 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7789 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7790 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
7791 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
7794 static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7798 for (i = 0; i < uuid_count; i++) {
7799 if (!memcmp(uuid, uuids[i], 16))
7806 static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7810 while (parsed < eir_len) {
7811 u8 field_len = eir[0];
7818 if (eir_len - parsed < field_len + 1)
7822 case EIR_UUID16_ALL:
7823 case EIR_UUID16_SOME:
7824 for (i = 0; i + 3 <= field_len; i += 2) {
7825 memcpy(uuid, bluetooth_base_uuid, 16);
7826 uuid[13] = eir[i + 3];
7827 uuid[12] = eir[i + 2];
7828 if (has_uuid(uuid, uuid_count, uuids))
7832 case EIR_UUID32_ALL:
7833 case EIR_UUID32_SOME:
7834 for (i = 0; i + 5 <= field_len; i += 4) {
7835 memcpy(uuid, bluetooth_base_uuid, 16);
7836 uuid[15] = eir[i + 5];
7837 uuid[14] = eir[i + 4];
7838 uuid[13] = eir[i + 3];
7839 uuid[12] = eir[i + 2];
7840 if (has_uuid(uuid, uuid_count, uuids))
7844 case EIR_UUID128_ALL:
7845 case EIR_UUID128_SOME:
7846 for (i = 0; i + 17 <= field_len; i += 16) {
7847 memcpy(uuid, eir + i + 2, 16);
7848 if (has_uuid(uuid, uuid_count, uuids))
7854 parsed += field_len + 1;
7855 eir += field_len + 1;
7861 static void restart_le_scan(struct hci_dev *hdev)
7863 /* If controller is not scanning we are done. */
7864 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
7867 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7868 hdev->discovery.scan_start +
7869 hdev->discovery.scan_duration))
7872 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
7873 DISCOV_LE_RESTART_DELAY);
7876 static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7877 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7879 /* If a RSSI threshold has been specified, and
7880 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7881 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7882 * is set, let it through for further processing, as we might need to
7885 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7886 * the results are also dropped.
7888 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7889 (rssi == HCI_RSSI_INVALID ||
7890 (rssi < hdev->discovery.rssi &&
7891 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
7894 if (hdev->discovery.uuid_count != 0) {
7895 /* If a list of UUIDs is provided in filter, results with no
7896 * matching UUID should be dropped.
7898 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7899 hdev->discovery.uuids) &&
7900 !eir_has_uuids(scan_rsp, scan_rsp_len,
7901 hdev->discovery.uuid_count,
7902 hdev->discovery.uuids))
7906 /* If duplicate filtering does not report RSSI changes, then restart
7907 * scanning to ensure updated result with updated RSSI values.
7909 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7910 restart_le_scan(hdev);
7912 /* Validate RSSI value against the RSSI threshold once more. */
7913 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7914 rssi < hdev->discovery.rssi)
7921 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7922 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7923 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7926 struct mgmt_ev_device_found *ev = (void *)buf;
7929 /* Don't send events for a non-kernel initiated discovery. With
7930 * LE one exception is if we have pend_le_reports > 0 in which
7931 * case we're doing passive scanning and want these events.
7933 if (!hci_discovery_active(hdev)) {
7934 if (link_type == ACL_LINK)
7936 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7940 if (hdev->discovery.result_filtering) {
7941 /* We are using service discovery */
7942 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7947 if (hdev->discovery.limited) {
7948 /* Check for limited discoverable bit */
7950 if (!(dev_class[1] & 0x20))
7953 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7954 if (!flags || !(flags[0] & LE_AD_LIMITED))
7959 /* Make sure that the buffer is big enough. The 5 extra bytes
7960 * are for the potential CoD field.
7962 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
7965 memset(buf, 0, sizeof(buf));
7967 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7968 * RSSI value was reported as 0 when not available. This behavior
7969 * is kept when using device discovery. This is required for full
7970 * backwards compatibility with the API.
7972 * However when using service discovery, the value 127 will be
7973 * returned when the RSSI is not available.
7975 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7976 link_type == ACL_LINK)
7979 bacpy(&ev->addr.bdaddr, bdaddr);
7980 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7982 ev->flags = cpu_to_le32(flags);
7985 /* Copy EIR or advertising data into event */
7986 memcpy(ev->eir, eir, eir_len);
7988 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7990 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7993 if (scan_rsp_len > 0)
7994 /* Append scan response data to event */
7995 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7997 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7998 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
8000 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
8003 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8004 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
8006 struct mgmt_ev_device_found *ev;
8007 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8010 ev = (struct mgmt_ev_device_found *) buf;
8012 memset(buf, 0, sizeof(buf));
8014 bacpy(&ev->addr.bdaddr, bdaddr);
8015 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8018 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
8021 ev->eir_len = cpu_to_le16(eir_len);
8023 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
8026 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
8028 struct mgmt_ev_discovering ev;
8030 BT_DBG("%s discovering %u", hdev->name, discovering);
8032 memset(&ev, 0, sizeof(ev));
8033 ev.type = hdev->discovery.type;
8034 ev.discovering = discovering;
8036 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
8039 static struct hci_mgmt_chan chan = {
8040 .channel = HCI_CHANNEL_CONTROL,
8041 .handler_count = ARRAY_SIZE(mgmt_handlers),
8042 .handlers = mgmt_handlers,
8044 .tizen_handler_count = ARRAY_SIZE(tizen_mgmt_handlers),
8045 .tizen_handlers = tizen_mgmt_handlers,
8047 .hdev_init = mgmt_init_hdev,
8052 return hci_mgmt_chan_register(&chan);
8055 void mgmt_exit(void)
8057 hci_mgmt_chan_unregister(&chan);
projects / platform / kernel / linux-amlogic.git / blob