2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
36 #define MGMT_VERSION 1
37 #define MGMT_REVISION 4
39 static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
76 MGMT_OP_UNBLOCK_DEVICE,
77 MGMT_OP_SET_DEVICE_ID,
78 MGMT_OP_SET_ADVERTISING,
80 MGMT_OP_SET_STATIC_ADDRESS,
81 MGMT_OP_SET_SCAN_PARAMS,
84 static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
87 MGMT_EV_INDEX_REMOVED,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
100 MGMT_EV_DEVICE_FOUND,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
105 MGMT_EV_PASSKEY_NOTIFY,
108 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
110 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
111 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
114 struct list_head list;
122 /* HCI to MGMT error code conversion table */
123 static u8 mgmt_status_table[] = {
125 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
126 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
127 MGMT_STATUS_FAILED, /* Hardware Failure */
128 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
129 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
130 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
131 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
132 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
133 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
135 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
136 MGMT_STATUS_BUSY, /* Command Disallowed */
137 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
138 MGMT_STATUS_REJECTED, /* Rejected Security */
139 MGMT_STATUS_REJECTED, /* Rejected Personal */
140 MGMT_STATUS_TIMEOUT, /* Host Timeout */
141 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
142 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
143 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
144 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
145 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
146 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
147 MGMT_STATUS_BUSY, /* Repeated Attempts */
148 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
149 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
151 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
152 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
153 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
155 MGMT_STATUS_FAILED, /* Unspecified Error */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
157 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
158 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
159 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
160 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
161 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
162 MGMT_STATUS_FAILED, /* Unit Link Key Used */
163 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
164 MGMT_STATUS_TIMEOUT, /* Instant Passed */
165 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
166 MGMT_STATUS_FAILED, /* Transaction Collision */
167 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
168 MGMT_STATUS_REJECTED, /* QoS Rejected */
169 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
170 MGMT_STATUS_REJECTED, /* Insufficient Security */
171 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
172 MGMT_STATUS_BUSY, /* Role Switch Pending */
173 MGMT_STATUS_FAILED, /* Slot Violation */
174 MGMT_STATUS_FAILED, /* Role Switch Failed */
175 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
176 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
177 MGMT_STATUS_BUSY, /* Host Busy Pairing */
178 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
179 MGMT_STATUS_BUSY, /* Controller Busy */
180 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
181 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
182 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
184 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
187 static u8 mgmt_status(u8 hci_status)
189 if (hci_status < ARRAY_SIZE(mgmt_status_table))
190 return mgmt_status_table[hci_status];
192 return MGMT_STATUS_FAILED;
195 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
198 struct mgmt_hdr *hdr;
199 struct mgmt_ev_cmd_status *ev;
202 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
204 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
208 hdr = (void *) skb_put(skb, sizeof(*hdr));
210 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
211 hdr->index = cpu_to_le16(index);
212 hdr->len = cpu_to_le16(sizeof(*ev));
214 ev = (void *) skb_put(skb, sizeof(*ev));
216 ev->opcode = cpu_to_le16(cmd);
218 err = sock_queue_rcv_skb(sk, skb);
225 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
226 void *rp, size_t rp_len)
229 struct mgmt_hdr *hdr;
230 struct mgmt_ev_cmd_complete *ev;
233 BT_DBG("sock %p", sk);
235 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
239 hdr = (void *) skb_put(skb, sizeof(*hdr));
241 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
242 hdr->index = cpu_to_le16(index);
243 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
245 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
246 ev->opcode = cpu_to_le16(cmd);
250 memcpy(ev->data, rp, rp_len);
252 err = sock_queue_rcv_skb(sk, skb);
259 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
262 struct mgmt_rp_read_version rp;
264 BT_DBG("sock %p", sk);
266 rp.version = MGMT_VERSION;
267 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
269 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
273 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
276 struct mgmt_rp_read_commands *rp;
277 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
278 const u16 num_events = ARRAY_SIZE(mgmt_events);
283 BT_DBG("sock %p", sk);
285 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
287 rp = kmalloc(rp_size, GFP_KERNEL);
291 rp->num_commands = __constant_cpu_to_le16(num_commands);
292 rp->num_events = __constant_cpu_to_le16(num_events);
294 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
295 put_unaligned_le16(mgmt_commands[i], opcode);
297 for (i = 0; i < num_events; i++, opcode++)
298 put_unaligned_le16(mgmt_events[i], opcode);
300 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
307 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
310 struct mgmt_rp_read_index_list *rp;
316 BT_DBG("sock %p", sk);
318 read_lock(&hci_dev_list_lock);
321 list_for_each_entry(d, &hci_dev_list, list) {
322 if (d->dev_type == HCI_BREDR)
326 rp_len = sizeof(*rp) + (2 * count);
327 rp = kmalloc(rp_len, GFP_ATOMIC);
329 read_unlock(&hci_dev_list_lock);
334 list_for_each_entry(d, &hci_dev_list, list) {
335 if (test_bit(HCI_SETUP, &d->dev_flags))
338 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
341 if (d->dev_type == HCI_BREDR) {
342 rp->index[count++] = cpu_to_le16(d->id);
343 BT_DBG("Added hci%u", d->id);
347 rp->num_controllers = cpu_to_le16(count);
348 rp_len = sizeof(*rp) + (2 * count);
350 read_unlock(&hci_dev_list_lock);
352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
360 static u32 get_supported_settings(struct hci_dev *hdev)
364 settings |= MGMT_SETTING_POWERED;
365 settings |= MGMT_SETTING_PAIRABLE;
367 if (lmp_bredr_capable(hdev)) {
368 settings |= MGMT_SETTING_CONNECTABLE;
369 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
370 settings |= MGMT_SETTING_FAST_CONNECTABLE;
371 settings |= MGMT_SETTING_DISCOVERABLE;
372 settings |= MGMT_SETTING_BREDR;
373 settings |= MGMT_SETTING_LINK_SECURITY;
375 if (lmp_ssp_capable(hdev)) {
376 settings |= MGMT_SETTING_SSP;
377 settings |= MGMT_SETTING_HS;
381 if (lmp_le_capable(hdev)) {
382 settings |= MGMT_SETTING_LE;
383 settings |= MGMT_SETTING_ADVERTISING;
389 static u32 get_current_settings(struct hci_dev *hdev)
393 if (hdev_is_powered(hdev))
394 settings |= MGMT_SETTING_POWERED;
396 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
397 settings |= MGMT_SETTING_CONNECTABLE;
399 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_FAST_CONNECTABLE;
402 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
403 settings |= MGMT_SETTING_DISCOVERABLE;
405 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
406 settings |= MGMT_SETTING_PAIRABLE;
408 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
409 settings |= MGMT_SETTING_BREDR;
411 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
412 settings |= MGMT_SETTING_LE;
414 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
415 settings |= MGMT_SETTING_LINK_SECURITY;
417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
418 settings |= MGMT_SETTING_SSP;
420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_HS;
423 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
424 settings |= MGMT_SETTING_ADVERTISING;
429 #define PNP_INFO_SVCLASS_ID 0x1200
431 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
433 u8 *ptr = data, *uuids_start = NULL;
434 struct bt_uuid *uuid;
439 list_for_each_entry(uuid, &hdev->uuids, list) {
442 if (uuid->size != 16)
445 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
449 if (uuid16 == PNP_INFO_SVCLASS_ID)
455 uuids_start[1] = EIR_UUID16_ALL;
459 /* Stop if not enough space to put next UUID */
460 if ((ptr - data) + sizeof(u16) > len) {
461 uuids_start[1] = EIR_UUID16_SOME;
465 *ptr++ = (uuid16 & 0x00ff);
466 *ptr++ = (uuid16 & 0xff00) >> 8;
467 uuids_start[0] += sizeof(uuid16);
473 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
475 u8 *ptr = data, *uuids_start = NULL;
476 struct bt_uuid *uuid;
481 list_for_each_entry(uuid, &hdev->uuids, list) {
482 if (uuid->size != 32)
488 uuids_start[1] = EIR_UUID32_ALL;
492 /* Stop if not enough space to put next UUID */
493 if ((ptr - data) + sizeof(u32) > len) {
494 uuids_start[1] = EIR_UUID32_SOME;
498 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
500 uuids_start[0] += sizeof(u32);
506 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
508 u8 *ptr = data, *uuids_start = NULL;
509 struct bt_uuid *uuid;
514 list_for_each_entry(uuid, &hdev->uuids, list) {
515 if (uuid->size != 128)
521 uuids_start[1] = EIR_UUID128_ALL;
525 /* Stop if not enough space to put next UUID */
526 if ((ptr - data) + 16 > len) {
527 uuids_start[1] = EIR_UUID128_SOME;
531 memcpy(ptr, uuid->uuid, 16);
533 uuids_start[0] += 16;
539 static void create_eir(struct hci_dev *hdev, u8 *data)
544 name_len = strlen(hdev->dev_name);
550 ptr[1] = EIR_NAME_SHORT;
552 ptr[1] = EIR_NAME_COMPLETE;
554 /* EIR Data length */
555 ptr[0] = name_len + 1;
557 memcpy(ptr + 2, hdev->dev_name, name_len);
