2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/hci_sock.h>
33 #include <net/bluetooth/l2cap.h>
34 #include <net/bluetooth/mgmt.h>
36 #include "hci_request.h"
38 #include "mgmt_util.h"
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 13
43 static const u16 mgmt_commands
[] = {
44 MGMT_OP_READ_INDEX_LIST
,
47 MGMT_OP_SET_DISCOVERABLE
,
48 MGMT_OP_SET_CONNECTABLE
,
49 MGMT_OP_SET_FAST_CONNECTABLE
,
51 MGMT_OP_SET_LINK_SECURITY
,
55 MGMT_OP_SET_DEV_CLASS
,
56 MGMT_OP_SET_LOCAL_NAME
,
59 MGMT_OP_LOAD_LINK_KEYS
,
60 MGMT_OP_LOAD_LONG_TERM_KEYS
,
62 MGMT_OP_GET_CONNECTIONS
,
63 MGMT_OP_PIN_CODE_REPLY
,
64 MGMT_OP_PIN_CODE_NEG_REPLY
,
65 MGMT_OP_SET_IO_CAPABILITY
,
67 MGMT_OP_CANCEL_PAIR_DEVICE
,
68 MGMT_OP_UNPAIR_DEVICE
,
69 MGMT_OP_USER_CONFIRM_REPLY
,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
71 MGMT_OP_USER_PASSKEY_REPLY
,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
73 MGMT_OP_READ_LOCAL_OOB_DATA
,
74 MGMT_OP_ADD_REMOTE_OOB_DATA
,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
76 MGMT_OP_START_DISCOVERY
,
77 MGMT_OP_STOP_DISCOVERY
,
80 MGMT_OP_UNBLOCK_DEVICE
,
81 MGMT_OP_SET_DEVICE_ID
,
82 MGMT_OP_SET_ADVERTISING
,
84 MGMT_OP_SET_STATIC_ADDRESS
,
85 MGMT_OP_SET_SCAN_PARAMS
,
86 MGMT_OP_SET_SECURE_CONN
,
87 MGMT_OP_SET_DEBUG_KEYS
,
90 MGMT_OP_GET_CONN_INFO
,
91 MGMT_OP_GET_CLOCK_INFO
,
93 MGMT_OP_REMOVE_DEVICE
,
94 MGMT_OP_LOAD_CONN_PARAM
,
95 MGMT_OP_READ_UNCONF_INDEX_LIST
,
96 MGMT_OP_READ_CONFIG_INFO
,
97 MGMT_OP_SET_EXTERNAL_CONFIG
,
98 MGMT_OP_SET_PUBLIC_ADDRESS
,
99 MGMT_OP_START_SERVICE_DISCOVERY
,
100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA
,
101 MGMT_OP_READ_EXT_INDEX_LIST
,
102 MGMT_OP_READ_ADV_FEATURES
,
103 MGMT_OP_ADD_ADVERTISING
,
104 MGMT_OP_REMOVE_ADVERTISING
,
105 MGMT_OP_GET_ADV_SIZE_INFO
,
106 MGMT_OP_START_LIMITED_DISCOVERY
,
107 MGMT_OP_READ_EXT_INFO
,
110 static const u16 mgmt_events
[] = {
111 MGMT_EV_CONTROLLER_ERROR
,
113 MGMT_EV_INDEX_REMOVED
,
114 MGMT_EV_NEW_SETTINGS
,
115 MGMT_EV_CLASS_OF_DEV_CHANGED
,
116 MGMT_EV_LOCAL_NAME_CHANGED
,
117 MGMT_EV_NEW_LINK_KEY
,
118 MGMT_EV_NEW_LONG_TERM_KEY
,
119 MGMT_EV_DEVICE_CONNECTED
,
120 MGMT_EV_DEVICE_DISCONNECTED
,
121 MGMT_EV_CONNECT_FAILED
,
122 MGMT_EV_PIN_CODE_REQUEST
,
123 MGMT_EV_USER_CONFIRM_REQUEST
,
124 MGMT_EV_USER_PASSKEY_REQUEST
,
126 MGMT_EV_DEVICE_FOUND
,
128 MGMT_EV_DEVICE_BLOCKED
,
129 MGMT_EV_DEVICE_UNBLOCKED
,
130 MGMT_EV_DEVICE_UNPAIRED
,
131 MGMT_EV_PASSKEY_NOTIFY
,
134 MGMT_EV_DEVICE_ADDED
,
135 MGMT_EV_DEVICE_REMOVED
,
136 MGMT_EV_NEW_CONN_PARAM
,
137 MGMT_EV_UNCONF_INDEX_ADDED
,
138 MGMT_EV_UNCONF_INDEX_REMOVED
,
139 MGMT_EV_NEW_CONFIG_OPTIONS
,
140 MGMT_EV_EXT_INDEX_ADDED
,
141 MGMT_EV_EXT_INDEX_REMOVED
,
142 MGMT_EV_LOCAL_OOB_DATA_UPDATED
,
143 MGMT_EV_ADVERTISING_ADDED
,
144 MGMT_EV_ADVERTISING_REMOVED
,
145 MGMT_EV_EXT_INFO_CHANGED
,
148 static const u16 mgmt_untrusted_commands
[] = {
149 MGMT_OP_READ_INDEX_LIST
,
151 MGMT_OP_READ_UNCONF_INDEX_LIST
,
152 MGMT_OP_READ_CONFIG_INFO
,
153 MGMT_OP_READ_EXT_INDEX_LIST
,
154 MGMT_OP_READ_EXT_INFO
,
157 static const u16 mgmt_untrusted_events
[] = {
159 MGMT_EV_INDEX_REMOVED
,
160 MGMT_EV_NEW_SETTINGS
,
161 MGMT_EV_CLASS_OF_DEV_CHANGED
,
162 MGMT_EV_LOCAL_NAME_CHANGED
,
163 MGMT_EV_UNCONF_INDEX_ADDED
,
164 MGMT_EV_UNCONF_INDEX_REMOVED
,
165 MGMT_EV_NEW_CONFIG_OPTIONS
,
166 MGMT_EV_EXT_INDEX_ADDED
,
167 MGMT_EV_EXT_INDEX_REMOVED
,
168 MGMT_EV_EXT_INFO_CHANGED
,
171 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
173 #define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
174 "\x00\x00\x00\x00\x00\x00\x00\x00"
176 /* HCI to MGMT error code conversion table */
177 static u8 mgmt_status_table
[] = {
179 MGMT_STATUS_UNKNOWN_COMMAND
, /* Unknown Command */
180 MGMT_STATUS_NOT_CONNECTED
, /* No Connection */
181 MGMT_STATUS_FAILED
, /* Hardware Failure */
182 MGMT_STATUS_CONNECT_FAILED
, /* Page Timeout */
183 MGMT_STATUS_AUTH_FAILED
, /* Authentication Failed */
184 MGMT_STATUS_AUTH_FAILED
, /* PIN or Key Missing */
185 MGMT_STATUS_NO_RESOURCES
, /* Memory Full */
186 MGMT_STATUS_TIMEOUT
, /* Connection Timeout */
187 MGMT_STATUS_NO_RESOURCES
, /* Max Number of Connections */
188 MGMT_STATUS_NO_RESOURCES
, /* Max Number of SCO Connections */
189 MGMT_STATUS_ALREADY_CONNECTED
, /* ACL Connection Exists */
190 MGMT_STATUS_BUSY
, /* Command Disallowed */
191 MGMT_STATUS_NO_RESOURCES
, /* Rejected Limited Resources */
192 MGMT_STATUS_REJECTED
, /* Rejected Security */
193 MGMT_STATUS_REJECTED
, /* Rejected Personal */
194 MGMT_STATUS_TIMEOUT
, /* Host Timeout */
195 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Feature */
196 MGMT_STATUS_INVALID_PARAMS
, /* Invalid Parameters */
197 MGMT_STATUS_DISCONNECTED
, /* OE User Ended Connection */
198 MGMT_STATUS_NO_RESOURCES
, /* OE Low Resources */
199 MGMT_STATUS_DISCONNECTED
, /* OE Power Off */
200 MGMT_STATUS_DISCONNECTED
, /* Connection Terminated */
201 MGMT_STATUS_BUSY
, /* Repeated Attempts */
202 MGMT_STATUS_REJECTED
, /* Pairing Not Allowed */
203 MGMT_STATUS_FAILED
, /* Unknown LMP PDU */
204 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Remote Feature */
205 MGMT_STATUS_REJECTED
, /* SCO Offset Rejected */
206 MGMT_STATUS_REJECTED
, /* SCO Interval Rejected */
207 MGMT_STATUS_REJECTED
, /* Air Mode Rejected */
208 MGMT_STATUS_INVALID_PARAMS
, /* Invalid LMP Parameters */
209 MGMT_STATUS_FAILED
, /* Unspecified Error */
210 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported LMP Parameter Value */
211 MGMT_STATUS_FAILED
, /* Role Change Not Allowed */
212 MGMT_STATUS_TIMEOUT
, /* LMP Response Timeout */
213 MGMT_STATUS_FAILED
, /* LMP Error Transaction Collision */
214 MGMT_STATUS_FAILED
, /* LMP PDU Not Allowed */
215 MGMT_STATUS_REJECTED
, /* Encryption Mode Not Accepted */
216 MGMT_STATUS_FAILED
, /* Unit Link Key Used */
217 MGMT_STATUS_NOT_SUPPORTED
, /* QoS Not Supported */
218 MGMT_STATUS_TIMEOUT
, /* Instant Passed */
219 MGMT_STATUS_NOT_SUPPORTED
, /* Pairing Not Supported */
220 MGMT_STATUS_FAILED
, /* Transaction Collision */
221 MGMT_STATUS_INVALID_PARAMS
, /* Unacceptable Parameter */
222 MGMT_STATUS_REJECTED
, /* QoS Rejected */
223 MGMT_STATUS_NOT_SUPPORTED
, /* Classification Not Supported */
224 MGMT_STATUS_REJECTED
, /* Insufficient Security */
225 MGMT_STATUS_INVALID_PARAMS
, /* Parameter Out Of Range */
226 MGMT_STATUS_BUSY
, /* Role Switch Pending */
227 MGMT_STATUS_FAILED
, /* Slot Violation */
228 MGMT_STATUS_FAILED
, /* Role Switch Failed */
229 MGMT_STATUS_INVALID_PARAMS
, /* EIR Too Large */
230 MGMT_STATUS_NOT_SUPPORTED
, /* Simple Pairing Not Supported */
231 MGMT_STATUS_BUSY
, /* Host Busy Pairing */
232 MGMT_STATUS_REJECTED
, /* Rejected, No Suitable Channel */
233 MGMT_STATUS_BUSY
, /* Controller Busy */
234 MGMT_STATUS_INVALID_PARAMS
, /* Unsuitable Connection Interval */
235 MGMT_STATUS_TIMEOUT
, /* Directed Advertising Timeout */
236 MGMT_STATUS_AUTH_FAILED
, /* Terminated Due to MIC Failure */
237 MGMT_STATUS_CONNECT_FAILED
, /* Connection Establishment Failed */
238 MGMT_STATUS_CONNECT_FAILED
, /* MAC Connection Failed */
241 static u8
mgmt_status(u8 hci_status
)
243 if (hci_status
< ARRAY_SIZE(mgmt_status_table
))
244 return mgmt_status_table
[hci_status
];
246 return MGMT_STATUS_FAILED
;
249 static int mgmt_index_event(u16 event
, struct hci_dev
*hdev
, void *data
,
252 return mgmt_send_event(event
, hdev
, HCI_CHANNEL_CONTROL
, data
, len
,
256 static int mgmt_limited_event(u16 event
, struct hci_dev
*hdev
, void *data
,
257 u16 len
, int flag
, struct sock
*skip_sk
)
259 return mgmt_send_event(event
, hdev
, HCI_CHANNEL_CONTROL
, data
, len
,
263 static int mgmt_event(u16 event
, struct hci_dev
*hdev
, void *data
, u16 len
,
264 struct sock
*skip_sk
)
266 return mgmt_send_event(event
, hdev
, HCI_CHANNEL_CONTROL
, data
, len
,
267 HCI_SOCK_TRUSTED
, skip_sk
);
270 static u8
le_addr_type(u8 mgmt_addr_type
)
272 if (mgmt_addr_type
== BDADDR_LE_PUBLIC
)
273 return ADDR_LE_DEV_PUBLIC
;
275 return ADDR_LE_DEV_RANDOM
;
278 void mgmt_fill_version_info(void *ver
)
280 struct mgmt_rp_read_version
*rp
= ver
;
282 rp
->version
= MGMT_VERSION
;
283 rp
->revision
= cpu_to_le16(MGMT_REVISION
);
286 static int read_version(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
289 struct mgmt_rp_read_version rp
;
291 BT_DBG("sock %p", sk
);
293 mgmt_fill_version_info(&rp
);
295 return mgmt_cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_VERSION
, 0,
299 static int read_commands(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
302 struct mgmt_rp_read_commands
*rp
;
303 u16 num_commands
, num_events
;
307 BT_DBG("sock %p", sk
);
309 if (hci_sock_test_flag(sk
, HCI_SOCK_TRUSTED
)) {
310 num_commands
= ARRAY_SIZE(mgmt_commands
);
311 num_events
= ARRAY_SIZE(mgmt_events
);
313 num_commands
= ARRAY_SIZE(mgmt_untrusted_commands
);
314 num_events
= ARRAY_SIZE(mgmt_untrusted_events
);
317 rp_size
= sizeof(*rp
) + ((num_commands
+ num_events
) * sizeof(u16
));
319 rp
= kmalloc(rp_size
, GFP_KERNEL
);
323 rp
->num_commands
= cpu_to_le16(num_commands
);
324 rp
->num_events
= cpu_to_le16(num_events
);
326 if (hci_sock_test_flag(sk
, HCI_SOCK_TRUSTED
)) {
327 __le16
*opcode
= rp
->opcodes
;
329 for (i
= 0; i
< num_commands
; i
++, opcode
++)
330 put_unaligned_le16(mgmt_commands
[i
], opcode
);
332 for (i
= 0; i
< num_events
; i
++, opcode
++)
333 put_unaligned_le16(mgmt_events
[i
], opcode
);
335 __le16
*opcode
= rp
->opcodes
;
337 for (i
= 0; i
< num_commands
; i
++, opcode
++)
338 put_unaligned_le16(mgmt_untrusted_commands
[i
], opcode
);
340 for (i
= 0; i
< num_events
; i
++, opcode
++)
341 put_unaligned_le16(mgmt_untrusted_events
[i
], opcode
);
344 err
= mgmt_cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_COMMANDS
, 0,
351 static int read_index_list(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
354 struct mgmt_rp_read_index_list
*rp
;
360 BT_DBG("sock %p", sk
);
362 read_lock(&hci_dev_list_lock
);
365 list_for_each_entry(d
, &hci_dev_list
, list
) {
366 if (d
->dev_type
== HCI_PRIMARY
&&
367 !hci_dev_test_flag(d
, HCI_UNCONFIGURED
))
371 rp_len
= sizeof(*rp
) + (2 * count
);
372 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
374 read_unlock(&hci_dev_list_lock
);
379 list_for_each_entry(d
, &hci_dev_list
, list
) {
380 if (hci_dev_test_flag(d
, HCI_SETUP
) ||
381 hci_dev_test_flag(d
, HCI_CONFIG
) ||
382 hci_dev_test_flag(d
, HCI_USER_CHANNEL
))
385 /* Devices marked as raw-only are neither configured
386 * nor unconfigured controllers.
388 if (test_bit(HCI_QUIRK_RAW_DEVICE
, &d
->quirks
))
391 if (d
->dev_type
== HCI_PRIMARY
&&
392 !hci_dev_test_flag(d
, HCI_UNCONFIGURED
)) {
393 rp
->index
[count
++] = cpu_to_le16(d
->id
);
394 BT_DBG("Added hci%u", d
->id
);
398 rp
->num_controllers
= cpu_to_le16(count
);
399 rp_len
= sizeof(*rp
) + (2 * count
);
401 read_unlock(&hci_dev_list_lock
);
403 err
= mgmt_cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_INDEX_LIST
,
411 static int read_unconf_index_list(struct sock
*sk
, struct hci_dev
*hdev
,
412 void *data
, u16 data_len
)
414 struct mgmt_rp_read_unconf_index_list
*rp
;
420 BT_DBG("sock %p", sk
);
422 read_lock(&hci_dev_list_lock
);
425 list_for_each_entry(d
, &hci_dev_list
, list
) {
426 if (d
->dev_type
== HCI_PRIMARY
&&
427 hci_dev_test_flag(d
, HCI_UNCONFIGURED
))
431 rp_len
= sizeof(*rp
) + (2 * count
);
432 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
434 read_unlock(&hci_dev_list_lock
);
439 list_for_each_entry(d
, &hci_dev_list
, list
) {
440 if (hci_dev_test_flag(d
, HCI_SETUP
) ||
441 hci_dev_test_flag(d
, HCI_CONFIG
) ||
442 hci_dev_test_flag(d
, HCI_USER_CHANNEL
))
445 /* Devices marked as raw-only are neither configured
446 * nor unconfigured controllers.
448 if (test_bit(HCI_QUIRK_RAW_DEVICE
, &d
->quirks
))
451 if (d
->dev_type
== HCI_PRIMARY
&&
452 hci_dev_test_flag(d
, HCI_UNCONFIGURED
)) {
453 rp
->index
[count
++] = cpu_to_le16(d
->id
);
454 BT_DBG("Added hci%u", d
->id
);
458 rp
->num_controllers
= cpu_to_le16(count
);
459 rp_len
= sizeof(*rp
) + (2 * count
);
461 read_unlock(&hci_dev_list_lock
);
463 err
= mgmt_cmd_complete(sk
, MGMT_INDEX_NONE
,
464 MGMT_OP_READ_UNCONF_INDEX_LIST
, 0, rp
, rp_len
);
471 static int read_ext_index_list(struct sock
*sk
, struct hci_dev
*hdev
,
472 void *data
, u16 data_len
)
474 struct mgmt_rp_read_ext_index_list
*rp
;
480 BT_DBG("sock %p", sk
);
482 read_lock(&hci_dev_list_lock
);
485 list_for_each_entry(d
, &hci_dev_list
, list
) {
486 if (d
->dev_type
== HCI_PRIMARY
|| d
->dev_type
== HCI_AMP
)
490 rp_len
= sizeof(*rp
) + (sizeof(rp
->entry
[0]) * count
);
491 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
493 read_unlock(&hci_dev_list_lock
);
498 list_for_each_entry(d
, &hci_dev_list
, list
) {
499 if (hci_dev_test_flag(d
, HCI_SETUP
) ||
500 hci_dev_test_flag(d
, HCI_CONFIG
) ||
501 hci_dev_test_flag(d
, HCI_USER_CHANNEL
))
504 /* Devices marked as raw-only are neither configured
505 * nor unconfigured controllers.
507 if (test_bit(HCI_QUIRK_RAW_DEVICE
, &d
->quirks
))
510 if (d
->dev_type
== HCI_PRIMARY
) {
511 if (hci_dev_test_flag(d
, HCI_UNCONFIGURED
))
512 rp
->entry
[count
].type
= 0x01;
514 rp
->entry
[count
].type
= 0x00;
515 } else if (d
->dev_type
== HCI_AMP
) {
516 rp
->entry
[count
].type
= 0x02;
521 rp
->entry
[count
].bus
= d
->bus
;
522 rp
->entry
[count
++].index
= cpu_to_le16(d
->id
);
523 BT_DBG("Added hci%u", d
->id
);
526 rp
->num_controllers
= cpu_to_le16(count
);
527 rp_len
= sizeof(*rp
) + (sizeof(rp
->entry
[0]) * count
);
529 read_unlock(&hci_dev_list_lock
);
531 /* If this command is called at least once, then all the
532 * default index and unconfigured index events are disabled
533 * and from now on only extended index events are used.
535 hci_sock_set_flag(sk
, HCI_MGMT_EXT_INDEX_EVENTS
);
536 hci_sock_clear_flag(sk
, HCI_MGMT_INDEX_EVENTS
);
537 hci_sock_clear_flag(sk
, HCI_MGMT_UNCONF_INDEX_EVENTS
);
539 err
= mgmt_cmd_complete(sk
, MGMT_INDEX_NONE
,
540 MGMT_OP_READ_EXT_INDEX_LIST
, 0, rp
, rp_len
);
547 static bool is_configured(struct hci_dev
*hdev
)
549 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG
, &hdev
->quirks
) &&
550 !hci_dev_test_flag(hdev
, HCI_EXT_CONFIGURED
))
553 if (test_bit(HCI_QUIRK_INVALID_BDADDR
, &hdev
->quirks
) &&
554 !bacmp(&hdev
->public_addr
, BDADDR_ANY
))
560 static __le32
get_missing_options(struct hci_dev
*hdev
)
564 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG
, &hdev
->quirks
) &&
565 !hci_dev_test_flag(hdev
, HCI_EXT_CONFIGURED
))
566 options
|= MGMT_OPTION_EXTERNAL_CONFIG
;
568 if (test_bit(HCI_QUIRK_INVALID_BDADDR
, &hdev
->quirks
) &&
569 !bacmp(&hdev
->public_addr
, BDADDR_ANY
))
570 options
|= MGMT_OPTION_PUBLIC_ADDRESS
;
572 return cpu_to_le32(options
);
575 static int new_options(struct hci_dev
*hdev
, struct sock
*skip
)
577 __le32 options
= get_missing_options(hdev
);
579 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS
, hdev
, &options
,
580 sizeof(options
), HCI_MGMT_OPTION_EVENTS
, skip
);
583 static int send_options_rsp(struct sock
*sk
, u16 opcode
, struct hci_dev
*hdev
)
585 __le32 options
= get_missing_options(hdev
);
587 return mgmt_cmd_complete(sk
, hdev
->id
, opcode
, 0, &options
,
591 static int read_config_info(struct sock
*sk
, struct hci_dev
*hdev
,
592 void *data
, u16 data_len
)
594 struct mgmt_rp_read_config_info rp
;
597 BT_DBG("sock %p %s", sk
, hdev
->name
);
601 memset(&rp
, 0, sizeof(rp
));
602 rp
.manufacturer
= cpu_to_le16(hdev
->manufacturer
);
604 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG
, &hdev
->quirks
))
605 options
|= MGMT_OPTION_EXTERNAL_CONFIG
;
607 if (hdev
->set_bdaddr
)
608 options
|= MGMT_OPTION_PUBLIC_ADDRESS
;
610 rp
.supported_options
= cpu_to_le32(options
);
611 rp
.missing_options
= get_missing_options(hdev
);
613 hci_dev_unlock(hdev
);
615 return mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_READ_CONFIG_INFO
, 0,
619 static u32
get_supported_settings(struct hci_dev
*hdev
)
623 settings
|= MGMT_SETTING_POWERED
;
624 settings
|= MGMT_SETTING_BONDABLE
;
625 settings
|= MGMT_SETTING_DEBUG_KEYS
;
626 settings
|= MGMT_SETTING_CONNECTABLE
;
627 settings
|= MGMT_SETTING_DISCOVERABLE
;
629 if (lmp_bredr_capable(hdev
)) {
630 if (hdev
->hci_ver
>= BLUETOOTH_VER_1_2
)
631 settings
|= MGMT_SETTING_FAST_CONNECTABLE
;
632 settings
|= MGMT_SETTING_BREDR
;
633 settings
|= MGMT_SETTING_LINK_SECURITY
;
635 if (lmp_ssp_capable(hdev
)) {
636 settings
|= MGMT_SETTING_SSP
;
637 settings
|= MGMT_SETTING_HS
;
640 if (lmp_sc_capable(hdev
))
641 settings
|= MGMT_SETTING_SECURE_CONN
;
644 if (lmp_le_capable(hdev
)) {
645 settings
|= MGMT_SETTING_LE
;
646 settings
|= MGMT_SETTING_ADVERTISING
;
647 settings
|= MGMT_SETTING_SECURE_CONN
;
648 settings
|= MGMT_SETTING_PRIVACY
;
649 settings
|= MGMT_SETTING_STATIC_ADDRESS
;
652 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG
, &hdev
->quirks
) ||
654 settings
|= MGMT_SETTING_CONFIGURATION
;
659 static u32
get_current_settings(struct hci_dev
*hdev
)
663 if (hdev_is_powered(hdev
))
664 settings
|= MGMT_SETTING_POWERED
;
666 if (hci_dev_test_flag(hdev
, HCI_CONNECTABLE
))
667 settings
|= MGMT_SETTING_CONNECTABLE
;
669 if (hci_dev_test_flag(hdev
, HCI_FAST_CONNECTABLE
))
670 settings
|= MGMT_SETTING_FAST_CONNECTABLE
;
672 if (hci_dev_test_flag(hdev
, HCI_DISCOVERABLE
))
673 settings
|= MGMT_SETTING_DISCOVERABLE
;
675 if (hci_dev_test_flag(hdev
, HCI_BONDABLE
))
676 settings
|= MGMT_SETTING_BONDABLE
;
678 if (hci_dev_test_flag(hdev
, HCI_BREDR_ENABLED
))
679 settings
|= MGMT_SETTING_BREDR
;
681 if (hci_dev_test_flag(hdev
, HCI_LE_ENABLED
))
682 settings
|= MGMT_SETTING_LE
;
684 if (hci_dev_test_flag(hdev
, HCI_LINK_SECURITY
))
685 settings
|= MGMT_SETTING_LINK_SECURITY
;
687 if (hci_dev_test_flag(hdev
, HCI_SSP_ENABLED
))
688 settings
|= MGMT_SETTING_SSP
;
690 if (hci_dev_test_flag(hdev
, HCI_HS_ENABLED
))
691 settings
|= MGMT_SETTING_HS
;
693 if (hci_dev_test_flag(hdev
, HCI_ADVERTISING
))
694 settings
|= MGMT_SETTING_ADVERTISING
;
696 if (hci_dev_test_flag(hdev
, HCI_SC_ENABLED
))
697 settings
|= MGMT_SETTING_SECURE_CONN
;
699 if (hci_dev_test_flag(hdev
, HCI_KEEP_DEBUG_KEYS
))
700 settings
|= MGMT_SETTING_DEBUG_KEYS
;
702 if (hci_dev_test_flag(hdev
, HCI_PRIVACY
))
703 settings
|= MGMT_SETTING_PRIVACY
;
705 /* The current setting for static address has two purposes. The
706 * first is to indicate if the static address will be used and
707 * the second is to indicate if it is actually set.
709 * This means if the static address is not configured, this flag
710 * will never be set. If the address is configured, then if the
711 * address is actually used decides if the flag is set or not.
713 * For single mode LE only controllers and dual-mode controllers
714 * with BR/EDR disabled, the existence of the static address will
717 if (hci_dev_test_flag(hdev
, HCI_FORCE_STATIC_ADDR
) ||
718 !hci_dev_test_flag(hdev
, HCI_BREDR_ENABLED
) ||
719 !bacmp(&hdev
->bdaddr
, BDADDR_ANY
)) {
720 if (bacmp(&hdev
->static_addr
, BDADDR_ANY
))
721 settings
|= MGMT_SETTING_STATIC_ADDRESS
;
727 static struct mgmt_pending_cmd
*pending_find(u16 opcode
, struct hci_dev
*hdev
)
729 return mgmt_pending_find(HCI_CHANNEL_CONTROL
, opcode
, hdev
);
732 static struct mgmt_pending_cmd
*pending_find_data(u16 opcode
,
733 struct hci_dev
*hdev
,
736 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL
, opcode
, hdev
, data
);
739 u8
mgmt_get_adv_discov_flags(struct hci_dev
*hdev
)
741 struct mgmt_pending_cmd
*cmd
;
743 /* If there's a pending mgmt command the flags will not yet have
744 * their final values, so check for this first.
