2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
35 #define MGMT_VERSION 1
36 #define MGMT_REVISION 4
38 static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_LINK_SECURITY,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_UNBLOCK_DEVICE,
76 MGMT_OP_SET_DEVICE_ID,
77 MGMT_OP_SET_ADVERTISING,
79 MGMT_OP_SET_STATIC_ADDRESS,
82 static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
103 MGMT_EV_PASSKEY_NOTIFY,
106 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
108 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112 struct list_head list;
120 /* HCI to MGMT error code conversion table */
121 static u8 mgmt_status_table[] = {
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185 bool mgmt_valid_hdev(struct hci_dev *hdev)
187 return hdev->dev_type == HCI_BREDR;
190 static u8 mgmt_status(u8 hci_status)
192 if (hci_status < ARRAY_SIZE(mgmt_status_table))
193 return mgmt_status_table[hci_status];
195 return MGMT_STATUS_FAILED;
198 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
201 struct mgmt_hdr *hdr;
202 struct mgmt_ev_cmd_status *ev;
205 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
207 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
211 hdr = (void *) skb_put(skb, sizeof(*hdr));
213 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
214 hdr->index = cpu_to_le16(index);
215 hdr->len = cpu_to_le16(sizeof(*ev));
217 ev = (void *) skb_put(skb, sizeof(*ev));
219 ev->opcode = cpu_to_le16(cmd);
221 err = sock_queue_rcv_skb(sk, skb);
228 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
229 void *rp, size_t rp_len)
232 struct mgmt_hdr *hdr;
233 struct mgmt_ev_cmd_complete *ev;
236 BT_DBG("sock %p", sk);
238 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
242 hdr = (void *) skb_put(skb, sizeof(*hdr));
244 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
245 hdr->index = cpu_to_le16(index);
246 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
248 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
249 ev->opcode = cpu_to_le16(cmd);
253 memcpy(ev->data, rp, rp_len);
255 err = sock_queue_rcv_skb(sk, skb);
262 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
265 struct mgmt_rp_read_version rp;
267 BT_DBG("sock %p", sk);
269 rp.version = MGMT_VERSION;
270 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
272 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
276 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
279 struct mgmt_rp_read_commands *rp;
280 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
281 const u16 num_events = ARRAY_SIZE(mgmt_events);
286 BT_DBG("sock %p", sk);
288 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
290 rp = kmalloc(rp_size, GFP_KERNEL);
294 rp->num_commands = __constant_cpu_to_le16(num_commands);
295 rp->num_events = __constant_cpu_to_le16(num_events);
297 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
298 put_unaligned_le16(mgmt_commands[i], opcode);
300 for (i = 0; i < num_events; i++, opcode++)
301 put_unaligned_le16(mgmt_events[i], opcode);
303 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
310 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
313 struct mgmt_rp_read_index_list *rp;
319 BT_DBG("sock %p", sk);
321 read_lock(&hci_dev_list_lock);
324 list_for_each_entry(d, &hci_dev_list, list) {
325 if (!mgmt_valid_hdev(d))
331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
334 read_unlock(&hci_dev_list_lock);
339 list_for_each_entry(d, &hci_dev_list, list) {
340 if (test_bit(HCI_SETUP, &d->dev_flags))
343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
346 if (!mgmt_valid_hdev(d))
349 rp->index[count++] = cpu_to_le16(d->id);
350 BT_DBG("Added hci%u", d->id);
353 rp->num_controllers = cpu_to_le16(count);
354 rp_len = sizeof(*rp) + (2 * count);
356 read_unlock(&hci_dev_list_lock);
358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
366 static u32 get_supported_settings(struct hci_dev *hdev)
370 settings |= MGMT_SETTING_POWERED;
371 settings |= MGMT_SETTING_PAIRABLE;
373 if (lmp_ssp_capable(hdev))
374 settings |= MGMT_SETTING_SSP;
376 if (lmp_bredr_capable(hdev)) {
377 settings |= MGMT_SETTING_CONNECTABLE;
378 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
379 settings |= MGMT_SETTING_FAST_CONNECTABLE;
380 settings |= MGMT_SETTING_DISCOVERABLE;
381 settings |= MGMT_SETTING_BREDR;
382 settings |= MGMT_SETTING_LINK_SECURITY;
383 settings |= MGMT_SETTING_HS;
386 if (lmp_le_capable(hdev)) {
387 settings |= MGMT_SETTING_LE;
388 settings |= MGMT_SETTING_ADVERTISING;
394 static u32 get_current_settings(struct hci_dev *hdev)
398 if (hdev_is_powered(hdev))
399 settings |= MGMT_SETTING_POWERED;
401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
402 settings |= MGMT_SETTING_CONNECTABLE;
404 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_FAST_CONNECTABLE;
407 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
408 settings |= MGMT_SETTING_DISCOVERABLE;
410 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
411 settings |= MGMT_SETTING_PAIRABLE;
413 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
414 settings |= MGMT_SETTING_BREDR;
416 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
417 settings |= MGMT_SETTING_LE;
419 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
420 settings |= MGMT_SETTING_LINK_SECURITY;
422 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
423 settings |= MGMT_SETTING_SSP;
425 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
426 settings |= MGMT_SETTING_HS;
428 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
429 settings |= MGMT_SETTING_ADVERTISING;
434 #define PNP_INFO_SVCLASS_ID 0x1200
436 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
438 u8 *ptr = data, *uuids_start = NULL;
439 struct bt_uuid *uuid;
444 list_for_each_entry(uuid, &hdev->uuids, list) {
447 if (uuid->size != 16)
450 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
454 if (uuid16 == PNP_INFO_SVCLASS_ID)
460 uuids_start[1] = EIR_UUID16_ALL;
464 /* Stop if not enough space to put next UUID */
465 if ((ptr - data) + sizeof(u16) > len) {
466 uuids_start[1] = EIR_UUID16_SOME;
470 *ptr++ = (uuid16 & 0x00ff);
471 *ptr++ = (uuid16 & 0xff00) >> 8;
472 uuids_start[0] += sizeof(uuid16);
478 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
480 u8 *ptr = data, *uuids_start = NULL;
481 struct bt_uuid *uuid;
486 list_for_each_entry(uuid, &hdev->uuids, list) {
487 if (uuid->size != 32)
493 uuids_start[1] = EIR_UUID32_ALL;
497 /* Stop if not enough space to put next UUID */
498 if ((ptr - data) + sizeof(u32) > len) {
499 uuids_start[1] = EIR_UUID32_SOME;
503 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
505 uuids_start[0] += sizeof(u32);
511 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
513 u8 *ptr = data, *uuids_start = NULL;
514 struct bt_uuid *uuid;
519 list_for_each_entry(uuid, &hdev->uuids, list) {
520 if (uuid->size != 128)
526 uuids_start[1] = EIR_UUID128_ALL;
530 /* Stop if not enough space to put next UUID */
531 if ((ptr - data) + 16 > len) {
532 uuids_start[1] = EIR_UUID128_SOME;
536 memcpy(ptr, uuid->uuid, 16);
538 uuids_start[0] += 16;
544 static void create_eir(struct hci_dev *hdev, u8 *data)
549 name_len = strlen(hdev->dev_name);
555 ptr[1] = EIR_NAME_SHORT;
557 ptr[1] = EIR_NAME_COMPLETE;
559 /* EIR Data length */
560 ptr[0] = name_len + 1;
562 memcpy(ptr + 2, hdev->dev_name, name_len);
564 ptr += (name_len + 2);
567 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
569 ptr[1] = EIR_TX_POWER;
570 ptr[2] = (u8) hdev->inq_tx_power;
575 if (hdev->devid_source > 0) {
577 ptr[1] = EIR_DEVICE_ID;
579 put_unaligned_le16(hdev->devid_source, ptr + 2);
580 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
581 put_unaligned_le16(hdev->devid_product, ptr + 6);
582 put_unaligned_le16(hdev->devid_version, ptr + 8);
587 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
588 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
589 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
592 static void update_eir(struct hci_request *req)
594 struct hci_dev *hdev = req->hdev;
595 struct hci_cp_write_eir cp;
597 if (!hdev_is_powered(hdev))
600 if (!lmp_ext_inq_capable(hdev))
603 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
606 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
609 memset(&cp, 0, sizeof(cp));
611 create_eir(hdev, cp.data);
613 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
616 memcpy(hdev->eir, cp.data, sizeof(cp.data));
618 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
621 static u8 get_service_classes(struct hci_dev *hdev)
623 struct bt_uuid *uuid;
626 list_for_each_entry(uuid, &hdev->uuids, list)
627 val |= uuid->svc_hint;
632 static void update_class(struct hci_request *req)
634 struct hci_dev *hdev = req->hdev;
637 BT_DBG("%s", hdev->name);
639 if (!hdev_is_powered(hdev))
642 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
645 cod[0] = hdev->minor_class;
646 cod[1] = hdev->major_class;
647 cod[2] = get_service_classes(hdev);
649 if (memcmp(cod, hdev->dev_class, 3) == 0)
652 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
655 static void service_cache_off(struct work_struct *work)
657 struct hci_dev *hdev = container_of(work, struct hci_dev,
659 struct hci_request req;
661 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
664 hci_req_init(&req, hdev);
671 hci_dev_unlock(hdev);
673 hci_req_run(&req, NULL);
676 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
678 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
681 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
683 /* Non-mgmt controlled devices get this bit set
684 * implicitly so that pairing works for them, however
685 * for mgmt we require user-space to explicitly enable
688 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
691 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
692 void *data, u16 data_len)
694 struct mgmt_rp_read_info rp;
696 BT_DBG("sock %p %s", sk, hdev->name);
700 memset(&rp, 0, sizeof(rp));
702 bacpy(&rp.bdaddr, &hdev->bdaddr);
704 rp.version = hdev->hci_ver;
705 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
707 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
708 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
710 memcpy(rp.dev_class, hdev->dev_class, 3);
712 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
713 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
715 hci_dev_unlock(hdev);
717 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
721 static void mgmt_pending_free(struct pending_cmd *cmd)
728 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
729 struct hci_dev *hdev, void *data,
732 struct pending_cmd *cmd;
734 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
738 cmd->opcode = opcode;
739 cmd->index = hdev->id;
741 cmd->param = kmalloc(len, GFP_KERNEL);
748 memcpy(cmd->param, data, len);
753 list_add(&cmd->list, &hdev->mgmt_pending);
758 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
759 void (*cb)(struct pending_cmd *cmd,
763 struct pending_cmd *cmd, *tmp;
765 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
766 if (opcode > 0 && cmd->opcode != opcode)
773 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
775 struct pending_cmd *cmd;
777 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
778 if (cmd->opcode == opcode)
785 static void mgmt_pending_remove(struct pending_cmd *cmd)
787 list_del(&cmd->list);
788 mgmt_pending_free(cmd);
