2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
35 #define MGMT_VERSION 1
36 #define MGMT_REVISION 4
38 static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_LINK_SECURITY,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_UNBLOCK_DEVICE,
76 MGMT_OP_SET_DEVICE_ID,
77 MGMT_OP_SET_ADVERTISING,
79 MGMT_OP_SET_STATIC_ADDRESS,
82 static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
103 MGMT_EV_PASSKEY_NOTIFY,
106 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
108 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112 struct list_head list;
120 /* HCI to MGMT error code conversion table */
121 static u8 mgmt_status_table[] = {
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185 static u8 mgmt_status(u8 hci_status)
187 if (hci_status < ARRAY_SIZE(mgmt_status_table))
188 return mgmt_status_table[hci_status];
190 return MGMT_STATUS_FAILED;
193 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
196 struct mgmt_hdr *hdr;
197 struct mgmt_ev_cmd_status *ev;
200 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
202 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
206 hdr = (void *) skb_put(skb, sizeof(*hdr));
208 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
209 hdr->index = cpu_to_le16(index);
210 hdr->len = cpu_to_le16(sizeof(*ev));
212 ev = (void *) skb_put(skb, sizeof(*ev));
214 ev->opcode = cpu_to_le16(cmd);
216 err = sock_queue_rcv_skb(sk, skb);
223 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
224 void *rp, size_t rp_len)
227 struct mgmt_hdr *hdr;
228 struct mgmt_ev_cmd_complete *ev;
231 BT_DBG("sock %p", sk);
233 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
237 hdr = (void *) skb_put(skb, sizeof(*hdr));
239 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
240 hdr->index = cpu_to_le16(index);
241 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
243 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
244 ev->opcode = cpu_to_le16(cmd);
248 memcpy(ev->data, rp, rp_len);
250 err = sock_queue_rcv_skb(sk, skb);
257 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
260 struct mgmt_rp_read_version rp;
262 BT_DBG("sock %p", sk);
264 rp.version = MGMT_VERSION;
265 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
267 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
271 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
274 struct mgmt_rp_read_commands *rp;
275 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
276 const u16 num_events = ARRAY_SIZE(mgmt_events);
281 BT_DBG("sock %p", sk);
283 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
285 rp = kmalloc(rp_size, GFP_KERNEL);
289 rp->num_commands = __constant_cpu_to_le16(num_commands);
290 rp->num_events = __constant_cpu_to_le16(num_events);
292 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
293 put_unaligned_le16(mgmt_commands[i], opcode);
295 for (i = 0; i < num_events; i++, opcode++)
296 put_unaligned_le16(mgmt_events[i], opcode);
298 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
305 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
308 struct mgmt_rp_read_index_list *rp;
314 BT_DBG("sock %p", sk);
316 read_lock(&hci_dev_list_lock);
319 list_for_each_entry(d, &hci_dev_list, list) {
320 if (d->dev_type == HCI_BREDR)
324 rp_len = sizeof(*rp) + (2 * count);
325 rp = kmalloc(rp_len, GFP_ATOMIC);
327 read_unlock(&hci_dev_list_lock);
332 list_for_each_entry(d, &hci_dev_list, list) {
333 if (test_bit(HCI_SETUP, &d->dev_flags))
336 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
339 if (d->dev_type == HCI_BREDR) {
340 rp->index[count++] = cpu_to_le16(d->id);
341 BT_DBG("Added hci%u", d->id);
345 rp->num_controllers = cpu_to_le16(count);
346 rp_len = sizeof(*rp) + (2 * count);
348 read_unlock(&hci_dev_list_lock);
350 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
358 static u32 get_supported_settings(struct hci_dev *hdev)
362 settings |= MGMT_SETTING_POWERED;
363 settings |= MGMT_SETTING_PAIRABLE;
365 if (lmp_ssp_capable(hdev))
366 settings |= MGMT_SETTING_SSP;
368 if (lmp_bredr_capable(hdev)) {
369 settings |= MGMT_SETTING_CONNECTABLE;
370 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
371 settings |= MGMT_SETTING_FAST_CONNECTABLE;
372 settings |= MGMT_SETTING_DISCOVERABLE;
373 settings |= MGMT_SETTING_BREDR;
374 settings |= MGMT_SETTING_LINK_SECURITY;
375 settings |= MGMT_SETTING_HS;
378 if (lmp_le_capable(hdev)) {
379 settings |= MGMT_SETTING_LE;
380 settings |= MGMT_SETTING_ADVERTISING;
386 static u32 get_current_settings(struct hci_dev *hdev)
390 if (hdev_is_powered(hdev))
391 settings |= MGMT_SETTING_POWERED;
393 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
394 settings |= MGMT_SETTING_CONNECTABLE;
396 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
397 settings |= MGMT_SETTING_FAST_CONNECTABLE;
399 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_DISCOVERABLE;
402 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
403 settings |= MGMT_SETTING_PAIRABLE;
405 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
406 settings |= MGMT_SETTING_BREDR;
408 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
409 settings |= MGMT_SETTING_LE;
411 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
412 settings |= MGMT_SETTING_LINK_SECURITY;
414 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
415 settings |= MGMT_SETTING_SSP;
417 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
418 settings |= MGMT_SETTING_HS;
420 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
421 settings |= MGMT_SETTING_ADVERTISING;
426 #define PNP_INFO_SVCLASS_ID 0x1200
428 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
430 u8 *ptr = data, *uuids_start = NULL;
431 struct bt_uuid *uuid;
436 list_for_each_entry(uuid, &hdev->uuids, list) {
439 if (uuid->size != 16)
442 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
446 if (uuid16 == PNP_INFO_SVCLASS_ID)
452 uuids_start[1] = EIR_UUID16_ALL;
456 /* Stop if not enough space to put next UUID */
457 if ((ptr - data) + sizeof(u16) > len) {
458 uuids_start[1] = EIR_UUID16_SOME;
462 *ptr++ = (uuid16 & 0x00ff);
463 *ptr++ = (uuid16 & 0xff00) >> 8;
464 uuids_start[0] += sizeof(uuid16);
470 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
472 u8 *ptr = data, *uuids_start = NULL;
473 struct bt_uuid *uuid;
478 list_for_each_entry(uuid, &hdev->uuids, list) {
479 if (uuid->size != 32)
485 uuids_start[1] = EIR_UUID32_ALL;
489 /* Stop if not enough space to put next UUID */
490 if ((ptr - data) + sizeof(u32) > len) {
491 uuids_start[1] = EIR_UUID32_SOME;