559 ptr += (name_len + 2);
562 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
564 ptr[1] = EIR_TX_POWER;
565 ptr[2] = (u8) hdev->inq_tx_power;
570 if (hdev->devid_source > 0) {
572 ptr[1] = EIR_DEVICE_ID;
574 put_unaligned_le16(hdev->devid_source, ptr + 2);
575 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
576 put_unaligned_le16(hdev->devid_product, ptr + 6);
577 put_unaligned_le16(hdev->devid_version, ptr + 8);
582 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
583 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
584 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
587 static void update_eir(struct hci_request *req)
589 struct hci_dev *hdev = req->hdev;
590 struct hci_cp_write_eir cp;
592 if (!hdev_is_powered(hdev))
595 if (!lmp_ext_inq_capable(hdev))
598 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
601 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
604 memset(&cp, 0, sizeof(cp));
606 create_eir(hdev, cp.data);
608 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
611 memcpy(hdev->eir, cp.data, sizeof(cp.data));
613 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
616 static u8 get_service_classes(struct hci_dev *hdev)
618 struct bt_uuid *uuid;
621 list_for_each_entry(uuid, &hdev->uuids, list)
622 val |= uuid->svc_hint;
627 static void update_class(struct hci_request *req)
629 struct hci_dev *hdev = req->hdev;
632 BT_DBG("%s", hdev->name);
634 if (!hdev_is_powered(hdev))
637 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
640 cod[0] = hdev->minor_class;
641 cod[1] = hdev->major_class;
642 cod[2] = get_service_classes(hdev);
644 if (memcmp(cod, hdev->dev_class, 3) == 0)
647 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
650 static void service_cache_off(struct work_struct *work)
652 struct hci_dev *hdev = container_of(work, struct hci_dev,
654 struct hci_request req;
656 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
659 hci_req_init(&req, hdev);
666 hci_dev_unlock(hdev);
668 hci_req_run(&req, NULL);
671 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
673 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
676 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
678 /* Non-mgmt controlled devices get this bit set
679 * implicitly so that pairing works for them, however
680 * for mgmt we require user-space to explicitly enable
683 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
686 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
687 void *data, u16 data_len)
689 struct mgmt_rp_read_info rp;
691 BT_DBG("sock %p %s", sk, hdev->name);
695 memset(&rp, 0, sizeof(rp));
697 bacpy(&rp.bdaddr, &hdev->bdaddr);
699 rp.version = hdev->hci_ver;
700 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
702 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
703 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
705 memcpy(rp.dev_class, hdev->dev_class, 3);
707 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
708 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
710 hci_dev_unlock(hdev);
712 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
716 static void mgmt_pending_free(struct pending_cmd *cmd)
723 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
724 struct hci_dev *hdev, void *data,
727 struct pending_cmd *cmd;
729 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
733 cmd->opcode = opcode;
734 cmd->index = hdev->id;
736 cmd->param = kmalloc(len, GFP_KERNEL);
743 memcpy(cmd->param, data, len);
748 list_add(&cmd->list, &hdev->mgmt_pending);
753 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
754 void (*cb)(struct pending_cmd *cmd,
758 struct pending_cmd *cmd, *tmp;
760 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
761 if (opcode > 0 && cmd->opcode != opcode)
768 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
770 struct pending_cmd *cmd;
772 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
773 if (cmd->opcode == opcode)
780 static void mgmt_pending_remove(struct pending_cmd *cmd)
782 list_del(&cmd->list);
783 mgmt_pending_free(cmd);
786 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
788 __le32 settings = cpu_to_le32(get_current_settings(hdev));
790 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
794 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
797 struct mgmt_mode *cp = data;
798 struct pending_cmd *cmd;
801 BT_DBG("request for %s", hdev->name);
803 if (cp->val != 0x00 && cp->val != 0x01)
804 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
805 MGMT_STATUS_INVALID_PARAMS);
809 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
810 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
815 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
816 cancel_delayed_work(&hdev->power_off);
819 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
821 err = mgmt_powered(hdev, 1);
826 if (!!cp->val == hdev_is_powered(hdev)) {
827 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
831 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
838 queue_work(hdev->req_workqueue, &hdev->power_on);
840 queue_work(hdev->req_workqueue, &hdev->power_off.work);
845 hci_dev_unlock(hdev);
849 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
850 struct sock *skip_sk)
853 struct mgmt_hdr *hdr;
855 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
859 hdr = (void *) skb_put(skb, sizeof(*hdr));
860 hdr->opcode = cpu_to_le16(event);
862 hdr->index = cpu_to_le16(hdev->id);
864 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
865 hdr->len = cpu_to_le16(data_len);
868 memcpy(skb_put(skb, data_len), data, data_len);
871 __net_timestamp(skb);
873 hci_send_to_control(skb, skip_sk);
879 static int new_settings(struct hci_dev *hdev, struct sock *skip)
883 ev = cpu_to_le32(get_current_settings(hdev));
885 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
890 struct hci_dev *hdev;
894 static void settings_rsp(struct pending_cmd *cmd, void *data)
896 struct cmd_lookup *match = data;
898 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
900 list_del(&cmd->list);
902 if (match->sk == NULL) {
904 sock_hold(match->sk);
907 mgmt_pending_free(cmd);
910 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
914 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
915 mgmt_pending_remove(cmd);
918 static u8 mgmt_bredr_support(struct hci_dev *hdev)
920 if (!lmp_bredr_capable(hdev))
921 return MGMT_STATUS_NOT_SUPPORTED;
922 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
923 return MGMT_STATUS_REJECTED;
925 return MGMT_STATUS_SUCCESS;
928 static u8 mgmt_le_support(struct hci_dev *hdev)
930 if (!lmp_le_capable(hdev))
931 return MGMT_STATUS_NOT_SUPPORTED;
932 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
933 return MGMT_STATUS_REJECTED;
935 return MGMT_STATUS_SUCCESS;
938 static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
940 struct pending_cmd *cmd;
941 struct mgmt_mode *cp;
944 BT_DBG("status 0x%02x", status);
948 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
953 u8 mgmt_err = mgmt_status(status);
954 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
960 changed = !test_and_set_bit(HCI_DISCOVERABLE,
963 changed = test_and_clear_bit(HCI_DISCOVERABLE,
966 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
969 new_settings(hdev, cmd->sk);
972 mgmt_pending_remove(cmd);
975 hci_dev_unlock(hdev);
978 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
981 struct mgmt_cp_set_discoverable *cp = data;
982 struct pending_cmd *cmd;
983 struct hci_request req;
988 BT_DBG("request for %s", hdev->name);
990 status = mgmt_bredr_support(hdev);
992 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
995 if (cp->val != 0x00 && cp->val != 0x01)
996 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
997 MGMT_STATUS_INVALID_PARAMS);
999 timeout = __le16_to_cpu(cp->timeout);
1000 if (!cp->val && timeout > 0)
1001 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1002 MGMT_STATUS_INVALID_PARAMS);
1006 if (!hdev_is_powered(hdev) && timeout > 0) {
1007 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1008 MGMT_STATUS_NOT_POWERED);
1012 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1013 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1014 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1019 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1020 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1021 MGMT_STATUS_REJECTED);
1025 if (!hdev_is_powered(hdev)) {
1026 bool changed = false;
1028 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1029 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1033 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1038 err = new_settings(hdev, sk);
1043 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1044 if (hdev->discov_timeout > 0) {
1045 cancel_delayed_work(&hdev->discov_off);
1046 hdev->discov_timeout = 0;
1049 if (cp->val && timeout > 0) {
1050 hdev->discov_timeout = timeout;
1051 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1052 msecs_to_jiffies(hdev->discov_timeout * 1000));
1055 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1059 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1065 hci_req_init(&req, hdev);
1070 scan |= SCAN_INQUIRY;
1072 cancel_delayed_work(&hdev->discov_off);
1074 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1076 err = hci_req_run(&req, set_discoverable_complete);
1078 mgmt_pending_remove(cmd);
1081 hdev->discov_timeout = timeout;
1084 hci_dev_unlock(hdev);
1088 static void write_fast_connectable(struct hci_request *req, bool enable)
1090 struct hci_dev *hdev = req->hdev;
1091 struct hci_cp_write_page_scan_activity acp;
1094 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1098 type = PAGE_SCAN_TYPE_INTERLACED;
1100 /* 160 msec page scan interval */
1101 acp.interval = __constant_cpu_to_le16(0x0100);
1103 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1105 /* default 1.28 sec page scan */
1106 acp.interval = __constant_cpu_to_le16(0x0800);
1109 acp.window = __constant_cpu_to_le16(0x0012);
1111 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1112 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1113 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1116 if (hdev->page_scan_type != type)
1117 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1120 static u8 get_adv_type(struct hci_dev *hdev)
1122 struct pending_cmd *cmd;
1125 /* If there's a pending mgmt command the flag will not yet have
1126 * it's final value, so check for this first.