746 cmd
= pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
);
748 struct mgmt_mode
*cp
= cmd
->param
;
750 return LE_AD_GENERAL
;
751 else if (cp
->val
== 0x02)
752 return LE_AD_LIMITED
;
754 if (hci_dev_test_flag(hdev
, HCI_LIMITED_DISCOVERABLE
))
755 return LE_AD_LIMITED
;
756 else if (hci_dev_test_flag(hdev
, HCI_DISCOVERABLE
))
757 return LE_AD_GENERAL
;
763 bool mgmt_get_connectable(struct hci_dev
*hdev
)
765 struct mgmt_pending_cmd
*cmd
;
767 /* If there's a pending mgmt command the flag will not yet have
768 * it's final value, so check for this first.
770 cmd
= pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
);
772 struct mgmt_mode
*cp
= cmd
->param
;
777 return hci_dev_test_flag(hdev
, HCI_CONNECTABLE
);
780 static void service_cache_off(struct work_struct
*work
)
782 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
784 struct hci_request req
;
786 if (!hci_dev_test_and_clear_flag(hdev
, HCI_SERVICE_CACHE
))
789 hci_req_init(&req
, hdev
);
793 __hci_req_update_eir(&req
);
794 __hci_req_update_class(&req
);
796 hci_dev_unlock(hdev
);
798 hci_req_run(&req
, NULL
);
801 static void rpa_expired(struct work_struct
*work
)
803 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
805 struct hci_request req
;
809 hci_dev_set_flag(hdev
, HCI_RPA_EXPIRED
);
811 if (!hci_dev_test_flag(hdev
, HCI_ADVERTISING
))
814 /* The generation of a new RPA and programming it into the
815 * controller happens in the hci_req_enable_advertising()
818 hci_req_init(&req
, hdev
);
819 __hci_req_enable_advertising(&req
);
820 hci_req_run(&req
, NULL
);
823 static void mgmt_init_hdev(struct sock
*sk
, struct hci_dev
*hdev
)
825 if (hci_dev_test_and_set_flag(hdev
, HCI_MGMT
))
828 INIT_DELAYED_WORK(&hdev
->service_cache
, service_cache_off
);
829 INIT_DELAYED_WORK(&hdev
->rpa_expired
, rpa_expired
);
831 /* Non-mgmt controlled devices get this bit set
832 * implicitly so that pairing works for them, however
833 * for mgmt we require user-space to explicitly enable
836 hci_dev_clear_flag(hdev
, HCI_BONDABLE
);
839 static int read_controller_info(struct sock
*sk
, struct hci_dev
*hdev
,
840 void *data
, u16 data_len
)
842 struct mgmt_rp_read_info rp
;
844 BT_DBG("sock %p %s", sk
, hdev
->name
);
848 memset(&rp
, 0, sizeof(rp
));
850 bacpy(&rp
.bdaddr
, &hdev
->bdaddr
);
852 rp
.version
= hdev
->hci_ver
;
853 rp
.manufacturer
= cpu_to_le16(hdev
->manufacturer
);
855 rp
.supported_settings
= cpu_to_le32(get_supported_settings(hdev
));
856 rp
.current_settings
= cpu_to_le32(get_current_settings(hdev
));
858 memcpy(rp
.dev_class
, hdev
->dev_class
, 3);
860 memcpy(rp
.name
, hdev
->dev_name
, sizeof(hdev
->dev_name
));
861 memcpy(rp
.short_name
, hdev
->short_name
, sizeof(hdev
->short_name
));
863 hci_dev_unlock(hdev
);
865 return mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_READ_INFO
, 0, &rp
,
869 static int read_ext_controller_info(struct sock
*sk
, struct hci_dev
*hdev
,
870 void *data
, u16 data_len
)
872 struct mgmt_rp_read_ext_info rp
;
874 BT_DBG("sock %p %s", sk
, hdev
->name
);
878 memset(&rp
, 0, sizeof(rp
));
880 bacpy(&rp
.bdaddr
, &hdev
->bdaddr
);
882 rp
.version
= hdev
->hci_ver
;
883 rp
.manufacturer
= cpu_to_le16(hdev
->manufacturer
);
885 rp
.supported_settings
= cpu_to_le32(get_supported_settings(hdev
));
886 rp
.current_settings
= cpu_to_le32(get_current_settings(hdev
));
888 rp
.eir_len
= cpu_to_le16(0);
890 hci_dev_unlock(hdev
);
892 /* If this command is called at least once, then the events
893 * for class of device and local name changes are disabled
894 * and only the new extended controller information event
897 hci_sock_set_flag(sk
, HCI_MGMT_EXT_INFO_EVENTS
);
898 hci_sock_clear_flag(sk
, HCI_MGMT_DEV_CLASS_EVENTS
);
899 hci_sock_clear_flag(sk
, HCI_MGMT_LOCAL_NAME_EVENTS
);
901 return mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_READ_EXT_INFO
, 0, &rp
,
905 static int ext_info_changed(struct hci_dev
*hdev
, struct sock
*skip
)
907 struct mgmt_ev_ext_info_changed ev
;
909 ev
.eir_len
= cpu_to_le16(0);
911 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED
, hdev
, &ev
,
912 sizeof(ev
), HCI_MGMT_EXT_INFO_EVENTS
, skip
);
915 static int send_settings_rsp(struct sock
*sk
, u16 opcode
, struct hci_dev
*hdev
)
917 __le32 settings
= cpu_to_le32(get_current_settings(hdev
));
919 return mgmt_cmd_complete(sk
, hdev
->id
, opcode
, 0, &settings
,
923 static void clean_up_hci_complete(struct hci_dev
*hdev
, u8 status
, u16 opcode
)
925 BT_DBG("%s status 0x%02x", hdev
->name
, status
);
927 if (hci_conn_count(hdev
) == 0) {
928 cancel_delayed_work(&hdev
->power_off
);
929 queue_work(hdev
->req_workqueue
, &hdev
->power_off
.work
);
933 void mgmt_advertising_added(struct sock
*sk
, struct hci_dev
*hdev
, u8 instance
)
935 struct mgmt_ev_advertising_added ev
;
937 ev
.instance
= instance
;
939 mgmt_event(MGMT_EV_ADVERTISING_ADDED
, hdev
, &ev
, sizeof(ev
), sk
);
942 void mgmt_advertising_removed(struct sock
*sk
, struct hci_dev
*hdev
,
945 struct mgmt_ev_advertising_removed ev
;
947 ev
.instance
= instance
;
949 mgmt_event(MGMT_EV_ADVERTISING_REMOVED
, hdev
, &ev
, sizeof(ev
), sk
);
952 static void cancel_adv_timeout(struct hci_dev
*hdev
)
954 if (hdev
->adv_instance_timeout
) {
955 hdev
->adv_instance_timeout
= 0;
956 cancel_delayed_work(&hdev
->adv_instance_expire
);
960 static int clean_up_hci_state(struct hci_dev
*hdev
)
962 struct hci_request req
;
963 struct hci_conn
*conn
;
967 hci_req_init(&req
, hdev
);
969 if (test_bit(HCI_ISCAN
, &hdev
->flags
) ||
970 test_bit(HCI_PSCAN
, &hdev
->flags
)) {
972 hci_req_add(&req
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
975 hci_req_clear_adv_instance(hdev
, NULL
, NULL
, 0x00, false);
977 if (hci_dev_test_flag(hdev
, HCI_LE_ADV
))
978 __hci_req_disable_advertising(&req
);
980 discov_stopped
= hci_req_stop_discovery(&req
);
982 list_for_each_entry(conn
, &hdev
->conn_hash
.list
, list
) {
983 /* 0x15 == Terminated due to Power Off */
984 __hci_abort_conn(&req
, conn
, 0x15);
987 err
= hci_req_run(&req
, clean_up_hci_complete
);
988 if (!err
&& discov_stopped
)
989 hci_discovery_set_state(hdev
, DISCOVERY_STOPPING
);
994 static int set_powered(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
997 struct mgmt_mode
*cp
= data
;
998 struct mgmt_pending_cmd
*cmd
;
1001 BT_DBG("request for %s", hdev
->name
);
1003 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1004 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_POWERED
,
1005 MGMT_STATUS_INVALID_PARAMS
);
1009 if (pending_find(MGMT_OP_SET_POWERED
, hdev
)) {
1010 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_POWERED
,
1015 if (!!cp
->val
== hdev_is_powered(hdev
)) {
1016 err
= send_settings_rsp(sk
, MGMT_OP_SET_POWERED
, hdev
);
1020 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_POWERED
, hdev
, data
, len
);
1027 queue_work(hdev
->req_workqueue
, &hdev
->power_on
);
1030 /* Disconnect connections, stop scans, etc */
1031 err
= clean_up_hci_state(hdev
);
1033 queue_delayed_work(hdev
->req_workqueue
, &hdev
->power_off
,
1034 HCI_POWER_OFF_TIMEOUT
);
1036 /* ENODATA means there were no HCI commands queued */
1037 if (err
== -ENODATA
) {
1038 cancel_delayed_work(&hdev
->power_off
);
1039 queue_work(hdev
->req_workqueue
, &hdev
->power_off
.work
);
1045 hci_dev_unlock(hdev
);
1049 static int new_settings(struct hci_dev
*hdev
, struct sock
*skip
)
1051 __le32 ev
= cpu_to_le32(get_current_settings(hdev
));
1053 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS
, hdev
, &ev
,
1054 sizeof(ev
), HCI_MGMT_SETTING_EVENTS
, skip
);
1057 int mgmt_new_settings(struct hci_dev
*hdev
)
1059 return new_settings(hdev
, NULL
);
1064 struct hci_dev
*hdev
;
1068 static void settings_rsp(struct mgmt_pending_cmd
*cmd
, void *data
)
1070 struct cmd_lookup
*match
= data
;
1072 send_settings_rsp(cmd
->sk
, cmd
->opcode
, match
->hdev
);
1074 list_del(&cmd
->list
);
1076 if (match
->sk
== NULL
) {
1077 match
->sk
= cmd
->sk
;
1078 sock_hold(match
->sk
);
1081 mgmt_pending_free(cmd
);
1084 static void cmd_status_rsp(struct mgmt_pending_cmd
*cmd
, void *data
)
1088 mgmt_cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, *status
);
1089 mgmt_pending_remove(cmd
);
1092 static void cmd_complete_rsp(struct mgmt_pending_cmd
*cmd
, void *data
)
1094 if (cmd
->cmd_complete
) {
1097 cmd
->cmd_complete(cmd
, *status
);
1098 mgmt_pending_remove(cmd
);
1103 cmd_status_rsp(cmd
, data
);
1106 static int generic_cmd_complete(struct mgmt_pending_cmd
*cmd
, u8 status
)
1108 return mgmt_cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, status
,
1109 cmd
->param
, cmd
->param_len
);
1112 static int addr_cmd_complete(struct mgmt_pending_cmd
*cmd
, u8 status
)
1114 return mgmt_cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, status
,
1115 cmd
->param
, sizeof(struct mgmt_addr_info
));
1118 static u8
mgmt_bredr_support(struct hci_dev
*hdev
)
1120 if (!lmp_bredr_capable(hdev
))
1121 return MGMT_STATUS_NOT_SUPPORTED
;
1122 else if (!hci_dev_test_flag(hdev
, HCI_BREDR_ENABLED
))
1123 return MGMT_STATUS_REJECTED
;
1125 return MGMT_STATUS_SUCCESS
;
1128 static u8
mgmt_le_support(struct hci_dev
*hdev
)
1130 if (!lmp_le_capable(hdev
))
1131 return MGMT_STATUS_NOT_SUPPORTED
;
1132 else if (!hci_dev_test_flag(hdev
, HCI_LE_ENABLED
))
1133 return MGMT_STATUS_REJECTED
;
1135 return MGMT_STATUS_SUCCESS
;
1138 void mgmt_set_discoverable_complete(struct hci_dev
*hdev
, u8 status
)
1140 struct mgmt_pending_cmd
*cmd
;
1142 BT_DBG("status 0x%02x", status
);
1146 cmd
= pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
);
1151 u8 mgmt_err
= mgmt_status(status
);
1152 mgmt_cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, mgmt_err
);
1153 hci_dev_clear_flag(hdev
, HCI_LIMITED_DISCOVERABLE
);
1157 if (hci_dev_test_flag(hdev
, HCI_DISCOVERABLE
) &&
1158 hdev
->discov_timeout
> 0) {
1159 int to
= msecs_to_jiffies(hdev
->discov_timeout
* 1000);
1160 queue_delayed_work(hdev
->req_workqueue
, &hdev
->discov_off
, to
);
1163 send_settings_rsp(cmd
->sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
1164 new_settings(hdev
, cmd
->sk
);
1167 mgmt_pending_remove(cmd
);
1170 hci_dev_unlock(hdev
);
1173 static int set_discoverable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1176 struct mgmt_cp_set_discoverable
*cp
= data
;
1177 struct mgmt_pending_cmd
*cmd
;
1181 BT_DBG("request for %s", hdev
->name
);
1183 if (!hci_dev_test_flag(hdev
, HCI_LE_ENABLED
) &&
1184 !hci_dev_test_flag(hdev
, HCI_BREDR_ENABLED
))
1185 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
1186 MGMT_STATUS_REJECTED
);
1188 if (cp
->val
!= 0x00 && cp
->val
!= 0x01 && cp
->val
!= 0x02)
1189 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
1190 MGMT_STATUS_INVALID_PARAMS
);
1192 timeout
= __le16_to_cpu(cp
->timeout
);
1194 /* Disabling discoverable requires that no timeout is set,
1195 * and enabling limited discoverable requires a timeout.
1197 if ((cp
->val
== 0x00 && timeout
> 0) ||
1198 (cp
->val
== 0x02 && timeout
== 0))
1199 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
1200 MGMT_STATUS_INVALID_PARAMS
);
1204 if (!hdev_is_powered(hdev
) && timeout
> 0) {
1205 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
1206 MGMT_STATUS_NOT_POWERED
);
1210 if (pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
1211 pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
1212 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
1217 if (!hci_dev_test_flag(hdev
, HCI_CONNECTABLE
)) {
1218 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
1219 MGMT_STATUS_REJECTED
);
1223 if (!hdev_is_powered(hdev
)) {
1224 bool changed
= false;
1226 /* Setting limited discoverable when powered off is
1227 * not a valid operation since it requires a timeout
1228 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1230 if (!!cp
->val
!= hci_dev_test_flag(hdev
, HCI_DISCOVERABLE
)) {
1231 hci_dev_change_flag(hdev
, HCI_DISCOVERABLE
);
1235 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
1240 err
= new_settings(hdev
, sk
);
1245 /* If the current mode is the same, then just update the timeout
1246 * value with the new value. And if only the timeout gets updated,
1247 * then no need for any HCI transactions.
1249 if (!!cp
->val
== hci_dev_test_flag(hdev
, HCI_DISCOVERABLE
) &&
1250 (cp
->val
== 0x02) == hci_dev_test_flag(hdev
,
1251 HCI_LIMITED_DISCOVERABLE
)) {
1252 cancel_delayed_work(&hdev
->discov_off
);
1253 hdev
->discov_timeout
= timeout
;
1255 if (cp
->val
&& hdev
->discov_timeout
> 0) {
1256 int to
= msecs_to_jiffies(hdev
->discov_timeout
* 1000);
1257 queue_delayed_work(hdev
->req_workqueue
,
1258 &hdev
->discov_off
, to
);
1261 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
1265 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
, data
, len
);
1271 /* Cancel any potential discoverable timeout that might be
1272 * still active and store new timeout value. The arming of
1273 * the timeout happens in the complete handler.
1275 cancel_delayed_work(&hdev
->discov_off
);
1276 hdev
->discov_timeout
= timeout
;
1279 hci_dev_set_flag(hdev
, HCI_DISCOVERABLE
);
1281 hci_dev_clear_flag(hdev
, HCI_DISCOVERABLE
);
1283 /* Limited discoverable mode */
1284 if (cp
->val
== 0x02)
1285 hci_dev_set_flag(hdev
, HCI_LIMITED_DISCOVERABLE
);
1287 hci_dev_clear_flag(hdev
, HCI_LIMITED_DISCOVERABLE
);
1289 queue_work(hdev
->req_workqueue
, &hdev
->discoverable_update
);
1293 hci_dev_unlock(hdev
);
1297 void mgmt_set_connectable_complete(struct hci_dev
*hdev
, u8 status
)
1299 struct mgmt_pending_cmd
*cmd
;
1301 BT_DBG("status 0x%02x", status
);
1305 cmd
= pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
);
1310 u8 mgmt_err
= mgmt_status(status
);
1311 mgmt_cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, mgmt_err
);
1315 send_settings_rsp(cmd
->sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
1316 new_settings(hdev
, cmd
->sk
);
1319 mgmt_pending_remove(cmd
);
1322 hci_dev_unlock(hdev
);
1325 static int set_connectable_update_settings(struct hci_dev
*hdev
,
1326 struct sock
*sk
, u8 val
)
1328 bool changed
= false;
1331 if (!!val
!= hci_dev_test_flag(hdev
, HCI_CONNECTABLE
))
1335 hci_dev_set_flag(hdev
, HCI_CONNECTABLE
);
1337 hci_dev_clear_flag(hdev
, HCI_CONNECTABLE
);
1338 hci_dev_clear_flag(hdev
, HCI_DISCOVERABLE
);
1341 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
1346 hci_req_update_scan(hdev
);
1347 hci_update_background_scan(hdev
);
1348 return new_settings(hdev
, sk
);
1354 static int set_connectable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1357 struct mgmt_mode
*cp
= data
;
1358 struct mgmt_pending_cmd
*cmd
;
1361 BT_DBG("request for %s", hdev
->name
);
1363 if (!hci_dev_test_flag(hdev
, HCI_LE_ENABLED
) &&
1364 !hci_dev_test_flag(hdev
, HCI_BREDR_ENABLED
))
1365 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
1366 MGMT_STATUS_REJECTED
);
1368 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1369 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
1370 MGMT_STATUS_INVALID_PARAMS
);
1374 if (!hdev_is_powered(hdev
)) {
1375 err
= set_connectable_update_settings(hdev
, sk
, cp
->val
);
1379 if (pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
1380 pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
1381 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
1386 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
, data
, len
);
1393 hci_dev_set_flag(hdev
, HCI_CONNECTABLE
);
1395 if (hdev
->discov_timeout
> 0)
1396 cancel_delayed_work(&hdev
->discov_off
);
1398 hci_dev_clear_flag(hdev
, HCI_LIMITED_DISCOVERABLE
);
1399 hci_dev_clear_flag(hdev
, HCI_DISCOVERABLE
);
1400 hci_dev_clear_flag(hdev
, HCI_CONNECTABLE
);
1403 queue_work(hdev
->req_workqueue
, &hdev
->connectable_update
);
1407 hci_dev_unlock(hdev
);
1411 static int set_bondable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1414 struct mgmt_mode
*cp
= data
;
1418 BT_DBG("request for %s", hdev
->name
);
1420 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1421 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_BONDABLE
,
1422 MGMT_STATUS_INVALID_PARAMS
);
1427 changed
= !hci_dev_test_and_set_flag(hdev
, HCI_BONDABLE
);
1429 changed
= hci_dev_test_and_clear_flag(hdev
, HCI_BONDABLE
);
1431 err
= send_settings_rsp(sk
, MGMT_OP_SET_BONDABLE
, hdev
);
1436 /* In limited privacy mode the change of bondable mode
1437 * may affect the local advertising address.
1439 if (hdev_is_powered(hdev
) &&
1440 hci_dev_test_flag(hdev
, HCI_ADVERTISING
) &&
1441 hci_dev_test_flag(hdev
, HCI_DISCOVERABLE
) &&
1442 hci_dev_test_flag(hdev
, HCI_LIMITED_PRIVACY
))
1443 queue_work(hdev
->req_workqueue
,
1444 &hdev
->discoverable_update
);
1446 err
= new_settings(hdev
, sk
);
1450 hci_dev_unlock(hdev
);
1454 static int set_link_security(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1457 struct mgmt_mode
*cp
= data
;
1458 struct mgmt_pending_cmd
*cmd
;
1462 BT_DBG("request for %s", hdev
->name
);
1464 status
= mgmt_bredr_support(hdev
);
1466 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1469 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1470 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1471 MGMT_STATUS_INVALID_PARAMS
);
1475 if (!hdev_is_powered(hdev
)) {
1476 bool changed
= false;
1478 if (!!cp
->val
!= hci_dev_test_flag(hdev
, HCI_LINK_SECURITY
)) {
1479 hci_dev_change_flag(hdev
, HCI_LINK_SECURITY
);
1483 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1488 err
= new_settings(hdev
, sk
);
1493 if (pending_find(MGMT_OP_SET_LINK_SECURITY
, hdev
)) {
1494 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1501 if (test_bit(HCI_AUTH
, &hdev
->flags
) == val
) {
1502 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1506 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
, data
, len
);
1512 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, sizeof(val
), &val
);
1514 mgmt_pending_remove(cmd
);
1519 hci_dev_unlock(hdev
);
1523 static int set_ssp(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1525 struct mgmt_mode
*cp
= data
;
1526 struct mgmt_pending_cmd
*cmd
;
1530 BT_DBG("request for %s", hdev
->name
);
1532 status
= mgmt_bredr_support(hdev
);
1534 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
, status
);
1536 if (!lmp_ssp_capable(hdev
))
1537 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1538 MGMT_STATUS_NOT_SUPPORTED
);
1540 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1541 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1542 MGMT_STATUS_INVALID_PARAMS
);
1546 if (!hdev_is_powered(hdev
)) {
1550 changed
= !hci_dev_test_and_set_flag(hdev
,
1553 changed
= hci_dev_test_and_clear_flag(hdev
,
1556 changed
= hci_dev_test_and_clear_flag(hdev
,
1559 hci_dev_clear_flag(hdev
, HCI_HS_ENABLED
);
1562 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1567 err
= new_settings(hdev
, sk
);
1572 if (pending_find(MGMT_OP_SET_SSP
, hdev
)) {
1573 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1578 if (!!cp
->val
== hci_dev_test_flag(hdev
, HCI_SSP_ENABLED
)) {
1579 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1583 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_SSP
, hdev
, data
, len
);
1589 if (!cp
->val
&& hci_dev_test_flag(hdev
, HCI_USE_DEBUG_KEYS
))
1590 hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_DEBUG_MODE
,
1591 sizeof(cp
->val
), &cp
->val
);
1593 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_MODE
, 1, &cp
->val
);
1595 mgmt_pending_remove(cmd
);
1600 hci_dev_unlock(hdev
);
1604 static int set_hs(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1606 struct mgmt_mode
*cp
= data
;
1611 BT_DBG("request for %s", hdev
->name
);
1613 status
= mgmt_bredr_support(hdev
);
1615 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
, status
);
1617 if (!lmp_ssp_capable(hdev
))
1618 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1619 MGMT_STATUS_NOT_SUPPORTED
);
1621 if (!hci_dev_test_flag(hdev
, HCI_SSP_ENABLED
))
1622 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1623 MGMT_STATUS_REJECTED
);
1625 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1626 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1627 MGMT_STATUS_INVALID_PARAMS
);
1631 if (pending_find(MGMT_OP_SET_SSP
, hdev
)) {
1632 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1638 changed
= !hci_dev_test_and_set_flag(hdev
, HCI_HS_ENABLED
);
1640 if (hdev_is_powered(hdev
)) {
1641 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1642 MGMT_STATUS_REJECTED
);
1646 changed
= hci_dev_test_and_clear_flag(hdev
, HCI_HS_ENABLED
);
1649 err
= send_settings_rsp(sk
, MGMT_OP_SET_HS
, hdev
);
1654 err
= new_settings(hdev
, sk
);
1657 hci_dev_unlock(hdev
);
1661 static void le_enable_complete(struct hci_dev
*hdev
, u8 status
, u16 opcode
)
1663 struct cmd_lookup match
= { NULL
, hdev
};
1668 u8 mgmt_err
= mgmt_status(status
);
1670 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, cmd_status_rsp
,
1675 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, settings_rsp
, &match
);
1677 new_settings(hdev
, match
.sk
);
1682 /* Make sure the controller has a good default for
1683 * advertising data. Restrict the update to when LE
1684 * has actually been enabled. During power on, the
1685 * update in powered_update_hci will take care of it.
1687 if (hci_dev_test_flag(hdev
, HCI_LE_ENABLED
)) {
1688 struct hci_request req
;
1690 hci_req_init(&req
, hdev
);
1691 __hci_req_update_adv_data(&req
, 0x00);
1692 __hci_req_update_scan_rsp_data(&req
, 0x00);
1693 hci_req_run(&req
, NULL
);
1694 hci_update_background_scan(hdev
);
1698 hci_dev_unlock(hdev
);
1701 static int set_le(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1703 struct mgmt_mode
*cp
= data
;
1704 struct hci_cp_write_le_host_supported hci_cp
;
1705 struct mgmt_pending_cmd
*cmd
;
1706 struct hci_request req
;
1710 BT_DBG("request for %s", hdev
->name
);
1712 if (!lmp_le_capable(hdev
))
1713 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1714 MGMT_STATUS_NOT_SUPPORTED
);
1716 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1717 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1718 MGMT_STATUS_INVALID_PARAMS
);
1720 /* Bluetooth single mode LE only controllers or dual-mode
1721 * controllers configured as LE only devices, do not allow
1722 * switching LE off. These have either LE enabled explicitly
1723 * or BR/EDR has been previously switched off.
1725 * When trying to enable an already enabled LE, then gracefully
1726 * send a positive response. Trying to disable it however will
1727 * result into rejection.
1729 if (!hci_dev_test_flag(hdev
, HCI_BREDR_ENABLED
)) {
1730 if (cp
->val
== 0x01)
1731 return send_settings_rsp(sk
, MGMT_OP_SET_LE
, hdev
);
1733 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1734 MGMT_STATUS_REJECTED
);
1740 enabled
= lmp_host_le_capable(hdev
);
1743 hci_req_clear_adv_instance(hdev
, NULL
, NULL
, 0x00, true);
1745 if (!hdev_is_powered(hdev
) || val
== enabled
) {
1746 bool changed
= false;
1748 if (val
!= hci_dev_test_flag(hdev
, HCI_LE_ENABLED
)) {
1749 hci_dev_change_flag(hdev
, HCI_LE_ENABLED
);
1753 if (!val
&& hci_dev_test_flag(hdev
, HCI_ADVERTISING
)) {
1754 hci_dev_clear_flag(hdev
, HCI_ADVERTISING
);
1758 err
= send_settings_rsp(sk
, MGMT_OP_SET_LE
, hdev
);
1763 err
= new_settings(hdev
, sk
);
1768 if (pending_find(MGMT_OP_SET_LE
, hdev
) ||
1769 pending_find(MGMT_OP_SET_ADVERTISING
, hdev
)) {
1770 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1775 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LE
, hdev
, data
, len
);
1781 hci_req_init(&req
, hdev
);
1783 memset(&hci_cp
, 0, sizeof(hci_cp
));
1787 hci_cp
.simul
= 0x00;
1789 if (hci_dev_test_flag(hdev
, HCI_LE_ADV
))
1790 __hci_req_disable_advertising(&req
);
1793 hci_req_add(&req
, HCI_OP_WRITE_LE_HOST_SUPPORTED
, sizeof(hci_cp
),
1796 err
= hci_req_run(&req
, le_enable_complete
);
1798 mgmt_pending_remove(cmd
);
1801 hci_dev_unlock(hdev
);
1805 /* This is a helper function to test for pending mgmt commands that can
1806 * cause CoD or EIR HCI commands. We can only allow one such pending
1807 * mgmt command at a time since otherwise we cannot easily track what
1808 * the current values are, will be, and based on that calculate if a new
1809 * HCI command needs to be sent and if yes with what value.