495 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
497 uuids_start[0] += sizeof(u32);
503 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
505 u8 *ptr = data, *uuids_start = NULL;
506 struct bt_uuid *uuid;
511 list_for_each_entry(uuid, &hdev->uuids, list) {
512 if (uuid->size != 128)
518 uuids_start[1] = EIR_UUID128_ALL;
522 /* Stop if not enough space to put next UUID */
523 if ((ptr - data) + 16 > len) {
524 uuids_start[1] = EIR_UUID128_SOME;
528 memcpy(ptr, uuid->uuid, 16);
530 uuids_start[0] += 16;
536 static void create_eir(struct hci_dev *hdev, u8 *data)
541 name_len = strlen(hdev->dev_name);
547 ptr[1] = EIR_NAME_SHORT;
549 ptr[1] = EIR_NAME_COMPLETE;
551 /* EIR Data length */
552 ptr[0] = name_len + 1;
554 memcpy(ptr + 2, hdev->dev_name, name_len);
556 ptr += (name_len + 2);
559 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
561 ptr[1] = EIR_TX_POWER;
562 ptr[2] = (u8) hdev->inq_tx_power;
567 if (hdev->devid_source > 0) {
569 ptr[1] = EIR_DEVICE_ID;
571 put_unaligned_le16(hdev->devid_source, ptr + 2);
572 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
573 put_unaligned_le16(hdev->devid_product, ptr + 6);
574 put_unaligned_le16(hdev->devid_version, ptr + 8);
579 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
580 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
581 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
584 static void update_eir(struct hci_request *req)
586 struct hci_dev *hdev = req->hdev;
587 struct hci_cp_write_eir cp;
589 if (!hdev_is_powered(hdev))
592 if (!lmp_ext_inq_capable(hdev))
595 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
598 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
601 memset(&cp, 0, sizeof(cp));
603 create_eir(hdev, cp.data);
605 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
608 memcpy(hdev->eir, cp.data, sizeof(cp.data));
610 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
613 static u8 get_service_classes(struct hci_dev *hdev)
615 struct bt_uuid *uuid;
618 list_for_each_entry(uuid, &hdev->uuids, list)
619 val |= uuid->svc_hint;
624 static void update_class(struct hci_request *req)
626 struct hci_dev *hdev = req->hdev;
629 BT_DBG("%s", hdev->name);
631 if (!hdev_is_powered(hdev))
634 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
637 cod[0] = hdev->minor_class;
638 cod[1] = hdev->major_class;
639 cod[2] = get_service_classes(hdev);
641 if (memcmp(cod, hdev->dev_class, 3) == 0)
644 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
647 static void service_cache_off(struct work_struct *work)
649 struct hci_dev *hdev = container_of(work, struct hci_dev,
651 struct hci_request req;
653 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
656 hci_req_init(&req, hdev);
663 hci_dev_unlock(hdev);
665 hci_req_run(&req, NULL);
668 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
670 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
673 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
675 /* Non-mgmt controlled devices get this bit set
676 * implicitly so that pairing works for them, however
677 * for mgmt we require user-space to explicitly enable
680 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
683 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
684 void *data, u16 data_len)
686 struct mgmt_rp_read_info rp;
688 BT_DBG("sock %p %s", sk, hdev->name);
692 memset(&rp, 0, sizeof(rp));
694 bacpy(&rp.bdaddr, &hdev->bdaddr);
696 rp.version = hdev->hci_ver;
697 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
699 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
700 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
702 memcpy(rp.dev_class, hdev->dev_class, 3);
704 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
705 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
707 hci_dev_unlock(hdev);
709 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
713 static void mgmt_pending_free(struct pending_cmd *cmd)
720 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
721 struct hci_dev *hdev, void *data,
724 struct pending_cmd *cmd;
726 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
730 cmd->opcode = opcode;
731 cmd->index = hdev->id;
733 cmd->param = kmalloc(len, GFP_KERNEL);
740 memcpy(cmd->param, data, len);
745 list_add(&cmd->list, &hdev->mgmt_pending);
750 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
751 void (*cb)(struct pending_cmd *cmd,
755 struct pending_cmd *cmd, *tmp;
757 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
758 if (opcode > 0 && cmd->opcode != opcode)
765 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
767 struct pending_cmd *cmd;
769 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
770 if (cmd->opcode == opcode)
777 static void mgmt_pending_remove(struct pending_cmd *cmd)
779 list_del(&cmd->list);
780 mgmt_pending_free(cmd);
783 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
785 __le32 settings = cpu_to_le32(get_current_settings(hdev));
787 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
791 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
794 struct mgmt_mode *cp = data;
795 struct pending_cmd *cmd;
798 BT_DBG("request for %s", hdev->name);
800 if (cp->val != 0x00 && cp->val != 0x01)
801 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
802 MGMT_STATUS_INVALID_PARAMS);
806 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
807 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
812 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
813 cancel_delayed_work(&hdev->power_off);
816 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
818 err = mgmt_powered(hdev, 1);
823 if (!!cp->val == hdev_is_powered(hdev)) {
824 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
828 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
835 queue_work(hdev->req_workqueue, &hdev->power_on);
837 queue_work(hdev->req_workqueue, &hdev->power_off.work);
842 hci_dev_unlock(hdev);
846 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
847 struct sock *skip_sk)
850 struct mgmt_hdr *hdr;
852 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
856 hdr = (void *) skb_put(skb, sizeof(*hdr));
857 hdr->opcode = cpu_to_le16(event);
859 hdr->index = cpu_to_le16(hdev->id);
861 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
862 hdr->len = cpu_to_le16(data_len);
865 memcpy(skb_put(skb, data_len), data, data_len);
868 __net_timestamp(skb);
870 hci_send_to_control(skb, skip_sk);
876 static int new_settings(struct hci_dev *hdev, struct sock *skip)
880 ev = cpu_to_le32(get_current_settings(hdev));