1128 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1130 struct mgmt_mode *cp = cmd->param;
1131 connectable = !!cp->val;
1133 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1136 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1139 static void enable_advertising(struct hci_request *req)
1141 struct hci_dev *hdev = req->hdev;
1142 struct hci_cp_le_set_adv_param cp;
1145 memset(&cp, 0, sizeof(cp));
1146 cp.min_interval = __constant_cpu_to_le16(0x0800);
1147 cp.max_interval = __constant_cpu_to_le16(0x0800);
1148 cp.type = get_adv_type(hdev);
1149 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1150 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1152 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1153 cp.channel_map = 0x07;
1155 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1157 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1160 static void disable_advertising(struct hci_request *req)
1164 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1167 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1169 struct pending_cmd *cmd;
1170 struct mgmt_mode *cp;
1173 BT_DBG("status 0x%02x", status);
1177 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1182 u8 mgmt_err = mgmt_status(status);
1183 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1189 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1191 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1193 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1196 new_settings(hdev, cmd->sk);
1199 mgmt_pending_remove(cmd);
1202 hci_dev_unlock(hdev);
1205 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1208 struct mgmt_mode *cp = data;
1209 struct pending_cmd *cmd;
1210 struct hci_request req;
1214 BT_DBG("request for %s", hdev->name);
1216 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1217 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1218 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1219 MGMT_STATUS_REJECTED);
1221 if (cp->val != 0x00 && cp->val != 0x01)
1222 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1223 MGMT_STATUS_INVALID_PARAMS);
1227 if (!hdev_is_powered(hdev)) {
1228 bool changed = false;
1230 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1234 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1236 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1237 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1240 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1245 err = new_settings(hdev, sk);
1250 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1251 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1252 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1257 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1263 hci_req_init(&req, hdev);
1265 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
1266 cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1273 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1274 hdev->discov_timeout > 0)
1275 cancel_delayed_work(&hdev->discov_off);
1278 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1281 /* If we're going from non-connectable to connectable or
1282 * vice-versa when fast connectable is enabled ensure that fast
1283 * connectable gets disabled. write_fast_connectable won't do
1284 * anything if the page scan parameters are already what they
1287 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1288 write_fast_connectable(&req, false);
1290 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1291 hci_conn_num(hdev, LE_LINK) == 0) {
1292 disable_advertising(&req);
1293 enable_advertising(&req);
1296 err = hci_req_run(&req, set_connectable_complete);
1298 mgmt_pending_remove(cmd);
1299 if (err == -ENODATA)
1300 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE,
1306 hci_dev_unlock(hdev);
1310 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1313 struct mgmt_mode *cp = data;
1317 BT_DBG("request for %s", hdev->name);
1319 if (cp->val != 0x00 && cp->val != 0x01)
1320 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1321 MGMT_STATUS_INVALID_PARAMS);
1326 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1328 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1330 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1335 err = new_settings(hdev, sk);
1338 hci_dev_unlock(hdev);
1342 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1345 struct mgmt_mode *cp = data;
1346 struct pending_cmd *cmd;
1350 BT_DBG("request for %s", hdev->name);
1352 status = mgmt_bredr_support(hdev);
1354 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1357 if (cp->val != 0x00 && cp->val != 0x01)
1358 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1359 MGMT_STATUS_INVALID_PARAMS);
1363 if (!hdev_is_powered(hdev)) {
1364 bool changed = false;
1366 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1367 &hdev->dev_flags)) {
1368 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1372 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1377 err = new_settings(hdev, sk);
1382 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1383 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1390 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1391 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1395 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1401 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1403 mgmt_pending_remove(cmd);
1408 hci_dev_unlock(hdev);
1412 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1414 struct mgmt_mode *cp = data;
1415 struct pending_cmd *cmd;
1419 BT_DBG("request for %s", hdev->name);
1421 status = mgmt_bredr_support(hdev);
1423 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1425 if (!lmp_ssp_capable(hdev))
1426 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1427 MGMT_STATUS_NOT_SUPPORTED);
1429 if (cp->val != 0x00 && cp->val != 0x01)
1430 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1431 MGMT_STATUS_INVALID_PARAMS);
1435 if (!hdev_is_powered(hdev)) {
1439 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1442 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1445 changed = test_and_clear_bit(HCI_HS_ENABLED,
1448 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1451 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1456 err = new_settings(hdev, sk);
1461 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1462 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
1463 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1468 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1469 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1473 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1479 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1481 mgmt_pending_remove(cmd);
1486 hci_dev_unlock(hdev);
1490 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1492 struct mgmt_mode *cp = data;
1497 BT_DBG("request for %s", hdev->name);
1499 status = mgmt_bredr_support(hdev);
1501 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1503 if (!lmp_ssp_capable(hdev))
1504 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1505 MGMT_STATUS_NOT_SUPPORTED);
1507 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1508 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1509 MGMT_STATUS_REJECTED);
1511 if (cp->val != 0x00 && cp->val != 0x01)
1512 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1513 MGMT_STATUS_INVALID_PARAMS);
1518 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1520 if (hdev_is_powered(hdev)) {
1521 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1522 MGMT_STATUS_REJECTED);
1526 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1529 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1534 err = new_settings(hdev, sk);
1537 hci_dev_unlock(hdev);
1541 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1543 struct cmd_lookup match = { NULL, hdev };
1546 u8 mgmt_err = mgmt_status(status);
1548 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1553 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1555 new_settings(hdev, match.sk);
1561 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1563 struct mgmt_mode *cp = data;
1564 struct hci_cp_write_le_host_supported hci_cp;
1565 struct pending_cmd *cmd;
1566 struct hci_request req;
1570 BT_DBG("request for %s", hdev->name);
1572 if (!lmp_le_capable(hdev))
1573 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1574 MGMT_STATUS_NOT_SUPPORTED);
1576 if (cp->val != 0x00 && cp->val != 0x01)
1577 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1578 MGMT_STATUS_INVALID_PARAMS);
1580 /* LE-only devices do not allow toggling LE on/off */
1581 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1582 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1583 MGMT_STATUS_REJECTED);
1588 enabled = lmp_host_le_capable(hdev);
1590 if (!hdev_is_powered(hdev) || val == enabled) {
1591 bool changed = false;
1593 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1594 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1598 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1599 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1603 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1608 err = new_settings(hdev, sk);
1613 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1614 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1615 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1620 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1626 memset(&hci_cp, 0, sizeof(hci_cp));
1630 hci_cp.simul = lmp_le_br_capable(hdev);
1633 hci_req_init(&req, hdev);
1635 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && !val)
1636 disable_advertising(&req);
1638 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1641 err = hci_req_run(&req, le_enable_complete);
1643 mgmt_pending_remove(cmd);
1646 hci_dev_unlock(hdev);
1650 /* This is a helper function to test for pending mgmt commands that can
1651 * cause CoD or EIR HCI commands. We can only allow one such pending
1652 * mgmt command at a time since otherwise we cannot easily track what
1653 * the current values are, will be, and based on that calculate if a new
1654 * HCI command needs to be sent and if yes with what value.
1656 static bool pending_eir_or_class(struct hci_dev *hdev)
1658 struct pending_cmd *cmd;
1660 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1661 switch (cmd->opcode) {
1662 case MGMT_OP_ADD_UUID:
1663 case MGMT_OP_REMOVE_UUID:
1664 case MGMT_OP_SET_DEV_CLASS:
1665 case MGMT_OP_SET_POWERED:
1673 static const u8 bluetooth_base_uuid[] = {
1674 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1675 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1678 static u8 get_uuid_size(const u8 *uuid)
1682 if (memcmp(uuid, bluetooth_base_uuid, 12))
1685 val = get_unaligned_le32(&uuid[12]);
1692 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1694 struct pending_cmd *cmd;
1698 cmd = mgmt_pending_find(mgmt_op, hdev);
1702 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1703 hdev->dev_class, 3);
1705 mgmt_pending_remove(cmd);
1708 hci_dev_unlock(hdev);
1711 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1713 BT_DBG("status 0x%02x", status);
1715 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1718 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1720 struct mgmt_cp_add_uuid *cp = data;
1721 struct pending_cmd *cmd;
1722 struct hci_request req;
1723 struct bt_uuid *uuid;
1726 BT_DBG("request for %s", hdev->name);
1730 if (pending_eir_or_class(hdev)) {
1731 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1736 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1742 memcpy(uuid->uuid, cp->uuid, 16);
1743 uuid->svc_hint = cp->svc_hint;
1744 uuid->size = get_uuid_size(cp->uuid);
1746 list_add_tail(&uuid->list, &hdev->uuids);
1748 hci_req_init(&req, hdev);
1753 err = hci_req_run(&req, add_uuid_complete);
1755 if (err != -ENODATA)
1758 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1759 hdev->dev_class, 3);
1763 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1772 hci_dev_unlock(hdev);
1776 static bool enable_service_cache(struct hci_dev *hdev)
1778 if (!hdev_is_powered(hdev))
1781 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1782 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1790 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1792 BT_DBG("status 0x%02x", status);
1794 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1797 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1800 struct mgmt_cp_remove_uuid *cp = data;
1801 struct pending_cmd *cmd;
1802 struct bt_uuid *match, *tmp;
1803 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1804 struct hci_request req;