1811 static bool pending_eir_or_class(struct hci_dev
*hdev
)
1813 struct mgmt_pending_cmd
*cmd
;
1815 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
1816 switch (cmd
->opcode
) {
1817 case MGMT_OP_ADD_UUID
:
1818 case MGMT_OP_REMOVE_UUID
:
1819 case MGMT_OP_SET_DEV_CLASS
:
1820 case MGMT_OP_SET_POWERED
:
1828 static const u8 bluetooth_base_uuid
[] = {
1829 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1830 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1833 static u8
get_uuid_size(const u8
*uuid
)
1837 if (memcmp(uuid
, bluetooth_base_uuid
, 12))
1840 val
= get_unaligned_le32(&uuid
[12]);
1847 static void mgmt_class_complete(struct hci_dev
*hdev
, u16 mgmt_op
, u8 status
)
1849 struct mgmt_pending_cmd
*cmd
;
1853 cmd
= pending_find(mgmt_op
, hdev
);
1857 mgmt_cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
,
1858 mgmt_status(status
), hdev
->dev_class
, 3);
1860 mgmt_pending_remove(cmd
);
1863 hci_dev_unlock(hdev
);
1866 static void add_uuid_complete(struct hci_dev
*hdev
, u8 status
, u16 opcode
)
1868 BT_DBG("status 0x%02x", status
);
1870 mgmt_class_complete(hdev
, MGMT_OP_ADD_UUID
, status
);
1873 static int add_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1875 struct mgmt_cp_add_uuid
*cp
= data
;
1876 struct mgmt_pending_cmd
*cmd
;
1877 struct hci_request req
;
1878 struct bt_uuid
*uuid
;
1881 BT_DBG("request for %s", hdev
->name
);
1885 if (pending_eir_or_class(hdev
)) {
1886 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_UUID
,
1891 uuid
= kmalloc(sizeof(*uuid
), GFP_KERNEL
);
1897 memcpy(uuid
->uuid
, cp
->uuid
, 16);
1898 uuid
->svc_hint
= cp
->svc_hint
;
1899 uuid
->size
= get_uuid_size(cp
->uuid
);
1901 list_add_tail(&uuid
->list
, &hdev
->uuids
);
1903 hci_req_init(&req
, hdev
);
1905 __hci_req_update_class(&req
);
1906 __hci_req_update_eir(&req
);
1908 err
= hci_req_run(&req
, add_uuid_complete
);
1910 if (err
!= -ENODATA
)
1913 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_UUID
, 0,
1914 hdev
->dev_class
, 3);
1918 cmd
= mgmt_pending_add(sk
, MGMT_OP_ADD_UUID
, hdev
, data
, len
);
1927 hci_dev_unlock(hdev
);
1931 static bool enable_service_cache(struct hci_dev
*hdev
)
1933 if (!hdev_is_powered(hdev
))
1936 if (!hci_dev_test_and_set_flag(hdev
, HCI_SERVICE_CACHE
)) {
1937 queue_delayed_work(hdev
->workqueue
, &hdev
->service_cache
,
1945 static void remove_uuid_complete(struct hci_dev
*hdev
, u8 status
, u16 opcode
)
1947 BT_DBG("status 0x%02x", status
);
1949 mgmt_class_complete(hdev
, MGMT_OP_REMOVE_UUID
, status
);
1952 static int remove_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1955 struct mgmt_cp_remove_uuid
*cp
= data
;
1956 struct mgmt_pending_cmd
*cmd
;
1957 struct bt_uuid
*match
, *tmp
;
1958 u8 bt_uuid_any
[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1959 struct hci_request req
;
1962 BT_DBG("request for %s", hdev
->name
);
1966 if (pending_eir_or_class(hdev
)) {
1967 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1972 if (memcmp(cp
->uuid
, bt_uuid_any
, 16) == 0) {
1973 hci_uuids_clear(hdev
);
1975 if (enable_service_cache(hdev
)) {
1976 err
= mgmt_cmd_complete(sk
, hdev
->id
,
1977 MGMT_OP_REMOVE_UUID
,
1978 0, hdev
->dev_class
, 3);
1987 list_for_each_entry_safe(match
, tmp
, &hdev
->uuids
, list
) {
1988 if (memcmp(match
->uuid
, cp
->uuid
, 16) != 0)
1991 list_del(&match
->list
);
1997 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1998 MGMT_STATUS_INVALID_PARAMS
);
2003 hci_req_init(&req
, hdev
);
2005 __hci_req_update_class(&req
);
2006 __hci_req_update_eir(&req
);
2008 err
= hci_req_run(&req
, remove_uuid_complete
);
2010 if (err
!= -ENODATA
)
2013 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
, 0,
2014 hdev
->dev_class
, 3);
2018 cmd
= mgmt_pending_add(sk
, MGMT_OP_REMOVE_UUID
, hdev
, data
, len
);
2027 hci_dev_unlock(hdev
);
2031 static void set_class_complete(struct hci_dev
*hdev
, u8 status
, u16 opcode
)
2033 BT_DBG("status 0x%02x", status
);
2035 mgmt_class_complete(hdev
, MGMT_OP_SET_DEV_CLASS
, status
);
2038 static int set_dev_class(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2041 struct mgmt_cp_set_dev_class
*cp
= data
;
2042 struct mgmt_pending_cmd
*cmd
;
2043 struct hci_request req
;
2046 BT_DBG("request for %s", hdev
->name
);
2048 if (!lmp_bredr_capable(hdev
))
2049 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
2050 MGMT_STATUS_NOT_SUPPORTED
);
2054 if (pending_eir_or_class(hdev
)) {
2055 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
2060 if ((cp
->minor
& 0x03) != 0 || (cp
->major
& 0xe0) != 0) {
2061 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
2062 MGMT_STATUS_INVALID_PARAMS
);
2066 hdev
->major_class
= cp
->major
;
2067 hdev
->minor_class
= cp
->minor
;
2069 if (!hdev_is_powered(hdev
)) {
2070 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
2071 hdev
->dev_class
, 3);
2075 hci_req_init(&req
, hdev
);
2077 if (hci_dev_test_and_clear_flag(hdev
, HCI_SERVICE_CACHE
)) {
2078 hci_dev_unlock(hdev
);
2079 cancel_delayed_work_sync(&hdev
->service_cache
);
2081 __hci_req_update_eir(&req
);
2084 __hci_req_update_class(&req
);
2086 err
= hci_req_run(&req
, set_class_complete
);
2088 if (err
!= -ENODATA
)
2091 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
2092 hdev
->dev_class
, 3);
2096 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DEV_CLASS
, hdev
, data
, len
);
2105 hci_dev_unlock(hdev
);
2109 static int load_link_keys(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2112 struct mgmt_cp_load_link_keys
*cp
= data
;
2113 const u16 max_key_count
= ((U16_MAX
- sizeof(*cp
)) /
2114 sizeof(struct mgmt_link_key_info
));
2115 u16 key_count
, expected_len
;
2119 BT_DBG("request for %s", hdev
->name
);
2121 if (!lmp_bredr_capable(hdev
))
2122 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
2123 MGMT_STATUS_NOT_SUPPORTED
);
2125 key_count
= __le16_to_cpu(cp
->key_count
);
2126 if (key_count
> max_key_count
) {
2127 BT_ERR("load_link_keys: too big key_count value %u",
2129 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
2130 MGMT_STATUS_INVALID_PARAMS
);
2133 expected_len
= sizeof(*cp
) + key_count
*
2134 sizeof(struct mgmt_link_key_info
);
2135 if (expected_len
!= len
) {
2136 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2138 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
2139 MGMT_STATUS_INVALID_PARAMS
);
2142 if (cp
->debug_keys
!= 0x00 && cp
->debug_keys
!= 0x01)
2143 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
2144 MGMT_STATUS_INVALID_PARAMS
);
2146 BT_DBG("%s debug_keys %u key_count %u", hdev
->name
, cp
->debug_keys
,
2149 for (i
= 0; i
< key_count
; i
++) {
2150 struct mgmt_link_key_info
*key
= &cp
->keys
[i
];
2152 if (key
->addr
.type
!= BDADDR_BREDR
|| key
->type
> 0x08)
2153 return mgmt_cmd_status(sk
, hdev
->id
,
2154 MGMT_OP_LOAD_LINK_KEYS
,
2155 MGMT_STATUS_INVALID_PARAMS
);
2160 hci_link_keys_clear(hdev
);
2163 changed
= !hci_dev_test_and_set_flag(hdev
, HCI_KEEP_DEBUG_KEYS
);
2165 changed
= hci_dev_test_and_clear_flag(hdev
,
2166 HCI_KEEP_DEBUG_KEYS
);
2169 new_settings(hdev
, NULL
);
2171 for (i
= 0; i
< key_count
; i
++) {
2172 struct mgmt_link_key_info
*key
= &cp
->keys
[i
];
2174 /* Always ignore debug keys and require a new pairing if
2175 * the user wants to use them.
2177 if (key
->type
== HCI_LK_DEBUG_COMBINATION
)
2180 hci_add_link_key(hdev
, NULL
, &key
->addr
.bdaddr
, key
->val
,
2181 key
->type
, key
->pin_len
, NULL
);
2184 mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
, 0, NULL
, 0);
2186 hci_dev_unlock(hdev
);
2191 static int device_unpaired(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
2192 u8 addr_type
, struct sock
*skip_sk
)
2194 struct mgmt_ev_device_unpaired ev
;
2196 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
2197 ev
.addr
.type
= addr_type
;
2199 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED
, hdev
, &ev
, sizeof(ev
),
2203 static int unpair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2206 struct mgmt_cp_unpair_device
*cp
= data
;
2207 struct mgmt_rp_unpair_device rp
;
2208 struct hci_conn_params
*params
;
2209 struct mgmt_pending_cmd
*cmd
;
2210 struct hci_conn
*conn
;
2214 memset(&rp
, 0, sizeof(rp
));
2215 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
2216 rp
.addr
.type
= cp
->addr
.type
;
2218 if (!bdaddr_type_is_valid(cp
->addr
.type
))
2219 return mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
2220 MGMT_STATUS_INVALID_PARAMS
,
2223 if (cp
->disconnect
!= 0x00 && cp
->disconnect
!= 0x01)
2224 return mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
2225 MGMT_STATUS_INVALID_PARAMS
,
2230 if (!hdev_is_powered(hdev
)) {
2231 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
2232 MGMT_STATUS_NOT_POWERED
, &rp
,
2237 if (cp
->addr
.type
== BDADDR_BREDR
) {
2238 /* If disconnection is requested, then look up the
2239 * connection. If the remote device is connected, it
2240 * will be later used to terminate the link.
2242 * Setting it to NULL explicitly will cause no
2243 * termination of the link.
2246 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
2251 err
= hci_remove_link_key(hdev
, &cp
->addr
.bdaddr
);
2253 err
= mgmt_cmd_complete(sk
, hdev
->id
,
2254 MGMT_OP_UNPAIR_DEVICE
,
2255 MGMT_STATUS_NOT_PAIRED
, &rp
,
2263 /* LE address type */
2264 addr_type
= le_addr_type(cp
->addr
.type
);
2266 hci_remove_irk(hdev
, &cp
->addr
.bdaddr
, addr_type
);
2268 err
= hci_remove_ltk(hdev
, &cp
->addr
.bdaddr
, addr_type
);
2270 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
2271 MGMT_STATUS_NOT_PAIRED
, &rp
,
2276 conn
= hci_conn_hash_lookup_le(hdev
, &cp
->addr
.bdaddr
, addr_type
);
2278 hci_conn_params_del(hdev
, &cp
->addr
.bdaddr
, addr_type
);
2282 /* Abort any ongoing SMP pairing */
2283 smp_cancel_pairing(conn
);
2285 /* Defer clearing up the connection parameters until closing to
2286 * give a chance of keeping them if a repairing happens.
2288 set_bit(HCI_CONN_PARAM_REMOVAL_PEND
, &conn
->flags
);
2290 /* Disable auto-connection parameters if present */
2291 params
= hci_conn_params_lookup(hdev
, &cp
->addr
.bdaddr
, addr_type
);
2293 if (params
->explicit_connect
)
2294 params
->auto_connect
= HCI_AUTO_CONN_EXPLICIT
;
2296 params
->auto_connect
= HCI_AUTO_CONN_DISABLED
;
2299 /* If disconnection is not requested, then clear the connection
2300 * variable so that the link is not terminated.
2302 if (!cp
->disconnect
)
2306 /* If the connection variable is set, then termination of the
2307 * link is requested.
2310 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
, 0,
2312 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, sk
);
2316 cmd
= mgmt_pending_add(sk
, MGMT_OP_UNPAIR_DEVICE
, hdev
, cp
,
2323 cmd
->cmd_complete
= addr_cmd_complete
;
2325 err
= hci_abort_conn(conn
, HCI_ERROR_REMOTE_USER_TERM
);
2327 mgmt_pending_remove(cmd
);
2330 hci_dev_unlock(hdev
);
2334 static int disconnect(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2337 struct mgmt_cp_disconnect
*cp
= data
;
2338 struct mgmt_rp_disconnect rp
;
2339 struct mgmt_pending_cmd
*cmd
;
2340 struct hci_conn
*conn
;
2345 memset(&rp
, 0, sizeof(rp
));
2346 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
2347 rp
.addr
.type
= cp
->addr
.type
;
2349 if (!bdaddr_type_is_valid(cp
->addr
.type
))
2350 return mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
2351 MGMT_STATUS_INVALID_PARAMS
,
2356 if (!test_bit(HCI_UP
, &hdev
->flags
)) {
2357 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
2358 MGMT_STATUS_NOT_POWERED
, &rp
,
2363 if (pending_find(MGMT_OP_DISCONNECT
, hdev
)) {
2364 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
2365 MGMT_STATUS_BUSY
, &rp
, sizeof(rp
));
2369 if (cp
->addr
.type
== BDADDR_BREDR
)
2370 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
2373 conn
= hci_conn_hash_lookup_le(hdev
, &cp
->addr
.bdaddr
,
2374 le_addr_type(cp
->addr
.type
));
2376 if (!conn
|| conn
->state
== BT_OPEN
|| conn
->state
== BT_CLOSED
) {
2377 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
2378 MGMT_STATUS_NOT_CONNECTED
, &rp
,
2383 cmd
= mgmt_pending_add(sk
, MGMT_OP_DISCONNECT
, hdev
, data
, len
);
2389 cmd
->cmd_complete
= generic_cmd_complete
;
2391 err
= hci_disconnect(conn
, HCI_ERROR_REMOTE_USER_TERM
);
2393 mgmt_pending_remove(cmd
);
2396 hci_dev_unlock(hdev
);
2400 static u8
link_to_bdaddr(u8 link_type
, u8 addr_type
)
2402 switch (link_type
) {
2404 switch (addr_type
) {
2405 case ADDR_LE_DEV_PUBLIC
:
2406 return BDADDR_LE_PUBLIC
;
2409 /* Fallback to LE Random address type */
2410 return BDADDR_LE_RANDOM
;
2414 /* Fallback to BR/EDR type */
2415 return BDADDR_BREDR
;
2419 static int get_connections(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2422 struct mgmt_rp_get_connections
*rp
;
2432 if (!hdev_is_powered(hdev
)) {
2433 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
,
2434 MGMT_STATUS_NOT_POWERED
);
2439 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
2440 if (test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
2444 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
2445 rp
= kmalloc(rp_len
, GFP_KERNEL
);
2452 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
2453 if (!test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
2455 bacpy(&rp
->addr
[i
].bdaddr
, &c
->dst
);
2456 rp
->addr
[i
].type
= link_to_bdaddr(c
->type
, c
->dst_type
);
2457 if (c
->type
== SCO_LINK
|| c
->type
== ESCO_LINK
)
2462 rp
->conn_count
= cpu_to_le16(i
);
2464 /* Recalculate length in case of filtered SCO connections, etc */
2465 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
2467 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
, 0, rp
,
2473 hci_dev_unlock(hdev
);
2477 static int send_pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2478 struct mgmt_cp_pin_code_neg_reply
*cp
)
2480 struct mgmt_pending_cmd
*cmd
;
2483 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
, cp
,
2488 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
2489 sizeof(cp
->addr
.bdaddr
), &cp
->addr
.bdaddr
);
2491 mgmt_pending_remove(cmd
);
2496 static int pin_code_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2499 struct hci_conn
*conn
;
2500 struct mgmt_cp_pin_code_reply
*cp
= data
;
2501 struct hci_cp_pin_code_reply reply
;
2502 struct mgmt_pending_cmd
*cmd
;
2509 if (!hdev_is_powered(hdev
)) {
2510 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
2511 MGMT_STATUS_NOT_POWERED
);
2515 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
);
2517 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
2518 MGMT_STATUS_NOT_CONNECTED
);
2522 if (conn
->pending_sec_level
== BT_SECURITY_HIGH
&& cp
->pin_len
!= 16) {
2523 struct mgmt_cp_pin_code_neg_reply ncp
;
2525 memcpy(&ncp
.addr
, &cp
->addr
, sizeof(ncp
.addr
));
2527 BT_ERR("PIN code is not 16 bytes long");
2529 err
= send_pin_code_neg_reply(sk
, hdev
, &ncp
);
2531 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
2532 MGMT_STATUS_INVALID_PARAMS
);
2537 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_REPLY
, hdev
, data
, len
);
2543 cmd
->cmd_complete
= addr_cmd_complete
;
2545 bacpy(&reply
.bdaddr
, &cp
->addr
.bdaddr
);
2546 reply
.pin_len
= cp
->pin_len
;
2547 memcpy(reply
.pin_code
, cp
->pin_code
, sizeof(reply
.pin_code
));
2549 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_REPLY
, sizeof(reply
), &reply
);
2551 mgmt_pending_remove(cmd
);
2554 hci_dev_unlock(hdev
);
2558 static int set_io_capability(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2561 struct mgmt_cp_set_io_capability
*cp
= data
;
2565 if (cp
->io_capability
> SMP_IO_KEYBOARD_DISPLAY
)
2566 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_IO_CAPABILITY
,
2567 MGMT_STATUS_INVALID_PARAMS
);
2571 hdev
->io_capability
= cp
->io_capability
;
2573 BT_DBG("%s IO capability set to 0x%02x", hdev
->name
,
2574 hdev
->io_capability
);
2576 hci_dev_unlock(hdev
);
2578 return mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_IO_CAPABILITY
, 0,
2582 static struct mgmt_pending_cmd
*find_pairing(struct hci_conn
*conn
)
2584 struct hci_dev
*hdev
= conn
->hdev
;
2585 struct mgmt_pending_cmd
*cmd
;
2587 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
2588 if (cmd
->opcode
!= MGMT_OP_PAIR_DEVICE
)
2591 if (cmd
->user_data
!= conn
)
2600 static int pairing_complete(struct mgmt_pending_cmd
*cmd
, u8 status
)
2602 struct mgmt_rp_pair_device rp
;
2603 struct hci_conn
*conn
= cmd
->user_data
;
2606 bacpy(&rp
.addr
.bdaddr
, &conn
->dst
);
2607 rp
.addr
.type
= link_to_bdaddr(conn
->type
, conn
->dst_type
);
2609 err
= mgmt_cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_PAIR_DEVICE
,
2610 status
, &rp
, sizeof(rp
));
2612 /* So we don't get further callbacks for this connection */
2613 conn
->connect_cfm_cb
= NULL
;
2614 conn
->security_cfm_cb
= NULL
;
2615 conn
->disconn_cfm_cb
= NULL
;
2617 hci_conn_drop(conn
);
2619 /* The device is paired so there is no need to remove
2620 * its connection parameters anymore.
2622 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND
, &conn
->flags
);
2629 void mgmt_smp_complete(struct hci_conn
*conn
, bool complete
)
2631 u8 status
= complete
? MGMT_STATUS_SUCCESS
: MGMT_STATUS_FAILED
;
2632 struct mgmt_pending_cmd
*cmd
;
2634 cmd
= find_pairing(conn
);
2636 cmd
->cmd_complete(cmd
, status
);
2637 mgmt_pending_remove(cmd
);
2641 static void pairing_complete_cb(struct hci_conn
*conn
, u8 status
)
2643 struct mgmt_pending_cmd
*cmd
;
2645 BT_DBG("status %u", status
);
2647 cmd
= find_pairing(conn
);
2649 BT_DBG("Unable to find a pending command");
2653 cmd
->cmd_complete(cmd
, mgmt_status(status
));
2654 mgmt_pending_remove(cmd
);
2657 static void le_pairing_complete_cb(struct hci_conn
*conn
, u8 status
)
2659 struct mgmt_pending_cmd
*cmd
;
2661 BT_DBG("status %u", status
);
2666 cmd
= find_pairing(conn
);
2668 BT_DBG("Unable to find a pending command");
2672 cmd
->cmd_complete(cmd
, mgmt_status(status
));
2673 mgmt_pending_remove(cmd
);
2676 static int pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2679 struct mgmt_cp_pair_device
*cp
= data
;
2680 struct mgmt_rp_pair_device rp
;
2681 struct mgmt_pending_cmd
*cmd
;
2682 u8 sec_level
, auth_type
;
2683 struct hci_conn
*conn
;
2688 memset(&rp
, 0, sizeof(rp
));
2689 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
2690 rp
.addr
.type
= cp
->addr
.type
;
2692 if (!bdaddr_type_is_valid(cp
->addr
.type
))
2693 return mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2694 MGMT_STATUS_INVALID_PARAMS
,
2697 if (cp
->io_cap
> SMP_IO_KEYBOARD_DISPLAY
)
2698 return mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2699 MGMT_STATUS_INVALID_PARAMS
,
2704 if (!hdev_is_powered(hdev
)) {
2705 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2706 MGMT_STATUS_NOT_POWERED
, &rp
,
2711 if (hci_bdaddr_is_paired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
)) {
2712 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2713 MGMT_STATUS_ALREADY_PAIRED
, &rp
,
2718 sec_level
= BT_SECURITY_MEDIUM
;
2719 auth_type
= HCI_AT_DEDICATED_BONDING
;
2721 if (cp
->addr
.type
== BDADDR_BREDR
) {
2722 conn
= hci_connect_acl(hdev
, &cp
->addr
.bdaddr
, sec_level
,
2725 u8 addr_type
= le_addr_type(cp
->addr
.type
);
2726 struct hci_conn_params
*p
;
2728 /* When pairing a new device, it is expected to remember
2729 * this device for future connections. Adding the connection
2730 * parameter information ahead of time allows tracking
2731 * of the slave preferred values and will speed up any
2732 * further connection establishment.
2734 * If connection parameters already exist, then they
2735 * will be kept and this function does nothing.
2737 p
= hci_conn_params_add(hdev
, &cp
->addr
.bdaddr
, addr_type
);
2739 if (p
->auto_connect
== HCI_AUTO_CONN_EXPLICIT
)
2740 p
->auto_connect
= HCI_AUTO_CONN_DISABLED
;
2742 conn
= hci_connect_le_scan(hdev
, &cp
->addr
.bdaddr
,
2743 addr_type
, sec_level
,
2744 HCI_LE_CONN_TIMEOUT
);
2750 if (PTR_ERR(conn
) == -EBUSY
)
2751 status
= MGMT_STATUS_BUSY
;
2752 else if (PTR_ERR(conn
) == -EOPNOTSUPP
)
2753 status
= MGMT_STATUS_NOT_SUPPORTED
;
2754 else if (PTR_ERR(conn
) == -ECONNREFUSED
)
2755 status
= MGMT_STATUS_REJECTED
;
2757 status
= MGMT_STATUS_CONNECT_FAILED
;
2759 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2760 status
, &rp
, sizeof(rp
));
2764 if (conn
->connect_cfm_cb
) {
2765 hci_conn_drop(conn
);
2766 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2767 MGMT_STATUS_BUSY
, &rp
, sizeof(rp
));
2771 cmd
= mgmt_pending_add(sk
, MGMT_OP_PAIR_DEVICE
, hdev
, data
, len
);
2774 hci_conn_drop(conn
);
2778 cmd
->cmd_complete
= pairing_complete
;
2780 /* For LE, just connecting isn't a proof that the pairing finished */
2781 if (cp
->addr
.type
== BDADDR_BREDR
) {
2782 conn
->connect_cfm_cb
= pairing_complete_cb
;
2783 conn
->security_cfm_cb
= pairing_complete_cb
;
2784 conn
->disconn_cfm_cb
= pairing_complete_cb
;
2786 conn
->connect_cfm_cb
= le_pairing_complete_cb
;
2787 conn
->security_cfm_cb
= le_pairing_complete_cb
;
2788 conn
->disconn_cfm_cb
= le_pairing_complete_cb
;
2791 conn
->io_capability
= cp
->io_cap
;
2792 cmd
->user_data
= hci_conn_get(conn
);
2794 if ((conn
->state
== BT_CONNECTED
|| conn
->state
== BT_CONFIG
) &&
2795 hci_conn_security(conn
, sec_level
, auth_type
, true)) {
2796 cmd
->cmd_complete(cmd
, 0);
2797 mgmt_pending_remove(cmd
);
2803 hci_dev_unlock(hdev
);
2807 static int cancel_pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2810 struct mgmt_addr_info
*addr
= data
;
2811 struct mgmt_pending_cmd
*cmd
;
2812 struct hci_conn
*conn
;
2819 if (!hdev_is_powered(hdev
)) {
2820 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
2821 MGMT_STATUS_NOT_POWERED
);
2825 cmd
= pending_find(MGMT_OP_PAIR_DEVICE
, hdev
);
2827 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
2828 MGMT_STATUS_INVALID_PARAMS
);
2832 conn
= cmd
->user_data
;
2834 if (bacmp(&addr
->bdaddr
, &conn
->dst
) != 0) {
2835 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
2836 MGMT_STATUS_INVALID_PARAMS
);
2840 cmd
->cmd_complete(cmd
, MGMT_STATUS_CANCELLED
);
2841 mgmt_pending_remove(cmd
);
2843 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
, 0,
2844 addr
, sizeof(*addr
));
2846 hci_dev_unlock(hdev
);
2850 static int user_pairing_resp(struct sock
*sk
, struct hci_dev
*hdev
,
2851 struct mgmt_addr_info
*addr
, u16 mgmt_op
,
2852 u16 hci_op
, __le32 passkey
)
2854 struct mgmt_pending_cmd
*cmd
;
2855 struct hci_conn
*conn
;
2860 if (!hdev_is_powered(hdev
)) {
2861 err
= mgmt_cmd_complete(sk
, hdev
->id
, mgmt_op
,
2862 MGMT_STATUS_NOT_POWERED
, addr
,
2867 if (addr
->type
== BDADDR_BREDR
)
2868 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &addr
->bdaddr
);
2870 conn
= hci_conn_hash_lookup_le(hdev
, &addr
->bdaddr
,
2871 le_addr_type(addr
->type
));
2874 err
= mgmt_cmd_complete(sk
, hdev
->id
, mgmt_op
,
2875 MGMT_STATUS_NOT_CONNECTED
, addr
,
2880 if (addr
->type
== BDADDR_LE_PUBLIC
|| addr
->type
== BDADDR_LE_RANDOM
) {
2881 err
= smp_user_confirm_reply(conn
, mgmt_op
, passkey
);
2883 err
= mgmt_cmd_complete(sk
, hdev
->id
, mgmt_op
,
2884 MGMT_STATUS_SUCCESS
, addr
,
2887 err
= mgmt_cmd_complete(sk
, hdev
->id
, mgmt_op
,
2888 MGMT_STATUS_FAILED
, addr
,
2894 cmd
= mgmt_pending_add(sk
, mgmt_op
, hdev
, addr
, sizeof(*addr
));
2900 cmd
->cmd_complete
= addr_cmd_complete
;
2902 /* Continue with pairing via HCI */
2903 if (hci_op
== HCI_OP_USER_PASSKEY_REPLY
) {
2904 struct hci_cp_user_passkey_reply cp
;
2906 bacpy(&cp
.bdaddr
, &addr
->bdaddr
);
2907 cp
.passkey
= passkey
;
2908 err
= hci_send_cmd(hdev
, hci_op
, sizeof(cp
), &cp
);
2910 err
= hci_send_cmd(hdev
, hci_op
, sizeof(addr
->bdaddr
),
2914 mgmt_pending_remove(cmd
);
2917 hci_dev_unlock(hdev
);
2921 static int pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2922 void *data
, u16 len
)
2924 struct mgmt_cp_pin_code_neg_reply
*cp
= data
;
2928 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
2929 MGMT_OP_PIN_CODE_NEG_REPLY
,
2930 HCI_OP_PIN_CODE_NEG_REPLY
, 0);
2933 static int user_confirm_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2936 struct mgmt_cp_user_confirm_reply
*cp
= data
;
2940 if (len
!= sizeof(*cp
))
2941 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_USER_CONFIRM_REPLY
,
2942 MGMT_STATUS_INVALID_PARAMS
);
2944 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
2945 MGMT_OP_USER_CONFIRM_REPLY
,
2946 HCI_OP_USER_CONFIRM_REPLY
, 0);
2949 static int user_confirm_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2950 void *data
, u16 len
)
2952 struct mgmt_cp_user_confirm_neg_reply
*cp
= data
;
2956 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
2957 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
2958 HCI_OP_USER_CONFIRM_NEG_REPLY
, 0);
2961 static int user_passkey_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2964 struct mgmt_cp_user_passkey_reply
*cp
= data
;
2968 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
2969 MGMT_OP_USER_PASSKEY_REPLY
,
2970 HCI_OP_USER_PASSKEY_REPLY
, cp
->passkey
);
2973 static int user_passkey_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2974 void *data
, u16 len
)
2976 struct mgmt_cp_user_passkey_neg_reply
*cp
= data
;
2980 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
2981 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
2982 HCI_OP_USER_PASSKEY_NEG_REPLY
, 0);
2985 static void set_name_complete(struct hci_dev
*hdev
, u8 status
, u16 opcode
)
2987 struct mgmt_cp_set_local_name
*cp
;
2988 struct mgmt_pending_cmd
*cmd
;
2990 BT_DBG("status 0x%02x", status
);
2994 cmd
= pending_find(MGMT_OP_SET_LOCAL_NAME
, hdev
);
3001 mgmt_cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
,
3002 mgmt_status(status
));
3004 mgmt_cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
3007 mgmt_pending_remove(cmd
);
3010 hci_dev_unlock(hdev
);
3013 static int set_local_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3016 struct mgmt_cp_set_local_name
*cp
= data
;
3017 struct mgmt_pending_cmd
*cmd
;
3018 struct hci_request req
;
3025 /* If the old values are the same as the new ones just return a
3026 * direct command complete event.