882 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
887 struct hci_dev *hdev;
891 static void settings_rsp(struct pending_cmd *cmd, void *data)
893 struct cmd_lookup *match = data;
895 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
897 list_del(&cmd->list);
899 if (match->sk == NULL) {
901 sock_hold(match->sk);
904 mgmt_pending_free(cmd);
907 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
911 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
912 mgmt_pending_remove(cmd);
915 static u8 mgmt_bredr_support(struct hci_dev *hdev)
917 if (!lmp_bredr_capable(hdev))
918 return MGMT_STATUS_NOT_SUPPORTED;
919 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
920 return MGMT_STATUS_REJECTED;
922 return MGMT_STATUS_SUCCESS;
925 static u8 mgmt_le_support(struct hci_dev *hdev)
927 if (!lmp_le_capable(hdev))
928 return MGMT_STATUS_NOT_SUPPORTED;
929 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
930 return MGMT_STATUS_REJECTED;
932 return MGMT_STATUS_SUCCESS;
935 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
938 struct mgmt_cp_set_discoverable *cp = data;
939 struct pending_cmd *cmd;
944 BT_DBG("request for %s", hdev->name);
946 status = mgmt_bredr_support(hdev);
948 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
951 if (cp->val != 0x00 && cp->val != 0x01)
952 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
953 MGMT_STATUS_INVALID_PARAMS);
955 timeout = __le16_to_cpu(cp->timeout);
956 if (!cp->val && timeout > 0)
957 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
958 MGMT_STATUS_INVALID_PARAMS);
962 if (!hdev_is_powered(hdev) && timeout > 0) {
963 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
964 MGMT_STATUS_NOT_POWERED);
968 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
969 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
970 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
975 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
976 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
977 MGMT_STATUS_REJECTED);
981 if (!hdev_is_powered(hdev)) {
982 bool changed = false;
984 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
985 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
989 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
994 err = new_settings(hdev, sk);
999 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1000 if (hdev->discov_timeout > 0) {
1001 cancel_delayed_work(&hdev->discov_off);
1002 hdev->discov_timeout = 0;
1005 if (cp->val && timeout > 0) {
1006 hdev->discov_timeout = timeout;
1007 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1008 msecs_to_jiffies(hdev->discov_timeout * 1000));
1011 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1015 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1024 scan |= SCAN_INQUIRY;
1026 cancel_delayed_work(&hdev->discov_off);
1028 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1030 mgmt_pending_remove(cmd);
1033 hdev->discov_timeout = timeout;
1036 hci_dev_unlock(hdev);
1040 static void write_fast_connectable(struct hci_request *req, bool enable)
1042 struct hci_dev *hdev = req->hdev;
1043 struct hci_cp_write_page_scan_activity acp;
1046 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1050 type = PAGE_SCAN_TYPE_INTERLACED;
1052 /* 160 msec page scan interval */
1053 acp.interval = __constant_cpu_to_le16(0x0100);
1055 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1057 /* default 1.28 sec page scan */
1058 acp.interval = __constant_cpu_to_le16(0x0800);
1061 acp.window = __constant_cpu_to_le16(0x0012);
1063 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1064 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1065 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1068 if (hdev->page_scan_type != type)
1069 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1072 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1074 struct pending_cmd *cmd;
1076 BT_DBG("status 0x%02x", status);
1080 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1084 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1086 mgmt_pending_remove(cmd);
1089 hci_dev_unlock(hdev);
1092 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1095 struct mgmt_mode *cp = data;
1096 struct pending_cmd *cmd;
1097 struct hci_request req;
1101 BT_DBG("request for %s", hdev->name);
1103 status = mgmt_bredr_support(hdev);
1105 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1108 if (cp->val != 0x00 && cp->val != 0x01)
1109 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1110 MGMT_STATUS_INVALID_PARAMS);
1114 if (!hdev_is_powered(hdev)) {
1115 bool changed = false;
1117 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1121 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1123 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1124 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1127 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1132 err = new_settings(hdev, sk);
1137 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1138 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1139 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1144 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1145 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1149 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1160 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1161 hdev->discov_timeout > 0)
1162 cancel_delayed_work(&hdev->discov_off);
1165 hci_req_init(&req, hdev);
1167 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1169 /* If we're going from non-connectable to connectable or
1170 * vice-versa when fast connectable is enabled ensure that fast
1171 * connectable gets disabled. write_fast_connectable won't do
1172 * anything if the page scan parameters are already what they
1175 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1176 write_fast_connectable(&req, false);
1178 err = hci_req_run(&req, set_connectable_complete);
1180 mgmt_pending_remove(cmd);
1183 hci_dev_unlock(hdev);
1187 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1190 struct mgmt_mode *cp = data;
1194 BT_DBG("request for %s", hdev->name);
1196 if (cp->val != 0x00 && cp->val != 0x01)
1197 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1198 MGMT_STATUS_INVALID_PARAMS);
1203 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1205 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1207 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1212 err = new_settings(hdev, sk);
1215 hci_dev_unlock(hdev);
1219 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1222 struct mgmt_mode *cp = data;