1807 BT_DBG("request for %s", hdev->name);
1811 if (pending_eir_or_class(hdev)) {
1812 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1817 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1818 err = hci_uuids_clear(hdev);
1820 if (enable_service_cache(hdev)) {
1821 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1822 0, hdev->dev_class, 3);
1831 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1832 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1835 list_del(&match->list);
1841 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1842 MGMT_STATUS_INVALID_PARAMS);
1847 hci_req_init(&req, hdev);
1852 err = hci_req_run(&req, remove_uuid_complete);
1854 if (err != -ENODATA)
1857 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1858 hdev->dev_class, 3);
1862 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1871 hci_dev_unlock(hdev);
1875 static void set_class_complete(struct hci_dev *hdev, u8 status)
1877 BT_DBG("status 0x%02x", status);
1879 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1882 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1885 struct mgmt_cp_set_dev_class *cp = data;
1886 struct pending_cmd *cmd;
1887 struct hci_request req;
1890 BT_DBG("request for %s", hdev->name);
1892 if (!lmp_bredr_capable(hdev))
1893 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1894 MGMT_STATUS_NOT_SUPPORTED);
1898 if (pending_eir_or_class(hdev)) {
1899 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1904 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1905 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1906 MGMT_STATUS_INVALID_PARAMS);
1910 hdev->major_class = cp->major;
1911 hdev->minor_class = cp->minor;
1913 if (!hdev_is_powered(hdev)) {
1914 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1915 hdev->dev_class, 3);
1919 hci_req_init(&req, hdev);
1921 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1922 hci_dev_unlock(hdev);
1923 cancel_delayed_work_sync(&hdev->service_cache);
1930 err = hci_req_run(&req, set_class_complete);
1932 if (err != -ENODATA)
1935 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1936 hdev->dev_class, 3);
1940 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1949 hci_dev_unlock(hdev);
1953 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1956 struct mgmt_cp_load_link_keys *cp = data;
1957 u16 key_count, expected_len;
1960 BT_DBG("request for %s", hdev->name);
1962 if (!lmp_bredr_capable(hdev))
1963 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1964 MGMT_STATUS_NOT_SUPPORTED);
1966 key_count = __le16_to_cpu(cp->key_count);
1968 expected_len = sizeof(*cp) + key_count *
1969 sizeof(struct mgmt_link_key_info);
1970 if (expected_len != len) {
1971 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1973 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1974 MGMT_STATUS_INVALID_PARAMS);
1977 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1978 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1979 MGMT_STATUS_INVALID_PARAMS);
1981 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1984 for (i = 0; i < key_count; i++) {
1985 struct mgmt_link_key_info *key = &cp->keys[i];
1987 if (key->addr.type != BDADDR_BREDR)
1988 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1989 MGMT_STATUS_INVALID_PARAMS);
1994 hci_link_keys_clear(hdev);
1997 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1999 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2001 for (i = 0; i < key_count; i++) {
2002 struct mgmt_link_key_info *key = &cp->keys[i];
2004 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
2005 key->type, key->pin_len);
2008 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2010 hci_dev_unlock(hdev);
2015 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2016 u8 addr_type, struct sock *skip_sk)
2018 struct mgmt_ev_device_unpaired ev;
2020 bacpy(&ev.addr.bdaddr, bdaddr);
2021 ev.addr.type = addr_type;
2023 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2027 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2030 struct mgmt_cp_unpair_device *cp = data;
2031 struct mgmt_rp_unpair_device rp;
2032 struct hci_cp_disconnect dc;
2033 struct pending_cmd *cmd;
2034 struct hci_conn *conn;
2037 memset(&rp, 0, sizeof(rp));
2038 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2039 rp.addr.type = cp->addr.type;
2041 if (!bdaddr_type_is_valid(cp->addr.type))
2042 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2043 MGMT_STATUS_INVALID_PARAMS,
2046 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2047 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2048 MGMT_STATUS_INVALID_PARAMS,
2053 if (!hdev_is_powered(hdev)) {
2054 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2055 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2059 if (cp->addr.type == BDADDR_BREDR)
2060 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2062 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
2065 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2066 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2070 if (cp->disconnect) {
2071 if (cp->addr.type == BDADDR_BREDR)
2072 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2075 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2082 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2084 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2088 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2095 dc.handle = cpu_to_le16(conn->handle);
2096 dc.reason = 0x13; /* Remote User Terminated Connection */
2097 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2099 mgmt_pending_remove(cmd);
2102 hci_dev_unlock(hdev);
2106 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2109 struct mgmt_cp_disconnect *cp = data;
2110 struct mgmt_rp_disconnect rp;
2111 struct hci_cp_disconnect dc;
2112 struct pending_cmd *cmd;
2113 struct hci_conn *conn;
2118 memset(&rp, 0, sizeof(rp));
2119 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2120 rp.addr.type = cp->addr.type;
2122 if (!bdaddr_type_is_valid(cp->addr.type))
2123 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2124 MGMT_STATUS_INVALID_PARAMS,
2129 if (!test_bit(HCI_UP, &hdev->flags)) {
2130 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2131 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2135 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2136 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2137 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2141 if (cp->addr.type == BDADDR_BREDR)
2142 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2145 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2147 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2148 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2149 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2153 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2159 dc.handle = cpu_to_le16(conn->handle);
2160 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2162 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2164 mgmt_pending_remove(cmd);
2167 hci_dev_unlock(hdev);
2171 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2173 switch (link_type) {
2175 switch (addr_type) {
2176 case ADDR_LE_DEV_PUBLIC:
2177 return BDADDR_LE_PUBLIC;
2180 /* Fallback to LE Random address type */
2181 return BDADDR_LE_RANDOM;
2185 /* Fallback to BR/EDR type */
2186 return BDADDR_BREDR;
2190 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2193 struct mgmt_rp_get_connections *rp;
2203 if (!hdev_is_powered(hdev)) {
2204 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2205 MGMT_STATUS_NOT_POWERED);
2210 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2211 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2215 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2216 rp = kmalloc(rp_len, GFP_KERNEL);
2223 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2224 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2226 bacpy(&rp->addr[i].bdaddr, &c->dst);
2227 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2228 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2233 rp->conn_count = cpu_to_le16(i);
2235 /* Recalculate length in case of filtered SCO connections, etc */
2236 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2238 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2244 hci_dev_unlock(hdev);
2248 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2249 struct mgmt_cp_pin_code_neg_reply *cp)
2251 struct pending_cmd *cmd;
2254 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2259 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2260 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2262 mgmt_pending_remove(cmd);
2267 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2270 struct hci_conn *conn;
2271 struct mgmt_cp_pin_code_reply *cp = data;
2272 struct hci_cp_pin_code_reply reply;
2273 struct pending_cmd *cmd;
2280 if (!hdev_is_powered(hdev)) {
2281 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2282 MGMT_STATUS_NOT_POWERED);
2286 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2288 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2289 MGMT_STATUS_NOT_CONNECTED);
2293 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2294 struct mgmt_cp_pin_code_neg_reply ncp;
2296 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2298 BT_ERR("PIN code is not 16 bytes long");
2300 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2302 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2303 MGMT_STATUS_INVALID_PARAMS);
2308 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2314 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2315 reply.pin_len = cp->pin_len;
2316 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2318 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2320 mgmt_pending_remove(cmd);
2323 hci_dev_unlock(hdev);
2327 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2330 struct mgmt_cp_set_io_capability *cp = data;
2336 hdev->io_capability = cp->io_capability;
2338 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2339 hdev->io_capability);
2341 hci_dev_unlock(hdev);
2343 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2347 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2349 struct hci_dev *hdev = conn->hdev;
2350 struct pending_cmd *cmd;
2352 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2353 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2356 if (cmd->user_data != conn)
2365 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2367 struct mgmt_rp_pair_device rp;
2368 struct hci_conn *conn = cmd->user_data;
2370 bacpy(&rp.addr.bdaddr, &conn->dst);
2371 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2373 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2376 /* So we don't get further callbacks for this connection */
2377 conn->connect_cfm_cb = NULL;
2378 conn->security_cfm_cb = NULL;
2379 conn->disconn_cfm_cb = NULL;
2381 hci_conn_drop(conn);
2383 mgmt_pending_remove(cmd);
2386 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2388 struct pending_cmd *cmd;
2390 BT_DBG("status %u", status);
2392 cmd = find_pairing(conn);
2394 BT_DBG("Unable to find a pending command");
2396 pairing_complete(cmd, mgmt_status(status));
2399 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2401 struct pending_cmd *cmd;
2403 BT_DBG("status %u", status);
2408 cmd = find_pairing(conn);
2410 BT_DBG("Unable to find a pending command");
2412 pairing_complete(cmd, mgmt_status(status));
2415 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2418 struct mgmt_cp_pair_device *cp = data;
2419 struct mgmt_rp_pair_device rp;
2420 struct pending_cmd *cmd;
2421 u8 sec_level, auth_type;
2422 struct hci_conn *conn;
2427 memset(&rp, 0, sizeof(rp));
2428 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2429 rp.addr.type = cp->addr.type;
2431 if (!bdaddr_type_is_valid(cp->addr.type))
2432 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2433 MGMT_STATUS_INVALID_PARAMS,
2438 if (!hdev_is_powered(hdev)) {
2439 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2440 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2444 sec_level = BT_SECURITY_MEDIUM;
2445 if (cp->io_cap == 0x03)
2446 auth_type = HCI_AT_DEDICATED_BONDING;
2448 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2450 if (cp->addr.type == BDADDR_BREDR)
2451 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2452 cp->addr.type, sec_level, auth_type);
2454 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2455 cp->addr.type, sec_level, auth_type);
2460 if (PTR_ERR(conn) == -EBUSY)
2461 status = MGMT_STATUS_BUSY;