3028 if (!memcmp(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
)) &&
3029 !memcmp(hdev
->short_name
, cp
->short_name
,
3030 sizeof(hdev
->short_name
))) {
3031 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
3036 memcpy(hdev
->short_name
, cp
->short_name
, sizeof(hdev
->short_name
));
3038 if (!hdev_is_powered(hdev
)) {
3039 memcpy(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
));
3041 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
3046 err
= mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, data
,
3047 len
, HCI_MGMT_LOCAL_NAME_EVENTS
, sk
);
3048 ext_info_changed(hdev
, sk
);
3053 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LOCAL_NAME
, hdev
, data
, len
);
3059 memcpy(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
));
3061 hci_req_init(&req
, hdev
);
3063 if (lmp_bredr_capable(hdev
)) {
3064 __hci_req_update_name(&req
);
3065 __hci_req_update_eir(&req
);
3068 /* The name is stored in the scan response data and so
3069 * no need to udpate the advertising data here.
3071 if (lmp_le_capable(hdev
))
3072 __hci_req_update_scan_rsp_data(&req
, hdev
->cur_adv_instance
);
3074 err
= hci_req_run(&req
, set_name_complete
);
3076 mgmt_pending_remove(cmd
);
3079 hci_dev_unlock(hdev
);
3083 static void read_local_oob_data_complete(struct hci_dev
*hdev
, u8 status
,
3084 u16 opcode
, struct sk_buff
*skb
)
3086 struct mgmt_rp_read_local_oob_data mgmt_rp
;
3087 size_t rp_size
= sizeof(mgmt_rp
);
3088 struct mgmt_pending_cmd
*cmd
;
3090 BT_DBG("%s status %u", hdev
->name
, status
);
3092 cmd
= pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
);
3096 if (status
|| !skb
) {
3097 mgmt_cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
3098 status
? mgmt_status(status
) : MGMT_STATUS_FAILED
);
3102 memset(&mgmt_rp
, 0, sizeof(mgmt_rp
));
3104 if (opcode
== HCI_OP_READ_LOCAL_OOB_DATA
) {
3105 struct hci_rp_read_local_oob_data
*rp
= (void *) skb
->data
;
3107 if (skb
->len
< sizeof(*rp
)) {
3108 mgmt_cmd_status(cmd
->sk
, hdev
->id
,
3109 MGMT_OP_READ_LOCAL_OOB_DATA
,
3110 MGMT_STATUS_FAILED
);
3114 memcpy(mgmt_rp
.hash192
, rp
->hash
, sizeof(rp
->hash
));
3115 memcpy(mgmt_rp
.rand192
, rp
->rand
, sizeof(rp
->rand
));
3117 rp_size
-= sizeof(mgmt_rp
.hash256
) + sizeof(mgmt_rp
.rand256
);
3119 struct hci_rp_read_local_oob_ext_data
*rp
= (void *) skb
->data
;
3121 if (skb
->len
< sizeof(*rp
)) {
3122 mgmt_cmd_status(cmd
->sk
, hdev
->id
,
3123 MGMT_OP_READ_LOCAL_OOB_DATA
,
3124 MGMT_STATUS_FAILED
);
3128 memcpy(mgmt_rp
.hash192
, rp
->hash192
, sizeof(rp
->hash192
));
3129 memcpy(mgmt_rp
.rand192
, rp
->rand192
, sizeof(rp
->rand192
));
3131 memcpy(mgmt_rp
.hash256
, rp
->hash256
, sizeof(rp
->hash256
));
3132 memcpy(mgmt_rp
.rand256
, rp
->rand256
, sizeof(rp
->rand256
));
3135 mgmt_cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
3136 MGMT_STATUS_SUCCESS
, &mgmt_rp
, rp_size
);
3139 mgmt_pending_remove(cmd
);
3142 static int read_local_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
3143 void *data
, u16 data_len
)
3145 struct mgmt_pending_cmd
*cmd
;
3146 struct hci_request req
;
3149 BT_DBG("%s", hdev
->name
);
3153 if (!hdev_is_powered(hdev
)) {
3154 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
3155 MGMT_STATUS_NOT_POWERED
);
3159 if (!lmp_ssp_capable(hdev
)) {
3160 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
3161 MGMT_STATUS_NOT_SUPPORTED
);
3165 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
)) {
3166 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
3171 cmd
= mgmt_pending_add(sk
, MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
, NULL
, 0);
3177 hci_req_init(&req
, hdev
);
3179 if (bredr_sc_enabled(hdev
))
3180 hci_req_add(&req
, HCI_OP_READ_LOCAL_OOB_EXT_DATA
, 0, NULL
);
3182 hci_req_add(&req
, HCI_OP_READ_LOCAL_OOB_DATA
, 0, NULL
);
3184 err
= hci_req_run_skb(&req
, read_local_oob_data_complete
);
3186 mgmt_pending_remove(cmd
);
3189 hci_dev_unlock(hdev
);
3193 static int add_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
3194 void *data
, u16 len
)
3196 struct mgmt_addr_info
*addr
= data
;
3199 BT_DBG("%s ", hdev
->name
);
3201 if (!bdaddr_type_is_valid(addr
->type
))
3202 return mgmt_cmd_complete(sk
, hdev
->id
,
3203 MGMT_OP_ADD_REMOTE_OOB_DATA
,
3204 MGMT_STATUS_INVALID_PARAMS
,
3205 addr
, sizeof(*addr
));
3209 if (len
== MGMT_ADD_REMOTE_OOB_DATA_SIZE
) {
3210 struct mgmt_cp_add_remote_oob_data
*cp
= data
;
3213 if (cp
->addr
.type
!= BDADDR_BREDR
) {
3214 err
= mgmt_cmd_complete(sk
, hdev
->id
,
3215 MGMT_OP_ADD_REMOTE_OOB_DATA
,
3216 MGMT_STATUS_INVALID_PARAMS
,
3217 &cp
->addr
, sizeof(cp
->addr
));
3221 err
= hci_add_remote_oob_data(hdev
, &cp
->addr
.bdaddr
,
3222 cp
->addr
.type
, cp
->hash
,
3223 cp
->rand
, NULL
, NULL
);
3225 status
= MGMT_STATUS_FAILED
;
3227 status
= MGMT_STATUS_SUCCESS
;
3229 err
= mgmt_cmd_complete(sk
, hdev
->id
,
3230 MGMT_OP_ADD_REMOTE_OOB_DATA
, status
,
3231 &cp
->addr
, sizeof(cp
->addr
));
3232 } else if (len
== MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE
) {
3233 struct mgmt_cp_add_remote_oob_ext_data
*cp
= data
;
3234 u8
*rand192
, *hash192
, *rand256
, *hash256
;
3237 if (bdaddr_type_is_le(cp
->addr
.type
)) {
3238 /* Enforce zero-valued 192-bit parameters as
3239 * long as legacy SMP OOB isn't implemented.
3241 if (memcmp(cp
->rand192
, ZERO_KEY
, 16) ||
3242 memcmp(cp
->hash192
, ZERO_KEY
, 16)) {
3243 err
= mgmt_cmd_complete(sk
, hdev
->id
,
3244 MGMT_OP_ADD_REMOTE_OOB_DATA
,
3245 MGMT_STATUS_INVALID_PARAMS
,
3246 addr
, sizeof(*addr
));
3253 /* In case one of the P-192 values is set to zero,
3254 * then just disable OOB data for P-192.
3256 if (!memcmp(cp
->rand192
, ZERO_KEY
, 16) ||
3257 !memcmp(cp
->hash192
, ZERO_KEY
, 16)) {
3261 rand192
= cp
->rand192
;
3262 hash192
= cp
->hash192
;
3266 /* In case one of the P-256 values is set to zero, then just
3267 * disable OOB data for P-256.
3269 if (!memcmp(cp
->rand256
, ZERO_KEY
, 16) ||
3270 !memcmp(cp
->hash256
, ZERO_KEY
, 16)) {
3274 rand256
= cp
->rand256
;
3275 hash256
= cp
->hash256
;
3278 err
= hci_add_remote_oob_data(hdev
, &cp
->addr
.bdaddr
,
3279 cp
->addr
.type
, hash192
, rand192
,
3282 status
= MGMT_STATUS_FAILED
;
3284 status
= MGMT_STATUS_SUCCESS
;
3286 err
= mgmt_cmd_complete(sk
, hdev
->id
,
3287 MGMT_OP_ADD_REMOTE_OOB_DATA
,
3288 status
, &cp
->addr
, sizeof(cp
->addr
));
3290 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len
);
3291 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
,
3292 MGMT_STATUS_INVALID_PARAMS
);
3296 hci_dev_unlock(hdev
);
3300 static int remove_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
3301 void *data
, u16 len
)
3303 struct mgmt_cp_remove_remote_oob_data
*cp
= data
;
3307 BT_DBG("%s", hdev
->name
);
3309 if (cp
->addr
.type
!= BDADDR_BREDR
)
3310 return mgmt_cmd_complete(sk
, hdev
->id
,
3311 MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
3312 MGMT_STATUS_INVALID_PARAMS
,
3313 &cp
->addr
, sizeof(cp
->addr
));
3317 if (!bacmp(&cp
->addr
.bdaddr
, BDADDR_ANY
)) {
3318 hci_remote_oob_data_clear(hdev
);
3319 status
= MGMT_STATUS_SUCCESS
;
3323 err
= hci_remove_remote_oob_data(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
3325 status
= MGMT_STATUS_INVALID_PARAMS
;
3327 status
= MGMT_STATUS_SUCCESS
;
3330 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
3331 status
, &cp
->addr
, sizeof(cp
->addr
));
3333 hci_dev_unlock(hdev
);
3337 void mgmt_start_discovery_complete(struct hci_dev
*hdev
, u8 status
)
3339 struct mgmt_pending_cmd
*cmd
;
3341 BT_DBG("status %d", status
);
3345 cmd
= pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
3347 cmd
= pending_find(MGMT_OP_START_SERVICE_DISCOVERY
, hdev
);
3350 cmd
= pending_find(MGMT_OP_START_LIMITED_DISCOVERY
, hdev
);
3353 cmd
->cmd_complete(cmd
, mgmt_status(status
));
3354 mgmt_pending_remove(cmd
);
3357 hci_dev_unlock(hdev
);
3360 static bool discovery_type_is_valid(struct hci_dev
*hdev
, uint8_t type
,
3361 uint8_t *mgmt_status
)
3364 case DISCOV_TYPE_LE
:
3365 *mgmt_status
= mgmt_le_support(hdev
);
3369 case DISCOV_TYPE_INTERLEAVED
:
3370 *mgmt_status
= mgmt_le_support(hdev
);
3373 /* Intentional fall-through */
3374 case DISCOV_TYPE_BREDR
:
3375 *mgmt_status
= mgmt_bredr_support(hdev
);
3380 *mgmt_status
= MGMT_STATUS_INVALID_PARAMS
;
3387 static int start_discovery_internal(struct sock
*sk
, struct hci_dev
*hdev
,
3388 u16 op
, void *data
, u16 len
)
3390 struct mgmt_cp_start_discovery
*cp
= data
;
3391 struct mgmt_pending_cmd
*cmd
;
3395 BT_DBG("%s", hdev
->name
);
3399 if (!hdev_is_powered(hdev
)) {
3400 err
= mgmt_cmd_complete(sk
, hdev
->id
, op
,
3401 MGMT_STATUS_NOT_POWERED
,
3402 &cp
->type
, sizeof(cp
->type
));
3406 if (hdev
->discovery
.state
!= DISCOVERY_STOPPED
||
3407 hci_dev_test_flag(hdev
, HCI_PERIODIC_INQ
)) {
3408 err
= mgmt_cmd_complete(sk
, hdev
->id
, op
, MGMT_STATUS_BUSY
,
3409 &cp
->type
, sizeof(cp
->type
));
3413 if (!discovery_type_is_valid(hdev
, cp
->type
, &status
)) {
3414 err
= mgmt_cmd_complete(sk
, hdev
->id
, op
, status
,
3415 &cp
->type
, sizeof(cp
->type
));
3419 /* Clear the discovery filter first to free any previously
3420 * allocated memory for the UUID list.
3422 hci_discovery_filter_clear(hdev
);
3424 hdev
->discovery
.type
= cp
->type
;
3425 hdev
->discovery
.report_invalid_rssi
= false;
3426 if (op
== MGMT_OP_START_LIMITED_DISCOVERY
)
3427 hdev
->discovery
.limited
= true;
3429 hdev
->discovery
.limited
= false;
3431 cmd
= mgmt_pending_add(sk
, op
, hdev
, data
, len
);
3437 cmd
->cmd_complete
= generic_cmd_complete
;
3439 hci_discovery_set_state(hdev
, DISCOVERY_STARTING
);
3440 queue_work(hdev
->req_workqueue
, &hdev
->discov_update
);
3444 hci_dev_unlock(hdev
);
3448 static int start_discovery(struct sock
*sk
, struct hci_dev
*hdev
,
3449 void *data
, u16 len
)
3451 return start_discovery_internal(sk
, hdev
, MGMT_OP_START_DISCOVERY
,
3455 static int start_limited_discovery(struct sock
*sk
, struct hci_dev
*hdev
,
3456 void *data
, u16 len
)
3458 return start_discovery_internal(sk
, hdev
,
3459 MGMT_OP_START_LIMITED_DISCOVERY
,
3463 static int service_discovery_cmd_complete(struct mgmt_pending_cmd
*cmd
,
3466 return mgmt_cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, status
,
3470 static int start_service_discovery(struct sock
*sk
, struct hci_dev
*hdev
,
3471 void *data
, u16 len
)
3473 struct mgmt_cp_start_service_discovery
*cp
= data
;
3474 struct mgmt_pending_cmd
*cmd
;
3475 const u16 max_uuid_count
= ((U16_MAX
- sizeof(*cp
)) / 16);
3476 u16 uuid_count
, expected_len
;
3480 BT_DBG("%s", hdev
->name
);
3484 if (!hdev_is_powered(hdev
)) {
3485 err
= mgmt_cmd_complete(sk
, hdev
->id
,
3486 MGMT_OP_START_SERVICE_DISCOVERY
,
3487 MGMT_STATUS_NOT_POWERED
,
3488 &cp
->type
, sizeof(cp
->type
));
3492 if (hdev
->discovery
.state
!= DISCOVERY_STOPPED
||
3493 hci_dev_test_flag(hdev
, HCI_PERIODIC_INQ
)) {
3494 err
= mgmt_cmd_complete(sk
, hdev
->id
,
3495 MGMT_OP_START_SERVICE_DISCOVERY
,
3496 MGMT_STATUS_BUSY
, &cp
->type
,
3501 uuid_count
= __le16_to_cpu(cp
->uuid_count
);
3502 if (uuid_count
> max_uuid_count
) {
3503 BT_ERR("service_discovery: too big uuid_count value %u",
3505 err
= mgmt_cmd_complete(sk
, hdev
->id
,
3506 MGMT_OP_START_SERVICE_DISCOVERY
,
3507 MGMT_STATUS_INVALID_PARAMS
, &cp
->type
,
3512 expected_len
= sizeof(*cp
) + uuid_count
* 16;
3513 if (expected_len
!= len
) {
3514 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3516 err
= mgmt_cmd_complete(sk
, hdev
->id
,
3517 MGMT_OP_START_SERVICE_DISCOVERY
,
3518 MGMT_STATUS_INVALID_PARAMS
, &cp
->type
,
3523 if (!discovery_type_is_valid(hdev
, cp
->type
, &status
)) {
3524 err
= mgmt_cmd_complete(sk
, hdev
->id
,
3525 MGMT_OP_START_SERVICE_DISCOVERY
,
3526 status
, &cp
->type
, sizeof(cp
->type
));
3530 cmd
= mgmt_pending_add(sk
, MGMT_OP_START_SERVICE_DISCOVERY
,
3537 cmd
->cmd_complete
= service_discovery_cmd_complete
;
3539 /* Clear the discovery filter first to free any previously
3540 * allocated memory for the UUID list.
3542 hci_discovery_filter_clear(hdev
);
3544 hdev
->discovery
.result_filtering
= true;
3545 hdev
->discovery
.type
= cp
->type
;
3546 hdev
->discovery
.rssi
= cp
->rssi
;
3547 hdev
->discovery
.uuid_count
= uuid_count
;
3549 if (uuid_count
> 0) {
3550 hdev
->discovery
.uuids
= kmemdup(cp
->uuids
, uuid_count
* 16,
3552 if (!hdev
->discovery
.uuids
) {
3553 err
= mgmt_cmd_complete(sk
, hdev
->id
,
3554 MGMT_OP_START_SERVICE_DISCOVERY
,
3556 &cp
->type
, sizeof(cp
->type
));
3557 mgmt_pending_remove(cmd
);
3562 hci_discovery_set_state(hdev
, DISCOVERY_STARTING
);
3563 queue_work(hdev
->req_workqueue
, &hdev
->discov_update
);
3567 hci_dev_unlock(hdev
);
3571 void mgmt_stop_discovery_complete(struct hci_dev
*hdev
, u8 status
)
3573 struct mgmt_pending_cmd
*cmd
;
3575 BT_DBG("status %d", status
);
3579 cmd
= pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
3581 cmd
->cmd_complete(cmd
, mgmt_status(status
));
3582 mgmt_pending_remove(cmd
);
3585 hci_dev_unlock(hdev
);
3588 static int stop_discovery(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3591 struct mgmt_cp_stop_discovery
*mgmt_cp
= data
;
3592 struct mgmt_pending_cmd
*cmd
;
3595 BT_DBG("%s", hdev
->name
);
3599 if (!hci_discovery_active(hdev
)) {
3600 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
3601 MGMT_STATUS_REJECTED
, &mgmt_cp
->type
,
3602 sizeof(mgmt_cp
->type
));
3606 if (hdev
->discovery
.type
!= mgmt_cp
->type
) {
3607 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
3608 MGMT_STATUS_INVALID_PARAMS
,
3609 &mgmt_cp
->type
, sizeof(mgmt_cp
->type
));
3613 cmd
= mgmt_pending_add(sk
, MGMT_OP_STOP_DISCOVERY
, hdev
, data
, len
);
3619 cmd
->cmd_complete
= generic_cmd_complete
;
3621 hci_discovery_set_state(hdev
, DISCOVERY_STOPPING
);
3622 queue_work(hdev
->req_workqueue
, &hdev
->discov_update
);
3626 hci_dev_unlock(hdev
);
3630 static int confirm_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3633 struct mgmt_cp_confirm_name
*cp
= data
;
3634 struct inquiry_entry
*e
;
3637 BT_DBG("%s", hdev
->name
);
3641 if (!hci_discovery_active(hdev
)) {
3642 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
3643 MGMT_STATUS_FAILED
, &cp
->addr
,
3648 e
= hci_inquiry_cache_lookup_unknown(hdev
, &cp
->addr
.bdaddr
);
3650 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
3651 MGMT_STATUS_INVALID_PARAMS
, &cp
->addr
,
3656 if (cp
->name_known
) {
3657 e
->name_state
= NAME_KNOWN
;
3660 e
->name_state
= NAME_NEEDED
;
3661 hci_inquiry_cache_update_resolve(hdev
, e
);
3664 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
, 0,
3665 &cp
->addr
, sizeof(cp
->addr
));
3668 hci_dev_unlock(hdev
);
3672 static int block_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3675 struct mgmt_cp_block_device
*cp
= data
;
3679 BT_DBG("%s", hdev
->name
);
3681 if (!bdaddr_type_is_valid(cp
->addr
.type
))
3682 return mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_BLOCK_DEVICE
,
3683 MGMT_STATUS_INVALID_PARAMS
,
3684 &cp
->addr
, sizeof(cp
->addr
));
3688 err
= hci_bdaddr_list_add(&hdev
->blacklist
, &cp
->addr
.bdaddr
,
3691 status
= MGMT_STATUS_FAILED
;
3695 mgmt_event(MGMT_EV_DEVICE_BLOCKED
, hdev
, &cp
->addr
, sizeof(cp
->addr
),
3697 status
= MGMT_STATUS_SUCCESS
;
3700 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_BLOCK_DEVICE
, status
,
3701 &cp
->addr
, sizeof(cp
->addr
));
3703 hci_dev_unlock(hdev
);
3708 static int unblock_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3711 struct mgmt_cp_unblock_device
*cp
= data
;
3715 BT_DBG("%s", hdev
->name
);
3717 if (!bdaddr_type_is_valid(cp
->addr
.type
))
3718 return mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_UNBLOCK_DEVICE
,
3719 MGMT_STATUS_INVALID_PARAMS
,
3720 &cp
->addr
, sizeof(cp
->addr
));
3724 err
= hci_bdaddr_list_del(&hdev
->blacklist
, &cp
->addr
.bdaddr
,
3727 status
= MGMT_STATUS_INVALID_PARAMS
;
3731 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED
, hdev
, &cp
->addr
, sizeof(cp
->addr
),
3733 status
= MGMT_STATUS_SUCCESS
;
3736 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_UNBLOCK_DEVICE
, status
,
3737 &cp
->addr
, sizeof(cp
->addr
));
3739 hci_dev_unlock(hdev
);
3744 static int set_device_id(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3747 struct mgmt_cp_set_device_id
*cp
= data
;
3748 struct hci_request req
;
3752 BT_DBG("%s", hdev
->name
);
3754 source
= __le16_to_cpu(cp
->source
);
3756 if (source
> 0x0002)
3757 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEVICE_ID
,
3758 MGMT_STATUS_INVALID_PARAMS
);
3762 hdev
->devid_source
= source
;
3763 hdev
->devid_vendor
= __le16_to_cpu(cp
->vendor
);
3764 hdev
->devid_product
= __le16_to_cpu(cp
->product
);
3765 hdev
->devid_version
= __le16_to_cpu(cp
->version
);
3767 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEVICE_ID
, 0,
3770 hci_req_init(&req
, hdev
);
3771 __hci_req_update_eir(&req
);
3772 hci_req_run(&req
, NULL
);
3774 hci_dev_unlock(hdev
);
3779 static void enable_advertising_instance(struct hci_dev
*hdev
, u8 status
,
3782 BT_DBG("status %d", status
);
3785 static void set_advertising_complete(struct hci_dev
*hdev
, u8 status
,
3788 struct cmd_lookup match
= { NULL
, hdev
};
3789 struct hci_request req
;
3791 struct adv_info
*adv_instance
;
3797 u8 mgmt_err
= mgmt_status(status
);
3799 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING
, hdev
,
3800 cmd_status_rsp
, &mgmt_err
);
3804 if (hci_dev_test_flag(hdev
, HCI_LE_ADV
))
3805 hci_dev_set_flag(hdev
, HCI_ADVERTISING
);
3807 hci_dev_clear_flag(hdev
, HCI_ADVERTISING
);
3809 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING
, hdev
, settings_rsp
,
3812 new_settings(hdev
, match
.sk
);
3817 /* If "Set Advertising" was just disabled and instance advertising was
3818 * set up earlier, then re-enable multi-instance advertising.
3820 if (hci_dev_test_flag(hdev
, HCI_ADVERTISING
) ||
3821 list_empty(&hdev
->adv_instances
))
3824 instance
= hdev
->cur_adv_instance
;
3826 adv_instance
= list_first_entry_or_null(&hdev
->adv_instances
,
3827 struct adv_info
, list
);
3831 instance
= adv_instance
->instance
;
3834 hci_req_init(&req
, hdev
);
3836 err
= __hci_req_schedule_adv_instance(&req
, instance
, true);
3839 err
= hci_req_run(&req
, enable_advertising_instance
);
3842 BT_ERR("Failed to re-configure advertising");
3845 hci_dev_unlock(hdev
);
3848 static int set_advertising(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3851 struct mgmt_mode
*cp
= data
;
3852 struct mgmt_pending_cmd
*cmd
;
3853 struct hci_request req
;
3857 BT_DBG("request for %s", hdev
->name
);
3859 status
= mgmt_le_support(hdev
);
3861 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_ADVERTISING
,
3864 if (cp
->val
!= 0x00 && cp
->val
!= 0x01 && cp
->val
!= 0x02)
3865 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_ADVERTISING
,
3866 MGMT_STATUS_INVALID_PARAMS
);
3872 /* The following conditions are ones which mean that we should
3873 * not do any HCI communication but directly send a mgmt
3874 * response to user space (after toggling the flag if
3877 if (!hdev_is_powered(hdev
) ||
3878 (val
== hci_dev_test_flag(hdev
, HCI_ADVERTISING
) &&
3879 (cp
->val
== 0x02) == hci_dev_test_flag(hdev
, HCI_ADVERTISING_CONNECTABLE
)) ||
3880 hci_conn_num(hdev
, LE_LINK
) > 0 ||
3881 (hci_dev_test_flag(hdev
, HCI_LE_SCAN
) &&
3882 hdev
->le_scan_type
== LE_SCAN_ACTIVE
)) {
3886 hdev
->cur_adv_instance
= 0x00;
3887 changed
= !hci_dev_test_and_set_flag(hdev
, HCI_ADVERTISING
);
3888 if (cp
->val
== 0x02)
3889 hci_dev_set_flag(hdev
, HCI_ADVERTISING_CONNECTABLE
);
3891 hci_dev_clear_flag(hdev
, HCI_ADVERTISING_CONNECTABLE
);
3893 changed
= hci_dev_test_and_clear_flag(hdev
, HCI_ADVERTISING
);
3894 hci_dev_clear_flag(hdev
, HCI_ADVERTISING_CONNECTABLE
);
3897 err
= send_settings_rsp(sk
, MGMT_OP_SET_ADVERTISING
, hdev
);
3902 err
= new_settings(hdev
, sk
);
3907 if (pending_find(MGMT_OP_SET_ADVERTISING
, hdev
) ||
3908 pending_find(MGMT_OP_SET_LE
, hdev
)) {
3909 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_ADVERTISING
,
3914 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_ADVERTISING
, hdev
, data
, len
);
3920 hci_req_init(&req
, hdev
);
3922 if (cp
->val
== 0x02)
3923 hci_dev_set_flag(hdev
, HCI_ADVERTISING_CONNECTABLE
);
3925 hci_dev_clear_flag(hdev
, HCI_ADVERTISING_CONNECTABLE
);
3927 cancel_adv_timeout(hdev
);
3930 /* Switch to instance "0" for the Set Advertising setting.