1223 struct pending_cmd *cmd;
1227 BT_DBG("request for %s", hdev->name);
1229 status = mgmt_bredr_support(hdev);
1231 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1234 if (cp->val != 0x00 && cp->val != 0x01)
1235 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1236 MGMT_STATUS_INVALID_PARAMS);
1240 if (!hdev_is_powered(hdev)) {
1241 bool changed = false;
1243 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1244 &hdev->dev_flags)) {
1245 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1249 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1254 err = new_settings(hdev, sk);
1259 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1260 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1267 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1268 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1272 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1278 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1280 mgmt_pending_remove(cmd);
1285 hci_dev_unlock(hdev);
1289 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1291 struct mgmt_mode *cp = data;
1292 struct pending_cmd *cmd;
1296 BT_DBG("request for %s", hdev->name);
1298 status = mgmt_bredr_support(hdev);
1300 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1302 if (!lmp_ssp_capable(hdev))
1303 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1304 MGMT_STATUS_NOT_SUPPORTED);
1306 if (cp->val != 0x00 && cp->val != 0x01)
1307 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1308 MGMT_STATUS_INVALID_PARAMS);
1312 if (!hdev_is_powered(hdev)) {
1316 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1319 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1322 changed = test_and_clear_bit(HCI_HS_ENABLED,
1325 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1328 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1333 err = new_settings(hdev, sk);
1338 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1339 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
1340 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1345 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1346 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1350 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1356 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1358 mgmt_pending_remove(cmd);
1363 hci_dev_unlock(hdev);
1367 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1369 struct mgmt_mode *cp = data;
1374 BT_DBG("request for %s", hdev->name);
1376 status = mgmt_bredr_support(hdev);
1378 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1380 if (!lmp_ssp_capable(hdev))
1381 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1382 MGMT_STATUS_NOT_SUPPORTED);
1384 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1385 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1386 MGMT_STATUS_REJECTED);
1388 if (cp->val != 0x00 && cp->val != 0x01)
1389 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1390 MGMT_STATUS_INVALID_PARAMS);
1395 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1397 if (hdev_is_powered(hdev)) {
1398 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1399 MGMT_STATUS_REJECTED);
1403 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1406 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1411 err = new_settings(hdev, sk);
1414 hci_dev_unlock(hdev);
1418 static void enable_advertising(struct hci_request *req)
1420 struct hci_dev *hdev = req->hdev;
1421 struct hci_cp_le_set_adv_param cp;
1424 memset(&cp, 0, sizeof(cp));
1425 cp.min_interval = __constant_cpu_to_le16(0x0800);
1426 cp.max_interval = __constant_cpu_to_le16(0x0800);
1427 cp.type = LE_ADV_IND;
1428 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1429 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1431 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1432 cp.channel_map = 0x07;
1434 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1436 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1439 static void disable_advertising(struct hci_request *req)
1443 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1446 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1448 struct cmd_lookup match = { NULL, hdev };
1451 u8 mgmt_err = mgmt_status(status);
1453 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1458 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1460 new_settings(hdev, match.sk);
1466 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1468 struct mgmt_mode *cp = data;
1469 struct hci_cp_write_le_host_supported hci_cp;
1470 struct pending_cmd *cmd;
1471 struct hci_request req;
1475 BT_DBG("request for %s", hdev->name);
1477 if (!lmp_le_capable(hdev))
1478 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1479 MGMT_STATUS_NOT_SUPPORTED);
1481 if (cp->val != 0x00 && cp->val != 0x01)
1482 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1483 MGMT_STATUS_INVALID_PARAMS);
1485 /* LE-only devices do not allow toggling LE on/off */
1486 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1487 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1488 MGMT_STATUS_REJECTED);
1493 enabled = lmp_host_le_capable(hdev);
1495 if (!hdev_is_powered(hdev) || val == enabled) {
1496 bool changed = false;
1498 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1499 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1503 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1504 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1508 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1513 err = new_settings(hdev, sk);
1518 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1519 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1520 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1525 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1531 memset(&hci_cp, 0, sizeof(hci_cp));
1535 hci_cp.simul = lmp_le_br_capable(hdev);
1538 hci_req_init(&req, hdev);
1540 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && !val)
1541 disable_advertising(&req);
1543 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1546 err = hci_req_run(&req, le_enable_complete);
1548 mgmt_pending_remove(cmd);
1551 hci_dev_unlock(hdev);
1555 /* This is a helper function to test for pending mgmt commands that can
1556 * cause CoD or EIR HCI commands. We can only allow one such pending
1557 * mgmt command at a time since otherwise we cannot easily track what
1558 * the current values are, will be, and based on that calculate if a new
1559 * HCI command needs to be sent and if yes with what value.