791 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
793 __le32 settings = cpu_to_le32(get_current_settings(hdev));
795 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
799 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
802 struct mgmt_mode *cp = data;
803 struct pending_cmd *cmd;
806 BT_DBG("request for %s", hdev->name);
808 if (cp->val != 0x00 && cp->val != 0x01)
809 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
810 MGMT_STATUS_INVALID_PARAMS);
814 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
815 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
820 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
821 cancel_delayed_work(&hdev->power_off);
824 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
826 err = mgmt_powered(hdev, 1);
831 if (!!cp->val == hdev_is_powered(hdev)) {
832 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
843 queue_work(hdev->req_workqueue, &hdev->power_on);
845 queue_work(hdev->req_workqueue, &hdev->power_off.work);
850 hci_dev_unlock(hdev);
854 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
855 struct sock *skip_sk)
858 struct mgmt_hdr *hdr;
860 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
864 hdr = (void *) skb_put(skb, sizeof(*hdr));
865 hdr->opcode = cpu_to_le16(event);
867 hdr->index = cpu_to_le16(hdev->id);
869 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
870 hdr->len = cpu_to_le16(data_len);
873 memcpy(skb_put(skb, data_len), data, data_len);
876 __net_timestamp(skb);
878 hci_send_to_control(skb, skip_sk);
884 static int new_settings(struct hci_dev *hdev, struct sock *skip)
888 ev = cpu_to_le32(get_current_settings(hdev));
890 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
893 int mgmt_new_settings(struct hci_dev *hdev)
895 return new_settings(hdev, NULL);
900 struct hci_dev *hdev;
904 static void settings_rsp(struct pending_cmd *cmd, void *data)
906 struct cmd_lookup *match = data;
908 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
910 list_del(&cmd->list);
912 if (match->sk == NULL) {
914 sock_hold(match->sk);
917 mgmt_pending_free(cmd);
920 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
924 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
925 mgmt_pending_remove(cmd);
928 static u8 mgmt_bredr_support(struct hci_dev *hdev)
930 if (!lmp_bredr_capable(hdev))
931 return MGMT_STATUS_NOT_SUPPORTED;
932 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
933 return MGMT_STATUS_REJECTED;
935 return MGMT_STATUS_SUCCESS;
938 static u8 mgmt_le_support(struct hci_dev *hdev)
940 if (!lmp_le_capable(hdev))
941 return MGMT_STATUS_NOT_SUPPORTED;
942 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
943 return MGMT_STATUS_REJECTED;
945 return MGMT_STATUS_SUCCESS;
948 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
951 struct mgmt_cp_set_discoverable *cp = data;
952 struct pending_cmd *cmd;
957 BT_DBG("request for %s", hdev->name);
959 status = mgmt_bredr_support(hdev);
961 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
964 if (cp->val != 0x00 && cp->val != 0x01)
965 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
966 MGMT_STATUS_INVALID_PARAMS);
968 timeout = __le16_to_cpu(cp->timeout);
969 if (!cp->val && timeout > 0)
970 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
971 MGMT_STATUS_INVALID_PARAMS);
975 if (!hdev_is_powered(hdev) && timeout > 0) {
976 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
977 MGMT_STATUS_NOT_POWERED);
981 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
982 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
983 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
988 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
989 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
990 MGMT_STATUS_REJECTED);
994 if (!hdev_is_powered(hdev)) {
995 bool changed = false;
997 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
998 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1002 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1007 err = new_settings(hdev, sk);
1012 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1013 if (hdev->discov_timeout > 0) {
1014 cancel_delayed_work(&hdev->discov_off);
1015 hdev->discov_timeout = 0;
1018 if (cp->val && timeout > 0) {
1019 hdev->discov_timeout = timeout;
1020 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1021 msecs_to_jiffies(hdev->discov_timeout * 1000));
1024 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1028 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1037 scan |= SCAN_INQUIRY;
1039 cancel_delayed_work(&hdev->discov_off);
1041 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1043 mgmt_pending_remove(cmd);
1046 hdev->discov_timeout = timeout;
1049 hci_dev_unlock(hdev);
1053 static void write_fast_connectable(struct hci_request *req, bool enable)
1055 struct hci_dev *hdev = req->hdev;
1056 struct hci_cp_write_page_scan_activity acp;
1059 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1063 type = PAGE_SCAN_TYPE_INTERLACED;
1065 /* 160 msec page scan interval */
1066 acp.interval = __constant_cpu_to_le16(0x0100);
1068 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1070 /* default 1.28 sec page scan */
1071 acp.interval = __constant_cpu_to_le16(0x0800);
1074 acp.window = __constant_cpu_to_le16(0x0012);
1076 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1077 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1078 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1081 if (hdev->page_scan_type != type)
1082 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1085 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1087 struct pending_cmd *cmd;
1089 BT_DBG("status 0x%02x", status);
1093 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1097 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1099 mgmt_pending_remove(cmd);
1102 hci_dev_unlock(hdev);
1105 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1108 struct mgmt_mode *cp = data;
1109 struct pending_cmd *cmd;
1110 struct hci_request req;
1114 BT_DBG("request for %s", hdev->name);
1116 status = mgmt_bredr_support(hdev);
1118 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1121 if (cp->val != 0x00 && cp->val != 0x01)
1122 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1123 MGMT_STATUS_INVALID_PARAMS);
1127 if (!hdev_is_powered(hdev)) {
1128 bool changed = false;
1130 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1134 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1136 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1137 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1140 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1145 err = new_settings(hdev, sk);
1150 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1151 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1152 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1157 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1158 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1162 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1173 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1174 hdev->discov_timeout > 0)
1175 cancel_delayed_work(&hdev->discov_off);
1178 hci_req_init(&req, hdev);
1180 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1182 /* If we're going from non-connectable to connectable or
1183 * vice-versa when fast connectable is enabled ensure that fast
1184 * connectable gets disabled. write_fast_connectable won't do
1185 * anything if the page scan parameters are already what they
1188 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1189 write_fast_connectable(&req, false);
1191 err = hci_req_run(&req, set_connectable_complete);
1193 mgmt_pending_remove(cmd);
1196 hci_dev_unlock(hdev);
1200 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1203 struct mgmt_mode *cp = data;
1206 BT_DBG("request for %s", hdev->name);
1208 if (cp->val != 0x00 && cp->val != 0x01)
1209 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1210 MGMT_STATUS_INVALID_PARAMS);
1215 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1217 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1219 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1223 err = new_settings(hdev, sk);
1226 hci_dev_unlock(hdev);
1230 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1233 struct mgmt_mode *cp = data;
1234 struct pending_cmd *cmd;
1238 BT_DBG("request for %s", hdev->name);
1240 status = mgmt_bredr_support(hdev);
1242 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1245 if (cp->val != 0x00 && cp->val != 0x01)
1246 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1247 MGMT_STATUS_INVALID_PARAMS);
1251 if (!hdev_is_powered(hdev)) {
1252 bool changed = false;
1254 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1255 &hdev->dev_flags)) {
1256 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1260 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1265 err = new_settings(hdev, sk);
1270 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1271 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1278 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1279 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1283 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1289 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1291 mgmt_pending_remove(cmd);
1296 hci_dev_unlock(hdev);
1300 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1302 struct mgmt_mode *cp = data;
1303 struct pending_cmd *cmd;
1307 BT_DBG("request for %s", hdev->name);
1309 status = mgmt_bredr_support(hdev);
1311 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1313 if (!lmp_ssp_capable(hdev))
1314 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1315 MGMT_STATUS_NOT_SUPPORTED);
1317 if (cp->val != 0x00 && cp->val != 0x01)
1318 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1319 MGMT_STATUS_INVALID_PARAMS);
1325 if (!hdev_is_powered(hdev)) {
1326 bool changed = false;
1328 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1329 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1333 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1338 err = new_settings(hdev, sk);
1343 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1344 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1349 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1350 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1354 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1360 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1362 mgmt_pending_remove(cmd);
1367 hci_dev_unlock(hdev);
1371 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1373 struct mgmt_mode *cp = data;
1378 BT_DBG("request for %s", hdev->name);
1380 status = mgmt_bredr_support(hdev);
1382 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1384 if (cp->val != 0x00 && cp->val != 0x01)
1385 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1386 MGMT_STATUS_INVALID_PARAMS);
1391 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1393 if (hdev_is_powered(hdev)) {
1394 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1395 MGMT_STATUS_REJECTED);
1399 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1402 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1407 err = new_settings(hdev, sk);
1410 hci_dev_unlock(hdev);
1414 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1416 struct cmd_lookup match = { NULL, hdev };
1419 u8 mgmt_err = mgmt_status(status);