3931 * We cannot use update_[adv|scan_rsp]_data() here as the
3932 * HCI_ADVERTISING flag is not yet set.
3934 hdev
->cur_adv_instance
= 0x00;
3935 __hci_req_update_adv_data(&req
, 0x00);
3936 __hci_req_update_scan_rsp_data(&req
, 0x00);
3937 __hci_req_enable_advertising(&req
);
3939 __hci_req_disable_advertising(&req
);
3942 err
= hci_req_run(&req
, set_advertising_complete
);
3944 mgmt_pending_remove(cmd
);
3947 hci_dev_unlock(hdev
);
3951 static int set_static_address(struct sock
*sk
, struct hci_dev
*hdev
,
3952 void *data
, u16 len
)
3954 struct mgmt_cp_set_static_address
*cp
= data
;
3957 BT_DBG("%s", hdev
->name
);
3959 if (!lmp_le_capable(hdev
))
3960 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_STATIC_ADDRESS
,
3961 MGMT_STATUS_NOT_SUPPORTED
);
3963 if (hdev_is_powered(hdev
))
3964 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_STATIC_ADDRESS
,
3965 MGMT_STATUS_REJECTED
);
3967 if (bacmp(&cp
->bdaddr
, BDADDR_ANY
)) {
3968 if (!bacmp(&cp
->bdaddr
, BDADDR_NONE
))
3969 return mgmt_cmd_status(sk
, hdev
->id
,
3970 MGMT_OP_SET_STATIC_ADDRESS
,
3971 MGMT_STATUS_INVALID_PARAMS
);
3973 /* Two most significant bits shall be set */
3974 if ((cp
->bdaddr
.b
[5] & 0xc0) != 0xc0)
3975 return mgmt_cmd_status(sk
, hdev
->id
,
3976 MGMT_OP_SET_STATIC_ADDRESS
,
3977 MGMT_STATUS_INVALID_PARAMS
);
3982 bacpy(&hdev
->static_addr
, &cp
->bdaddr
);
3984 err
= send_settings_rsp(sk
, MGMT_OP_SET_STATIC_ADDRESS
, hdev
);
3988 err
= new_settings(hdev
, sk
);
3991 hci_dev_unlock(hdev
);
3995 static int set_scan_params(struct sock
*sk
, struct hci_dev
*hdev
,
3996 void *data
, u16 len
)
3998 struct mgmt_cp_set_scan_params
*cp
= data
;
3999 __u16 interval
, window
;
4002 BT_DBG("%s", hdev
->name
);
4004 if (!lmp_le_capable(hdev
))
4005 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SCAN_PARAMS
,
4006 MGMT_STATUS_NOT_SUPPORTED
);
4008 interval
= __le16_to_cpu(cp
->interval
);
4010 if (interval
< 0x0004 || interval
> 0x4000)
4011 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SCAN_PARAMS
,
4012 MGMT_STATUS_INVALID_PARAMS
);
4014 window
= __le16_to_cpu(cp
->window
);
4016 if (window
< 0x0004 || window
> 0x4000)
4017 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SCAN_PARAMS
,
4018 MGMT_STATUS_INVALID_PARAMS
);
4020 if (window
> interval
)
4021 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SCAN_PARAMS
,
4022 MGMT_STATUS_INVALID_PARAMS
);
4026 hdev
->le_scan_interval
= interval
;
4027 hdev
->le_scan_window
= window
;
4029 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_SCAN_PARAMS
, 0,
4032 /* If background scan is running, restart it so new parameters are
4035 if (hci_dev_test_flag(hdev
, HCI_LE_SCAN
) &&
4036 hdev
->discovery
.state
== DISCOVERY_STOPPED
) {
4037 struct hci_request req
;
4039 hci_req_init(&req
, hdev
);
4041 hci_req_add_le_scan_disable(&req
);
4042 hci_req_add_le_passive_scan(&req
);
4044 hci_req_run(&req
, NULL
);
4047 hci_dev_unlock(hdev
);
4052 static void fast_connectable_complete(struct hci_dev
*hdev
, u8 status
,
4055 struct mgmt_pending_cmd
*cmd
;
4057 BT_DBG("status 0x%02x", status
);
4061 cmd
= pending_find(MGMT_OP_SET_FAST_CONNECTABLE
, hdev
);
4066 mgmt_cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4067 mgmt_status(status
));
4069 struct mgmt_mode
*cp
= cmd
->param
;
4072 hci_dev_set_flag(hdev
, HCI_FAST_CONNECTABLE
);
4074 hci_dev_clear_flag(hdev
, HCI_FAST_CONNECTABLE
);
4076 send_settings_rsp(cmd
->sk
, MGMT_OP_SET_FAST_CONNECTABLE
, hdev
);
4077 new_settings(hdev
, cmd
->sk
);
4080 mgmt_pending_remove(cmd
);
4083 hci_dev_unlock(hdev
);
4086 static int set_fast_connectable(struct sock
*sk
, struct hci_dev
*hdev
,
4087 void *data
, u16 len
)
4089 struct mgmt_mode
*cp
= data
;
4090 struct mgmt_pending_cmd
*cmd
;
4091 struct hci_request req
;
4094 BT_DBG("%s", hdev
->name
);
4096 if (!hci_dev_test_flag(hdev
, HCI_BREDR_ENABLED
) ||
4097 hdev
->hci_ver
< BLUETOOTH_VER_1_2
)
4098 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4099 MGMT_STATUS_NOT_SUPPORTED
);
4101 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
4102 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4103 MGMT_STATUS_INVALID_PARAMS
);
4107 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE
, hdev
)) {
4108 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4113 if (!!cp
->val
== hci_dev_test_flag(hdev
, HCI_FAST_CONNECTABLE
)) {
4114 err
= send_settings_rsp(sk
, MGMT_OP_SET_FAST_CONNECTABLE
,
4119 if (!hdev_is_powered(hdev
)) {
4120 hci_dev_change_flag(hdev
, HCI_FAST_CONNECTABLE
);
4121 err
= send_settings_rsp(sk
, MGMT_OP_SET_FAST_CONNECTABLE
,
4123 new_settings(hdev
, sk
);
4127 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_FAST_CONNECTABLE
, hdev
,
4134 hci_req_init(&req
, hdev
);
4136 __hci_req_write_fast_connectable(&req
, cp
->val
);
4138 err
= hci_req_run(&req
, fast_connectable_complete
);
4140 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4141 MGMT_STATUS_FAILED
);
4142 mgmt_pending_remove(cmd
);
4146 hci_dev_unlock(hdev
);
4151 static void set_bredr_complete(struct hci_dev
*hdev
, u8 status
, u16 opcode
)
4153 struct mgmt_pending_cmd
*cmd
;
4155 BT_DBG("status 0x%02x", status
);
4159 cmd
= pending_find(MGMT_OP_SET_BREDR
, hdev
);
4164 u8 mgmt_err
= mgmt_status(status
);
4166 /* We need to restore the flag if related HCI commands
4169 hci_dev_clear_flag(hdev
, HCI_BREDR_ENABLED
);
4171 mgmt_cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, mgmt_err
);
4173 send_settings_rsp(cmd
->sk
, MGMT_OP_SET_BREDR
, hdev
);
4174 new_settings(hdev
, cmd
->sk
);
4177 mgmt_pending_remove(cmd
);
4180 hci_dev_unlock(hdev
);
4183 static int set_bredr(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
4185 struct mgmt_mode
*cp
= data
;
4186 struct mgmt_pending_cmd
*cmd
;
4187 struct hci_request req
;
4190 BT_DBG("request for %s", hdev
->name
);
4192 if (!lmp_bredr_capable(hdev
) || !lmp_le_capable(hdev
))
4193 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_BREDR
,
4194 MGMT_STATUS_NOT_SUPPORTED
);
4196 if (!hci_dev_test_flag(hdev
, HCI_LE_ENABLED
))
4197 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_BREDR
,
4198 MGMT_STATUS_REJECTED
);
4200 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
4201 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_BREDR
,
4202 MGMT_STATUS_INVALID_PARAMS
);
4206 if (cp
->val
== hci_dev_test_flag(hdev
, HCI_BREDR_ENABLED
)) {
4207 err
= send_settings_rsp(sk
, MGMT_OP_SET_BREDR
, hdev
);
4211 if (!hdev_is_powered(hdev
)) {
4213 hci_dev_clear_flag(hdev
, HCI_DISCOVERABLE
);
4214 hci_dev_clear_flag(hdev
, HCI_SSP_ENABLED
);
4215 hci_dev_clear_flag(hdev
, HCI_LINK_SECURITY
);
4216 hci_dev_clear_flag(hdev
, HCI_FAST_CONNECTABLE
);
4217 hci_dev_clear_flag(hdev
, HCI_HS_ENABLED
);
4220 hci_dev_change_flag(hdev
, HCI_BREDR_ENABLED
);
4222 err
= send_settings_rsp(sk
, MGMT_OP_SET_BREDR
, hdev
);
4226 err
= new_settings(hdev
, sk
);
4230 /* Reject disabling when powered on */
4232 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_BREDR
,
4233 MGMT_STATUS_REJECTED
);
4236 /* When configuring a dual-mode controller to operate
4237 * with LE only and using a static address, then switching
4238 * BR/EDR back on is not allowed.
4240 * Dual-mode controllers shall operate with the public
4241 * address as its identity address for BR/EDR and LE. So
4242 * reject the attempt to create an invalid configuration.
4244 * The same restrictions applies when secure connections
4245 * has been enabled. For BR/EDR this is a controller feature
4246 * while for LE it is a host stack feature. This means that
4247 * switching BR/EDR back on when secure connections has been
4248 * enabled is not a supported transaction.
4250 if (!hci_dev_test_flag(hdev
, HCI_BREDR_ENABLED
) &&
4251 (bacmp(&hdev
->static_addr
, BDADDR_ANY
) ||
4252 hci_dev_test_flag(hdev
, HCI_SC_ENABLED
))) {
4253 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_BREDR
,
4254 MGMT_STATUS_REJECTED
);
4259 if (pending_find(MGMT_OP_SET_BREDR
, hdev
)) {
4260 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_BREDR
,
4265 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_BREDR
, hdev
, data
, len
);
4271 /* We need to flip the bit already here so that
4272 * hci_req_update_adv_data generates the correct flags.
4274 hci_dev_set_flag(hdev
, HCI_BREDR_ENABLED
);
4276 hci_req_init(&req
, hdev
);
4278 __hci_req_write_fast_connectable(&req
, false);
4279 __hci_req_update_scan(&req
);
4281 /* Since only the advertising data flags will change, there
4282 * is no need to update the scan response data.
4284 __hci_req_update_adv_data(&req
, hdev
->cur_adv_instance
);
4286 err
= hci_req_run(&req
, set_bredr_complete
);
4288 mgmt_pending_remove(cmd
);
4291 hci_dev_unlock(hdev
);
4295 static void sc_enable_complete(struct hci_dev
*hdev
, u8 status
, u16 opcode
)
4297 struct mgmt_pending_cmd
*cmd
;
4298 struct mgmt_mode
*cp
;
4300 BT_DBG("%s status %u", hdev
->name
, status
);
4304 cmd
= pending_find(MGMT_OP_SET_SECURE_CONN
, hdev
);
4309 mgmt_cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
,
4310 mgmt_status(status
));
4318 hci_dev_clear_flag(hdev
, HCI_SC_ENABLED
);
4319 hci_dev_clear_flag(hdev
, HCI_SC_ONLY
);
4322 hci_dev_set_flag(hdev
, HCI_SC_ENABLED
);
4323 hci_dev_clear_flag(hdev
, HCI_SC_ONLY
);
4326 hci_dev_set_flag(hdev
, HCI_SC_ENABLED
);
4327 hci_dev_set_flag(hdev
, HCI_SC_ONLY
);
4331 send_settings_rsp(cmd
->sk
, MGMT_OP_SET_SECURE_CONN
, hdev
);
4332 new_settings(hdev
, cmd
->sk
);
4335 mgmt_pending_remove(cmd
);
4337 hci_dev_unlock(hdev
);
4340 static int set_secure_conn(struct sock
*sk
, struct hci_dev
*hdev
,
4341 void *data
, u16 len
)
4343 struct mgmt_mode
*cp
= data
;
4344 struct mgmt_pending_cmd
*cmd
;
4345 struct hci_request req
;
4349 BT_DBG("request for %s", hdev
->name
);
4351 if (!lmp_sc_capable(hdev
) &&
4352 !hci_dev_test_flag(hdev
, HCI_LE_ENABLED
))
4353 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SECURE_CONN
,
4354 MGMT_STATUS_NOT_SUPPORTED
);
4356 if (hci_dev_test_flag(hdev
, HCI_BREDR_ENABLED
) &&
4357 lmp_sc_capable(hdev
) &&
4358 !hci_dev_test_flag(hdev
, HCI_SSP_ENABLED
))
4359 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SECURE_CONN
,
4360 MGMT_STATUS_REJECTED
);
4362 if (cp
->val
!= 0x00 && cp
->val
!= 0x01 && cp
->val
!= 0x02)
4363 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SECURE_CONN
,
4364 MGMT_STATUS_INVALID_PARAMS
);
4368 if (!hdev_is_powered(hdev
) || !lmp_sc_capable(hdev
) ||
4369 !hci_dev_test_flag(hdev
, HCI_BREDR_ENABLED
)) {
4373 changed
= !hci_dev_test_and_set_flag(hdev
,
4375 if (cp
->val
== 0x02)
4376 hci_dev_set_flag(hdev
, HCI_SC_ONLY
);
4378 hci_dev_clear_flag(hdev
, HCI_SC_ONLY
);
4380 changed
= hci_dev_test_and_clear_flag(hdev
,
4382 hci_dev_clear_flag(hdev
, HCI_SC_ONLY
);
4385 err
= send_settings_rsp(sk
, MGMT_OP_SET_SECURE_CONN
, hdev
);
4390 err
= new_settings(hdev
, sk
);
4395 if (pending_find(MGMT_OP_SET_SECURE_CONN
, hdev
)) {
4396 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SECURE_CONN
,
4403 if (val
== hci_dev_test_flag(hdev
, HCI_SC_ENABLED
) &&
4404 (cp
->val
== 0x02) == hci_dev_test_flag(hdev
, HCI_SC_ONLY
)) {
4405 err
= send_settings_rsp(sk
, MGMT_OP_SET_SECURE_CONN
, hdev
);
4409 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_SECURE_CONN
, hdev
, data
, len
);
4415 hci_req_init(&req
, hdev
);
4416 hci_req_add(&req
, HCI_OP_WRITE_SC_SUPPORT
, 1, &val
);
4417 err
= hci_req_run(&req
, sc_enable_complete
);
4419 mgmt_pending_remove(cmd
);
4424 hci_dev_unlock(hdev
);
4428 static int set_debug_keys(struct sock
*sk
, struct hci_dev
*hdev
,
4429 void *data
, u16 len
)
4431 struct mgmt_mode
*cp
= data
;
4432 bool changed
, use_changed
;
4435 BT_DBG("request for %s", hdev
->name
);
4437 if (cp
->val
!= 0x00 && cp
->val
!= 0x01 && cp
->val
!= 0x02)
4438 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEBUG_KEYS
,
4439 MGMT_STATUS_INVALID_PARAMS
);
4444 changed
= !hci_dev_test_and_set_flag(hdev
, HCI_KEEP_DEBUG_KEYS
);
4446 changed
= hci_dev_test_and_clear_flag(hdev
,
4447 HCI_KEEP_DEBUG_KEYS
);
4449 if (cp
->val
== 0x02)
4450 use_changed
= !hci_dev_test_and_set_flag(hdev
,
4451 HCI_USE_DEBUG_KEYS
);
4453 use_changed
= hci_dev_test_and_clear_flag(hdev
,
4454 HCI_USE_DEBUG_KEYS
);
4456 if (hdev_is_powered(hdev
) && use_changed
&&
4457 hci_dev_test_flag(hdev
, HCI_SSP_ENABLED
)) {
4458 u8 mode
= (cp
->val
== 0x02) ? 0x01 : 0x00;
4459 hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_DEBUG_MODE
,
4460 sizeof(mode
), &mode
);
4463 err
= send_settings_rsp(sk
, MGMT_OP_SET_DEBUG_KEYS
, hdev
);
4468 err
= new_settings(hdev
, sk
);
4471 hci_dev_unlock(hdev
);
4475 static int set_privacy(struct sock
*sk
, struct hci_dev
*hdev
, void *cp_data
,
4478 struct mgmt_cp_set_privacy
*cp
= cp_data
;
4482 BT_DBG("request for %s", hdev
->name
);
4484 if (!lmp_le_capable(hdev
))
4485 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_PRIVACY
,
4486 MGMT_STATUS_NOT_SUPPORTED
);
4488 if (cp
->privacy
!= 0x00 && cp
->privacy
!= 0x01 && cp
->privacy
!= 0x02)
4489 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_PRIVACY
,
4490 MGMT_STATUS_INVALID_PARAMS
);
4492 if (hdev_is_powered(hdev
))
4493 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_PRIVACY
,
4494 MGMT_STATUS_REJECTED
);
4498 /* If user space supports this command it is also expected to
4499 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4501 hci_dev_set_flag(hdev
, HCI_RPA_RESOLVING
);
4504 changed
= !hci_dev_test_and_set_flag(hdev
, HCI_PRIVACY
);
4505 memcpy(hdev
->irk
, cp
->irk
, sizeof(hdev
->irk
));
4506 hci_dev_set_flag(hdev
, HCI_RPA_EXPIRED
);
4507 if (cp
->privacy
== 0x02)
4508 hci_dev_set_flag(hdev
, HCI_LIMITED_PRIVACY
);
4510 hci_dev_clear_flag(hdev
, HCI_LIMITED_PRIVACY
);
4512 changed
= hci_dev_test_and_clear_flag(hdev
, HCI_PRIVACY
);
4513 memset(hdev
->irk
, 0, sizeof(hdev
->irk
));
4514 hci_dev_clear_flag(hdev
, HCI_RPA_EXPIRED
);
4515 hci_dev_clear_flag(hdev
, HCI_LIMITED_PRIVACY
);
4518 err
= send_settings_rsp(sk
, MGMT_OP_SET_PRIVACY
, hdev
);
4523 err
= new_settings(hdev
, sk
);
4526 hci_dev_unlock(hdev
);
4530 static bool irk_is_valid(struct mgmt_irk_info
*irk
)
4532 switch (irk
->addr
.type
) {
4533 case BDADDR_LE_PUBLIC
:
4536 case BDADDR_LE_RANDOM
:
4537 /* Two most significant bits shall be set */
4538 if ((irk
->addr
.bdaddr
.b
[5] & 0xc0) != 0xc0)
4546 static int load_irks(struct sock
*sk
, struct hci_dev
*hdev
, void *cp_data
,
4549 struct mgmt_cp_load_irks
*cp
= cp_data
;
4550 const u16 max_irk_count
= ((U16_MAX
- sizeof(*cp
)) /
4551 sizeof(struct mgmt_irk_info
));
4552 u16 irk_count
, expected_len
;
4555 BT_DBG("request for %s", hdev
->name
);
4557 if (!lmp_le_capable(hdev
))
4558 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_IRKS
,
4559 MGMT_STATUS_NOT_SUPPORTED
);
4561 irk_count
= __le16_to_cpu(cp
->irk_count
);
4562 if (irk_count
> max_irk_count
) {
4563 BT_ERR("load_irks: too big irk_count value %u", irk_count
);
4564 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_IRKS
,
4565 MGMT_STATUS_INVALID_PARAMS
);
4568 expected_len
= sizeof(*cp
) + irk_count
* sizeof(struct mgmt_irk_info
);
4569 if (expected_len
!= len
) {
4570 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4572 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_IRKS
,
4573 MGMT_STATUS_INVALID_PARAMS
);
4576 BT_DBG("%s irk_count %u", hdev
->name
, irk_count
);
4578 for (i
= 0; i
< irk_count
; i
++) {
4579 struct mgmt_irk_info
*key
= &cp
->irks
[i
];
4581 if (!irk_is_valid(key
))
4582 return mgmt_cmd_status(sk
, hdev
->id
,
4584 MGMT_STATUS_INVALID_PARAMS
);
4589 hci_smp_irks_clear(hdev
);
4591 for (i
= 0; i
< irk_count
; i
++) {
4592 struct mgmt_irk_info
*irk
= &cp
->irks
[i
];
4594 hci_add_irk(hdev
, &irk
->addr
.bdaddr
,
4595 le_addr_type(irk
->addr
.type
), irk
->val
,
4599 hci_dev_set_flag(hdev
, HCI_RPA_RESOLVING
);
4601 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_IRKS
, 0, NULL
, 0);
4603 hci_dev_unlock(hdev
);
4608 static bool ltk_is_valid(struct mgmt_ltk_info
*key
)
4610 if (key
->master
!= 0x00 && key
->master
!= 0x01)
4613 switch (key
->addr
.type
) {
4614 case BDADDR_LE_PUBLIC
:
4617 case BDADDR_LE_RANDOM
:
4618 /* Two most significant bits shall be set */
4619 if ((key
->addr
.bdaddr
.b
[5] & 0xc0) != 0xc0)
4627 static int load_long_term_keys(struct sock
*sk
, struct hci_dev
*hdev
,
4628 void *cp_data
, u16 len
)
4630 struct mgmt_cp_load_long_term_keys
*cp
= cp_data
;
4631 const u16 max_key_count
= ((U16_MAX
- sizeof(*cp
)) /
4632 sizeof(struct mgmt_ltk_info
));
4633 u16 key_count
, expected_len
;
4636 BT_DBG("request for %s", hdev
->name
);
4638 if (!lmp_le_capable(hdev
))
4639 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
,
4640 MGMT_STATUS_NOT_SUPPORTED
);
4642 key_count
= __le16_to_cpu(cp
->key_count
);
4643 if (key_count
> max_key_count
) {
4644 BT_ERR("load_ltks: too big key_count value %u", key_count
);
4645 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
,
4646 MGMT_STATUS_INVALID_PARAMS
);
4649 expected_len
= sizeof(*cp
) + key_count
*
4650 sizeof(struct mgmt_ltk_info
);
4651 if (expected_len
!= len
) {
4652 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4654 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
,
4655 MGMT_STATUS_INVALID_PARAMS
);
4658 BT_DBG("%s key_count %u", hdev
->name
, key_count
);
4660 for (i
= 0; i
< key_count
; i
++) {
4661 struct mgmt_ltk_info
*key
= &cp
->keys
[i
];
4663 if (!ltk_is_valid(key
))
4664 return mgmt_cmd_status(sk
, hdev
->id
,
4665 MGMT_OP_LOAD_LONG_TERM_KEYS
,
4666 MGMT_STATUS_INVALID_PARAMS
);
4671 hci_smp_ltks_clear(hdev
);
4673 for (i
= 0; i
< key_count
; i
++) {
4674 struct mgmt_ltk_info
*key
= &cp
->keys
[i
];
4675 u8 type
, authenticated
;
4677 switch (key
->type
) {
4678 case MGMT_LTK_UNAUTHENTICATED
:
4679 authenticated
= 0x00;
4680 type
= key
->master
? SMP_LTK
: SMP_LTK_SLAVE
;
4682 case MGMT_LTK_AUTHENTICATED
:
4683 authenticated
= 0x01;
4684 type
= key
->master
? SMP_LTK
: SMP_LTK_SLAVE
;
4686 case MGMT_LTK_P256_UNAUTH
:
4687 authenticated
= 0x00;
4688 type
= SMP_LTK_P256
;
4690 case MGMT_LTK_P256_AUTH
:
4691 authenticated
= 0x01;
4692 type
= SMP_LTK_P256
;
4694 case MGMT_LTK_P256_DEBUG
:
4695 authenticated
= 0x00;
4696 type
= SMP_LTK_P256_DEBUG
;
4701 hci_add_ltk(hdev
, &key
->addr
.bdaddr
,
4702 le_addr_type(key
->addr
.type
), type
, authenticated
,
4703 key
->val
, key
->enc_size
, key
->ediv
, key
->rand
);
4706 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
, 0,
4709 hci_dev_unlock(hdev
);
4714 static int conn_info_cmd_complete(struct mgmt_pending_cmd
*cmd
, u8 status
)
4716 struct hci_conn
*conn
= cmd
->user_data
;
4717 struct mgmt_rp_get_conn_info rp
;
4720 memcpy(&rp
.addr
, cmd
->param
, sizeof(rp
.addr
));
4722 if (status
== MGMT_STATUS_SUCCESS
) {
4723 rp
.rssi
= conn
->rssi
;
4724 rp
.tx_power
= conn
->tx_power
;
4725 rp
.max_tx_power
= conn
->max_tx_power
;
4727 rp
.rssi
= HCI_RSSI_INVALID
;
4728 rp
.tx_power
= HCI_TX_POWER_INVALID
;
4729 rp
.max_tx_power
= HCI_TX_POWER_INVALID
;
4732 err
= mgmt_cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_GET_CONN_INFO
,
4733 status
, &rp
, sizeof(rp
));
4735 hci_conn_drop(conn
);
4741 static void conn_info_refresh_complete(struct hci_dev
*hdev
, u8 hci_status
,
4744 struct hci_cp_read_rssi
*cp
;
4745 struct mgmt_pending_cmd
*cmd
;
4746 struct hci_conn
*conn
;
4750 BT_DBG("status 0x%02x", hci_status
);
4754 /* Commands sent in request are either Read RSSI or Read Transmit Power
4755 * Level so we check which one was last sent to retrieve connection
4756 * handle. Both commands have handle as first parameter so it's safe to
4757 * cast data on the same command struct.
4759 * First command sent is always Read RSSI and we fail only if it fails.
4760 * In other case we simply override error to indicate success as we
4761 * already remembered if TX power value is actually valid.
4763 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_RSSI
);
4765 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_TX_POWER
);
4766 status
= MGMT_STATUS_SUCCESS
;
4768 status
= mgmt_status(hci_status
);
4772 BT_ERR("invalid sent_cmd in conn_info response");
4776 handle
= __le16_to_cpu(cp
->handle
);
4777 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
4779 BT_ERR("unknown handle (%d) in conn_info response", handle
);
4783 cmd
= pending_find_data(MGMT_OP_GET_CONN_INFO
, hdev
, conn
);
4787 cmd
->cmd_complete(cmd
, status
);
4788 mgmt_pending_remove(cmd
);
4791 hci_dev_unlock(hdev
);
4794 static int get_conn_info(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
4797 struct mgmt_cp_get_conn_info
*cp
= data
;
4798 struct mgmt_rp_get_conn_info rp
;
4799 struct hci_conn
*conn
;
4800 unsigned long conn_info_age
;
4803 BT_DBG("%s", hdev
->name
);
4805 memset(&rp
, 0, sizeof(rp
));
4806 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
4807 rp
.addr
.type
= cp
->addr
.type
;
4809 if (!bdaddr_type_is_valid(cp
->addr
.type
))
4810 return mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONN_INFO
,
4811 MGMT_STATUS_INVALID_PARAMS
,
4816 if (!hdev_is_powered(hdev
)) {
4817 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONN_INFO
,
4818 MGMT_STATUS_NOT_POWERED
, &rp
,
4823 if (cp
->addr
.type
== BDADDR_BREDR
)
4824 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
4827 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->addr
.bdaddr
);
4829 if (!conn
|| conn
->state
!= BT_CONNECTED
) {
4830 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONN_INFO
,
4831 MGMT_STATUS_NOT_CONNECTED
, &rp
,
4836 if (pending_find_data(MGMT_OP_GET_CONN_INFO
, hdev
, conn
)) {
4837 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONN_INFO
,
4838 MGMT_STATUS_BUSY
, &rp
, sizeof(rp
));
4842 /* To avoid client trying to guess when to poll again for information we
4843 * calculate conn info age as random value between min/max set in hdev.