1561 static bool pending_eir_or_class(struct hci_dev *hdev)
1563 struct pending_cmd *cmd;
1565 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1566 switch (cmd->opcode) {
1567 case MGMT_OP_ADD_UUID:
1568 case MGMT_OP_REMOVE_UUID:
1569 case MGMT_OP_SET_DEV_CLASS:
1570 case MGMT_OP_SET_POWERED:
1578 static const u8 bluetooth_base_uuid[] = {
1579 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1580 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1583 static u8 get_uuid_size(const u8 *uuid)
1587 if (memcmp(uuid, bluetooth_base_uuid, 12))
1590 val = get_unaligned_le32(&uuid[12]);
1597 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1599 struct pending_cmd *cmd;
1603 cmd = mgmt_pending_find(mgmt_op, hdev);
1607 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1608 hdev->dev_class, 3);
1610 mgmt_pending_remove(cmd);
1613 hci_dev_unlock(hdev);
1616 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1618 BT_DBG("status 0x%02x", status);
1620 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1623 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1625 struct mgmt_cp_add_uuid *cp = data;
1626 struct pending_cmd *cmd;
1627 struct hci_request req;
1628 struct bt_uuid *uuid;
1631 BT_DBG("request for %s", hdev->name);
1635 if (pending_eir_or_class(hdev)) {
1636 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1641 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1647 memcpy(uuid->uuid, cp->uuid, 16);
1648 uuid->svc_hint = cp->svc_hint;
1649 uuid->size = get_uuid_size(cp->uuid);
1651 list_add_tail(&uuid->list, &hdev->uuids);
1653 hci_req_init(&req, hdev);
1658 err = hci_req_run(&req, add_uuid_complete);
1660 if (err != -ENODATA)
1663 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1664 hdev->dev_class, 3);
1668 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1677 hci_dev_unlock(hdev);
1681 static bool enable_service_cache(struct hci_dev *hdev)
1683 if (!hdev_is_powered(hdev))
1686 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1687 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1695 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1697 BT_DBG("status 0x%02x", status);
1699 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1702 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1705 struct mgmt_cp_remove_uuid *cp = data;
1706 struct pending_cmd *cmd;
1707 struct bt_uuid *match, *tmp;
1708 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1709 struct hci_request req;
1712 BT_DBG("request for %s", hdev->name);
1716 if (pending_eir_or_class(hdev)) {
1717 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1722 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1723 err = hci_uuids_clear(hdev);
1725 if (enable_service_cache(hdev)) {
1726 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1727 0, hdev->dev_class, 3);
1736 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1737 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1740 list_del(&match->list);
1746 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1747 MGMT_STATUS_INVALID_PARAMS);
1752 hci_req_init(&req, hdev);
1757 err = hci_req_run(&req, remove_uuid_complete);
1759 if (err != -ENODATA)
1762 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1763 hdev->dev_class, 3);
1767 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1776 hci_dev_unlock(hdev);
1780 static void set_class_complete(struct hci_dev *hdev, u8 status)
1782 BT_DBG("status 0x%02x", status);
1784 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1787 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1790 struct mgmt_cp_set_dev_class *cp = data;
1791 struct pending_cmd *cmd;
1792 struct hci_request req;
1795 BT_DBG("request for %s", hdev->name);
1797 if (!lmp_bredr_capable(hdev))
1798 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1799 MGMT_STATUS_NOT_SUPPORTED);
1803 if (pending_eir_or_class(hdev)) {
1804 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1809 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1810 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1811 MGMT_STATUS_INVALID_PARAMS);
1815 hdev->major_class = cp->major;
1816 hdev->minor_class = cp->minor;
1818 if (!hdev_is_powered(hdev)) {
1819 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1820 hdev->dev_class, 3);
1824 hci_req_init(&req, hdev);
1826 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1827 hci_dev_unlock(hdev);
1828 cancel_delayed_work_sync(&hdev->service_cache);
1835 err = hci_req_run(&req, set_class_complete);
1837 if (err != -ENODATA)
1840 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1841 hdev->dev_class, 3);
1845 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1854 hci_dev_unlock(hdev);
1858 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1861 struct mgmt_cp_load_link_keys *cp = data;
1862 u16 key_count, expected_len;
1865 BT_DBG("request for %s", hdev->name);
1867 if (!lmp_bredr_capable(hdev))
1868 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1869 MGMT_STATUS_NOT_SUPPORTED);
1871 key_count = __le16_to_cpu(cp->key_count);
1873 expected_len = sizeof(*cp) + key_count *
1874 sizeof(struct mgmt_link_key_info);
1875 if (expected_len != len) {
1876 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1878 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1879 MGMT_STATUS_INVALID_PARAMS);
1882 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1883 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1884 MGMT_STATUS_INVALID_PARAMS);
1886 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1889 for (i = 0; i < key_count; i++) {
1890 struct mgmt_link_key_info *key = &cp->keys[i];
1892 if (key->addr.type != BDADDR_BREDR)
1893 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1894 MGMT_STATUS_INVALID_PARAMS);
1899 hci_link_keys_clear(hdev);
1902 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1904 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1906 for (i = 0; i < key_count; i++) {
1907 struct mgmt_link_key_info *key = &cp->keys[i];
1909 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1910 key->type, key->pin_len);
1913 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1915 hci_dev_unlock(hdev);