2463 status = MGMT_STATUS_CONNECT_FAILED;
2465 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2471 if (conn->connect_cfm_cb) {
2472 hci_conn_drop(conn);
2473 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2474 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2478 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2481 hci_conn_drop(conn);
2485 /* For LE, just connecting isn't a proof that the pairing finished */
2486 if (cp->addr.type == BDADDR_BREDR)
2487 conn->connect_cfm_cb = pairing_complete_cb;
2489 conn->connect_cfm_cb = le_connect_complete_cb;
2491 conn->security_cfm_cb = pairing_complete_cb;
2492 conn->disconn_cfm_cb = pairing_complete_cb;
2493 conn->io_capability = cp->io_cap;
2494 cmd->user_data = conn;
2496 if (conn->state == BT_CONNECTED &&
2497 hci_conn_security(conn, sec_level, auth_type))
2498 pairing_complete(cmd, 0);
2503 hci_dev_unlock(hdev);
2507 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2510 struct mgmt_addr_info *addr = data;
2511 struct pending_cmd *cmd;
2512 struct hci_conn *conn;
2519 if (!hdev_is_powered(hdev)) {
2520 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2521 MGMT_STATUS_NOT_POWERED);
2525 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2527 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2528 MGMT_STATUS_INVALID_PARAMS);
2532 conn = cmd->user_data;
2534 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2535 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2536 MGMT_STATUS_INVALID_PARAMS);
2540 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2542 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2543 addr, sizeof(*addr));
2545 hci_dev_unlock(hdev);
2549 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2550 struct mgmt_addr_info *addr, u16 mgmt_op,
2551 u16 hci_op, __le32 passkey)
2553 struct pending_cmd *cmd;
2554 struct hci_conn *conn;
2559 if (!hdev_is_powered(hdev)) {
2560 err = cmd_complete(sk, hdev->id, mgmt_op,
2561 MGMT_STATUS_NOT_POWERED, addr,
2566 if (addr->type == BDADDR_BREDR)
2567 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2569 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2572 err = cmd_complete(sk, hdev->id, mgmt_op,
2573 MGMT_STATUS_NOT_CONNECTED, addr,
2578 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2579 /* Continue with pairing via SMP */
2580 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2583 err = cmd_complete(sk, hdev->id, mgmt_op,
2584 MGMT_STATUS_SUCCESS, addr,
2587 err = cmd_complete(sk, hdev->id, mgmt_op,
2588 MGMT_STATUS_FAILED, addr,
2594 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2600 /* Continue with pairing via HCI */
2601 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2602 struct hci_cp_user_passkey_reply cp;
2604 bacpy(&cp.bdaddr, &addr->bdaddr);
2605 cp.passkey = passkey;
2606 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2608 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2612 mgmt_pending_remove(cmd);
2615 hci_dev_unlock(hdev);
2619 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2620 void *data, u16 len)
2622 struct mgmt_cp_pin_code_neg_reply *cp = data;
2626 return user_pairing_resp(sk, hdev, &cp->addr,
2627 MGMT_OP_PIN_CODE_NEG_REPLY,
2628 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2631 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2634 struct mgmt_cp_user_confirm_reply *cp = data;
2638 if (len != sizeof(*cp))
2639 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2640 MGMT_STATUS_INVALID_PARAMS);
2642 return user_pairing_resp(sk, hdev, &cp->addr,
2643 MGMT_OP_USER_CONFIRM_REPLY,
2644 HCI_OP_USER_CONFIRM_REPLY, 0);
2647 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2648 void *data, u16 len)
2650 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2654 return user_pairing_resp(sk, hdev, &cp->addr,
2655 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2656 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2659 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2662 struct mgmt_cp_user_passkey_reply *cp = data;
2666 return user_pairing_resp(sk, hdev, &cp->addr,
2667 MGMT_OP_USER_PASSKEY_REPLY,
2668 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2671 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2672 void *data, u16 len)
2674 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2678 return user_pairing_resp(sk, hdev, &cp->addr,
2679 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2680 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2683 static void update_name(struct hci_request *req)
2685 struct hci_dev *hdev = req->hdev;
2686 struct hci_cp_write_local_name cp;
2688 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2690 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2693 static void set_name_complete(struct hci_dev *hdev, u8 status)
2695 struct mgmt_cp_set_local_name *cp;
2696 struct pending_cmd *cmd;
2698 BT_DBG("status 0x%02x", status);
2702 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2709 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2710 mgmt_status(status));
2712 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2715 mgmt_pending_remove(cmd);
2718 hci_dev_unlock(hdev);
2721 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2724 struct mgmt_cp_set_local_name *cp = data;
2725 struct pending_cmd *cmd;
2726 struct hci_request req;
2733 /* If the old values are the same as the new ones just return a
2734 * direct command complete event.
2736 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2737 !memcmp(hdev->short_name, cp->short_name,
2738 sizeof(hdev->short_name))) {
2739 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2744 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2746 if (!hdev_is_powered(hdev)) {
2747 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2749 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2754 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2760 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2766 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2768 hci_req_init(&req, hdev);
2770 if (lmp_bredr_capable(hdev)) {
2775 if (lmp_le_capable(hdev))
2776 hci_update_ad(&req);
2778 err = hci_req_run(&req, set_name_complete);
2780 mgmt_pending_remove(cmd);
2783 hci_dev_unlock(hdev);
2787 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2788 void *data, u16 data_len)
2790 struct pending_cmd *cmd;
2793 BT_DBG("%s", hdev->name);
2797 if (!hdev_is_powered(hdev)) {
2798 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2799 MGMT_STATUS_NOT_POWERED);
2803 if (!lmp_ssp_capable(hdev)) {
2804 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2805 MGMT_STATUS_NOT_SUPPORTED);
2809 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2810 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2815 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2821 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2823 mgmt_pending_remove(cmd);
2826 hci_dev_unlock(hdev);
2830 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2831 void *data, u16 len)
2833 struct mgmt_cp_add_remote_oob_data *cp = data;
2837 BT_DBG("%s ", hdev->name);
2841 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2844 status = MGMT_STATUS_FAILED;
2846 status = MGMT_STATUS_SUCCESS;
2848 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2849 &cp->addr, sizeof(cp->addr));
2851 hci_dev_unlock(hdev);
2855 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2856 void *data, u16 len)
2858 struct mgmt_cp_remove_remote_oob_data *cp = data;
2862 BT_DBG("%s", hdev->name);
2866 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2868 status = MGMT_STATUS_INVALID_PARAMS;
2870 status = MGMT_STATUS_SUCCESS;
2872 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2873 status, &cp->addr, sizeof(cp->addr));
2875 hci_dev_unlock(hdev);
2879 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2881 struct pending_cmd *cmd;
2885 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2887 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2891 type = hdev->discovery.type;
2893 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2894 &type, sizeof(type));
2895 mgmt_pending_remove(cmd);
2900 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2902 BT_DBG("status %d", status);
2906 mgmt_start_discovery_failed(hdev, status);
2907 hci_dev_unlock(hdev);
2912 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2913 hci_dev_unlock(hdev);
2915 switch (hdev->discovery.type) {
2916 case DISCOV_TYPE_LE:
2917 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2921 case DISCOV_TYPE_INTERLEAVED:
2922 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2923 DISCOV_INTERLEAVED_TIMEOUT);
2926 case DISCOV_TYPE_BREDR:
2930 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2934 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2935 void *data, u16 len)
2937 struct mgmt_cp_start_discovery *cp = data;
2938 struct pending_cmd *cmd;
2939 struct hci_cp_le_set_scan_param param_cp;
2940 struct hci_cp_le_set_scan_enable enable_cp;
2941 struct hci_cp_inquiry inq_cp;
2942 struct hci_request req;
2943 /* General inquiry access code (GIAC) */
2944 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2948 BT_DBG("%s", hdev->name);
2952 if (!hdev_is_powered(hdev)) {
2953 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2954 MGMT_STATUS_NOT_POWERED);
2958 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2959 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2964 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2965 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2970 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2976 hdev->discovery.type = cp->type;
2978 hci_req_init(&req, hdev);
2980 switch (hdev->discovery.type) {
2981 case DISCOV_TYPE_BREDR:
2982 status = mgmt_bredr_support(hdev);
2984 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2986 mgmt_pending_remove(cmd);
2990 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2991 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2993 mgmt_pending_remove(cmd);
2997 hci_inquiry_cache_flush(hdev);
2999 memset(&inq_cp, 0, sizeof(inq_cp));
3000 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3001 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3002 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3005 case DISCOV_TYPE_LE:
3006 case DISCOV_TYPE_INTERLEAVED:
3007 status = mgmt_le_support(hdev);
3009 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3011 mgmt_pending_remove(cmd);
3015 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3016 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3017 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3018 MGMT_STATUS_NOT_SUPPORTED);
3019 mgmt_pending_remove(cmd);
3023 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3024 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3025 MGMT_STATUS_REJECTED);
3026 mgmt_pending_remove(cmd);
3030 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3031 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3033 mgmt_pending_remove(cmd);
3037 memset(¶m_cp, 0, sizeof(param_cp));
3038 param_cp.type = LE_SCAN_ACTIVE;
3039 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3040 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3041 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
3042 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
3044 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
3045 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3048 memset(&enable_cp, 0, sizeof(enable_cp));
3049 enable_cp.enable = LE_SCAN_ENABLE;
3050 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3051 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3056 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3057 MGMT_STATUS_INVALID_PARAMS);
3058 mgmt_pending_remove(cmd);
3062 err = hci_req_run(&req, start_discovery_complete);
3064 mgmt_pending_remove(cmd);
3066 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3069 hci_dev_unlock(hdev);
3073 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3075 struct pending_cmd *cmd;
3078 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3082 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3083 &hdev->discovery.type, sizeof(hdev->discovery.type));
3084 mgmt_pending_remove(cmd);
3089 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3091 BT_DBG("status %d", status);
3096 mgmt_stop_discovery_failed(hdev, status);
3100 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3103 hci_dev_unlock(hdev);
3106 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3109 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3110 struct pending_cmd *cmd;