4845 conn_info_age
= hdev
->conn_info_min_age
+
4846 prandom_u32_max(hdev
->conn_info_max_age
-
4847 hdev
->conn_info_min_age
);
4849 /* Query controller to refresh cached values if they are too old or were
4852 if (time_after(jiffies
, conn
->conn_info_timestamp
+
4853 msecs_to_jiffies(conn_info_age
)) ||
4854 !conn
->conn_info_timestamp
) {
4855 struct hci_request req
;
4856 struct hci_cp_read_tx_power req_txp_cp
;
4857 struct hci_cp_read_rssi req_rssi_cp
;
4858 struct mgmt_pending_cmd
*cmd
;
4860 hci_req_init(&req
, hdev
);
4861 req_rssi_cp
.handle
= cpu_to_le16(conn
->handle
);
4862 hci_req_add(&req
, HCI_OP_READ_RSSI
, sizeof(req_rssi_cp
),
4865 /* For LE links TX power does not change thus we don't need to
4866 * query for it once value is known.
4868 if (!bdaddr_type_is_le(cp
->addr
.type
) ||
4869 conn
->tx_power
== HCI_TX_POWER_INVALID
) {
4870 req_txp_cp
.handle
= cpu_to_le16(conn
->handle
);
4871 req_txp_cp
.type
= 0x00;
4872 hci_req_add(&req
, HCI_OP_READ_TX_POWER
,
4873 sizeof(req_txp_cp
), &req_txp_cp
);
4876 /* Max TX power needs to be read only once per connection */
4877 if (conn
->max_tx_power
== HCI_TX_POWER_INVALID
) {
4878 req_txp_cp
.handle
= cpu_to_le16(conn
->handle
);
4879 req_txp_cp
.type
= 0x01;
4880 hci_req_add(&req
, HCI_OP_READ_TX_POWER
,
4881 sizeof(req_txp_cp
), &req_txp_cp
);
4884 err
= hci_req_run(&req
, conn_info_refresh_complete
);
4888 cmd
= mgmt_pending_add(sk
, MGMT_OP_GET_CONN_INFO
, hdev
,
4895 hci_conn_hold(conn
);
4896 cmd
->user_data
= hci_conn_get(conn
);
4897 cmd
->cmd_complete
= conn_info_cmd_complete
;
4899 conn
->conn_info_timestamp
= jiffies
;
4901 /* Cache is valid, just reply with values cached in hci_conn */
4902 rp
.rssi
= conn
->rssi
;
4903 rp
.tx_power
= conn
->tx_power
;
4904 rp
.max_tx_power
= conn
->max_tx_power
;
4906 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONN_INFO
,
4907 MGMT_STATUS_SUCCESS
, &rp
, sizeof(rp
));
4911 hci_dev_unlock(hdev
);
4915 static int clock_info_cmd_complete(struct mgmt_pending_cmd
*cmd
, u8 status
)
4917 struct hci_conn
*conn
= cmd
->user_data
;
4918 struct mgmt_rp_get_clock_info rp
;
4919 struct hci_dev
*hdev
;
4922 memset(&rp
, 0, sizeof(rp
));
4923 memcpy(&rp
.addr
, cmd
->param
, sizeof(rp
.addr
));
4928 hdev
= hci_dev_get(cmd
->index
);
4930 rp
.local_clock
= cpu_to_le32(hdev
->clock
);
4935 rp
.piconet_clock
= cpu_to_le32(conn
->clock
);
4936 rp
.accuracy
= cpu_to_le16(conn
->clock_accuracy
);
4940 err
= mgmt_cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, status
, &rp
,
4944 hci_conn_drop(conn
);
4951 static void get_clock_info_complete(struct hci_dev
*hdev
, u8 status
, u16 opcode
)
4953 struct hci_cp_read_clock
*hci_cp
;
4954 struct mgmt_pending_cmd
*cmd
;
4955 struct hci_conn
*conn
;
4957 BT_DBG("%s status %u", hdev
->name
, status
);
4961 hci_cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_CLOCK
);
4965 if (hci_cp
->which
) {
4966 u16 handle
= __le16_to_cpu(hci_cp
->handle
);
4967 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
4972 cmd
= pending_find_data(MGMT_OP_GET_CLOCK_INFO
, hdev
, conn
);
4976 cmd
->cmd_complete(cmd
, mgmt_status(status
));
4977 mgmt_pending_remove(cmd
);
4980 hci_dev_unlock(hdev
);
4983 static int get_clock_info(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
4986 struct mgmt_cp_get_clock_info
*cp
= data
;
4987 struct mgmt_rp_get_clock_info rp
;
4988 struct hci_cp_read_clock hci_cp
;
4989 struct mgmt_pending_cmd
*cmd
;
4990 struct hci_request req
;
4991 struct hci_conn
*conn
;
4994 BT_DBG("%s", hdev
->name
);
4996 memset(&rp
, 0, sizeof(rp
));
4997 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
4998 rp
.addr
.type
= cp
->addr
.type
;
5000 if (cp
->addr
.type
!= BDADDR_BREDR
)
5001 return mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CLOCK_INFO
,
5002 MGMT_STATUS_INVALID_PARAMS
,
5007 if (!hdev_is_powered(hdev
)) {
5008 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CLOCK_INFO
,
5009 MGMT_STATUS_NOT_POWERED
, &rp
,
5014 if (bacmp(&cp
->addr
.bdaddr
, BDADDR_ANY
)) {
5015 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
5017 if (!conn
|| conn
->state
!= BT_CONNECTED
) {
5018 err
= mgmt_cmd_complete(sk
, hdev
->id
,
5019 MGMT_OP_GET_CLOCK_INFO
,
5020 MGMT_STATUS_NOT_CONNECTED
,
5028 cmd
= mgmt_pending_add(sk
, MGMT_OP_GET_CLOCK_INFO
, hdev
, data
, len
);
5034 cmd
->cmd_complete
= clock_info_cmd_complete
;
5036 hci_req_init(&req
, hdev
);
5038 memset(&hci_cp
, 0, sizeof(hci_cp
));
5039 hci_req_add(&req
, HCI_OP_READ_CLOCK
, sizeof(hci_cp
), &hci_cp
);
5042 hci_conn_hold(conn
);
5043 cmd
->user_data
= hci_conn_get(conn
);
5045 hci_cp
.handle
= cpu_to_le16(conn
->handle
);
5046 hci_cp
.which
= 0x01; /* Piconet clock */
5047 hci_req_add(&req
, HCI_OP_READ_CLOCK
, sizeof(hci_cp
), &hci_cp
);
5050 err
= hci_req_run(&req
, get_clock_info_complete
);
5052 mgmt_pending_remove(cmd
);
5055 hci_dev_unlock(hdev
);
5059 static bool is_connected(struct hci_dev
*hdev
, bdaddr_t
*addr
, u8 type
)
5061 struct hci_conn
*conn
;
5063 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, addr
);
5067 if (conn
->dst_type
!= type
)
5070 if (conn
->state
!= BT_CONNECTED
)
5076 /* This function requires the caller holds hdev->lock */
5077 static int hci_conn_params_set(struct hci_dev
*hdev
, bdaddr_t
*addr
,
5078 u8 addr_type
, u8 auto_connect
)
5080 struct hci_conn_params
*params
;
5082 params
= hci_conn_params_add(hdev
, addr
, addr_type
);
5086 if (params
->auto_connect
== auto_connect
)
5089 list_del_init(¶ms
->action
);
5091 switch (auto_connect
) {
5092 case HCI_AUTO_CONN_DISABLED
:
5093 case HCI_AUTO_CONN_LINK_LOSS
:
5094 /* If auto connect is being disabled when we're trying to
5095 * connect to device, keep connecting.
5097 if (params
->explicit_connect
)
5098 list_add(¶ms
->action
, &hdev
->pend_le_conns
);
5100 case HCI_AUTO_CONN_REPORT
:
5101 if (params
->explicit_connect
)
5102 list_add(¶ms
->action
, &hdev
->pend_le_conns
);
5104 list_add(¶ms
->action
, &hdev
->pend_le_reports
);
5106 case HCI_AUTO_CONN_DIRECT
:
5107 case HCI_AUTO_CONN_ALWAYS
:
5108 if (!is_connected(hdev
, addr
, addr_type
))
5109 list_add(¶ms
->action
, &hdev
->pend_le_conns
);
5113 params
->auto_connect
= auto_connect
;
5115 BT_DBG("addr %pMR (type %u) auto_connect %u", addr
, addr_type
,
5121 static void device_added(struct sock
*sk
, struct hci_dev
*hdev
,
5122 bdaddr_t
*bdaddr
, u8 type
, u8 action
)
5124 struct mgmt_ev_device_added ev
;
5126 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
5127 ev
.addr
.type
= type
;
5130 mgmt_event(MGMT_EV_DEVICE_ADDED
, hdev
, &ev
, sizeof(ev
), sk
);
5133 static int add_device(struct sock
*sk
, struct hci_dev
*hdev
,
5134 void *data
, u16 len
)
5136 struct mgmt_cp_add_device
*cp
= data
;
5137 u8 auto_conn
, addr_type
;
5140 BT_DBG("%s", hdev
->name
);
5142 if (!bdaddr_type_is_valid(cp
->addr
.type
) ||
5143 !bacmp(&cp
->addr
.bdaddr
, BDADDR_ANY
))
5144 return mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_DEVICE
,
5145 MGMT_STATUS_INVALID_PARAMS
,
5146 &cp
->addr
, sizeof(cp
->addr
));
5148 if (cp
->action
!= 0x00 && cp
->action
!= 0x01 && cp
->action
!= 0x02)
5149 return mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_DEVICE
,
5150 MGMT_STATUS_INVALID_PARAMS
,
5151 &cp
->addr
, sizeof(cp
->addr
));
5155 if (cp
->addr
.type
== BDADDR_BREDR
) {
5156 /* Only incoming connections action is supported for now */
5157 if (cp
->action
!= 0x01) {
5158 err
= mgmt_cmd_complete(sk
, hdev
->id
,
5160 MGMT_STATUS_INVALID_PARAMS
,
5161 &cp
->addr
, sizeof(cp
->addr
));
5165 err
= hci_bdaddr_list_add(&hdev
->whitelist
, &cp
->addr
.bdaddr
,
5170 hci_req_update_scan(hdev
);
5175 addr_type
= le_addr_type(cp
->addr
.type
);
5177 if (cp
->action
== 0x02)
5178 auto_conn
= HCI_AUTO_CONN_ALWAYS
;
5179 else if (cp
->action
== 0x01)
5180 auto_conn
= HCI_AUTO_CONN_DIRECT
;
5182 auto_conn
= HCI_AUTO_CONN_REPORT
;
5184 /* Kernel internally uses conn_params with resolvable private
5185 * address, but Add Device allows only identity addresses.
5186 * Make sure it is enforced before calling
5187 * hci_conn_params_lookup.
5189 if (!hci_is_identity_address(&cp
->addr
.bdaddr
, addr_type
)) {
5190 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_DEVICE
,
5191 MGMT_STATUS_INVALID_PARAMS
,
5192 &cp
->addr
, sizeof(cp
->addr
));
5196 /* If the connection parameters don't exist for this device,
5197 * they will be created and configured with defaults.
5199 if (hci_conn_params_set(hdev
, &cp
->addr
.bdaddr
, addr_type
,
5201 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_DEVICE
,
5202 MGMT_STATUS_FAILED
, &cp
->addr
,
5207 hci_update_background_scan(hdev
);
5210 device_added(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, cp
->action
);
5212 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_DEVICE
,
5213 MGMT_STATUS_SUCCESS
, &cp
->addr
,
5217 hci_dev_unlock(hdev
);
5221 static void device_removed(struct sock
*sk
, struct hci_dev
*hdev
,
5222 bdaddr_t
*bdaddr
, u8 type
)
5224 struct mgmt_ev_device_removed ev
;
5226 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
5227 ev
.addr
.type
= type
;
5229 mgmt_event(MGMT_EV_DEVICE_REMOVED
, hdev
, &ev
, sizeof(ev
), sk
);
5232 static int remove_device(struct sock
*sk
, struct hci_dev
*hdev
,
5233 void *data
, u16 len
)
5235 struct mgmt_cp_remove_device
*cp
= data
;
5238 BT_DBG("%s", hdev
->name
);
5242 if (bacmp(&cp
->addr
.bdaddr
, BDADDR_ANY
)) {
5243 struct hci_conn_params
*params
;
5246 if (!bdaddr_type_is_valid(cp
->addr
.type
)) {
5247 err
= mgmt_cmd_complete(sk
, hdev
->id
,
5248 MGMT_OP_REMOVE_DEVICE
,
5249 MGMT_STATUS_INVALID_PARAMS
,
5250 &cp
->addr
, sizeof(cp
->addr
));
5254 if (cp
->addr
.type
== BDADDR_BREDR
) {
5255 err
= hci_bdaddr_list_del(&hdev
->whitelist
,
5259 err
= mgmt_cmd_complete(sk
, hdev
->id
,
5260 MGMT_OP_REMOVE_DEVICE
,
5261 MGMT_STATUS_INVALID_PARAMS
,
5267 hci_req_update_scan(hdev
);
5269 device_removed(sk
, hdev
, &cp
->addr
.bdaddr
,
5274 addr_type
= le_addr_type(cp
->addr
.type
);
5276 /* Kernel internally uses conn_params with resolvable private
5277 * address, but Remove Device allows only identity addresses.
5278 * Make sure it is enforced before calling
5279 * hci_conn_params_lookup.
5281 if (!hci_is_identity_address(&cp
->addr
.bdaddr
, addr_type
)) {
5282 err
= mgmt_cmd_complete(sk
, hdev
->id
,
5283 MGMT_OP_REMOVE_DEVICE
,
5284 MGMT_STATUS_INVALID_PARAMS
,
5285 &cp
->addr
, sizeof(cp
->addr
));
5289 params
= hci_conn_params_lookup(hdev
, &cp
->addr
.bdaddr
,
5292 err
= mgmt_cmd_complete(sk
, hdev
->id
,
5293 MGMT_OP_REMOVE_DEVICE
,
5294 MGMT_STATUS_INVALID_PARAMS
,
5295 &cp
->addr
, sizeof(cp
->addr
));
5299 if (params
->auto_connect
== HCI_AUTO_CONN_DISABLED
||
5300 params
->auto_connect
== HCI_AUTO_CONN_EXPLICIT
) {
5301 err
= mgmt_cmd_complete(sk
, hdev
->id
,
5302 MGMT_OP_REMOVE_DEVICE
,
5303 MGMT_STATUS_INVALID_PARAMS
,
5304 &cp
->addr
, sizeof(cp
->addr
));
5308 list_del(¶ms
->action
);
5309 list_del(¶ms
->list
);
5311 hci_update_background_scan(hdev
);
5313 device_removed(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
5315 struct hci_conn_params
*p
, *tmp
;
5316 struct bdaddr_list
*b
, *btmp
;
5318 if (cp
->addr
.type
) {
5319 err
= mgmt_cmd_complete(sk
, hdev
->id
,
5320 MGMT_OP_REMOVE_DEVICE
,
5321 MGMT_STATUS_INVALID_PARAMS
,
5322 &cp
->addr
, sizeof(cp
->addr
));
5326 list_for_each_entry_safe(b
, btmp
, &hdev
->whitelist
, list
) {
5327 device_removed(sk
, hdev
, &b
->bdaddr
, b
->bdaddr_type
);
5332 hci_req_update_scan(hdev
);
5334 list_for_each_entry_safe(p
, tmp
, &hdev
->le_conn_params
, list
) {
5335 if (p
->auto_connect
== HCI_AUTO_CONN_DISABLED
)
5337 device_removed(sk
, hdev
, &p
->addr
, p
->addr_type
);
5338 if (p
->explicit_connect
) {
5339 p
->auto_connect
= HCI_AUTO_CONN_EXPLICIT
;
5342 list_del(&p
->action
);
5347 BT_DBG("All LE connection parameters were removed");
5349 hci_update_background_scan(hdev
);
5353 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_DEVICE
,
5354 MGMT_STATUS_SUCCESS
, &cp
->addr
,
5357 hci_dev_unlock(hdev
);
5361 static int load_conn_param(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
5364 struct mgmt_cp_load_conn_param
*cp
= data
;
5365 const u16 max_param_count
= ((U16_MAX
- sizeof(*cp
)) /
5366 sizeof(struct mgmt_conn_param
));
5367 u16 param_count
, expected_len
;
5370 if (!lmp_le_capable(hdev
))
5371 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_CONN_PARAM
,
5372 MGMT_STATUS_NOT_SUPPORTED
);
5374 param_count
= __le16_to_cpu(cp
->param_count
);
5375 if (param_count
> max_param_count
) {
5376 BT_ERR("load_conn_param: too big param_count value %u",
5378 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_CONN_PARAM
,
5379 MGMT_STATUS_INVALID_PARAMS
);
5382 expected_len
= sizeof(*cp
) + param_count
*
5383 sizeof(struct mgmt_conn_param
);
5384 if (expected_len
!= len
) {
5385 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5387 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_CONN_PARAM
,
5388 MGMT_STATUS_INVALID_PARAMS
);
5391 BT_DBG("%s param_count %u", hdev
->name
, param_count
);
5395 hci_conn_params_clear_disabled(hdev
);
5397 for (i
= 0; i
< param_count
; i
++) {
5398 struct mgmt_conn_param
*param
= &cp
->params
[i
];
5399 struct hci_conn_params
*hci_param
;
5400 u16 min
, max
, latency
, timeout
;
5403 BT_DBG("Adding %pMR (type %u)", ¶m
->addr
.bdaddr
,
5406 if (param
->addr
.type
== BDADDR_LE_PUBLIC
) {
5407 addr_type
= ADDR_LE_DEV_PUBLIC
;
5408 } else if (param
->addr
.type
== BDADDR_LE_RANDOM
) {
5409 addr_type
= ADDR_LE_DEV_RANDOM
;
5411 BT_ERR("Ignoring invalid connection parameters");
5415 min
= le16_to_cpu(param
->min_interval
);
5416 max
= le16_to_cpu(param
->max_interval
);
5417 latency
= le16_to_cpu(param
->latency
);
5418 timeout
= le16_to_cpu(param
->timeout
);
5420 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5421 min
, max
, latency
, timeout
);
5423 if (hci_check_conn_params(min
, max
, latency
, timeout
) < 0) {
5424 BT_ERR("Ignoring invalid connection parameters");
5428 hci_param
= hci_conn_params_add(hdev
, ¶m
->addr
.bdaddr
,
5431 BT_ERR("Failed to add connection parameters");
5435 hci_param
->conn_min_interval
= min
;
5436 hci_param
->conn_max_interval
= max
;
5437 hci_param
->conn_latency
= latency
;
5438 hci_param
->supervision_timeout
= timeout
;
5441 hci_dev_unlock(hdev
);
5443 return mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_CONN_PARAM
, 0,
5447 static int set_external_config(struct sock
*sk
, struct hci_dev
*hdev
,
5448 void *data
, u16 len
)
5450 struct mgmt_cp_set_external_config
*cp
= data
;
5454 BT_DBG("%s", hdev
->name
);
5456 if (hdev_is_powered(hdev
))
5457 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_EXTERNAL_CONFIG
,
5458 MGMT_STATUS_REJECTED
);
5460 if (cp
->config
!= 0x00 && cp
->config
!= 0x01)
5461 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_EXTERNAL_CONFIG
,
5462 MGMT_STATUS_INVALID_PARAMS
);
5464 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG
, &hdev
->quirks
))
5465 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_EXTERNAL_CONFIG
,
5466 MGMT_STATUS_NOT_SUPPORTED
);
5471 changed
= !hci_dev_test_and_set_flag(hdev
, HCI_EXT_CONFIGURED
);
5473 changed
= hci_dev_test_and_clear_flag(hdev
, HCI_EXT_CONFIGURED
);
5475 err
= send_options_rsp(sk
, MGMT_OP_SET_EXTERNAL_CONFIG
, hdev
);
5482 err
= new_options(hdev
, sk
);
5484 if (hci_dev_test_flag(hdev
, HCI_UNCONFIGURED
) == is_configured(hdev
)) {
5485 mgmt_index_removed(hdev
);
5487 if (hci_dev_test_and_change_flag(hdev
, HCI_UNCONFIGURED
)) {
5488 hci_dev_set_flag(hdev
, HCI_CONFIG
);
5489 hci_dev_set_flag(hdev
, HCI_AUTO_OFF
);
5491 queue_work(hdev
->req_workqueue
, &hdev
->power_on
);
5493 set_bit(HCI_RAW
, &hdev
->flags
);
5494 mgmt_index_added(hdev
);
5499 hci_dev_unlock(hdev
);
5503 static int set_public_address(struct sock
*sk
, struct hci_dev
*hdev
,
5504 void *data
, u16 len
)
5506 struct mgmt_cp_set_public_address
*cp
= data
;
5510 BT_DBG("%s", hdev
->name
);
5512 if (hdev_is_powered(hdev
))
5513 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_PUBLIC_ADDRESS
,
5514 MGMT_STATUS_REJECTED
);
5516 if (!bacmp(&cp
->bdaddr
, BDADDR_ANY
))
5517 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_PUBLIC_ADDRESS
,
5518 MGMT_STATUS_INVALID_PARAMS
);
5520 if (!hdev
->set_bdaddr
)
5521 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_SET_PUBLIC_ADDRESS
,
5522 MGMT_STATUS_NOT_SUPPORTED
);
5526 changed
= !!bacmp(&hdev
->public_addr
, &cp
->bdaddr
);
5527 bacpy(&hdev
->public_addr
, &cp
->bdaddr
);
5529 err
= send_options_rsp(sk
, MGMT_OP_SET_PUBLIC_ADDRESS
, hdev
);
5536 if (hci_dev_test_flag(hdev
, HCI_UNCONFIGURED
))
5537 err
= new_options(hdev
, sk
);
5539 if (is_configured(hdev
)) {
5540 mgmt_index_removed(hdev
);
5542 hci_dev_clear_flag(hdev
, HCI_UNCONFIGURED
);
5544 hci_dev_set_flag(hdev
, HCI_CONFIG
);
5545 hci_dev_set_flag(hdev
, HCI_AUTO_OFF
);
5547 queue_work(hdev
->req_workqueue
, &hdev
->power_on
);
5551 hci_dev_unlock(hdev
);
5555 static inline u16
eir_append_data(u8
*eir
, u16 eir_len
, u8 type
, u8
*data
,
5558 eir
[eir_len
++] = sizeof(type
) + data_len
;
5559 eir
[eir_len
++] = type
;
5560 memcpy(&eir
[eir_len
], data
, data_len
);
5561 eir_len
+= data_len
;
5566 static void read_local_oob_ext_data_complete(struct hci_dev
*hdev
, u8 status
,
5567 u16 opcode
, struct sk_buff
*skb
)
5569 const struct mgmt_cp_read_local_oob_ext_data
*mgmt_cp
;
5570 struct mgmt_rp_read_local_oob_ext_data
*mgmt_rp
;
5571 u8
*h192
, *r192
, *h256
, *r256
;
5572 struct mgmt_pending_cmd
*cmd
;
5576 BT_DBG("%s status %u", hdev
->name
, status
);
5578 cmd
= pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA
, hdev
);
5582 mgmt_cp
= cmd
->param
;
5585 status
= mgmt_status(status
);
5592 } else if (opcode
== HCI_OP_READ_LOCAL_OOB_DATA
) {
5593 struct hci_rp_read_local_oob_data
*rp
;
5595 if (skb
->len
!= sizeof(*rp
)) {
5596 status
= MGMT_STATUS_FAILED
;
5599 status
= MGMT_STATUS_SUCCESS
;
5600 rp
= (void *)skb
->data
;
5602 eir_len
= 5 + 18 + 18;
5609 struct hci_rp_read_local_oob_ext_data
*rp
;
5611 if (skb
->len
!= sizeof(*rp
)) {
5612 status
= MGMT_STATUS_FAILED
;
5615 status
= MGMT_STATUS_SUCCESS
;
5616 rp
= (void *)skb
->data
;
5618 if (hci_dev_test_flag(hdev
, HCI_SC_ONLY
)) {
5619 eir_len
= 5 + 18 + 18;
5623 eir_len
= 5 + 18 + 18 + 18 + 18;
5633 mgmt_rp
= kmalloc(sizeof(*mgmt_rp
) + eir_len
, GFP_KERNEL
);
5640 eir_len
= eir_append_data(mgmt_rp
->eir
, 0, EIR_CLASS_OF_DEV
,
5641 hdev
->dev_class
, 3);
5644 eir_len
= eir_append_data(mgmt_rp
->eir
, eir_len
,
5645 EIR_SSP_HASH_C192
, h192
, 16);
5646 eir_len
= eir_append_data(mgmt_rp
->eir
, eir_len
,
5647 EIR_SSP_RAND_R192
, r192
, 16);
5651 eir_len
= eir_append_data(mgmt_rp
->eir
, eir_len
,
5652 EIR_SSP_HASH_C256
, h256
, 16);
5653 eir_len
= eir_append_data(mgmt_rp
->eir
, eir_len
,
5654 EIR_SSP_RAND_R256
, r256
, 16);
5658 mgmt_rp
->type
= mgmt_cp
->type
;
5659 mgmt_rp
->eir_len
= cpu_to_le16(eir_len
);
5661 err
= mgmt_cmd_complete(cmd
->sk
, hdev
->id
,
5662 MGMT_OP_READ_LOCAL_OOB_EXT_DATA
, status
,
5663 mgmt_rp
, sizeof(*mgmt_rp
) + eir_len
);
5664 if (err
< 0 || status
)
5667 hci_sock_set_flag(cmd
->sk
, HCI_MGMT_OOB_DATA_EVENTS
);
5669 err
= mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED
, hdev
,
5670 mgmt_rp
, sizeof(*mgmt_rp
) + eir_len
,
5671 HCI_MGMT_OOB_DATA_EVENTS
, cmd
->sk
);
5674 mgmt_pending_remove(cmd
);
5677 static int read_local_ssp_oob_req(struct hci_dev
*hdev
, struct sock
*sk
,
5678 struct mgmt_cp_read_local_oob_ext_data
*cp
)
5680 struct mgmt_pending_cmd
*cmd
;
5681 struct hci_request req
;
5684 cmd
= mgmt_pending_add(sk
, MGMT_OP_READ_LOCAL_OOB_EXT_DATA
, hdev
,
5689 hci_req_init(&req
, hdev
);
5691 if (bredr_sc_enabled(hdev
))
5692 hci_req_add(&req
, HCI_OP_READ_LOCAL_OOB_EXT_DATA
, 0, NULL
);
5694 hci_req_add(&req
, HCI_OP_READ_LOCAL_OOB_DATA
, 0, NULL
);
5696 err
= hci_req_run_skb(&req
, read_local_oob_ext_data_complete
);
5698 mgmt_pending_remove(cmd
);
5705 static int read_local_oob_ext_data(struct sock
*sk
, struct hci_dev
*hdev
,
5706 void *data
, u16 data_len
)
5708 struct mgmt_cp_read_local_oob_ext_data
*cp
= data
;
5709 struct mgmt_rp_read_local_oob_ext_data
*rp
;
5712 u8 status
, flags
, role
, addr
[7], hash
[16], rand
[16];
5715 BT_DBG("%s", hdev
->name
);
5717 if (hdev_is_powered(hdev
)) {
5719 case BIT(BDADDR_BREDR
):
5720 status
= mgmt_bredr_support(hdev
);
5726 case (BIT(BDADDR_LE_PUBLIC
) | BIT(BDADDR_LE_RANDOM
)):
5727 status
= mgmt_le_support(hdev
);
5731 eir_len
= 9 + 3 + 18 + 18 + 3;
5734 status
= MGMT_STATUS_INVALID_PARAMS
;
5739 status
= MGMT_STATUS_NOT_POWERED
;
5743 rp_len
= sizeof(*rp
) + eir_len
;
5744 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
5755 case BIT(BDADDR_BREDR
):
5756 if (hci_dev_test_flag(hdev
, HCI_SSP_ENABLED
)) {
5757 err
= read_local_ssp_oob_req(hdev
, sk
, cp
);
5758 hci_dev_unlock(hdev
);
5762 status
= MGMT_STATUS_FAILED
;
5765 eir_len
= eir_append_data(rp
->eir
, eir_len
,
5767 hdev
->dev_class
, 3);
5770 case (BIT(BDADDR_LE_PUBLIC
) | BIT(BDADDR_LE_RANDOM
)):
5771 if (hci_dev_test_flag(hdev
, HCI_SC_ENABLED
) &&
5772 smp_generate_oob(hdev
, hash
, rand
) < 0) {
5773 hci_dev_unlock(hdev
);
5774 status
= MGMT_STATUS_FAILED
;
5778 /* This should return the active RPA, but since the RPA
5779 * is only programmed on demand, it is really hard to fill
5780 * this in at the moment. For now disallow retrieving
5781 * local out-of-band data when privacy is in use.