1421 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1426 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1428 new_settings(hdev, match.sk);
1434 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1436 struct mgmt_mode *cp = data;
1437 struct hci_cp_write_le_host_supported hci_cp;
1438 struct pending_cmd *cmd;
1439 struct hci_request req;
1443 BT_DBG("request for %s", hdev->name);
1445 if (!lmp_le_capable(hdev))
1446 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1447 MGMT_STATUS_NOT_SUPPORTED);
1449 if (cp->val != 0x00 && cp->val != 0x01)
1450 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1451 MGMT_STATUS_INVALID_PARAMS);
1453 /* LE-only devices do not allow toggling LE on/off */
1454 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1455 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1456 MGMT_STATUS_REJECTED);
1461 enabled = lmp_host_le_capable(hdev);
1463 if (!hdev_is_powered(hdev) || val == enabled) {
1464 bool changed = false;
1466 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1467 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1471 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1472 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1476 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1481 err = new_settings(hdev, sk);
1486 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1487 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1488 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1493 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1499 memset(&hci_cp, 0, sizeof(hci_cp));
1503 hci_cp.simul = lmp_le_br_capable(hdev);
1506 hci_req_init(&req, hdev);
1508 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && !val) {
1511 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(adv), &adv);
1514 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1517 err = hci_req_run(&req, le_enable_complete);
1519 mgmt_pending_remove(cmd);
1522 hci_dev_unlock(hdev);
1526 /* This is a helper function to test for pending mgmt commands that can
1527 * cause CoD or EIR HCI commands. We can only allow one such pending
1528 * mgmt command at a time since otherwise we cannot easily track what
1529 * the current values are, will be, and based on that calculate if a new
1530 * HCI command needs to be sent and if yes with what value.
1532 static bool pending_eir_or_class(struct hci_dev *hdev)
1534 struct pending_cmd *cmd;
1536 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1537 switch (cmd->opcode) {
1538 case MGMT_OP_ADD_UUID:
1539 case MGMT_OP_REMOVE_UUID:
1540 case MGMT_OP_SET_DEV_CLASS:
1541 case MGMT_OP_SET_POWERED:
1549 static const u8 bluetooth_base_uuid[] = {
1550 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1551 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1554 static u8 get_uuid_size(const u8 *uuid)
1558 if (memcmp(uuid, bluetooth_base_uuid, 12))
1561 val = get_unaligned_le32(&uuid[12]);
1568 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1570 struct pending_cmd *cmd;
1574 cmd = mgmt_pending_find(mgmt_op, hdev);
1578 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1579 hdev->dev_class, 3);
1581 mgmt_pending_remove(cmd);
1584 hci_dev_unlock(hdev);
1587 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1589 BT_DBG("status 0x%02x", status);
1591 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1594 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1596 struct mgmt_cp_add_uuid *cp = data;
1597 struct pending_cmd *cmd;
1598 struct hci_request req;
1599 struct bt_uuid *uuid;
1602 BT_DBG("request for %s", hdev->name);
1606 if (pending_eir_or_class(hdev)) {
1607 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1612 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1618 memcpy(uuid->uuid, cp->uuid, 16);
1619 uuid->svc_hint = cp->svc_hint;
1620 uuid->size = get_uuid_size(cp->uuid);
1622 list_add_tail(&uuid->list, &hdev->uuids);
1624 hci_req_init(&req, hdev);
1629 err = hci_req_run(&req, add_uuid_complete);
1631 if (err != -ENODATA)
1634 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1635 hdev->dev_class, 3);
1639 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1648 hci_dev_unlock(hdev);
1652 static bool enable_service_cache(struct hci_dev *hdev)
1654 if (!hdev_is_powered(hdev))
1657 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1658 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1666 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1668 BT_DBG("status 0x%02x", status);
1670 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1673 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1676 struct mgmt_cp_remove_uuid *cp = data;
1677 struct pending_cmd *cmd;
1678 struct bt_uuid *match, *tmp;
1679 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1680 struct hci_request req;
1683 BT_DBG("request for %s", hdev->name);
1687 if (pending_eir_or_class(hdev)) {
1688 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1693 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1694 err = hci_uuids_clear(hdev);
1696 if (enable_service_cache(hdev)) {
1697 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1698 0, hdev->dev_class, 3);
1707 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1708 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1711 list_del(&match->list);
1717 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1718 MGMT_STATUS_INVALID_PARAMS);
1723 hci_req_init(&req, hdev);
1728 err = hci_req_run(&req, remove_uuid_complete);
1730 if (err != -ENODATA)
1733 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1734 hdev->dev_class, 3);
1738 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1747 hci_dev_unlock(hdev);
1751 static void set_class_complete(struct hci_dev *hdev, u8 status)
1753 BT_DBG("status 0x%02x", status);
1755 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1758 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1761 struct mgmt_cp_set_dev_class *cp = data;
1762 struct pending_cmd *cmd;
1763 struct hci_request req;
1766 BT_DBG("request for %s", hdev->name);
1768 if (!lmp_bredr_capable(hdev))
1769 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1770 MGMT_STATUS_NOT_SUPPORTED);
1774 if (pending_eir_or_class(hdev)) {
1775 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1780 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1781 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1782 MGMT_STATUS_INVALID_PARAMS);
1786 hdev->major_class = cp->major;
1787 hdev->minor_class = cp->minor;
1789 if (!hdev_is_powered(hdev)) {
1790 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1791 hdev->dev_class, 3);
1795 hci_req_init(&req, hdev);
1797 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1798 hci_dev_unlock(hdev);
1799 cancel_delayed_work_sync(&hdev->service_cache);
1806 err = hci_req_run(&req, set_class_complete);
1808 if (err != -ENODATA)
1811 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1812 hdev->dev_class, 3);
1816 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1825 hci_dev_unlock(hdev);
1829 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1832 struct mgmt_cp_load_link_keys *cp = data;
1833 u16 key_count, expected_len;
1836 BT_DBG("request for %s", hdev->name);
1838 if (!lmp_bredr_capable(hdev))
1839 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1840 MGMT_STATUS_NOT_SUPPORTED);
1842 key_count = __le16_to_cpu(cp->key_count);
1844 expected_len = sizeof(*cp) + key_count *
1845 sizeof(struct mgmt_link_key_info);
1846 if (expected_len != len) {
1847 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1849 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1850 MGMT_STATUS_INVALID_PARAMS);
1853 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1854 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1855 MGMT_STATUS_INVALID_PARAMS);
1857 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1860 for (i = 0; i < key_count; i++) {
1861 struct mgmt_link_key_info *key = &cp->keys[i];
1863 if (key->addr.type != BDADDR_BREDR)
1864 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1865 MGMT_STATUS_INVALID_PARAMS);
1870 hci_link_keys_clear(hdev);
1873 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1875 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1877 for (i = 0; i < key_count; i++) {
1878 struct mgmt_link_key_info *key = &cp->keys[i];
1880 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1881 key->type, key->pin_len);
1884 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1886 hci_dev_unlock(hdev);
1891 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1892 u8 addr_type, struct sock *skip_sk)
1894 struct mgmt_ev_device_unpaired ev;
1896 bacpy(&ev.addr.bdaddr, bdaddr);
1897 ev.addr.type = addr_type;
1899 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1903 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1906 struct mgmt_cp_unpair_device *cp = data;
1907 struct mgmt_rp_unpair_device rp;
1908 struct hci_cp_disconnect dc;
1909 struct pending_cmd *cmd;
1910 struct hci_conn *conn;
1913 memset(&rp, 0, sizeof(rp));
1914 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1915 rp.addr.type = cp->addr.type;
1917 if (!bdaddr_type_is_valid(cp->addr.type))
1918 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1919 MGMT_STATUS_INVALID_PARAMS,
1922 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1923 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1924 MGMT_STATUS_INVALID_PARAMS,
1929 if (!hdev_is_powered(hdev)) {
1930 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1931 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1935 if (cp->addr.type == BDADDR_BREDR)
1936 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1938 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1941 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1942 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1946 if (cp->disconnect) {
1947 if (cp->addr.type == BDADDR_BREDR)
1948 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1951 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1958 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1960 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1964 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1971 dc.handle = cpu_to_le16(conn->handle);
1972 dc.reason = 0x13; /* Remote User Terminated Connection */
1973 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1975 mgmt_pending_remove(cmd);
1978 hci_dev_unlock(hdev);
1982 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1985 struct mgmt_cp_disconnect *cp = data;
1986 struct mgmt_rp_disconnect rp;
1987 struct hci_cp_disconnect dc;
1988 struct pending_cmd *cmd;
1989 struct hci_conn *conn;
1994 memset(&rp, 0, sizeof(rp));
1995 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1996 rp.addr.type = cp->addr.type;
1998 if (!bdaddr_type_is_valid(cp->addr.type))
1999 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2000 MGMT_STATUS_INVALID_PARAMS,
2005 if (!test_bit(HCI_UP, &hdev->flags)) {
2006 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2007 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2011 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2012 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2013 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2017 if (cp->addr.type == BDADDR_BREDR)