1920 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1921 u8 addr_type, struct sock *skip_sk)
1923 struct mgmt_ev_device_unpaired ev;
1925 bacpy(&ev.addr.bdaddr, bdaddr);
1926 ev.addr.type = addr_type;
1928 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1932 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1935 struct mgmt_cp_unpair_device *cp = data;
1936 struct mgmt_rp_unpair_device rp;
1937 struct hci_cp_disconnect dc;
1938 struct pending_cmd *cmd;
1939 struct hci_conn *conn;
1942 memset(&rp, 0, sizeof(rp));
1943 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1944 rp.addr.type = cp->addr.type;
1946 if (!bdaddr_type_is_valid(cp->addr.type))
1947 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1948 MGMT_STATUS_INVALID_PARAMS,
1951 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1952 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1953 MGMT_STATUS_INVALID_PARAMS,
1958 if (!hdev_is_powered(hdev)) {
1959 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1960 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1964 if (cp->addr.type == BDADDR_BREDR)
1965 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1967 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1970 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1971 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1975 if (cp->disconnect) {
1976 if (cp->addr.type == BDADDR_BREDR)
1977 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1980 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1987 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1989 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1993 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2000 dc.handle = cpu_to_le16(conn->handle);
2001 dc.reason = 0x13; /* Remote User Terminated Connection */
2002 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2004 mgmt_pending_remove(cmd);
2007 hci_dev_unlock(hdev);
2011 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2014 struct mgmt_cp_disconnect *cp = data;
2015 struct mgmt_rp_disconnect rp;
2016 struct hci_cp_disconnect dc;
2017 struct pending_cmd *cmd;
2018 struct hci_conn *conn;
2023 memset(&rp, 0, sizeof(rp));
2024 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2025 rp.addr.type = cp->addr.type;
2027 if (!bdaddr_type_is_valid(cp->addr.type))
2028 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2029 MGMT_STATUS_INVALID_PARAMS,
2034 if (!test_bit(HCI_UP, &hdev->flags)) {
2035 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2036 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2040 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2041 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2042 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2046 if (cp->addr.type == BDADDR_BREDR)
2047 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2050 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2052 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2053 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2054 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2058 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2064 dc.handle = cpu_to_le16(conn->handle);
2065 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2067 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2069 mgmt_pending_remove(cmd);
2072 hci_dev_unlock(hdev);
2076 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2078 switch (link_type) {
2080 switch (addr_type) {
2081 case ADDR_LE_DEV_PUBLIC:
2082 return BDADDR_LE_PUBLIC;
2085 /* Fallback to LE Random address type */
2086 return BDADDR_LE_RANDOM;
2090 /* Fallback to BR/EDR type */
2091 return BDADDR_BREDR;
2095 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2098 struct mgmt_rp_get_connections *rp;
2108 if (!hdev_is_powered(hdev)) {
2109 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2110 MGMT_STATUS_NOT_POWERED);
2115 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2116 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2120 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2121 rp = kmalloc(rp_len, GFP_KERNEL);
2128 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2129 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2131 bacpy(&rp->addr[i].bdaddr, &c->dst);
2132 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2133 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2138 rp->conn_count = cpu_to_le16(i);
2140 /* Recalculate length in case of filtered SCO connections, etc */
2141 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2143 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2149 hci_dev_unlock(hdev);
2153 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2154 struct mgmt_cp_pin_code_neg_reply *cp)
2156 struct pending_cmd *cmd;
2159 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2164 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2165 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2167 mgmt_pending_remove(cmd);
2172 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2175 struct hci_conn *conn;
2176 struct mgmt_cp_pin_code_reply *cp = data;
2177 struct hci_cp_pin_code_reply reply;
2178 struct pending_cmd *cmd;
2185 if (!hdev_is_powered(hdev)) {
2186 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2187 MGMT_STATUS_NOT_POWERED);
2191 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2193 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2194 MGMT_STATUS_NOT_CONNECTED);
2198 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2199 struct mgmt_cp_pin_code_neg_reply ncp;
2201 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2203 BT_ERR("PIN code is not 16 bytes long");
2205 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2207 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2208 MGMT_STATUS_INVALID_PARAMS);
2213 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2219 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2220 reply.pin_len = cp->pin_len;
2221 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2223 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2225 mgmt_pending_remove(cmd);
2228 hci_dev_unlock(hdev);
2232 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2235 struct mgmt_cp_set_io_capability *cp = data;