5783 * Returning the identity address will not help here since
5784 * pairing happens before the identity resolving key is
5785 * known and thus the connection establishment happens
5786 * based on the RPA and not the identity address.
5788 if (hci_dev_test_flag(hdev
, HCI_PRIVACY
)) {
5789 hci_dev_unlock(hdev
);
5790 status
= MGMT_STATUS_REJECTED
;
5794 if (hci_dev_test_flag(hdev
, HCI_FORCE_STATIC_ADDR
) ||
5795 !bacmp(&hdev
->bdaddr
, BDADDR_ANY
) ||
5796 (!hci_dev_test_flag(hdev
, HCI_BREDR_ENABLED
) &&
5797 bacmp(&hdev
->static_addr
, BDADDR_ANY
))) {
5798 memcpy(addr
, &hdev
->static_addr
, 6);
5801 memcpy(addr
, &hdev
->bdaddr
, 6);
5805 eir_len
= eir_append_data(rp
->eir
, eir_len
, EIR_LE_BDADDR
,
5806 addr
, sizeof(addr
));
5808 if (hci_dev_test_flag(hdev
, HCI_ADVERTISING
))
5813 eir_len
= eir_append_data(rp
->eir
, eir_len
, EIR_LE_ROLE
,
5814 &role
, sizeof(role
));
5816 if (hci_dev_test_flag(hdev
, HCI_SC_ENABLED
)) {
5817 eir_len
= eir_append_data(rp
->eir
, eir_len
,
5819 hash
, sizeof(hash
));
5821 eir_len
= eir_append_data(rp
->eir
, eir_len
,
5823 rand
, sizeof(rand
));
5826 flags
= mgmt_get_adv_discov_flags(hdev
);
5828 if (!hci_dev_test_flag(hdev
, HCI_BREDR_ENABLED
))
5829 flags
|= LE_AD_NO_BREDR
;
5831 eir_len
= eir_append_data(rp
->eir
, eir_len
, EIR_FLAGS
,
5832 &flags
, sizeof(flags
));
5836 hci_dev_unlock(hdev
);
5838 hci_sock_set_flag(sk
, HCI_MGMT_OOB_DATA_EVENTS
);
5840 status
= MGMT_STATUS_SUCCESS
;
5843 rp
->type
= cp
->type
;
5844 rp
->eir_len
= cpu_to_le16(eir_len
);
5846 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_EXT_DATA
,
5847 status
, rp
, sizeof(*rp
) + eir_len
);
5848 if (err
< 0 || status
)
5851 err
= mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED
, hdev
,
5852 rp
, sizeof(*rp
) + eir_len
,
5853 HCI_MGMT_OOB_DATA_EVENTS
, sk
);
5861 static u32
get_supported_adv_flags(struct hci_dev
*hdev
)
5865 flags
|= MGMT_ADV_FLAG_CONNECTABLE
;
5866 flags
|= MGMT_ADV_FLAG_DISCOV
;
5867 flags
|= MGMT_ADV_FLAG_LIMITED_DISCOV
;
5868 flags
|= MGMT_ADV_FLAG_MANAGED_FLAGS
;
5870 if (hdev
->adv_tx_power
!= HCI_TX_POWER_INVALID
)
5871 flags
|= MGMT_ADV_FLAG_TX_POWER
;
5876 static int read_adv_features(struct sock
*sk
, struct hci_dev
*hdev
,
5877 void *data
, u16 data_len
)
5879 struct mgmt_rp_read_adv_features
*rp
;
5882 struct adv_info
*adv_instance
;
5883 u32 supported_flags
;
5886 BT_DBG("%s", hdev
->name
);
5888 if (!lmp_le_capable(hdev
))
5889 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_READ_ADV_FEATURES
,
5890 MGMT_STATUS_REJECTED
);
5894 rp_len
= sizeof(*rp
) + hdev
->adv_instance_cnt
;
5895 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
5897 hci_dev_unlock(hdev
);
5901 supported_flags
= get_supported_adv_flags(hdev
);
5903 rp
->supported_flags
= cpu_to_le32(supported_flags
);
5904 rp
->max_adv_data_len
= HCI_MAX_AD_LENGTH
;
5905 rp
->max_scan_rsp_len
= HCI_MAX_AD_LENGTH
;
5906 rp
->max_instances
= HCI_MAX_ADV_INSTANCES
;
5907 rp
->num_instances
= hdev
->adv_instance_cnt
;
5909 instance
= rp
->instance
;
5910 list_for_each_entry(adv_instance
, &hdev
->adv_instances
, list
) {
5911 *instance
= adv_instance
->instance
;
5915 hci_dev_unlock(hdev
);
5917 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_READ_ADV_FEATURES
,
5918 MGMT_STATUS_SUCCESS
, rp
, rp_len
);
5925 static bool tlv_data_is_valid(struct hci_dev
*hdev
, u32 adv_flags
, u8
*data
,
5926 u8 len
, bool is_adv_data
)
5928 u8 max_len
= HCI_MAX_AD_LENGTH
;
5930 bool flags_managed
= false;
5931 bool tx_power_managed
= false;
5934 if (adv_flags
& (MGMT_ADV_FLAG_DISCOV
|
5935 MGMT_ADV_FLAG_LIMITED_DISCOV
|
5936 MGMT_ADV_FLAG_MANAGED_FLAGS
)) {
5937 flags_managed
= true;
5941 if (adv_flags
& MGMT_ADV_FLAG_TX_POWER
) {
5942 tx_power_managed
= true;
5950 /* Make sure that the data is correctly formatted. */
5951 for (i
= 0, cur_len
= 0; i
< len
; i
+= (cur_len
+ 1)) {
5954 if (flags_managed
&& data
[i
+ 1] == EIR_FLAGS
)
5957 if (tx_power_managed
&& data
[i
+ 1] == EIR_TX_POWER
)
5960 /* If the current field length would exceed the total data
5961 * length, then it's invalid.
5963 if (i
+ cur_len
>= len
)
5970 static void add_advertising_complete(struct hci_dev
*hdev
, u8 status
,
5973 struct mgmt_pending_cmd
*cmd
;
5974 struct mgmt_cp_add_advertising
*cp
;
5975 struct mgmt_rp_add_advertising rp
;
5976 struct adv_info
*adv_instance
, *n
;
5979 BT_DBG("status %d", status
);
5983 cmd
= pending_find(MGMT_OP_ADD_ADVERTISING
, hdev
);
5985 list_for_each_entry_safe(adv_instance
, n
, &hdev
->adv_instances
, list
) {
5986 if (!adv_instance
->pending
)
5990 adv_instance
->pending
= false;
5994 instance
= adv_instance
->instance
;
5996 if (hdev
->cur_adv_instance
== instance
)
5997 cancel_adv_timeout(hdev
);
5999 hci_remove_adv_instance(hdev
, instance
);
6000 mgmt_advertising_removed(cmd
? cmd
->sk
: NULL
, hdev
, instance
);
6007 rp
.instance
= cp
->instance
;
6010 mgmt_cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
,
6011 mgmt_status(status
));
6013 mgmt_cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
,
6014 mgmt_status(status
), &rp
, sizeof(rp
));
6016 mgmt_pending_remove(cmd
);
6019 hci_dev_unlock(hdev
);
6022 static int add_advertising(struct sock
*sk
, struct hci_dev
*hdev
,
6023 void *data
, u16 data_len
)
6025 struct mgmt_cp_add_advertising
*cp
= data
;
6026 struct mgmt_rp_add_advertising rp
;
6028 u32 supported_flags
;
6030 u16 timeout
, duration
;
6031 unsigned int prev_instance_cnt
= hdev
->adv_instance_cnt
;
6032 u8 schedule_instance
= 0;
6033 struct adv_info
*next_instance
;
6035 struct mgmt_pending_cmd
*cmd
;
6036 struct hci_request req
;
6038 BT_DBG("%s", hdev
->name
);
6040 status
= mgmt_le_support(hdev
);
6042 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_ADVERTISING
,
6045 if (cp
->instance
< 1 || cp
->instance
> HCI_MAX_ADV_INSTANCES
)
6046 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_ADVERTISING
,
6047 MGMT_STATUS_INVALID_PARAMS
);
6049 if (data_len
!= sizeof(*cp
) + cp
->adv_data_len
+ cp
->scan_rsp_len
)
6050 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_ADVERTISING
,
6051 MGMT_STATUS_INVALID_PARAMS
);
6053 flags
= __le32_to_cpu(cp
->flags
);
6054 timeout
= __le16_to_cpu(cp
->timeout
);
6055 duration
= __le16_to_cpu(cp
->duration
);
6057 /* The current implementation only supports a subset of the specified
6060 supported_flags
= get_supported_adv_flags(hdev
);
6061 if (flags
& ~supported_flags
)
6062 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_ADVERTISING
,
6063 MGMT_STATUS_INVALID_PARAMS
);
6067 if (timeout
&& !hdev_is_powered(hdev
)) {
6068 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_ADVERTISING
,
6069 MGMT_STATUS_REJECTED
);
6073 if (pending_find(MGMT_OP_ADD_ADVERTISING
, hdev
) ||
6074 pending_find(MGMT_OP_REMOVE_ADVERTISING
, hdev
) ||
6075 pending_find(MGMT_OP_SET_LE
, hdev
)) {
6076 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_ADVERTISING
,
6081 if (!tlv_data_is_valid(hdev
, flags
, cp
->data
, cp
->adv_data_len
, true) ||
6082 !tlv_data_is_valid(hdev
, flags
, cp
->data
+ cp
->adv_data_len
,
6083 cp
->scan_rsp_len
, false)) {
6084 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_ADVERTISING
,
6085 MGMT_STATUS_INVALID_PARAMS
);
6089 err
= hci_add_adv_instance(hdev
, cp
->instance
, flags
,
6090 cp
->adv_data_len
, cp
->data
,
6092 cp
->data
+ cp
->adv_data_len
,
6095 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_ADVERTISING
,
6096 MGMT_STATUS_FAILED
);
6100 /* Only trigger an advertising added event if a new instance was
6103 if (hdev
->adv_instance_cnt
> prev_instance_cnt
)
6104 mgmt_advertising_added(sk
, hdev
, cp
->instance
);
6106 if (hdev
->cur_adv_instance
== cp
->instance
) {
6107 /* If the currently advertised instance is being changed then
6108 * cancel the current advertising and schedule the next
6109 * instance. If there is only one instance then the overridden
6110 * advertising data will be visible right away.
6112 cancel_adv_timeout(hdev
);
6114 next_instance
= hci_get_next_instance(hdev
, cp
->instance
);
6116 schedule_instance
= next_instance
->instance
;
6117 } else if (!hdev
->adv_instance_timeout
) {
6118 /* Immediately advertise the new instance if no other
6119 * instance is currently being advertised.
6121 schedule_instance
= cp
->instance
;
6124 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6125 * there is no instance to be advertised then we have no HCI
6126 * communication to make. Simply return.
6128 if (!hdev_is_powered(hdev
) ||
6129 hci_dev_test_flag(hdev
, HCI_ADVERTISING
) ||
6130 !schedule_instance
) {
6131 rp
.instance
= cp
->instance
;
6132 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_ADVERTISING
,
6133 MGMT_STATUS_SUCCESS
, &rp
, sizeof(rp
));
6137 /* We're good to go, update advertising data, parameters, and start
6140 cmd
= mgmt_pending_add(sk
, MGMT_OP_ADD_ADVERTISING
, hdev
, data
,
6147 hci_req_init(&req
, hdev
);
6149 err
= __hci_req_schedule_adv_instance(&req
, schedule_instance
, true);
6152 err
= hci_req_run(&req
, add_advertising_complete
);
6155 mgmt_pending_remove(cmd
);
6158 hci_dev_unlock(hdev
);
6163 static void remove_advertising_complete(struct hci_dev
*hdev
, u8 status
,
6166 struct mgmt_pending_cmd
*cmd
;
6167 struct mgmt_cp_remove_advertising
*cp
;
6168 struct mgmt_rp_remove_advertising rp
;
6170 BT_DBG("status %d", status
);
6174 /* A failure status here only means that we failed to disable
6175 * advertising. Otherwise, the advertising instance has been removed,
6176 * so report success.
6178 cmd
= pending_find(MGMT_OP_REMOVE_ADVERTISING
, hdev
);
6183 rp
.instance
= cp
->instance
;
6185 mgmt_cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, MGMT_STATUS_SUCCESS
,
6187 mgmt_pending_remove(cmd
);
6190 hci_dev_unlock(hdev
);
6193 static int remove_advertising(struct sock
*sk
, struct hci_dev
*hdev
,
6194 void *data
, u16 data_len
)
6196 struct mgmt_cp_remove_advertising
*cp
= data
;
6197 struct mgmt_rp_remove_advertising rp
;
6198 struct mgmt_pending_cmd
*cmd
;
6199 struct hci_request req
;
6202 BT_DBG("%s", hdev
->name
);
6206 if (cp
->instance
&& !hci_find_adv_instance(hdev
, cp
->instance
)) {
6207 err
= mgmt_cmd_status(sk
, hdev
->id
,
6208 MGMT_OP_REMOVE_ADVERTISING
,
6209 MGMT_STATUS_INVALID_PARAMS
);
6213 if (pending_find(MGMT_OP_ADD_ADVERTISING
, hdev
) ||
6214 pending_find(MGMT_OP_REMOVE_ADVERTISING
, hdev
) ||
6215 pending_find(MGMT_OP_SET_LE
, hdev
)) {
6216 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_ADVERTISING
,
6221 if (list_empty(&hdev
->adv_instances
)) {
6222 err
= mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_ADVERTISING
,
6223 MGMT_STATUS_INVALID_PARAMS
);
6227 hci_req_init(&req
, hdev
);
6229 hci_req_clear_adv_instance(hdev
, sk
, &req
, cp
->instance
, true);
6231 if (list_empty(&hdev
->adv_instances
))
6232 __hci_req_disable_advertising(&req
);
6234 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6235 * flag is set or the device isn't powered then we have no HCI
6236 * communication to make. Simply return.
6238 if (skb_queue_empty(&req
.cmd_q
) ||
6239 !hdev_is_powered(hdev
) ||
6240 hci_dev_test_flag(hdev
, HCI_ADVERTISING
)) {
6241 rp
.instance
= cp
->instance
;
6242 err
= mgmt_cmd_complete(sk
, hdev
->id
,
6243 MGMT_OP_REMOVE_ADVERTISING
,
6244 MGMT_STATUS_SUCCESS
, &rp
, sizeof(rp
));
6248 cmd
= mgmt_pending_add(sk
, MGMT_OP_REMOVE_ADVERTISING
, hdev
, data
,
6255 err
= hci_req_run(&req
, remove_advertising_complete
);
6257 mgmt_pending_remove(cmd
);
6260 hci_dev_unlock(hdev
);
6265 static u8
tlv_data_max_len(u32 adv_flags
, bool is_adv_data
)
6267 u8 max_len
= HCI_MAX_AD_LENGTH
;
6270 if (adv_flags
& (MGMT_ADV_FLAG_DISCOV
|
6271 MGMT_ADV_FLAG_LIMITED_DISCOV
|
6272 MGMT_ADV_FLAG_MANAGED_FLAGS
))
6275 if (adv_flags
& MGMT_ADV_FLAG_TX_POWER
)
6282 static int get_adv_size_info(struct sock
*sk
, struct hci_dev
*hdev
,
6283 void *data
, u16 data_len
)
6285 struct mgmt_cp_get_adv_size_info
*cp
= data
;
6286 struct mgmt_rp_get_adv_size_info rp
;
6287 u32 flags
, supported_flags
;
6290 BT_DBG("%s", hdev
->name
);
6292 if (!lmp_le_capable(hdev
))
6293 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_GET_ADV_SIZE_INFO
,
6294 MGMT_STATUS_REJECTED
);
6296 if (cp
->instance
< 1 || cp
->instance
> HCI_MAX_ADV_INSTANCES
)
6297 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_GET_ADV_SIZE_INFO
,
6298 MGMT_STATUS_INVALID_PARAMS
);
6300 flags
= __le32_to_cpu(cp
->flags
);
6302 /* The current implementation only supports a subset of the specified
6305 supported_flags
= get_supported_adv_flags(hdev
);
6306 if (flags
& ~supported_flags
)
6307 return mgmt_cmd_status(sk
, hdev
->id
, MGMT_OP_GET_ADV_SIZE_INFO
,
6308 MGMT_STATUS_INVALID_PARAMS
);
6310 rp
.instance
= cp
->instance
;
6311 rp
.flags
= cp
->flags
;
6312 rp
.max_adv_data_len
= tlv_data_max_len(flags
, true);
6313 rp
.max_scan_rsp_len
= tlv_data_max_len(flags
, false);
6315 err
= mgmt_cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_ADV_SIZE_INFO
,
6316 MGMT_STATUS_SUCCESS
, &rp
, sizeof(rp
));
6321 static const struct hci_mgmt_handler mgmt_handlers
[] = {
6322 { NULL
}, /* 0x0000 (no command) */
6323 { read_version
, MGMT_READ_VERSION_SIZE
,
6325 HCI_MGMT_UNTRUSTED
},
6326 { read_commands
, MGMT_READ_COMMANDS_SIZE
,
6328 HCI_MGMT_UNTRUSTED
},
6329 { read_index_list
, MGMT_READ_INDEX_LIST_SIZE
,
6331 HCI_MGMT_UNTRUSTED
},
6332 { read_controller_info
, MGMT_READ_INFO_SIZE
,
6333 HCI_MGMT_UNTRUSTED
},
6334 { set_powered
, MGMT_SETTING_SIZE
},
6335 { set_discoverable
, MGMT_SET_DISCOVERABLE_SIZE
},
6336 { set_connectable
, MGMT_SETTING_SIZE
},
6337 { set_fast_connectable
, MGMT_SETTING_SIZE
},
6338 { set_bondable
, MGMT_SETTING_SIZE
},
6339 { set_link_security
, MGMT_SETTING_SIZE
},
6340 { set_ssp
, MGMT_SETTING_SIZE
},
6341 { set_hs
, MGMT_SETTING_SIZE
},
6342 { set_le
, MGMT_SETTING_SIZE
},
6343 { set_dev_class
, MGMT_SET_DEV_CLASS_SIZE
},
6344 { set_local_name
, MGMT_SET_LOCAL_NAME_SIZE
},
6345 { add_uuid
, MGMT_ADD_UUID_SIZE
},
6346 { remove_uuid
, MGMT_REMOVE_UUID_SIZE
},
6347 { load_link_keys
, MGMT_LOAD_LINK_KEYS_SIZE
,
6349 { load_long_term_keys
, MGMT_LOAD_LONG_TERM_KEYS_SIZE
,
6351 { disconnect
, MGMT_DISCONNECT_SIZE
},
6352 { get_connections
, MGMT_GET_CONNECTIONS_SIZE
},
6353 { pin_code_reply
, MGMT_PIN_CODE_REPLY_SIZE
},
6354 { pin_code_neg_reply
, MGMT_PIN_CODE_NEG_REPLY_SIZE
},
6355 { set_io_capability
, MGMT_SET_IO_CAPABILITY_SIZE
},
6356 { pair_device
, MGMT_PAIR_DEVICE_SIZE
},
6357 { cancel_pair_device
, MGMT_CANCEL_PAIR_DEVICE_SIZE
},
6358 { unpair_device
, MGMT_UNPAIR_DEVICE_SIZE
},
6359 { user_confirm_reply
, MGMT_USER_CONFIRM_REPLY_SIZE
},
6360 { user_confirm_neg_reply
, MGMT_USER_CONFIRM_NEG_REPLY_SIZE
},
6361 { user_passkey_reply
, MGMT_USER_PASSKEY_REPLY_SIZE
},
6362 { user_passkey_neg_reply
, MGMT_USER_PASSKEY_NEG_REPLY_SIZE
},
6363 { read_local_oob_data
, MGMT_READ_LOCAL_OOB_DATA_SIZE
},
6364 { add_remote_oob_data
, MGMT_ADD_REMOTE_OOB_DATA_SIZE
,
6366 { remove_remote_oob_data
, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE
},
6367 { start_discovery
, MGMT_START_DISCOVERY_SIZE
},
6368 { stop_discovery
, MGMT_STOP_DISCOVERY_SIZE
},
6369 { confirm_name
, MGMT_CONFIRM_NAME_SIZE
},
6370 { block_device
, MGMT_BLOCK_DEVICE_SIZE
},
6371 { unblock_device
, MGMT_UNBLOCK_DEVICE_SIZE
},
6372 { set_device_id
, MGMT_SET_DEVICE_ID_SIZE
},
6373 { set_advertising
, MGMT_SETTING_SIZE
},
6374 { set_bredr
, MGMT_SETTING_SIZE
},
6375 { set_static_address
, MGMT_SET_STATIC_ADDRESS_SIZE
},
6376 { set_scan_params
, MGMT_SET_SCAN_PARAMS_SIZE
},
6377 { set_secure_conn
, MGMT_SETTING_SIZE
},
6378 { set_debug_keys
, MGMT_SETTING_SIZE
},
6379 { set_privacy
, MGMT_SET_PRIVACY_SIZE
},
6380 { load_irks
, MGMT_LOAD_IRKS_SIZE
,
6382 { get_conn_info
, MGMT_GET_CONN_INFO_SIZE
},
6383 { get_clock_info
, MGMT_GET_CLOCK_INFO_SIZE
},
6384 { add_device
, MGMT_ADD_DEVICE_SIZE
},
6385 { remove_device
, MGMT_REMOVE_DEVICE_SIZE
},
6386 { load_conn_param
, MGMT_LOAD_CONN_PARAM_SIZE
,
6388 { read_unconf_index_list
, MGMT_READ_UNCONF_INDEX_LIST_SIZE
,
6390 HCI_MGMT_UNTRUSTED
},
6391 { read_config_info
, MGMT_READ_CONFIG_INFO_SIZE
,
6392 HCI_MGMT_UNCONFIGURED
|
6393 HCI_MGMT_UNTRUSTED
},
6394 { set_external_config
, MGMT_SET_EXTERNAL_CONFIG_SIZE
,
6395 HCI_MGMT_UNCONFIGURED
},
6396 { set_public_address
, MGMT_SET_PUBLIC_ADDRESS_SIZE
,
6397 HCI_MGMT_UNCONFIGURED
},
6398 { start_service_discovery
, MGMT_START_SERVICE_DISCOVERY_SIZE
,
6400 { read_local_oob_ext_data
, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE
},
6401 { read_ext_index_list
, MGMT_READ_EXT_INDEX_LIST_SIZE
,
6403 HCI_MGMT_UNTRUSTED
},
6404 { read_adv_features
, MGMT_READ_ADV_FEATURES_SIZE
},
6405 { add_advertising
, MGMT_ADD_ADVERTISING_SIZE
,
6407 { remove_advertising
, MGMT_REMOVE_ADVERTISING_SIZE
},
6408 { get_adv_size_info
, MGMT_GET_ADV_SIZE_INFO_SIZE
},
6409 { start_limited_discovery
, MGMT_START_DISCOVERY_SIZE
},
6410 { read_ext_controller_info
,MGMT_READ_EXT_INFO_SIZE
,
6411 HCI_MGMT_UNTRUSTED
},
6414 void mgmt_index_added(struct hci_dev
*hdev
)
6416 struct mgmt_ev_ext_index ev
;
6418 if (test_bit(HCI_QUIRK_RAW_DEVICE
, &hdev
->quirks
))
6421 switch (hdev
->dev_type
) {
6423 if (hci_dev_test_flag(hdev
, HCI_UNCONFIGURED
)) {
6424 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED
, hdev
,
6425 NULL
, 0, HCI_MGMT_UNCONF_INDEX_EVENTS
);
6428 mgmt_index_event(MGMT_EV_INDEX_ADDED
, hdev
, NULL
, 0,
6429 HCI_MGMT_INDEX_EVENTS
);
6442 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED
, hdev
, &ev
, sizeof(ev
),
6443 HCI_MGMT_EXT_INDEX_EVENTS
);
6446 void mgmt_index_removed(struct hci_dev
*hdev
)
6448 struct mgmt_ev_ext_index ev
;
6449 u8 status
= MGMT_STATUS_INVALID_INDEX
;
6451 if (test_bit(HCI_QUIRK_RAW_DEVICE
, &hdev
->quirks
))
6454 switch (hdev
->dev_type
) {
6456 mgmt_pending_foreach(0, hdev
, cmd_complete_rsp
, &status
);
6458 if (hci_dev_test_flag(hdev
, HCI_UNCONFIGURED
)) {
6459 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED
, hdev
,
6460 NULL
, 0, HCI_MGMT_UNCONF_INDEX_EVENTS
);
6463 mgmt_index_event(MGMT_EV_INDEX_REMOVED
, hdev
, NULL
, 0,
6464 HCI_MGMT_INDEX_EVENTS
);
6477 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED
, hdev
, &ev
, sizeof(ev
),
6478 HCI_MGMT_EXT_INDEX_EVENTS
);
6481 /* This function requires the caller holds hdev->lock */
6482 static void restart_le_actions(struct hci_dev
*hdev
)
6484 struct hci_conn_params
*p
;
6486 list_for_each_entry(p
, &hdev
->le_conn_params
, list
) {
6487 /* Needed for AUTO_OFF case where might not "really"
6488 * have been powered off.