2018 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2021 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2023 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2024 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2025 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2029 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2035 dc.handle = cpu_to_le16(conn->handle);
2036 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2038 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2040 mgmt_pending_remove(cmd);
2043 hci_dev_unlock(hdev);
2047 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2049 switch (link_type) {
2051 switch (addr_type) {
2052 case ADDR_LE_DEV_PUBLIC:
2053 return BDADDR_LE_PUBLIC;
2056 /* Fallback to LE Random address type */
2057 return BDADDR_LE_RANDOM;
2061 /* Fallback to BR/EDR type */
2062 return BDADDR_BREDR;
2066 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2069 struct mgmt_rp_get_connections *rp;
2079 if (!hdev_is_powered(hdev)) {
2080 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2081 MGMT_STATUS_NOT_POWERED);
2086 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2087 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2091 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2092 rp = kmalloc(rp_len, GFP_KERNEL);
2099 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2100 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2102 bacpy(&rp->addr[i].bdaddr, &c->dst);
2103 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2104 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2109 rp->conn_count = cpu_to_le16(i);
2111 /* Recalculate length in case of filtered SCO connections, etc */
2112 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2114 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2120 hci_dev_unlock(hdev);
2124 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2125 struct mgmt_cp_pin_code_neg_reply *cp)
2127 struct pending_cmd *cmd;
2130 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2135 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2136 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2138 mgmt_pending_remove(cmd);
2143 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2146 struct hci_conn *conn;
2147 struct mgmt_cp_pin_code_reply *cp = data;
2148 struct hci_cp_pin_code_reply reply;
2149 struct pending_cmd *cmd;
2156 if (!hdev_is_powered(hdev)) {
2157 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2158 MGMT_STATUS_NOT_POWERED);
2162 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2164 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2165 MGMT_STATUS_NOT_CONNECTED);
2169 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2170 struct mgmt_cp_pin_code_neg_reply ncp;
2172 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2174 BT_ERR("PIN code is not 16 bytes long");
2176 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2178 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2179 MGMT_STATUS_INVALID_PARAMS);
2184 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2190 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2191 reply.pin_len = cp->pin_len;
2192 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2194 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2196 mgmt_pending_remove(cmd);
2199 hci_dev_unlock(hdev);
2203 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2206 struct mgmt_cp_set_io_capability *cp = data;
2212 hdev->io_capability = cp->io_capability;
2214 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2215 hdev->io_capability);
2217 hci_dev_unlock(hdev);
2219 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2223 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2225 struct hci_dev *hdev = conn->hdev;
2226 struct pending_cmd *cmd;
2228 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2229 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2232 if (cmd->user_data != conn)
2241 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2243 struct mgmt_rp_pair_device rp;
2244 struct hci_conn *conn = cmd->user_data;
2246 bacpy(&rp.addr.bdaddr, &conn->dst);
2247 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2249 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2252 /* So we don't get further callbacks for this connection */
2253 conn->connect_cfm_cb = NULL;
2254 conn->security_cfm_cb = NULL;
2255 conn->disconn_cfm_cb = NULL;
2257 hci_conn_drop(conn);
2259 mgmt_pending_remove(cmd);
2262 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2264 struct pending_cmd *cmd;
2266 BT_DBG("status %u", status);
2268 cmd = find_pairing(conn);
2270 BT_DBG("Unable to find a pending command");
2272 pairing_complete(cmd, mgmt_status(status));
2275 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2277 struct pending_cmd *cmd;
2279 BT_DBG("status %u", status);
2284 cmd = find_pairing(conn);
2286 BT_DBG("Unable to find a pending command");
2288 pairing_complete(cmd, mgmt_status(status));
2291 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2294 struct mgmt_cp_pair_device *cp = data;
2295 struct mgmt_rp_pair_device rp;
2296 struct pending_cmd *cmd;
2297 u8 sec_level, auth_type;
2298 struct hci_conn *conn;
2303 memset(&rp, 0, sizeof(rp));
2304 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2305 rp.addr.type = cp->addr.type;
2307 if (!bdaddr_type_is_valid(cp->addr.type))
2308 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2309 MGMT_STATUS_INVALID_PARAMS,
2314 if (!hdev_is_powered(hdev)) {
2315 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2316 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2320 sec_level = BT_SECURITY_MEDIUM;
2321 if (cp->io_cap == 0x03)
2322 auth_type = HCI_AT_DEDICATED_BONDING;
2324 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2326 if (cp->addr.type == BDADDR_BREDR)
2327 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2328 cp->addr.type, sec_level, auth_type);
2330 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2331 cp->addr.type, sec_level, auth_type);
2336 if (PTR_ERR(conn) == -EBUSY)
2337 status = MGMT_STATUS_BUSY;
2339 status = MGMT_STATUS_CONNECT_FAILED;
2341 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2347 if (conn->connect_cfm_cb) {
2348 hci_conn_drop(conn);
2349 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2350 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2354 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2357 hci_conn_drop(conn);
2361 /* For LE, just connecting isn't a proof that the pairing finished */
2362 if (cp->addr.type == BDADDR_BREDR)
2363 conn->connect_cfm_cb = pairing_complete_cb;
2365 conn->connect_cfm_cb = le_connect_complete_cb;
2367 conn->security_cfm_cb = pairing_complete_cb;
2368 conn->disconn_cfm_cb = pairing_complete_cb;
2369 conn->io_capability = cp->io_cap;
2370 cmd->user_data = conn;
2372 if (conn->state == BT_CONNECTED &&
2373 hci_conn_security(conn, sec_level, auth_type))
2374 pairing_complete(cmd, 0);
2379 hci_dev_unlock(hdev);
2383 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2386 struct mgmt_addr_info *addr = data;
2387 struct pending_cmd *cmd;
2388 struct hci_conn *conn;
2395 if (!hdev_is_powered(hdev)) {
2396 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2397 MGMT_STATUS_NOT_POWERED);
2401 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2403 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2404 MGMT_STATUS_INVALID_PARAMS);
2408 conn = cmd->user_data;
2410 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2411 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2412 MGMT_STATUS_INVALID_PARAMS);
2416 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2418 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2419 addr, sizeof(*addr));
2421 hci_dev_unlock(hdev);
2425 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2426 struct mgmt_addr_info *addr, u16 mgmt_op,
2427 u16 hci_op, __le32 passkey)
2429 struct pending_cmd *cmd;
2430 struct hci_conn *conn;
2435 if (!hdev_is_powered(hdev)) {
2436 err = cmd_complete(sk, hdev->id, mgmt_op,
2437 MGMT_STATUS_NOT_POWERED, addr,
2442 if (addr->type == BDADDR_BREDR)
2443 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2445 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2448 err = cmd_complete(sk, hdev->id, mgmt_op,
2449 MGMT_STATUS_NOT_CONNECTED, addr,
2454 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2455 /* Continue with pairing via SMP */
2456 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2459 err = cmd_complete(sk, hdev->id, mgmt_op,
2460 MGMT_STATUS_SUCCESS, addr,
2463 err = cmd_complete(sk, hdev->id, mgmt_op,
2464 MGMT_STATUS_FAILED, addr,
2470 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2476 /* Continue with pairing via HCI */
2477 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2478 struct hci_cp_user_passkey_reply cp;
2480 bacpy(&cp.bdaddr, &addr->bdaddr);
2481 cp.passkey = passkey;
2482 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2484 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2488 mgmt_pending_remove(cmd);
2491 hci_dev_unlock(hdev);
2495 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2496 void *data, u16 len)
2498 struct mgmt_cp_pin_code_neg_reply *cp = data;
2502 return user_pairing_resp(sk, hdev, &cp->addr,
2503 MGMT_OP_PIN_CODE_NEG_REPLY,
2504 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2507 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2510 struct mgmt_cp_user_confirm_reply *cp = data;
2514 if (len != sizeof(*cp))
2515 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2516 MGMT_STATUS_INVALID_PARAMS);
2518 return user_pairing_resp(sk, hdev, &cp->addr,
2519 MGMT_OP_USER_CONFIRM_REPLY,
2520 HCI_OP_USER_CONFIRM_REPLY, 0);
2523 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2524 void *data, u16 len)
2526 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2530 return user_pairing_resp(sk, hdev, &cp->addr,
2531 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2532 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2535 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2538 struct mgmt_cp_user_passkey_reply *cp = data;
2542 return user_pairing_resp(sk, hdev, &cp->addr,
2543 MGMT_OP_USER_PASSKEY_REPLY,
2544 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2547 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2548 void *data, u16 len)
2550 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2554 return user_pairing_resp(sk, hdev, &cp->addr,
2555 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2556 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2559 static void update_name(struct hci_request *req)
2561 struct hci_dev *hdev = req->hdev;
2562 struct hci_cp_write_local_name cp;
2564 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2566 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2569 static void set_name_complete(struct hci_dev *hdev, u8 status)
2571 struct mgmt_cp_set_local_name *cp;
2572 struct pending_cmd *cmd;
2574 BT_DBG("status 0x%02x", status);
2578 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2585 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2586 mgmt_status(status));
2588 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2591 mgmt_pending_remove(cmd);
2594 hci_dev_unlock(hdev);
2597 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2600 struct mgmt_cp_set_local_name *cp = data;
2601 struct pending_cmd *cmd;
2602 struct hci_request req;
2609 /* If the old values are the same as the new ones just return a
2610 * direct command complete event.