3111 struct hci_cp_remote_name_req_cancel cp;
3112 struct inquiry_entry *e;
3113 struct hci_request req;
3114 struct hci_cp_le_set_scan_enable enable_cp;
3117 BT_DBG("%s", hdev->name);
3121 if (!hci_discovery_active(hdev)) {
3122 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3123 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3124 sizeof(mgmt_cp->type));
3128 if (hdev->discovery.type != mgmt_cp->type) {
3129 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3130 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3131 sizeof(mgmt_cp->type));
3135 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3141 hci_req_init(&req, hdev);
3143 switch (hdev->discovery.state) {
3144 case DISCOVERY_FINDING:
3145 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3146 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3148 cancel_delayed_work(&hdev->le_scan_disable);
3150 memset(&enable_cp, 0, sizeof(enable_cp));
3151 enable_cp.enable = LE_SCAN_DISABLE;
3152 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3153 sizeof(enable_cp), &enable_cp);
3158 case DISCOVERY_RESOLVING:
3159 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3162 mgmt_pending_remove(cmd);
3163 err = cmd_complete(sk, hdev->id,
3164 MGMT_OP_STOP_DISCOVERY, 0,
3166 sizeof(mgmt_cp->type));
3167 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3171 bacpy(&cp.bdaddr, &e->data.bdaddr);
3172 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3178 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3180 mgmt_pending_remove(cmd);
3181 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3182 MGMT_STATUS_FAILED, &mgmt_cp->type,
3183 sizeof(mgmt_cp->type));
3187 err = hci_req_run(&req, stop_discovery_complete);
3189 mgmt_pending_remove(cmd);
3191 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3194 hci_dev_unlock(hdev);
3198 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3201 struct mgmt_cp_confirm_name *cp = data;
3202 struct inquiry_entry *e;
3205 BT_DBG("%s", hdev->name);
3209 if (!hci_discovery_active(hdev)) {
3210 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3211 MGMT_STATUS_FAILED);
3215 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3217 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3218 MGMT_STATUS_INVALID_PARAMS);
3222 if (cp->name_known) {
3223 e->name_state = NAME_KNOWN;
3226 e->name_state = NAME_NEEDED;
3227 hci_inquiry_cache_update_resolve(hdev, e);
3230 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3234 hci_dev_unlock(hdev);
3238 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3241 struct mgmt_cp_block_device *cp = data;
3245 BT_DBG("%s", hdev->name);
3247 if (!bdaddr_type_is_valid(cp->addr.type))
3248 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3249 MGMT_STATUS_INVALID_PARAMS,
3250 &cp->addr, sizeof(cp->addr));
3254 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3256 status = MGMT_STATUS_FAILED;
3258 status = MGMT_STATUS_SUCCESS;
3260 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3261 &cp->addr, sizeof(cp->addr));
3263 hci_dev_unlock(hdev);
3268 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3271 struct mgmt_cp_unblock_device *cp = data;
3275 BT_DBG("%s", hdev->name);
3277 if (!bdaddr_type_is_valid(cp->addr.type))
3278 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3279 MGMT_STATUS_INVALID_PARAMS,
3280 &cp->addr, sizeof(cp->addr));
3284 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3286 status = MGMT_STATUS_INVALID_PARAMS;
3288 status = MGMT_STATUS_SUCCESS;
3290 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3291 &cp->addr, sizeof(cp->addr));
3293 hci_dev_unlock(hdev);
3298 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3301 struct mgmt_cp_set_device_id *cp = data;
3302 struct hci_request req;
3306 BT_DBG("%s", hdev->name);
3308 source = __le16_to_cpu(cp->source);
3310 if (source > 0x0002)
3311 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3312 MGMT_STATUS_INVALID_PARAMS);
3316 hdev->devid_source = source;
3317 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3318 hdev->devid_product = __le16_to_cpu(cp->product);
3319 hdev->devid_version = __le16_to_cpu(cp->version);
3321 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3323 hci_req_init(&req, hdev);
3325 hci_req_run(&req, NULL);
3327 hci_dev_unlock(hdev);
3332 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3334 struct cmd_lookup match = { NULL, hdev };
3337 u8 mgmt_err = mgmt_status(status);
3339 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3340 cmd_status_rsp, &mgmt_err);
3344 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3347 new_settings(hdev, match.sk);
3353 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3356 struct mgmt_mode *cp = data;
3357 struct pending_cmd *cmd;
3358 struct hci_request req;
3359 u8 val, enabled, status;
3362 BT_DBG("request for %s", hdev->name);
3364 status = mgmt_le_support(hdev);
3366 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3369 if (cp->val != 0x00 && cp->val != 0x01)
3370 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3371 MGMT_STATUS_INVALID_PARAMS);
3376 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3378 /* The following conditions are ones which mean that we should
3379 * not do any HCI communication but directly send a mgmt
3380 * response to user space (after toggling the flag if
3383 if (!hdev_is_powered(hdev) || val == enabled ||
3384 hci_conn_num(hdev, LE_LINK) > 0) {
3385 bool changed = false;
3387 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3388 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3392 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3397 err = new_settings(hdev, sk);
3402 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3403 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3404 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3409 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3415 hci_req_init(&req, hdev);
3418 enable_advertising(&req);
3420 disable_advertising(&req);
3422 err = hci_req_run(&req, set_advertising_complete);
3424 mgmt_pending_remove(cmd);
3427 hci_dev_unlock(hdev);
3431 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3432 void *data, u16 len)
3434 struct mgmt_cp_set_static_address *cp = data;
3437 BT_DBG("%s", hdev->name);
3439 if (!lmp_le_capable(hdev))
3440 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3441 MGMT_STATUS_NOT_SUPPORTED);
3443 if (hdev_is_powered(hdev))
3444 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3445 MGMT_STATUS_REJECTED);
3447 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3448 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3449 return cmd_status(sk, hdev->id,
3450 MGMT_OP_SET_STATIC_ADDRESS,
3451 MGMT_STATUS_INVALID_PARAMS);
3453 /* Two most significant bits shall be set */
3454 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3455 return cmd_status(sk, hdev->id,
3456 MGMT_OP_SET_STATIC_ADDRESS,
3457 MGMT_STATUS_INVALID_PARAMS);
3462 bacpy(&hdev->static_addr, &cp->bdaddr);
3464 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3466 hci_dev_unlock(hdev);
3471 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3472 void *data, u16 len)
3474 struct mgmt_cp_set_scan_params *cp = data;
3475 __u16 interval, window;
3478 BT_DBG("%s", hdev->name);
3480 if (!lmp_le_capable(hdev))
3481 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3482 MGMT_STATUS_NOT_SUPPORTED);
3484 interval = __le16_to_cpu(cp->interval);
3486 if (interval < 0x0004 || interval > 0x4000)
3487 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3488 MGMT_STATUS_INVALID_PARAMS);
3490 window = __le16_to_cpu(cp->window);
3492 if (window < 0x0004 || window > 0x4000)
3493 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3494 MGMT_STATUS_INVALID_PARAMS);
3496 if (window > interval)
3497 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3498 MGMT_STATUS_INVALID_PARAMS);
3502 hdev->le_scan_interval = interval;
3503 hdev->le_scan_window = window;
3505 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3507 hci_dev_unlock(hdev);
3512 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3514 struct pending_cmd *cmd;
3516 BT_DBG("status 0x%02x", status);
3520 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3525 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3526 mgmt_status(status));
3528 struct mgmt_mode *cp = cmd->param;
3531 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3533 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3535 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3536 new_settings(hdev, cmd->sk);
3539 mgmt_pending_remove(cmd);
3542 hci_dev_unlock(hdev);
3545 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3546 void *data, u16 len)
3548 struct mgmt_mode *cp = data;
3549 struct pending_cmd *cmd;
3550 struct hci_request req;
3553 BT_DBG("%s", hdev->name);
3555 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3556 hdev->hci_ver < BLUETOOTH_VER_1_2)
3557 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3558 MGMT_STATUS_NOT_SUPPORTED);
3560 if (cp->val != 0x00 && cp->val != 0x01)
3561 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3562 MGMT_STATUS_INVALID_PARAMS);
3564 if (!hdev_is_powered(hdev))
3565 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3566 MGMT_STATUS_NOT_POWERED);
3568 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3569 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3570 MGMT_STATUS_REJECTED);
3574 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3575 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3580 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3581 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3586 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3593 hci_req_init(&req, hdev);
3595 write_fast_connectable(&req, cp->val);
3597 err = hci_req_run(&req, fast_connectable_complete);
3599 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3600 MGMT_STATUS_FAILED);
3601 mgmt_pending_remove(cmd);
3605 hci_dev_unlock(hdev);
3610 static void set_bredr_scan(struct hci_request *req)
3612 struct hci_dev *hdev = req->hdev;
3615 /* Ensure that fast connectable is disabled. This function will
3616 * not do anything if the page scan parameters are already what
3619 write_fast_connectable(req, false);
3621 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3623 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3624 scan |= SCAN_INQUIRY;
3627 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3630 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3632 struct pending_cmd *cmd;
3634 BT_DBG("status 0x%02x", status);
3638 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3643 u8 mgmt_err = mgmt_status(status);
3645 /* We need to restore the flag if related HCI commands
3648 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3650 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3652 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3653 new_settings(hdev, cmd->sk);
3656 mgmt_pending_remove(cmd);
3659 hci_dev_unlock(hdev);
3662 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3664 struct mgmt_mode *cp = data;
3665 struct pending_cmd *cmd;
3666 struct hci_request req;
3669 BT_DBG("request for %s", hdev->name);
3671 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3672 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3673 MGMT_STATUS_NOT_SUPPORTED);
3675 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3676 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3677 MGMT_STATUS_REJECTED);
3679 if (cp->val != 0x00 && cp->val != 0x01)
3680 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3681 MGMT_STATUS_INVALID_PARAMS);
3685 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3686 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3690 if (!hdev_is_powered(hdev)) {
3692 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3693 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3694 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3695 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3696 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3699 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3701 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3705 err = new_settings(hdev, sk);
3709 /* Reject disabling when powered on */
3711 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3712 MGMT_STATUS_REJECTED);
3716 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3717 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3722 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3728 /* We need to flip the bit already here so that hci_update_ad
3729 * generates the correct flags.