2241 hdev->io_capability = cp->io_capability;
2243 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2244 hdev->io_capability);
2246 hci_dev_unlock(hdev);
2248 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2252 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2254 struct hci_dev *hdev = conn->hdev;
2255 struct pending_cmd *cmd;
2257 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2258 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2261 if (cmd->user_data != conn)
2270 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2272 struct mgmt_rp_pair_device rp;
2273 struct hci_conn *conn = cmd->user_data;
2275 bacpy(&rp.addr.bdaddr, &conn->dst);
2276 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2278 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2281 /* So we don't get further callbacks for this connection */
2282 conn->connect_cfm_cb = NULL;
2283 conn->security_cfm_cb = NULL;
2284 conn->disconn_cfm_cb = NULL;
2286 hci_conn_drop(conn);
2288 mgmt_pending_remove(cmd);
2291 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2293 struct pending_cmd *cmd;
2295 BT_DBG("status %u", status);
2297 cmd = find_pairing(conn);
2299 BT_DBG("Unable to find a pending command");
2301 pairing_complete(cmd, mgmt_status(status));
2304 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2306 struct pending_cmd *cmd;
2308 BT_DBG("status %u", status);
2313 cmd = find_pairing(conn);
2315 BT_DBG("Unable to find a pending command");
2317 pairing_complete(cmd, mgmt_status(status));
2320 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2323 struct mgmt_cp_pair_device *cp = data;
2324 struct mgmt_rp_pair_device rp;
2325 struct pending_cmd *cmd;
2326 u8 sec_level, auth_type;
2327 struct hci_conn *conn;
2332 memset(&rp, 0, sizeof(rp));
2333 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2334 rp.addr.type = cp->addr.type;
2336 if (!bdaddr_type_is_valid(cp->addr.type))
2337 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2338 MGMT_STATUS_INVALID_PARAMS,
2343 if (!hdev_is_powered(hdev)) {
2344 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2345 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2349 sec_level = BT_SECURITY_MEDIUM;
2350 if (cp->io_cap == 0x03)
2351 auth_type = HCI_AT_DEDICATED_BONDING;
2353 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2355 if (cp->addr.type == BDADDR_BREDR)
2356 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2357 cp->addr.type, sec_level, auth_type);
2359 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2360 cp->addr.type, sec_level, auth_type);
2365 if (PTR_ERR(conn) == -EBUSY)
2366 status = MGMT_STATUS_BUSY;
2368 status = MGMT_STATUS_CONNECT_FAILED;
2370 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2376 if (conn->connect_cfm_cb) {
2377 hci_conn_drop(conn);
2378 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2379 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2383 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2386 hci_conn_drop(conn);
2390 /* For LE, just connecting isn't a proof that the pairing finished */
2391 if (cp->addr.type == BDADDR_BREDR)
2392 conn->connect_cfm_cb = pairing_complete_cb;
2394 conn->connect_cfm_cb = le_connect_complete_cb;
2396 conn->security_cfm_cb = pairing_complete_cb;
2397 conn->disconn_cfm_cb = pairing_complete_cb;
2398 conn->io_capability = cp->io_cap;
2399 cmd->user_data = conn;
2401 if (conn->state == BT_CONNECTED &&
2402 hci_conn_security(conn, sec_level, auth_type))
2403 pairing_complete(cmd, 0);
2408 hci_dev_unlock(hdev);
2412 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2415 struct mgmt_addr_info *addr = data;
2416 struct pending_cmd *cmd;
2417 struct hci_conn *conn;
2424 if (!hdev_is_powered(hdev)) {
2425 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2426 MGMT_STATUS_NOT_POWERED);
2430 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2432 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2433 MGMT_STATUS_INVALID_PARAMS);
2437 conn = cmd->user_data;
2439 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2440 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2441 MGMT_STATUS_INVALID_PARAMS);
2445 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2447 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2448 addr, sizeof(*addr));
2450 hci_dev_unlock(hdev);
2454 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2455 struct mgmt_addr_info *addr, u16 mgmt_op,
2456 u16 hci_op, __le32 passkey)
2458 struct pending_cmd *cmd;
2459 struct hci_conn *conn;
2464 if (!hdev_is_powered(hdev)) {
2465 err = cmd_complete(sk, hdev->id, mgmt_op,
2466 MGMT_STATUS_NOT_POWERED, addr,
2471 if (addr->type == BDADDR_BREDR)
2472 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2474 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2477 err = cmd_complete(sk, hdev->id, mgmt_op,
2478 MGMT_STATUS_NOT_CONNECTED, addr,
2483 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2484 /* Continue with pairing via SMP */
2485 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2488 err = cmd_complete(sk, hdev->id, mgmt_op,
2489 MGMT_STATUS_SUCCESS, addr,
2492 err = cmd_complete(sk, hdev->id, mgmt_op,
2493 MGMT_STATUS_FAILED, addr,
2499 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2505 /* Continue with pairing via HCI */
2506 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2507 struct hci_cp_user_passkey_reply cp;
2509 bacpy(&cp.bdaddr, &addr->bdaddr);
2510 cp.passkey = passkey;
2511 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2513 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2517 mgmt_pending_remove(cmd);
2520 hci_dev_unlock(hdev);
2524 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2525 void *data, u16 len)
2527 struct mgmt_cp_pin_code_neg_reply *cp = data;
2531 return user_pairing_resp(sk, hdev, &cp->addr,
2532 MGMT_OP_PIN_CODE_NEG_REPLY,
2533 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2536 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2539 struct mgmt_cp_user_confirm_reply *cp = data;
2543 if (len != sizeof(*cp))
2544 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2545 MGMT_STATUS_INVALID_PARAMS);
2547 return user_pairing_resp(sk, hdev, &cp->addr,