2612 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2613 !memcmp(hdev->short_name, cp->short_name,
2614 sizeof(hdev->short_name))) {
2615 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2620 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2622 if (!hdev_is_powered(hdev)) {
2623 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2625 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2630 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2636 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2642 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2644 hci_req_init(&req, hdev);
2646 if (lmp_bredr_capable(hdev)) {
2651 if (lmp_le_capable(hdev))
2652 hci_update_ad(&req);
2654 err = hci_req_run(&req, set_name_complete);
2656 mgmt_pending_remove(cmd);
2659 hci_dev_unlock(hdev);
2663 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2664 void *data, u16 data_len)
2666 struct pending_cmd *cmd;
2669 BT_DBG("%s", hdev->name);
2673 if (!hdev_is_powered(hdev)) {
2674 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2675 MGMT_STATUS_NOT_POWERED);
2679 if (!lmp_ssp_capable(hdev)) {
2680 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2681 MGMT_STATUS_NOT_SUPPORTED);
2685 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2686 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2691 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2697 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2699 mgmt_pending_remove(cmd);
2702 hci_dev_unlock(hdev);
2706 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2707 void *data, u16 len)
2709 struct mgmt_cp_add_remote_oob_data *cp = data;
2713 BT_DBG("%s ", hdev->name);
2717 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2720 status = MGMT_STATUS_FAILED;
2722 status = MGMT_STATUS_SUCCESS;
2724 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2725 &cp->addr, sizeof(cp->addr));
2727 hci_dev_unlock(hdev);
2731 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2732 void *data, u16 len)
2734 struct mgmt_cp_remove_remote_oob_data *cp = data;
2738 BT_DBG("%s", hdev->name);
2742 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2744 status = MGMT_STATUS_INVALID_PARAMS;
2746 status = MGMT_STATUS_SUCCESS;
2748 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2749 status, &cp->addr, sizeof(cp->addr));
2751 hci_dev_unlock(hdev);
2755 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2757 struct pending_cmd *cmd;
2761 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2763 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2767 type = hdev->discovery.type;
2769 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2770 &type, sizeof(type));
2771 mgmt_pending_remove(cmd);
2776 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2778 BT_DBG("status %d", status);
2782 mgmt_start_discovery_failed(hdev, status);
2783 hci_dev_unlock(hdev);
2788 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2789 hci_dev_unlock(hdev);
2791 switch (hdev->discovery.type) {
2792 case DISCOV_TYPE_LE:
2793 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2797 case DISCOV_TYPE_INTERLEAVED:
2798 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2799 DISCOV_INTERLEAVED_TIMEOUT);
2802 case DISCOV_TYPE_BREDR:
2806 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2810 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2811 void *data, u16 len)
2813 struct mgmt_cp_start_discovery *cp = data;
2814 struct pending_cmd *cmd;
2815 struct hci_cp_le_set_scan_param param_cp;
2816 struct hci_cp_le_set_scan_enable enable_cp;
2817 struct hci_cp_inquiry inq_cp;
2818 struct hci_request req;
2819 /* General inquiry access code (GIAC) */
2820 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2824 BT_DBG("%s", hdev->name);
2828 if (!hdev_is_powered(hdev)) {
2829 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2830 MGMT_STATUS_NOT_POWERED);
2834 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2835 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2840 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2841 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2846 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2852 hdev->discovery.type = cp->type;
2854 hci_req_init(&req, hdev);
2856 switch (hdev->discovery.type) {
2857 case DISCOV_TYPE_BREDR:
2858 status = mgmt_bredr_support(hdev);
2860 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2862 mgmt_pending_remove(cmd);
2866 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2867 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2869 mgmt_pending_remove(cmd);
2873 hci_inquiry_cache_flush(hdev);
2875 memset(&inq_cp, 0, sizeof(inq_cp));
2876 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
2877 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
2878 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
2881 case DISCOV_TYPE_LE:
2882 case DISCOV_TYPE_INTERLEAVED:
2883 status = mgmt_le_support(hdev);
2885 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2887 mgmt_pending_remove(cmd);
2891 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
2892 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2893 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2894 MGMT_STATUS_NOT_SUPPORTED);
2895 mgmt_pending_remove(cmd);
2899 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2900 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2901 MGMT_STATUS_REJECTED);
2902 mgmt_pending_remove(cmd);
2906 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2907 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2909 mgmt_pending_remove(cmd);
2913 memset(¶m_cp, 0, sizeof(param_cp));
2914 param_cp.type = LE_SCAN_ACTIVE;
2915 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2916 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
2917 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
2918 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
2920 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
2921 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2924 memset(&enable_cp, 0, sizeof(enable_cp));
2925 enable_cp.enable = LE_SCAN_ENABLE;
2926 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2927 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2932 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2933 MGMT_STATUS_INVALID_PARAMS);
2934 mgmt_pending_remove(cmd);
2938 err = hci_req_run(&req, start_discovery_complete);
2940 mgmt_pending_remove(cmd);
2942 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2945 hci_dev_unlock(hdev);
2949 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2951 struct pending_cmd *cmd;
2954 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2958 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2959 &hdev->discovery.type, sizeof(hdev->discovery.type));
2960 mgmt_pending_remove(cmd);
2965 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2967 BT_DBG("status %d", status);
2972 mgmt_stop_discovery_failed(hdev, status);
2976 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2979 hci_dev_unlock(hdev);
2982 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2985 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2986 struct pending_cmd *cmd;
2987 struct hci_cp_remote_name_req_cancel cp;
2988 struct inquiry_entry *e;
2989 struct hci_request req;
2990 struct hci_cp_le_set_scan_enable enable_cp;
2993 BT_DBG("%s", hdev->name);
2997 if (!hci_discovery_active(hdev)) {
2998 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2999 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3000 sizeof(mgmt_cp->type));
3004 if (hdev->discovery.type != mgmt_cp->type) {
3005 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3006 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3007 sizeof(mgmt_cp->type));
3011 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3017 hci_req_init(&req, hdev);
3019 switch (hdev->discovery.state) {
3020 case DISCOVERY_FINDING:
3021 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3022 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3024 cancel_delayed_work(&hdev->le_scan_disable);
3026 memset(&enable_cp, 0, sizeof(enable_cp));
3027 enable_cp.enable = LE_SCAN_DISABLE;
3028 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3029 sizeof(enable_cp), &enable_cp);
3034 case DISCOVERY_RESOLVING:
3035 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3038 mgmt_pending_remove(cmd);
3039 err = cmd_complete(sk, hdev->id,
3040 MGMT_OP_STOP_DISCOVERY, 0,
3042 sizeof(mgmt_cp->type));
3043 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3047 bacpy(&cp.bdaddr, &e->data.bdaddr);
3048 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3054 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3056 mgmt_pending_remove(cmd);
3057 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3058 MGMT_STATUS_FAILED, &mgmt_cp->type,
3059 sizeof(mgmt_cp->type));
3063 err = hci_req_run(&req, stop_discovery_complete);
3065 mgmt_pending_remove(cmd);
3067 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3070 hci_dev_unlock(hdev);
3074 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3077 struct mgmt_cp_confirm_name *cp = data;