6490 list_del_init(&p
->action
);
6492 switch (p
->auto_connect
) {
6493 case HCI_AUTO_CONN_DIRECT
:
6494 case HCI_AUTO_CONN_ALWAYS
:
6495 list_add(&p
->action
, &hdev
->pend_le_conns
);
6497 case HCI_AUTO_CONN_REPORT
:
6498 list_add(&p
->action
, &hdev
->pend_le_reports
);
6506 void mgmt_power_on(struct hci_dev
*hdev
, int err
)
6508 struct cmd_lookup match
= { NULL
, hdev
};
6510 BT_DBG("err %d", err
);
6515 restart_le_actions(hdev
);
6516 hci_update_background_scan(hdev
);
6519 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
, &match
);
6521 new_settings(hdev
, match
.sk
);
6526 hci_dev_unlock(hdev
);
6529 void __mgmt_power_off(struct hci_dev
*hdev
)
6531 struct cmd_lookup match
= { NULL
, hdev
};
6532 u8 status
, zero_cod
[] = { 0, 0, 0 };
6534 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
, &match
);
6536 /* If the power off is because of hdev unregistration let
6537 * use the appropriate INVALID_INDEX status. Otherwise use
6538 * NOT_POWERED. We cover both scenarios here since later in
6539 * mgmt_index_removed() any hci_conn callbacks will have already
6540 * been triggered, potentially causing misleading DISCONNECTED
6543 if (hci_dev_test_flag(hdev
, HCI_UNREGISTER
))
6544 status
= MGMT_STATUS_INVALID_INDEX
;
6546 status
= MGMT_STATUS_NOT_POWERED
;
6548 mgmt_pending_foreach(0, hdev
, cmd_complete_rsp
, &status
);
6550 if (memcmp(hdev
->dev_class
, zero_cod
, sizeof(zero_cod
)) != 0) {
6551 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED
, hdev
,
6552 zero_cod
, sizeof(zero_cod
),
6553 HCI_MGMT_DEV_CLASS_EVENTS
, NULL
);
6554 ext_info_changed(hdev
, NULL
);
6557 new_settings(hdev
, match
.sk
);
6563 void mgmt_set_powered_failed(struct hci_dev
*hdev
, int err
)
6565 struct mgmt_pending_cmd
*cmd
;
6568 cmd
= pending_find(MGMT_OP_SET_POWERED
, hdev
);
6572 if (err
== -ERFKILL
)
6573 status
= MGMT_STATUS_RFKILLED
;
6575 status
= MGMT_STATUS_FAILED
;
6577 mgmt_cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_POWERED
, status
);
6579 mgmt_pending_remove(cmd
);
6582 void mgmt_new_link_key(struct hci_dev
*hdev
, struct link_key
*key
,
6585 struct mgmt_ev_new_link_key ev
;
6587 memset(&ev
, 0, sizeof(ev
));
6589 ev
.store_hint
= persistent
;
6590 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
6591 ev
.key
.addr
.type
= BDADDR_BREDR
;
6592 ev
.key
.type
= key
->type
;
6593 memcpy(ev
.key
.val
, key
->val
, HCI_LINK_KEY_SIZE
);
6594 ev
.key
.pin_len
= key
->pin_len
;
6596 mgmt_event(MGMT_EV_NEW_LINK_KEY
, hdev
, &ev
, sizeof(ev
), NULL
);
6599 static u8
mgmt_ltk_type(struct smp_ltk
*ltk
)
6601 switch (ltk
->type
) {
6604 if (ltk
->authenticated
)
6605 return MGMT_LTK_AUTHENTICATED
;
6606 return MGMT_LTK_UNAUTHENTICATED
;
6608 if (ltk
->authenticated
)
6609 return MGMT_LTK_P256_AUTH
;
6610 return MGMT_LTK_P256_UNAUTH
;
6611 case SMP_LTK_P256_DEBUG
:
6612 return MGMT_LTK_P256_DEBUG
;
6615 return MGMT_LTK_UNAUTHENTICATED
;
6618 void mgmt_new_ltk(struct hci_dev
*hdev
, struct smp_ltk
*key
, bool persistent
)
6620 struct mgmt_ev_new_long_term_key ev
;
6622 memset(&ev
, 0, sizeof(ev
));
6624 /* Devices using resolvable or non-resolvable random addresses
6625 * without providing an identity resolving key don't require
6626 * to store long term keys. Their addresses will change the
6629 * Only when a remote device provides an identity address
6630 * make sure the long term key is stored. If the remote
6631 * identity is known, the long term keys are internally
6632 * mapped to the identity address. So allow static random
6633 * and public addresses here.
6635 if (key
->bdaddr_type
== ADDR_LE_DEV_RANDOM
&&
6636 (key
->bdaddr
.b
[5] & 0xc0) != 0xc0)
6637 ev
.store_hint
= 0x00;
6639 ev
.store_hint
= persistent
;
6641 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
6642 ev
.key
.addr
.type
= link_to_bdaddr(LE_LINK
, key
->bdaddr_type
);
6643 ev
.key
.type
= mgmt_ltk_type(key
);
6644 ev
.key
.enc_size
= key
->enc_size
;
6645 ev
.key
.ediv
= key
->ediv
;
6646 ev
.key
.rand
= key
->rand
;
6648 if (key
->type
== SMP_LTK
)
6651 /* Make sure we copy only the significant bytes based on the
6652 * encryption key size, and set the rest of the value to zeroes.
6654 memcpy(ev
.key
.val
, key
->val
, key
->enc_size
);
6655 memset(ev
.key
.val
+ key
->enc_size
, 0,
6656 sizeof(ev
.key
.val
) - key
->enc_size
);
6658 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY
, hdev
, &ev
, sizeof(ev
), NULL
);
6661 void mgmt_new_irk(struct hci_dev
*hdev
, struct smp_irk
*irk
, bool persistent
)
6663 struct mgmt_ev_new_irk ev
;
6665 memset(&ev
, 0, sizeof(ev
));
6667 ev
.store_hint
= persistent
;
6669 bacpy(&ev
.rpa
, &irk
->rpa
);
6670 bacpy(&ev
.irk
.addr
.bdaddr
, &irk
->bdaddr
);
6671 ev
.irk
.addr
.type
= link_to_bdaddr(LE_LINK
, irk
->addr_type
);
6672 memcpy(ev
.irk
.val
, irk
->val
, sizeof(irk
->val
));
6674 mgmt_event(MGMT_EV_NEW_IRK
, hdev
, &ev
, sizeof(ev
), NULL
);
6677 void mgmt_new_csrk(struct hci_dev
*hdev
, struct smp_csrk
*csrk
,
6680 struct mgmt_ev_new_csrk ev
;
6682 memset(&ev
, 0, sizeof(ev
));
6684 /* Devices using resolvable or non-resolvable random addresses
6685 * without providing an identity resolving key don't require
6686 * to store signature resolving keys. Their addresses will change
6687 * the next time around.
6689 * Only when a remote device provides an identity address
6690 * make sure the signature resolving key is stored. So allow
6691 * static random and public addresses here.
6693 if (csrk
->bdaddr_type
== ADDR_LE_DEV_RANDOM
&&
6694 (csrk
->bdaddr
.b
[5] & 0xc0) != 0xc0)
6695 ev
.store_hint
= 0x00;
6697 ev
.store_hint
= persistent
;
6699 bacpy(&ev
.key
.addr
.bdaddr
, &csrk
->bdaddr
);
6700 ev
.key
.addr
.type
= link_to_bdaddr(LE_LINK
, csrk
->bdaddr_type
);
6701 ev
.key
.type
= csrk
->type
;
6702 memcpy(ev
.key
.val
, csrk
->val
, sizeof(csrk
->val
));
6704 mgmt_event(MGMT_EV_NEW_CSRK
, hdev
, &ev
, sizeof(ev
), NULL
);
6707 void mgmt_new_conn_param(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6708 u8 bdaddr_type
, u8 store_hint
, u16 min_interval
,
6709 u16 max_interval
, u16 latency
, u16 timeout
)
6711 struct mgmt_ev_new_conn_param ev
;
6713 if (!hci_is_identity_address(bdaddr
, bdaddr_type
))
6716 memset(&ev
, 0, sizeof(ev
));
6717 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
6718 ev
.addr
.type
= link_to_bdaddr(LE_LINK
, bdaddr_type
);
6719 ev
.store_hint
= store_hint
;
6720 ev
.min_interval
= cpu_to_le16(min_interval
);
6721 ev
.max_interval
= cpu_to_le16(max_interval
);
6722 ev
.latency
= cpu_to_le16(latency
);
6723 ev
.timeout
= cpu_to_le16(timeout
);
6725 mgmt_event(MGMT_EV_NEW_CONN_PARAM
, hdev
, &ev
, sizeof(ev
), NULL
);
6728 void mgmt_device_connected(struct hci_dev
*hdev
, struct hci_conn
*conn
,
6729 u32 flags
, u8
*name
, u8 name_len
)
6732 struct mgmt_ev_device_connected
*ev
= (void *) buf
;
6735 bacpy(&ev
->addr
.bdaddr
, &conn
->dst
);
6736 ev
->addr
.type
= link_to_bdaddr(conn
->type
, conn
->dst_type
);
6738 ev
->flags
= __cpu_to_le32(flags
);
6740 /* We must ensure that the EIR Data fields are ordered and
6741 * unique. Keep it simple for now and avoid the problem by not
6742 * adding any BR/EDR data to the LE adv.
6744 if (conn
->le_adv_data_len
> 0) {
6745 memcpy(&ev
->eir
[eir_len
],
6746 conn
->le_adv_data
, conn
->le_adv_data_len
);
6747 eir_len
= conn
->le_adv_data_len
;
6750 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
,
6753 if (memcmp(conn
->dev_class
, "\0\0\0", 3) != 0)
6754 eir_len
= eir_append_data(ev
->eir
, eir_len
,
6756 conn
->dev_class
, 3);
6759 ev
->eir_len
= cpu_to_le16(eir_len
);
6761 mgmt_event(MGMT_EV_DEVICE_CONNECTED
, hdev
, buf
,
6762 sizeof(*ev
) + eir_len
, NULL
);
6765 static void disconnect_rsp(struct mgmt_pending_cmd
*cmd
, void *data
)
6767 struct sock
**sk
= data
;
6769 cmd
->cmd_complete(cmd
, 0);
6774 mgmt_pending_remove(cmd
);
6777 static void unpair_device_rsp(struct mgmt_pending_cmd
*cmd
, void *data
)
6779 struct hci_dev
*hdev
= data
;
6780 struct mgmt_cp_unpair_device
*cp
= cmd
->param
;
6782 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, cmd
->sk
);
6784 cmd
->cmd_complete(cmd
, 0);
6785 mgmt_pending_remove(cmd
);
6788 bool mgmt_powering_down(struct hci_dev
*hdev
)
6790 struct mgmt_pending_cmd
*cmd
;
6791 struct mgmt_mode
*cp
;
6793 cmd
= pending_find(MGMT_OP_SET_POWERED
, hdev
);
6804 void mgmt_device_disconnected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6805 u8 link_type
, u8 addr_type
, u8 reason
,
6806 bool mgmt_connected
)
6808 struct mgmt_ev_device_disconnected ev
;
6809 struct sock
*sk
= NULL
;
6811 /* The connection is still in hci_conn_hash so test for 1
6812 * instead of 0 to know if this is the last one.
6814 if (mgmt_powering_down(hdev
) && hci_conn_count(hdev
) == 1) {
6815 cancel_delayed_work(&hdev
->power_off
);
6816 queue_work(hdev
->req_workqueue
, &hdev
->power_off
.work
);
6819 if (!mgmt_connected
)
6822 if (link_type
!= ACL_LINK
&& link_type
!= LE_LINK
)
6825 mgmt_pending_foreach(MGMT_OP_DISCONNECT
, hdev
, disconnect_rsp
, &sk
);
6827 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
6828 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
6831 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED
, hdev
, &ev
, sizeof(ev
), sk
);
6836 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
6840 void mgmt_disconnect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6841 u8 link_type
, u8 addr_type
, u8 status
)
6843 u8 bdaddr_type
= link_to_bdaddr(link_type
, addr_type
);
6844 struct mgmt_cp_disconnect
*cp
;
6845 struct mgmt_pending_cmd
*cmd
;
6847 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
6850 cmd
= pending_find(MGMT_OP_DISCONNECT
, hdev
);
6856 if (bacmp(bdaddr
, &cp
->addr
.bdaddr
))
6859 if (cp
->addr
.type
!= bdaddr_type
)
6862 cmd
->cmd_complete(cmd
, mgmt_status(status
));
6863 mgmt_pending_remove(cmd
);
6866 void mgmt_connect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
6867 u8 addr_type
, u8 status
)
6869 struct mgmt_ev_connect_failed ev
;
6871 /* The connection is still in hci_conn_hash so test for 1
6872 * instead of 0 to know if this is the last one.
6874 if (mgmt_powering_down(hdev
) && hci_conn_count(hdev
) == 1) {
6875 cancel_delayed_work(&hdev
->power_off
);
6876 queue_work(hdev
->req_workqueue
, &hdev
->power_off
.work
);
6879 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
6880 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
6881 ev
.status
= mgmt_status(status
);
6883 mgmt_event(MGMT_EV_CONNECT_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
6886 void mgmt_pin_code_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 secure
)
6888 struct mgmt_ev_pin_code_request ev
;
6890 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
6891 ev
.addr
.type
= BDADDR_BREDR
;
6894 mgmt_event(MGMT_EV_PIN_CODE_REQUEST
, hdev
, &ev
, sizeof(ev
), NULL
);
6897 void mgmt_pin_code_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6900 struct mgmt_pending_cmd
*cmd
;
6902 cmd
= pending_find(MGMT_OP_PIN_CODE_REPLY
, hdev
);
6906 cmd
->cmd_complete(cmd
, mgmt_status(status
));
6907 mgmt_pending_remove(cmd
);
6910 void mgmt_pin_code_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6913 struct mgmt_pending_cmd
*cmd
;
6915 cmd
= pending_find(MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
);
6919 cmd
->cmd_complete(cmd
, mgmt_status(status
));
6920 mgmt_pending_remove(cmd
);
6923 int mgmt_user_confirm_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6924 u8 link_type
, u8 addr_type
, u32 value
,
6927 struct mgmt_ev_user_confirm_request ev
;
6929 BT_DBG("%s", hdev
->name
);
6931 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
6932 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
6933 ev
.confirm_hint
= confirm_hint
;
6934 ev
.value
= cpu_to_le32(value
);
6936 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST
, hdev
, &ev
, sizeof(ev
),
6940 int mgmt_user_passkey_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6941 u8 link_type
, u8 addr_type
)
6943 struct mgmt_ev_user_passkey_request ev
;
6945 BT_DBG("%s", hdev
->name
);
6947 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
6948 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
6950 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST
, hdev
, &ev
, sizeof(ev
),
6954 static int user_pairing_resp_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6955 u8 link_type
, u8 addr_type
, u8 status
,
6958 struct mgmt_pending_cmd
*cmd
;
6960 cmd
= pending_find(opcode
, hdev
);
6964 cmd
->cmd_complete(cmd
, mgmt_status(status
));
6965 mgmt_pending_remove(cmd
);
6970 int mgmt_user_confirm_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6971 u8 link_type
, u8 addr_type
, u8 status
)
6973 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
6974 status
, MGMT_OP_USER_CONFIRM_REPLY
);
6977 int mgmt_user_confirm_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6978 u8 link_type
, u8 addr_type
, u8 status
)
6980 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
6982 MGMT_OP_USER_CONFIRM_NEG_REPLY
);
6985 int mgmt_user_passkey_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6986 u8 link_type
, u8 addr_type
, u8 status
)
6988 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
6989 status
, MGMT_OP_USER_PASSKEY_REPLY
);
6992 int mgmt_user_passkey_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6993 u8 link_type
, u8 addr_type
, u8 status
)
6995 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
6997 MGMT_OP_USER_PASSKEY_NEG_REPLY
);
7000 int mgmt_user_passkey_notify(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
7001 u8 link_type
, u8 addr_type
, u32 passkey
,
7004 struct mgmt_ev_passkey_notify ev
;
7006 BT_DBG("%s", hdev
->name
);
7008 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
7009 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
7010 ev
.passkey
= __cpu_to_le32(passkey
);
7011 ev
.entered
= entered
;
7013 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY
, hdev
, &ev
, sizeof(ev
), NULL
);
7016 void mgmt_auth_failed(struct hci_conn
*conn
, u8 hci_status
)
7018 struct mgmt_ev_auth_failed ev
;
7019 struct mgmt_pending_cmd
*cmd
;
7020 u8 status
= mgmt_status(hci_status
);
7022 bacpy(&ev
.addr
.bdaddr
, &conn
->dst
);
7023 ev
.addr
.type
= link_to_bdaddr(conn
->type
, conn
->dst_type
);
7026 cmd
= find_pairing(conn
);
7028 mgmt_event(MGMT_EV_AUTH_FAILED
, conn
->hdev
, &ev
, sizeof(ev
),
7029 cmd
? cmd
->sk
: NULL
);
7032 cmd
->cmd_complete(cmd
, status
);
7033 mgmt_pending_remove(cmd
);
7037 void mgmt_auth_enable_complete(struct hci_dev
*hdev
, u8 status
)
7039 struct cmd_lookup match
= { NULL
, hdev
};
7043 u8 mgmt_err
= mgmt_status(status
);
7044 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
,
7045 cmd_status_rsp
, &mgmt_err
);
7049 if (test_bit(HCI_AUTH
, &hdev
->flags
))
7050 changed
= !hci_dev_test_and_set_flag(hdev
, HCI_LINK_SECURITY
);
7052 changed
= hci_dev_test_and_clear_flag(hdev
, HCI_LINK_SECURITY
);
7054 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
, settings_rsp
,
7058 new_settings(hdev
, match
.sk
);
7064 static void clear_eir(struct hci_request
*req
)
7066 struct hci_dev
*hdev
= req
->hdev
;
7067 struct hci_cp_write_eir cp
;
7069 if (!lmp_ext_inq_capable(hdev
))
7072 memset(hdev
->eir
, 0, sizeof(hdev
->eir
));
7074 memset(&cp
, 0, sizeof(cp
));
7076 hci_req_add(req
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
7079 void mgmt_ssp_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
7081 struct cmd_lookup match
= { NULL
, hdev
};
7082 struct hci_request req
;
7083 bool changed
= false;
7086 u8 mgmt_err
= mgmt_status(status
);
7088 if (enable
&& hci_dev_test_and_clear_flag(hdev
,
7090 hci_dev_clear_flag(hdev
, HCI_HS_ENABLED
);
7091 new_settings(hdev
, NULL
);
7094 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, cmd_status_rsp
,
7100 changed
= !hci_dev_test_and_set_flag(hdev
, HCI_SSP_ENABLED
);
7102 changed
= hci_dev_test_and_clear_flag(hdev
, HCI_SSP_ENABLED
);
7104 changed
= hci_dev_test_and_clear_flag(hdev
,
7107 hci_dev_clear_flag(hdev
, HCI_HS_ENABLED
);
7110 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, settings_rsp
, &match
);
7113 new_settings(hdev
, match
.sk
);
7118 hci_req_init(&req
, hdev
);
7120 if (hci_dev_test_flag(hdev
, HCI_SSP_ENABLED
)) {
7121 if (hci_dev_test_flag(hdev
, HCI_USE_DEBUG_KEYS
))
7122 hci_req_add(&req
, HCI_OP_WRITE_SSP_DEBUG_MODE
,
7123 sizeof(enable
), &enable
);
7124 __hci_req_update_eir(&req
);
7129 hci_req_run(&req
, NULL
);
7132 static void sk_lookup(struct mgmt_pending_cmd
*cmd
, void *data
)
7134 struct cmd_lookup
*match
= data
;
7136 if (match
->sk
== NULL
) {
7137 match
->sk
= cmd
->sk
;
7138 sock_hold(match
->sk
);
7142 void mgmt_set_class_of_dev_complete(struct hci_dev
*hdev
, u8
*dev_class
,
7145 struct cmd_lookup match
= { NULL
, hdev
, mgmt_status(status
) };
7147 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS
, hdev
, sk_lookup
, &match
);
7148 mgmt_pending_foreach(MGMT_OP_ADD_UUID
, hdev
, sk_lookup
, &match
);
7149 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID
, hdev
, sk_lookup
, &match
);
7152 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED
, hdev
, dev_class
,
7153 3, HCI_MGMT_DEV_CLASS_EVENTS
, NULL
);
7154 ext_info_changed(hdev
, NULL
);
7161 void mgmt_set_local_name_complete(struct hci_dev
*hdev
, u8
*name
, u8 status
)
7163 struct mgmt_cp_set_local_name ev
;
7164 struct mgmt_pending_cmd
*cmd
;
7169 memset(&ev
, 0, sizeof(ev
));
7170 memcpy(ev
.name
, name
, HCI_MAX_NAME_LENGTH
);
7171 memcpy(ev
.short_name
, hdev
->short_name
, HCI_MAX_SHORT_NAME_LENGTH
);
7173 cmd
= pending_find(MGMT_OP_SET_LOCAL_NAME
, hdev
);
7175 memcpy(hdev
->dev_name
, name
, sizeof(hdev
->dev_name
));
7177 /* If this is a HCI command related to powering on the
7178 * HCI dev don't send any mgmt signals.
7180 if (pending_find(MGMT_OP_SET_POWERED
, hdev
))
7184 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, &ev
, sizeof(ev
),
7185 HCI_MGMT_LOCAL_NAME_EVENTS
, cmd
? cmd
->sk
: NULL
);
7186 ext_info_changed(hdev
, cmd
? cmd
->sk
: NULL
);
7189 static inline bool has_uuid(u8
*uuid
, u16 uuid_count
, u8 (*uuids
)[16])
7193 for (i
= 0; i
< uuid_count
; i
++) {
7194 if (!memcmp(uuid
, uuids
[i
], 16))
7201 static bool eir_has_uuids(u8
*eir
, u16 eir_len
, u16 uuid_count
, u8 (*uuids
)[16])
7205 while (parsed
< eir_len
) {
7206 u8 field_len
= eir
[0];
7213 if (eir_len
- parsed
< field_len
+ 1)
7217 case EIR_UUID16_ALL
:
7218 case EIR_UUID16_SOME
:
7219 for (i
= 0; i
+ 3 <= field_len
; i
+= 2) {
7220 memcpy(uuid
, bluetooth_base_uuid
, 16);
7221 uuid
[13] = eir
[i
+ 3];
7222 uuid
[12] = eir
[i
+ 2];
7223 if (has_uuid(uuid
, uuid_count
, uuids
))
7227 case EIR_UUID32_ALL
:
7228 case EIR_UUID32_SOME
:
7229 for (i
= 0; i
+ 5 <= field_len
; i
+= 4) {
7230 memcpy(uuid
, bluetooth_base_uuid
, 16);
7231 uuid
[15] = eir
[i
+ 5];
7232 uuid
[14] = eir
[i
+ 4];
7233 uuid
[13] = eir
[i
+ 3];
7234 uuid
[12] = eir
[i
+ 2];
7235 if (has_uuid(uuid
, uuid_count
, uuids
))
7239 case EIR_UUID128_ALL
:
7240 case EIR_UUID128_SOME
:
7241 for (i
= 0; i
+ 17 <= field_len
; i
+= 16) {
7242 memcpy(uuid
, eir
+ i
+ 2, 16);
7243 if (has_uuid(uuid
, uuid_count
, uuids
))
7249 parsed
+= field_len
+ 1;
7250 eir
+= field_len
+ 1;
7256 static void restart_le_scan(struct hci_dev
*hdev
)
7258 /* If controller is not scanning we are done. */
7259 if (!hci_dev_test_flag(hdev
, HCI_LE_SCAN
))
7262 if (time_after(jiffies
+ DISCOV_LE_RESTART_DELAY
,
7263 hdev
->discovery
.scan_start
+
7264 hdev
->discovery
.scan_duration
))
7267 queue_delayed_work(hdev
->req_workqueue
, &hdev
->le_scan_restart
,
7268 DISCOV_LE_RESTART_DELAY
);
7271 static bool is_filter_match(struct hci_dev
*hdev
, s8 rssi
, u8
*eir
,
7272 u16 eir_len
, u8
*scan_rsp
, u8 scan_rsp_len
)
7274 /* If a RSSI threshold has been specified, and
7275 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7276 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7277 * is set, let it through for further processing, as we might need to
7280 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7281 * the results are also dropped.
7283 if (hdev
->discovery
.rssi
!= HCI_RSSI_INVALID
&&
7284 (rssi
== HCI_RSSI_INVALID
||
7285 (rssi
< hdev
->discovery
.rssi
&&
7286 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER
, &hdev
->quirks
))))
7289 if (hdev
->discovery
.uuid_count
!= 0) {
7290 /* If a list of UUIDs is provided in filter, results with no
7291 * matching UUID should be dropped.
7293 if (!eir_has_uuids(eir
, eir_len
, hdev
->discovery
.uuid_count
,
7294 hdev
->discovery
.uuids
) &&
7295 !eir_has_uuids(scan_rsp
, scan_rsp_len
,
7296 hdev
->discovery
.uuid_count
,
7297 hdev
->discovery
.uuids
))
7301 /* If duplicate filtering does not report RSSI changes, then restart
7302 * scanning to ensure updated result with updated RSSI values.
7304 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER
, &hdev
->quirks
)) {
7305 restart_le_scan(hdev
);
7307 /* Validate RSSI value against the RSSI threshold once more. */
7308 if (hdev
->discovery
.rssi
!= HCI_RSSI_INVALID
&&
7309 rssi
< hdev
->discovery
.rssi
)
7316 void mgmt_device_found(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
7317 u8 addr_type
, u8
*dev_class
, s8 rssi
, u32 flags
,
7318 u8
*eir
, u16 eir_len
, u8
*scan_rsp
, u8 scan_rsp_len
)
7321 struct mgmt_ev_device_found
*ev
= (void *)buf
;
7324 /* Don't send events for a non-kernel initiated discovery. With
7325 * LE one exception is if we have pend_le_reports > 0 in which
7326 * case we're doing passive scanning and want these events.
7328 if (!hci_discovery_active(hdev
)) {
7329 if (link_type
== ACL_LINK
)
7331 if (link_type
== LE_LINK
&& list_empty(&hdev
->pend_le_reports
))
7335 if (hdev
->discovery
.result_filtering
) {
7336 /* We are using service discovery */
7337 if (!is_filter_match(hdev
, rssi
, eir
, eir_len
, scan_rsp
,
7342 if (hdev
->discovery
.limited
) {
7343 /* Check for limited discoverable bit */
7345 if (!(dev_class
[1] & 0x20))
7348 u8
*flags
= eir_get_data(eir
, eir_len
, EIR_FLAGS
, NULL
);
7349 if (!flags
|| !(flags
[0] & LE_AD_LIMITED
))
7354 /* Make sure that the buffer is big enough. The 5 extra bytes
7355 * are for the potential CoD field.
7357 if (sizeof(*ev
) + eir_len
+ scan_rsp_len
+ 5 > sizeof(buf
))
7360 memset(buf
, 0, sizeof(buf
));
7362 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7363 * RSSI value was reported as 0 when not available. This behavior
7364 * is kept when using device discovery. This is required for full
7365 * backwards compatibility with the API.
7367 * However when using service discovery, the value 127 will be
7368 * returned when the RSSI is not available.
7370 if (rssi
== HCI_RSSI_INVALID
&& !hdev
->discovery
.report_invalid_rssi
&&
7371 link_type
== ACL_LINK
)
7374 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
7375 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
7377 ev
->flags
= cpu_to_le32(flags
);
7380 /* Copy EIR or advertising data into event */
7381 memcpy(ev
->eir
, eir
, eir_len
);
7383 if (dev_class
&& !eir_get_data(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
,
7385 eir_len
= eir_append_data(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
,
7388 if (scan_rsp_len
> 0)
7389 /* Append scan response data to event */
7390 memcpy(ev
->eir
+ eir_len
, scan_rsp
, scan_rsp_len
);
7392 ev
->eir_len
= cpu_to_le16(eir_len
+ scan_rsp_len
);
7393 ev_size
= sizeof(*ev
) + eir_len
+ scan_rsp_len
;
7395 mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
, ev_size
, NULL
);
7398 void mgmt_remote_name(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
7399 u8 addr_type
, s8 rssi
, u8
*name
, u8 name_len
)
7401 struct mgmt_ev_device_found
*ev
;
7402 char buf
[sizeof(*ev
) + HCI_MAX_NAME_LENGTH
+ 2];
7405 ev
= (struct mgmt_ev_device_found
*) buf
;
7407 memset(buf
, 0, sizeof(buf
));
7409 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
7410 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
7413 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
, name
,
7416 ev
->eir_len
= cpu_to_le16(eir_len
);
7418 mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
, sizeof(*ev
) + eir_len
, NULL
);
7421 void mgmt_discovering(struct hci_dev
*hdev
, u8 discovering
)
7423 struct mgmt_ev_discovering ev
;
7425 BT_DBG("%s discovering %u", hdev
->name
, discovering
);
7427 memset(&ev
, 0, sizeof(ev
));
7428 ev
.type
= hdev
->discovery
.type
;
7429 ev
.discovering
= discovering
;
7431 mgmt_event(MGMT_EV_DISCOVERING
, hdev
, &ev
, sizeof(ev
), NULL
);
7434 static struct hci_mgmt_chan chan
= {
7435 .channel
= HCI_CHANNEL_CONTROL
,
7436 .handler_count
= ARRAY_SIZE(mgmt_handlers
),
7437 .handlers
= mgmt_handlers
,
7438 .hdev_init
= mgmt_init_hdev
,
7443 return hci_mgmt_chan_register(&chan
);
7446 void mgmt_exit(void)
7448 hci_mgmt_chan_unregister(&chan
);