3731 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3733 hci_req_init(&req, hdev);
3735 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3736 set_bredr_scan(&req);
3738 hci_update_ad(&req);
3740 err = hci_req_run(&req, set_bredr_complete);
3742 mgmt_pending_remove(cmd);
3745 hci_dev_unlock(hdev);
3749 static bool ltk_is_valid(struct mgmt_ltk_info *key)
3751 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3753 if (key->master != 0x00 && key->master != 0x01)
3755 if (!bdaddr_type_is_le(key->addr.type))
3760 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
3761 void *cp_data, u16 len)
3763 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3764 u16 key_count, expected_len;
3767 BT_DBG("request for %s", hdev->name);
3769 if (!lmp_le_capable(hdev))
3770 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3771 MGMT_STATUS_NOT_SUPPORTED);
3773 key_count = __le16_to_cpu(cp->key_count);
3775 expected_len = sizeof(*cp) + key_count *
3776 sizeof(struct mgmt_ltk_info);
3777 if (expected_len != len) {
3778 BT_ERR("load_keys: expected %u bytes, got %u bytes",
3780 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3781 MGMT_STATUS_INVALID_PARAMS);
3784 BT_DBG("%s key_count %u", hdev->name, key_count);
3786 for (i = 0; i < key_count; i++) {
3787 struct mgmt_ltk_info *key = &cp->keys[i];
3789 if (!ltk_is_valid(key))
3790 return cmd_status(sk, hdev->id,
3791 MGMT_OP_LOAD_LONG_TERM_KEYS,
3792 MGMT_STATUS_INVALID_PARAMS);
3797 hci_smp_ltks_clear(hdev);
3799 for (i = 0; i < key_count; i++) {
3800 struct mgmt_ltk_info *key = &cp->keys[i];
3803 if (key->addr.type == BDADDR_LE_PUBLIC)
3804 addr_type = ADDR_LE_DEV_PUBLIC;
3806 addr_type = ADDR_LE_DEV_RANDOM;
3811 type = HCI_SMP_LTK_SLAVE;
3813 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
3814 type, 0, key->authenticated, key->val,
3815 key->enc_size, key->ediv, key->rand);
3818 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3821 hci_dev_unlock(hdev);
3826 static const struct mgmt_handler {
3827 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3831 } mgmt_handlers[] = {
3832 { NULL }, /* 0x0000 (no command) */
3833 { read_version, false, MGMT_READ_VERSION_SIZE },
3834 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3835 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3836 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3837 { set_powered, false, MGMT_SETTING_SIZE },
3838 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3839 { set_connectable, false, MGMT_SETTING_SIZE },
3840 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3841 { set_pairable, false, MGMT_SETTING_SIZE },
3842 { set_link_security, false, MGMT_SETTING_SIZE },
3843 { set_ssp, false, MGMT_SETTING_SIZE },
3844 { set_hs, false, MGMT_SETTING_SIZE },
3845 { set_le, false, MGMT_SETTING_SIZE },
3846 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3847 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3848 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3849 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3850 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3851 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3852 { disconnect, false, MGMT_DISCONNECT_SIZE },
3853 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3854 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3855 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3856 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3857 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3858 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3859 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3860 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3861 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3862 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3863 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3864 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3865 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3866 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3867 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3868 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3869 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3870 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3871 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
3872 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
3873 { set_advertising, false, MGMT_SETTING_SIZE },
3874 { set_bredr, false, MGMT_SETTING_SIZE },
3875 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
3876 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
3880 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3884 struct mgmt_hdr *hdr;
3885 u16 opcode, index, len;
3886 struct hci_dev *hdev = NULL;
3887 const struct mgmt_handler *handler;
3890 BT_DBG("got %zu bytes", msglen);
3892 if (msglen < sizeof(*hdr))
3895 buf = kmalloc(msglen, GFP_KERNEL);
3899 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3905 opcode = __le16_to_cpu(hdr->opcode);
3906 index = __le16_to_cpu(hdr->index);
3907 len = __le16_to_cpu(hdr->len);
3909 if (len != msglen - sizeof(*hdr)) {
3914 if (index != MGMT_INDEX_NONE) {
3915 hdev = hci_dev_get(index);
3917 err = cmd_status(sk, index, opcode,
3918 MGMT_STATUS_INVALID_INDEX);
3922 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
3923 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3924 err = cmd_status(sk, index, opcode,
3925 MGMT_STATUS_INVALID_INDEX);
3930 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
3931 mgmt_handlers[opcode].func == NULL) {
3932 BT_DBG("Unknown op %u", opcode);
3933 err = cmd_status(sk, index, opcode,
3934 MGMT_STATUS_UNKNOWN_COMMAND);
3938 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
3939 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
3940 err = cmd_status(sk, index, opcode,
3941 MGMT_STATUS_INVALID_INDEX);
3945 handler = &mgmt_handlers[opcode];
3947 if ((handler->var_len && len < handler->data_len) ||
3948 (!handler->var_len && len != handler->data_len)) {
3949 err = cmd_status(sk, index, opcode,
3950 MGMT_STATUS_INVALID_PARAMS);
3955 mgmt_init_hdev(sk, hdev);
3957 cp = buf + sizeof(*hdr);
3959 err = handler->func(sk, hdev, cp, len);
3973 void mgmt_index_added(struct hci_dev *hdev)
3975 if (hdev->dev_type != HCI_BREDR)
3978 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
3981 void mgmt_index_removed(struct hci_dev *hdev)
3983 u8 status = MGMT_STATUS_INVALID_INDEX;
3985 if (hdev->dev_type != HCI_BREDR)
3988 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3990 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
3993 static void powered_complete(struct hci_dev *hdev, u8 status)
3995 struct cmd_lookup match = { NULL, hdev };
3997 BT_DBG("status 0x%02x", status);
4001 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4003 new_settings(hdev, match.sk);
4005 hci_dev_unlock(hdev);
4011 static int powered_update_hci(struct hci_dev *hdev)
4013 struct hci_request req;
4016 hci_req_init(&req, hdev);
4018 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4019 !lmp_host_ssp_capable(hdev)) {
4022 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
4025 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4026 lmp_bredr_capable(hdev)) {
4027 struct hci_cp_write_le_host_supported cp;
4030 cp.simul = lmp_le_br_capable(hdev);
4032 /* Check first if we already have the right
4033 * host state (host features set)
4035 if (cp.le != lmp_host_le_capable(hdev) ||
4036 cp.simul != lmp_host_le_br_capable(hdev))
4037 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4040 /* In case BR/EDR was toggled during the AUTO_OFF phase */
4041 hci_update_ad(&req);
4044 if (lmp_le_capable(hdev)) {
4045 /* Set random address to static address if configured */
4046 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4047 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4048 &hdev->static_addr);
4050 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4051 enable_advertising(&req);
4054 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4055 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
4056 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4057 sizeof(link_sec), &link_sec);
4059 if (lmp_bredr_capable(hdev)) {
4060 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4061 set_bredr_scan(&req);
4067 return hci_req_run(&req, powered_complete);
4070 int mgmt_powered(struct hci_dev *hdev, u8 powered)
4072 struct cmd_lookup match = { NULL, hdev };
4073 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4074 u8 zero_cod[] = { 0, 0, 0 };
4077 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4081 if (powered_update_hci(hdev) == 0)
4084 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4089 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4090 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4092 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4093 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4094 zero_cod, sizeof(zero_cod), NULL);
4097 err = new_settings(hdev, match.sk);
4105 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
4107 struct pending_cmd *cmd;
4110 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4114 if (err == -ERFKILL)
4115 status = MGMT_STATUS_RFKILLED;
4117 status = MGMT_STATUS_FAILED;
4119 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
4121 mgmt_pending_remove(cmd);
4124 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
4126 bool changed = false;
4129 /* Nothing needed here if there's a pending command since that
4130 * commands request completion callback takes care of everything
4133 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
4137 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4140 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4145 err = new_settings(hdev, NULL);
4150 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
4152 bool changed = false;
4155 /* Nothing needed here if there's a pending command since that
4156 * commands request completion callback takes care of everything
4159 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
4163 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4166 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4171 err = new_settings(hdev, NULL);
4176 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
4178 u8 mgmt_err = mgmt_status(status);
4180 if (scan & SCAN_PAGE)
4181 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
4182 cmd_status_rsp, &mgmt_err);
4184 if (scan & SCAN_INQUIRY)
4185 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
4186 cmd_status_rsp, &mgmt_err);
4191 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4194 struct mgmt_ev_new_link_key ev;
4196 memset(&ev, 0, sizeof(ev));
4198 ev.store_hint = persistent;
4199 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4200 ev.key.addr.type = BDADDR_BREDR;
4201 ev.key.type = key->type;
4202 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
4203 ev.key.pin_len = key->pin_len;
4205 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4208 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4210 struct mgmt_ev_new_long_term_key ev;
4212 memset(&ev, 0, sizeof(ev));
4214 ev.store_hint = persistent;
4215 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4216 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4217 ev.key.authenticated = key->authenticated;
4218 ev.key.enc_size = key->enc_size;
4219 ev.key.ediv = key->ediv;
4221 if (key->type == HCI_SMP_LTK)
4224 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4225 memcpy(ev.key.val, key->val, sizeof(key->val));
4227 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4231 void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4232 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4236 struct mgmt_ev_device_connected *ev = (void *) buf;
4239 bacpy(&ev->addr.bdaddr, bdaddr);
4240 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4242 ev->flags = __cpu_to_le32(flags);
4245 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4248 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4249 eir_len = eir_append_data(ev->eir, eir_len,
4250 EIR_CLASS_OF_DEV, dev_class, 3);
4252 ev->eir_len = cpu_to_le16(eir_len);
4254 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4255 sizeof(*ev) + eir_len, NULL);
4258 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4260 struct mgmt_cp_disconnect *cp = cmd->param;
4261 struct sock **sk = data;
4262 struct mgmt_rp_disconnect rp;