3078 struct inquiry_entry *e;
3081 BT_DBG("%s", hdev->name);
3085 if (!hci_discovery_active(hdev)) {
3086 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3087 MGMT_STATUS_FAILED);
3091 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3093 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3094 MGMT_STATUS_INVALID_PARAMS);
3098 if (cp->name_known) {
3099 e->name_state = NAME_KNOWN;
3102 e->name_state = NAME_NEEDED;
3103 hci_inquiry_cache_update_resolve(hdev, e);
3106 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3110 hci_dev_unlock(hdev);
3114 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3117 struct mgmt_cp_block_device *cp = data;
3121 BT_DBG("%s", hdev->name);
3123 if (!bdaddr_type_is_valid(cp->addr.type))
3124 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3125 MGMT_STATUS_INVALID_PARAMS,
3126 &cp->addr, sizeof(cp->addr));
3130 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3132 status = MGMT_STATUS_FAILED;
3134 status = MGMT_STATUS_SUCCESS;
3136 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3137 &cp->addr, sizeof(cp->addr));
3139 hci_dev_unlock(hdev);
3144 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3147 struct mgmt_cp_unblock_device *cp = data;
3151 BT_DBG("%s", hdev->name);
3153 if (!bdaddr_type_is_valid(cp->addr.type))
3154 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3155 MGMT_STATUS_INVALID_PARAMS,
3156 &cp->addr, sizeof(cp->addr));
3160 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3162 status = MGMT_STATUS_INVALID_PARAMS;
3164 status = MGMT_STATUS_SUCCESS;
3166 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3167 &cp->addr, sizeof(cp->addr));
3169 hci_dev_unlock(hdev);
3174 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3177 struct mgmt_cp_set_device_id *cp = data;
3178 struct hci_request req;
3182 BT_DBG("%s", hdev->name);
3184 source = __le16_to_cpu(cp->source);
3186 if (source > 0x0002)
3187 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3188 MGMT_STATUS_INVALID_PARAMS);
3192 hdev->devid_source = source;
3193 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3194 hdev->devid_product = __le16_to_cpu(cp->product);
3195 hdev->devid_version = __le16_to_cpu(cp->version);
3197 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3199 hci_req_init(&req, hdev);
3201 hci_req_run(&req, NULL);
3203 hci_dev_unlock(hdev);
3208 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3210 struct cmd_lookup match = { NULL, hdev };
3213 u8 mgmt_err = mgmt_status(status);
3215 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3216 cmd_status_rsp, &mgmt_err);
3220 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3223 new_settings(hdev, match.sk);
3229 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3231 struct mgmt_mode *cp = data;
3232 struct pending_cmd *cmd;
3233 struct hci_request req;
3234 u8 val, enabled, status;
3237 BT_DBG("request for %s", hdev->name);
3239 status = mgmt_le_support(hdev);
3241 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3244 if (cp->val != 0x00 && cp->val != 0x01)
3245 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3246 MGMT_STATUS_INVALID_PARAMS);
3251 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3253 if (!hdev_is_powered(hdev) || val == enabled) {
3254 bool changed = false;
3256 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3257 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3261 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3266 err = new_settings(hdev, sk);
3271 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3272 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3273 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3278 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3284 hci_req_init(&req, hdev);
3286 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
3288 err = hci_req_run(&req, set_advertising_complete);
3290 mgmt_pending_remove(cmd);
3293 hci_dev_unlock(hdev);
3297 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3298 void *data, u16 len)
3300 struct mgmt_cp_set_static_address *cp = data;
3303 BT_DBG("%s", hdev->name);
3305 if (!lmp_le_capable(hdev))
3306 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3307 MGMT_STATUS_NOT_SUPPORTED);
3309 if (hdev_is_powered(hdev))
3310 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3311 MGMT_STATUS_REJECTED);
3313 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3314 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3315 return cmd_status(sk, hdev->id,
3316 MGMT_OP_SET_STATIC_ADDRESS,
3317 MGMT_STATUS_INVALID_PARAMS);
3319 /* Two most significant bits shall be set */
3320 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3321 return cmd_status(sk, hdev->id,
3322 MGMT_OP_SET_STATIC_ADDRESS,
3323 MGMT_STATUS_INVALID_PARAMS);
3328 bacpy(&hdev->static_addr, &cp->bdaddr);
3330 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3332 hci_dev_unlock(hdev);
3337 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3339 struct pending_cmd *cmd;
3341 BT_DBG("status 0x%02x", status);
3345 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3350 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3351 mgmt_status(status));
3353 struct mgmt_mode *cp = cmd->param;
3356 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3358 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3360 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3361 new_settings(hdev, cmd->sk);
3364 mgmt_pending_remove(cmd);
3367 hci_dev_unlock(hdev);
3370 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3371 void *data, u16 len)
3373 struct mgmt_mode *cp = data;
3374 struct pending_cmd *cmd;
3375 struct hci_request req;
3378 BT_DBG("%s", hdev->name);
3380 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3381 hdev->hci_ver < BLUETOOTH_VER_1_2)
3382 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3383 MGMT_STATUS_NOT_SUPPORTED);
3385 if (cp->val != 0x00 && cp->val != 0x01)
3386 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3387 MGMT_STATUS_INVALID_PARAMS);
3389 if (!hdev_is_powered(hdev))
3390 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3391 MGMT_STATUS_NOT_POWERED);
3393 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3394 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3395 MGMT_STATUS_REJECTED);
3399 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3400 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3405 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3406 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3411 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3418 hci_req_init(&req, hdev);
3420 write_fast_connectable(&req, cp->val);
3422 err = hci_req_run(&req, fast_connectable_complete);
3424 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3425 MGMT_STATUS_FAILED);
3426 mgmt_pending_remove(cmd);
3430 hci_dev_unlock(hdev);
3435 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3437 struct pending_cmd *cmd;
3439 BT_DBG("status 0x%02x", status);
3443 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3448 u8 mgmt_err = mgmt_status(status);
3450 /* We need to restore the flag if related HCI commands
3453 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3455 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3457 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3458 new_settings(hdev, cmd->sk);
3461 mgmt_pending_remove(cmd);
3464 hci_dev_unlock(hdev);
3467 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3469 struct mgmt_mode *cp = data;
3470 struct pending_cmd *cmd;
3471 struct hci_request req;
3474 BT_DBG("request for %s", hdev->name);
3476 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3477 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3478 MGMT_STATUS_NOT_SUPPORTED);
3480 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3481 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3482 MGMT_STATUS_REJECTED);
3484 if (cp->val != 0x00 && cp->val != 0x01)
3485 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3486 MGMT_STATUS_INVALID_PARAMS);
3490 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3491 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3495 if (!hdev_is_powered(hdev)) {
3497 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3498 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3499 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3500 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3501 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3502 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3505 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3507 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3511 err = new_settings(hdev, sk);
3515 /* Reject disabling when powered on */
3517 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3518 MGMT_STATUS_REJECTED);
3522 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3523 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3528 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3534 /* We need to flip the bit already here so that hci_update_ad
3535 * generates the correct flags.
3537 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3539 hci_req_init(&req, hdev);
3540 hci_update_ad(&req);
3541 err = hci_req_run(&req, set_bredr_complete);
3543 mgmt_pending_remove(cmd);
3546 hci_dev_unlock(hdev);
3550 static bool ltk_is_valid(struct mgmt_ltk_info *key)
3552 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3554 if (key->master != 0x00 && key->master != 0x01)
3556 if (!bdaddr_type_is_le(key->addr.type))
3561 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
3562 void *cp_data, u16 len)
3564 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3565 u16 key_count, expected_len;
3568 BT_DBG("request for %s", hdev->name);
3570 if (!lmp_le_capable(hdev))
3571 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3572 MGMT_STATUS_NOT_SUPPORTED);
3574 key_count = __le16_to_cpu(cp->key_count);
3576 expected_len = sizeof(*cp) + key_count *
3577 sizeof(struct mgmt_ltk_info);
3578 if (expected_len != len) {
3579 BT_ERR("load_keys: expected %u bytes, got %u bytes",
3581 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3582 MGMT_STATUS_INVALID_PARAMS);
3585 BT_DBG("%s key_count %u", hdev->name, key_count);
3587 for (i = 0; i < key_count; i++) {
3588 struct mgmt_ltk_info *key = &cp->keys[i];
3590 if (!ltk_is_valid(key))
3591 return cmd_status(sk, hdev->id,
3592 MGMT_OP_LOAD_LONG_TERM_KEYS,
3593 MGMT_STATUS_INVALID_PARAMS);
3598 hci_smp_ltks_clear(hdev);
3600 for (i = 0; i < key_count; i++) {
3601 struct mgmt_ltk_info *key = &cp->keys[i];
3607 type = HCI_SMP_LTK_SLAVE;
3609 hci_add_ltk(hdev, &key->addr.bdaddr,
3610 bdaddr_to_le(key->addr.type),
3611 type, 0, key->authenticated, key->val,
3612 key->enc_size, key->ediv, key->rand);
3615 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3618 hci_dev_unlock(hdev);
3623 static const struct mgmt_handler {
3624 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3628 } mgmt_handlers[] = {
3629 { NULL }, /* 0x0000 (no command) */
3630 { read_version, false, MGMT_READ_VERSION_SIZE },
3631 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3632 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3633 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3634 { set_powered, false, MGMT_SETTING_SIZE },
3635 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3636 { set_connectable, false, MGMT_SETTING_SIZE },
3637 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3638 { set_pairable, false, MGMT_SETTING_SIZE },
3639 { set_link_security, false, MGMT_SETTING_SIZE },
3640 { set_ssp, false, MGMT_SETTING_SIZE },
3641 { set_hs, false, MGMT_SETTING_SIZE },
3642 { set_le, false, MGMT_SETTING_SIZE },
3643 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3644 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3645 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3646 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3647 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3648 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3649 { disconnect, false, MGMT_DISCONNECT_SIZE },
3650 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3651 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3652 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3653 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3654 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3655 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3656 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3657 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3658 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3659 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3660 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3661 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3662 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3663 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3664 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3665 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3666 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3667 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3668 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
3669 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
3670 { set_advertising, false, MGMT_SETTING_SIZE },
3671 { set_bredr, false, MGMT_SETTING_SIZE },
3672 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
3676 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3680 struct mgmt_hdr *hdr;
3681 u16 opcode, index, len;
3682 struct hci_dev *hdev = NULL;
3683 const struct mgmt_handler *handler;
3686 BT_DBG("got %zu bytes", msglen);
3688 if (msglen < sizeof(*hdr))
3691 buf = kmalloc(msglen, GFP_KERNEL);
3695 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3701 opcode = __le16_to_cpu(hdr->opcode);
3702 index = __le16_to_cpu(hdr->index);
3703 len = __le16_to_cpu(hdr->len);
3705 if (len != msglen - sizeof(*hdr)) {
3710 if (index != MGMT_INDEX_NONE) {
3711 hdev = hci_dev_get(index);
3713 err = cmd_status(sk, index, opcode,
3714 MGMT_STATUS_INVALID_INDEX);
3718 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3719 err = cmd_status(sk, index, opcode,
3720 MGMT_STATUS_INVALID_INDEX);
3725 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
3726 mgmt_handlers[opcode].func == NULL) {
3727 BT_DBG("Unknown op %u", opcode);
3728 err = cmd_status(sk, index, opcode,
3729 MGMT_STATUS_UNKNOWN_COMMAND);
3733 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
3734 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
3735 err = cmd_status(sk, index, opcode,
3736 MGMT_STATUS_INVALID_INDEX);
3740 handler = &mgmt_handlers[opcode];
3742 if ((handler->var_len && len < handler->data_len) ||
3743 (!handler->var_len && len != handler->data_len)) {
3744 err = cmd_status(sk, index, opcode,
3745 MGMT_STATUS_INVALID_PARAMS);
3750 mgmt_init_hdev(sk, hdev);
3752 cp = buf + sizeof(*hdr);
3754 err = handler->func(sk, hdev, cp, len);
3768 int mgmt_index_added(struct hci_dev *hdev)
3770 if (!mgmt_valid_hdev(hdev))
3773 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
3776 int mgmt_index_removed(struct hci_dev *hdev)
3778 u8 status = MGMT_STATUS_INVALID_INDEX;
3780 if (!mgmt_valid_hdev(hdev))
3783 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3785 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
3788 static void set_bredr_scan(struct hci_request *req)
3790 struct hci_dev *hdev = req->hdev;
3793 /* Ensure that fast connectable is disabled. This function will
3794 * not do anything if the page scan parameters are already what
3797 write_fast_connectable(req, false);
3799 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3801 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3802 scan |= SCAN_INQUIRY;
3805 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3808 static void powered_complete(struct hci_dev *hdev, u8 status)
3810 struct cmd_lookup match = { NULL, hdev };
3812 BT_DBG("status 0x%02x", status);
3816 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3818 new_settings(hdev, match.sk);
3820 hci_dev_unlock(hdev);
3826 static int powered_update_hci(struct hci_dev *hdev)
3828 struct hci_request req;
3831 hci_req_init(&req, hdev);
3833 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3834 !lmp_host_ssp_capable(hdev)) {
3837 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
3840 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3841 lmp_bredr_capable(hdev)) {
3842 struct hci_cp_write_le_host_supported cp;
3845 cp.simul = lmp_le_br_capable(hdev);
3847 /* Check first if we already have the right
3848 * host state (host features set)
3850 if (cp.le != lmp_host_le_capable(hdev) ||
3851 cp.simul != lmp_host_le_br_capable(hdev))
3852 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3855 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3856 hci_update_ad(&req);
3859 if (lmp_le_capable(hdev)) {
3860 /* Set random address to static address if configured */
3861 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3862 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3863 &hdev->static_addr);
3866 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3869 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(adv), &adv);
3872 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3873 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
3874 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3875 sizeof(link_sec), &link_sec);
3877 if (lmp_bredr_capable(hdev)) {
3878 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3879 set_bredr_scan(&req);
3885 return hci_req_run(&req, powered_complete);
3888 int mgmt_powered(struct hci_dev *hdev, u8 powered)
3890 struct cmd_lookup match = { NULL, hdev };
3891 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3892 u8 zero_cod[] = { 0, 0, 0 };
3895 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3899 if (powered_update_hci(hdev) == 0)
3902 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3907 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3908 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3910 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3911 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3912 zero_cod, sizeof(zero_cod), NULL);
3915 err = new_settings(hdev, match.sk);
3923 int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3925 struct pending_cmd *cmd;
3928 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3932 if (err == -ERFKILL)
3933 status = MGMT_STATUS_RFKILLED;
3935 status = MGMT_STATUS_FAILED;
3937 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3939 mgmt_pending_remove(cmd);
3944 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3946 struct cmd_lookup match = { NULL, hdev };
3947 bool changed = false;
3951 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3954 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3958 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3962 err = new_settings(hdev, match.sk);
3970 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3972 struct pending_cmd *cmd;
3973 bool changed = false;
3977 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3980 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3984 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
3987 err = new_settings(hdev, cmd ? cmd->sk : NULL);
3992 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3994 u8 mgmt_err = mgmt_status(status);
3996 if (scan & SCAN_PAGE)
3997 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3998 cmd_status_rsp, &mgmt_err);
4000 if (scan & SCAN_INQUIRY)
4001 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
4002 cmd_status_rsp, &mgmt_err);
4007 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4010 struct mgmt_ev_new_link_key ev;
4012 memset(&ev, 0, sizeof(ev));
4014 ev.store_hint = persistent;
4015 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4016 ev.key.addr.type = BDADDR_BREDR;
4017 ev.key.type = key->type;
4018 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
4019 ev.key.pin_len = key->pin_len;
4021 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4024 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4026 struct mgmt_ev_new_long_term_key ev;
4028 memset(&ev, 0, sizeof(ev));
4030 ev.store_hint = persistent;
4031 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4032 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4033 ev.key.authenticated = key->authenticated;
4034 ev.key.enc_size = key->enc_size;
4035 ev.key.ediv = key->ediv;
4037 if (key->type == HCI_SMP_LTK)
4040 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4041 memcpy(ev.key.val, key->val, sizeof(key->val));
4043 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4047 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4048 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4052 struct mgmt_ev_device_connected *ev = (void *) buf;
4055 bacpy(&ev->addr.bdaddr, bdaddr);
4056 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4058 ev->flags = __cpu_to_le32(flags);
4061 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4064 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4065 eir_len = eir_append_data(ev->eir, eir_len,