4264 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4265 rp.addr.type = cp->addr.type;
4267 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4273 mgmt_pending_remove(cmd);
4276 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4278 struct hci_dev *hdev = data;
4279 struct mgmt_cp_unpair_device *cp = cmd->param;
4280 struct mgmt_rp_unpair_device rp;
4282 memset(&rp, 0, sizeof(rp));
4283 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4284 rp.addr.type = cp->addr.type;
4286 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4288 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4290 mgmt_pending_remove(cmd);
4293 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4294 u8 link_type, u8 addr_type, u8 reason)
4296 struct mgmt_ev_device_disconnected ev;
4297 struct sock *sk = NULL;
4299 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4301 bacpy(&ev.addr.bdaddr, bdaddr);
4302 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4305 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
4310 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4314 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4315 u8 link_type, u8 addr_type, u8 status)
4317 struct mgmt_rp_disconnect rp;
4318 struct pending_cmd *cmd;
4320 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4323 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4327 bacpy(&rp.addr.bdaddr, bdaddr);
4328 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4330 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4331 mgmt_status(status), &rp, sizeof(rp));
4333 mgmt_pending_remove(cmd);
4336 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4337 u8 addr_type, u8 status)
4339 struct mgmt_ev_connect_failed ev;
4341 bacpy(&ev.addr.bdaddr, bdaddr);
4342 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4343 ev.status = mgmt_status(status);
4345 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4348 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
4350 struct mgmt_ev_pin_code_request ev;
4352 bacpy(&ev.addr.bdaddr, bdaddr);
4353 ev.addr.type = BDADDR_BREDR;
4356 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4360 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4363 struct pending_cmd *cmd;
4364 struct mgmt_rp_pin_code_reply rp;
4367 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
4371 bacpy(&rp.addr.bdaddr, bdaddr);
4372 rp.addr.type = BDADDR_BREDR;
4374 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4375 mgmt_status(status), &rp, sizeof(rp));
4377 mgmt_pending_remove(cmd);
4382 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4385 struct pending_cmd *cmd;
4386 struct mgmt_rp_pin_code_reply rp;
4389 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
4393 bacpy(&rp.addr.bdaddr, bdaddr);
4394 rp.addr.type = BDADDR_BREDR;
4396 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4397 mgmt_status(status), &rp, sizeof(rp));
4399 mgmt_pending_remove(cmd);
4404 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4405 u8 link_type, u8 addr_type, __le32 value,
4408 struct mgmt_ev_user_confirm_request ev;
4410 BT_DBG("%s", hdev->name);
4412 bacpy(&ev.addr.bdaddr, bdaddr);
4413 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4414 ev.confirm_hint = confirm_hint;
4417 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4421 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4422 u8 link_type, u8 addr_type)
4424 struct mgmt_ev_user_passkey_request ev;
4426 BT_DBG("%s", hdev->name);
4428 bacpy(&ev.addr.bdaddr, bdaddr);
4429 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4431 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
4435 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4436 u8 link_type, u8 addr_type, u8 status,
4439 struct pending_cmd *cmd;
4440 struct mgmt_rp_user_confirm_reply rp;
4443 cmd = mgmt_pending_find(opcode, hdev);
4447 bacpy(&rp.addr.bdaddr, bdaddr);
4448 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4449 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
4452 mgmt_pending_remove(cmd);
4457 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4458 u8 link_type, u8 addr_type, u8 status)
4460 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4461 status, MGMT_OP_USER_CONFIRM_REPLY);
4464 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4465 u8 link_type, u8 addr_type, u8 status)
4467 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4469 MGMT_OP_USER_CONFIRM_NEG_REPLY);
4472 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4473 u8 link_type, u8 addr_type, u8 status)
4475 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4476 status, MGMT_OP_USER_PASSKEY_REPLY);
4479 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4480 u8 link_type, u8 addr_type, u8 status)
4482 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4484 MGMT_OP_USER_PASSKEY_NEG_REPLY);
4487 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4488 u8 link_type, u8 addr_type, u32 passkey,
4491 struct mgmt_ev_passkey_notify ev;
4493 BT_DBG("%s", hdev->name);
4495 bacpy(&ev.addr.bdaddr, bdaddr);
4496 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4497 ev.passkey = __cpu_to_le32(passkey);
4498 ev.entered = entered;
4500 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4503 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4504 u8 addr_type, u8 status)
4506 struct mgmt_ev_auth_failed ev;
4508 bacpy(&ev.addr.bdaddr, bdaddr);
4509 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4510 ev.status = mgmt_status(status);
4512 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
4515 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4517 struct cmd_lookup match = { NULL, hdev };
4518 bool changed = false;
4522 u8 mgmt_err = mgmt_status(status);
4523 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
4524 cmd_status_rsp, &mgmt_err);
4528 if (test_bit(HCI_AUTH, &hdev->flags)) {
4529 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4532 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4536 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
4540 err = new_settings(hdev, match.sk);
4548 static void clear_eir(struct hci_request *req)
4550 struct hci_dev *hdev = req->hdev;
4551 struct hci_cp_write_eir cp;
4553 if (!lmp_ext_inq_capable(hdev))
4556 memset(hdev->eir, 0, sizeof(hdev->eir));
4558 memset(&cp, 0, sizeof(cp));
4560 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
4563 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4565 struct cmd_lookup match = { NULL, hdev };
4566 struct hci_request req;
4567 bool changed = false;
4571 u8 mgmt_err = mgmt_status(status);
4573 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
4574 &hdev->dev_flags)) {
4575 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4576 err = new_settings(hdev, NULL);
4579 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4586 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4588 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4590 changed = test_and_clear_bit(HCI_HS_ENABLED,
4593 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4596 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4599 err = new_settings(hdev, match.sk);
4604 hci_req_init(&req, hdev);
4606 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4611 hci_req_run(&req, NULL);
4616 static void sk_lookup(struct pending_cmd *cmd, void *data)
4618 struct cmd_lookup *match = data;
4620 if (match->sk == NULL) {
4621 match->sk = cmd->sk;
4622 sock_hold(match->sk);
4626 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4629 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4632 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4633 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4634 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
4637 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4646 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
4648 struct mgmt_cp_set_local_name ev;
4649 struct pending_cmd *cmd;
4654 memset(&ev, 0, sizeof(ev));
4655 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
4656 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
4658 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
4660 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
4662 /* If this is a HCI command related to powering on the
4663 * HCI dev don't send any mgmt signals.
4665 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4669 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4670 cmd ? cmd->sk : NULL);
4673 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4674 u8 *randomizer, u8 status)
4676 struct pending_cmd *cmd;
4679 BT_DBG("%s status %u", hdev->name, status);
4681 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4686 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4687 mgmt_status(status));
4689 struct mgmt_rp_read_local_oob_data rp;
4691 memcpy(rp.hash, hash, sizeof(rp.hash));
4692 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4694 err = cmd_complete(cmd->sk, hdev->id,
4695 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4699 mgmt_pending_remove(cmd);
4704 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4705 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4706 ssp, u8 *eir, u16 eir_len)
4709 struct mgmt_ev_device_found *ev = (void *) buf;
4712 if (!hci_discovery_active(hdev))
4715 /* Leave 5 bytes for a potential CoD field */
4716 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
4719 memset(buf, 0, sizeof(buf));
4721 bacpy(&ev->addr.bdaddr, bdaddr);
4722 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4725 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
4727 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
4730 memcpy(ev->eir, eir, eir_len);
4732 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4733 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
4736 ev->eir_len = cpu_to_le16(eir_len);
4737 ev_size = sizeof(*ev) + eir_len;
4739 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
4742 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4743 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
4745 struct mgmt_ev_device_found *ev;
4746 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4749 ev = (struct mgmt_ev_device_found *) buf;
4751 memset(buf, 0, sizeof(buf));
4753 bacpy(&ev->addr.bdaddr, bdaddr);
4754 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4757 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
4760 ev->eir_len = cpu_to_le16(eir_len);
4762 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
4765 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
4767 struct mgmt_ev_discovering ev;
4768 struct pending_cmd *cmd;
4770 BT_DBG("%s discovering %u", hdev->name, discovering);
4773 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
4775 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4778 u8 type = hdev->discovery.type;
4780 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4782 mgmt_pending_remove(cmd);
4785 memset(&ev, 0, sizeof(ev));
4786 ev.type = hdev->discovery.type;
4787 ev.discovering = discovering;
4789 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
4792 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4794 struct pending_cmd *cmd;
4795 struct mgmt_ev_device_blocked ev;
4797 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
4799 bacpy(&ev.addr.bdaddr, bdaddr);
4800 ev.addr.type = type;
4802 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
4803 cmd ? cmd->sk : NULL);
4806 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4808 struct pending_cmd *cmd;
4809 struct mgmt_ev_device_unblocked ev;
4811 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
4813 bacpy(&ev.addr.bdaddr, bdaddr);
4814 ev.addr.type = type;
4816 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
4817 cmd ? cmd->sk : NULL);
4820 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4822 BT_DBG("%s status %u", hdev->name, status);
4824 /* Clear the advertising mgmt setting if we failed to re-enable it */
4826 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4827 new_settings(hdev, NULL);
4831 void mgmt_reenable_advertising(struct hci_dev *hdev)
4833 struct hci_request req;
4835 if (hci_conn_num(hdev, LE_LINK) > 0)
4838 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4841 hci_req_init(&req, hdev);
4842 enable_advertising(&req);
4844 /* If this fails we have no option but to let user space know
4845 * that we've disabled advertising.
4847 if (hci_req_run(&req, adv_enable_complete) < 0) {
4848 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4849 new_settings(hdev, NULL);