4066 EIR_CLASS_OF_DEV, dev_class, 3);
4068 ev->eir_len = cpu_to_le16(eir_len);
4070 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4071 sizeof(*ev) + eir_len, NULL);
4074 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4076 struct mgmt_cp_disconnect *cp = cmd->param;
4077 struct sock **sk = data;
4078 struct mgmt_rp_disconnect rp;
4080 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4081 rp.addr.type = cp->addr.type;
4083 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4089 mgmt_pending_remove(cmd);
4092 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4094 struct hci_dev *hdev = data;
4095 struct mgmt_cp_unpair_device *cp = cmd->param;
4096 struct mgmt_rp_unpair_device rp;
4098 memset(&rp, 0, sizeof(rp));
4099 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4100 rp.addr.type = cp->addr.type;
4102 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4104 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4106 mgmt_pending_remove(cmd);
4109 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4110 u8 link_type, u8 addr_type, u8 reason)
4112 struct mgmt_ev_device_disconnected ev;
4113 struct sock *sk = NULL;
4116 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4118 bacpy(&ev.addr.bdaddr, bdaddr);
4119 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4122 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
4128 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4134 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4135 u8 link_type, u8 addr_type, u8 status)
4137 struct mgmt_rp_disconnect rp;
4138 struct pending_cmd *cmd;
4141 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4144 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4148 bacpy(&rp.addr.bdaddr, bdaddr);
4149 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4151 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4152 mgmt_status(status), &rp, sizeof(rp));
4154 mgmt_pending_remove(cmd);
4159 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4160 u8 addr_type, u8 status)
4162 struct mgmt_ev_connect_failed ev;
4164 bacpy(&ev.addr.bdaddr, bdaddr);
4165 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4166 ev.status = mgmt_status(status);
4168 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4171 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
4173 struct mgmt_ev_pin_code_request ev;
4175 bacpy(&ev.addr.bdaddr, bdaddr);
4176 ev.addr.type = BDADDR_BREDR;
4179 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4183 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4186 struct pending_cmd *cmd;
4187 struct mgmt_rp_pin_code_reply rp;
4190 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
4194 bacpy(&rp.addr.bdaddr, bdaddr);
4195 rp.addr.type = BDADDR_BREDR;
4197 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4198 mgmt_status(status), &rp, sizeof(rp));
4200 mgmt_pending_remove(cmd);
4205 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4208 struct pending_cmd *cmd;
4209 struct mgmt_rp_pin_code_reply rp;
4212 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
4216 bacpy(&rp.addr.bdaddr, bdaddr);
4217 rp.addr.type = BDADDR_BREDR;
4219 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4220 mgmt_status(status), &rp, sizeof(rp));
4222 mgmt_pending_remove(cmd);
4227 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4228 u8 link_type, u8 addr_type, __le32 value,
4231 struct mgmt_ev_user_confirm_request ev;
4233 BT_DBG("%s", hdev->name);
4235 bacpy(&ev.addr.bdaddr, bdaddr);
4236 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4237 ev.confirm_hint = confirm_hint;
4240 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4244 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4245 u8 link_type, u8 addr_type)
4247 struct mgmt_ev_user_passkey_request ev;
4249 BT_DBG("%s", hdev->name);
4251 bacpy(&ev.addr.bdaddr, bdaddr);
4252 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4254 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
4258 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4259 u8 link_type, u8 addr_type, u8 status,
4262 struct pending_cmd *cmd;
4263 struct mgmt_rp_user_confirm_reply rp;
4266 cmd = mgmt_pending_find(opcode, hdev);
4270 bacpy(&rp.addr.bdaddr, bdaddr);
4271 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4272 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
4275 mgmt_pending_remove(cmd);
4280 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4281 u8 link_type, u8 addr_type, u8 status)
4283 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4284 status, MGMT_OP_USER_CONFIRM_REPLY);
4287 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4288 u8 link_type, u8 addr_type, u8 status)
4290 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4292 MGMT_OP_USER_CONFIRM_NEG_REPLY);
4295 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4296 u8 link_type, u8 addr_type, u8 status)
4298 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4299 status, MGMT_OP_USER_PASSKEY_REPLY);
4302 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4303 u8 link_type, u8 addr_type, u8 status)
4305 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4307 MGMT_OP_USER_PASSKEY_NEG_REPLY);
4310 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4311 u8 link_type, u8 addr_type, u32 passkey,
4314 struct mgmt_ev_passkey_notify ev;
4316 BT_DBG("%s", hdev->name);
4318 bacpy(&ev.addr.bdaddr, bdaddr);
4319 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4320 ev.passkey = __cpu_to_le32(passkey);
4321 ev.entered = entered;
4323 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4326 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4327 u8 addr_type, u8 status)
4329 struct mgmt_ev_auth_failed ev;
4331 bacpy(&ev.addr.bdaddr, bdaddr);
4332 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4333 ev.status = mgmt_status(status);
4335 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
4338 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4340 struct cmd_lookup match = { NULL, hdev };
4341 bool changed = false;
4345 u8 mgmt_err = mgmt_status(status);
4346 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
4347 cmd_status_rsp, &mgmt_err);
4351 if (test_bit(HCI_AUTH, &hdev->flags)) {
4352 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4355 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4359 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
4363 err = new_settings(hdev, match.sk);
4371 static void clear_eir(struct hci_request *req)
4373 struct hci_dev *hdev = req->hdev;
4374 struct hci_cp_write_eir cp;
4376 if (!lmp_ext_inq_capable(hdev))
4379 memset(hdev->eir, 0, sizeof(hdev->eir));
4381 memset(&cp, 0, sizeof(cp));
4383 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
4386 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4388 struct cmd_lookup match = { NULL, hdev };
4389 struct hci_request req;
4390 bool changed = false;
4394 u8 mgmt_err = mgmt_status(status);
4396 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
4398 err = new_settings(hdev, NULL);
4400 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4407 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4410 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4414 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4417 err = new_settings(hdev, match.sk);
4422 hci_req_init(&req, hdev);
4424 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4429 hci_req_run(&req, NULL);
4434 static void sk_lookup(struct pending_cmd *cmd, void *data)
4436 struct cmd_lookup *match = data;
4438 if (match->sk == NULL) {
4439 match->sk = cmd->sk;
4440 sock_hold(match->sk);
4444 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4447 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4450 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4451 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4452 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
4455 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4464 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
4466 struct mgmt_cp_set_local_name ev;
4467 struct pending_cmd *cmd;
4472 memset(&ev, 0, sizeof(ev));
4473 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
4474 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
4476 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
4478 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
4480 /* If this is a HCI command related to powering on the
4481 * HCI dev don't send any mgmt signals.
4483 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4487 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4488 cmd ? cmd->sk : NULL);
4491 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4492 u8 *randomizer, u8 status)
4494 struct pending_cmd *cmd;
4497 BT_DBG("%s status %u", hdev->name, status);
4499 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4504 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4505 mgmt_status(status));
4507 struct mgmt_rp_read_local_oob_data rp;
4509 memcpy(rp.hash, hash, sizeof(rp.hash));
4510 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4512 err = cmd_complete(cmd->sk, hdev->id,
4513 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4517 mgmt_pending_remove(cmd);
4522 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4523 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4524 ssp, u8 *eir, u16 eir_len)
4527 struct mgmt_ev_device_found *ev = (void *) buf;
4530 if (!hci_discovery_active(hdev))
4533 /* Leave 5 bytes for a potential CoD field */
4534 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
4537 memset(buf, 0, sizeof(buf));
4539 bacpy(&ev->addr.bdaddr, bdaddr);
4540 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4543 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
4545 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
4548 memcpy(ev->eir, eir, eir_len);
4550 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4551 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
4554 ev->eir_len = cpu_to_le16(eir_len);
4555 ev_size = sizeof(*ev) + eir_len;
4557 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
4560 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4561 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
4563 struct mgmt_ev_device_found *ev;
4564 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4567 ev = (struct mgmt_ev_device_found *) buf;
4569 memset(buf, 0, sizeof(buf));
4571 bacpy(&ev->addr.bdaddr, bdaddr);
4572 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4575 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
4578 ev->eir_len = cpu_to_le16(eir_len);
4580 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
4581 sizeof(*ev) + eir_len, NULL);
4584 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
4586 struct mgmt_ev_discovering ev;
4587 struct pending_cmd *cmd;
4589 BT_DBG("%s discovering %u", hdev->name, discovering);
4592 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
4594 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4597 u8 type = hdev->discovery.type;
4599 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4601 mgmt_pending_remove(cmd);
4604 memset(&ev, 0, sizeof(ev));
4605 ev.type = hdev->discovery.type;
4606 ev.discovering = discovering;
4608 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
4611 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4613 struct pending_cmd *cmd;
4614 struct mgmt_ev_device_blocked ev;
4616 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
4618 bacpy(&ev.addr.bdaddr, bdaddr);
4619 ev.addr.type = type;
4621 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
4622 cmd ? cmd->sk : NULL);
4625 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4627 struct pending_cmd *cmd;
4628 struct mgmt_ev_device_unblocked ev;
4630 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
4632 bacpy(&ev.addr.bdaddr, bdaddr);
4633 ev.addr.type = type;
4635 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
4636 cmd ? cmd->sk : NULL);
projects / karo-tx-linux.git / blob