2548 MGMT_OP_USER_CONFIRM_REPLY,
2549 HCI_OP_USER_CONFIRM_REPLY, 0);
2552 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2553 void *data, u16 len)
2555 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2559 return user_pairing_resp(sk, hdev, &cp->addr,
2560 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2561 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2564 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2567 struct mgmt_cp_user_passkey_reply *cp = data;
2571 return user_pairing_resp(sk, hdev, &cp->addr,
2572 MGMT_OP_USER_PASSKEY_REPLY,
2573 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2576 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2577 void *data, u16 len)
2579 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2583 return user_pairing_resp(sk, hdev, &cp->addr,
2584 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2585 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2588 static void update_name(struct hci_request *req)
2590 struct hci_dev *hdev = req->hdev;
2591 struct hci_cp_write_local_name cp;
2593 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2595 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2598 static void set_name_complete(struct hci_dev *hdev, u8 status)
2600 struct mgmt_cp_set_local_name *cp;
2601 struct pending_cmd *cmd;
2603 BT_DBG("status 0x%02x", status);
2607 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2614 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2615 mgmt_status(status));
2617 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2620 mgmt_pending_remove(cmd);
2623 hci_dev_unlock(hdev);
2626 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2629 struct mgmt_cp_set_local_name *cp = data;
2630 struct pending_cmd *cmd;
2631 struct hci_request req;
2638 /* If the old values are the same as the new ones just return a
2639 * direct command complete event.
2641 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2642 !memcmp(hdev->short_name, cp->short_name,
2643 sizeof(hdev->short_name))) {
2644 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2649 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2651 if (!hdev_is_powered(hdev)) {
2652 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2654 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2659 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2665 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2671 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2673 hci_req_init(&req, hdev);
2675 if (lmp_bredr_capable(hdev)) {
2680 if (lmp_le_capable(hdev))
2681 hci_update_ad(&req);
2683 err = hci_req_run(&req, set_name_complete);
2685 mgmt_pending_remove(cmd);
2688 hci_dev_unlock(hdev);
2692 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2693 void *data, u16 data_len)
2695 struct pending_cmd *cmd;
2698 BT_DBG("%s", hdev->name);
2702 if (!hdev_is_powered(hdev)) {
2703 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2704 MGMT_STATUS_NOT_POWERED);
2708 if (!lmp_ssp_capable(hdev)) {
2709 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2710 MGMT_STATUS_NOT_SUPPORTED);
2714 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2715 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2720 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2726 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2728 mgmt_pending_remove(cmd);
2731 hci_dev_unlock(hdev);
2735 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2736 void *data, u16 len)
2738 struct mgmt_cp_add_remote_oob_data *cp = data;
2742 BT_DBG("%s ", hdev->name);
2746 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2749 status = MGMT_STATUS_FAILED;
2751 status = MGMT_STATUS_SUCCESS;
2753 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2754 &cp->addr, sizeof(cp->addr));
2756 hci_dev_unlock(hdev);
2760 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2761 void *data, u16 len)
2763 struct mgmt_cp_remove_remote_oob_data *cp = data;
2767 BT_DBG("%s", hdev->name);
2771 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2773 status = MGMT_STATUS_INVALID_PARAMS;
2775 status = MGMT_STATUS_SUCCESS;
2777 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2778 status, &cp->addr, sizeof(cp->addr));
2780 hci_dev_unlock(hdev);
2784 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2786 struct pending_cmd *cmd;
2790 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2792 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2796 type = hdev->discovery.type;
2798 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2799 &type, sizeof(type));
2800 mgmt_pending_remove(cmd);
2805 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2807 BT_DBG("status %d", status);
2811 mgmt_start_discovery_failed(hdev, status);
2812 hci_dev_unlock(hdev);
2817 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2818 hci_dev_unlock(hdev);
2820 switch (hdev->discovery.type) {
2821 case DISCOV_TYPE_LE:
2822 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2826 case DISCOV_TYPE_INTERLEAVED:
2827 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2828 DISCOV_INTERLEAVED_TIMEOUT);
2831 case DISCOV_TYPE_BREDR:
2835 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2839 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2840 void *data, u16 len)
2842 struct mgmt_cp_start_discovery *cp = data;
2843 struct pending_cmd *cmd;
2844 struct hci_cp_le_set_scan_param param_cp;
2845 struct hci_cp_le_set_scan_enable enable_cp;
2846 struct hci_cp_inquiry inq_cp;
2847 struct hci_request req;
2848 /* General inquiry access code (GIAC) */
2849 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2853 BT_DBG("%s", hdev->name);
2857 if (!hdev_is_powered(hdev)) {
2858 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2859 MGMT_STATUS_NOT_POWERED);
2863 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2864 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2869 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2870 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2875 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2881 hdev->discovery.type = cp->type;
2883 hci_req_init(&req, hdev);
2885 switch (hdev->discovery.type) {
2886 case DISCOV_TYPE_BREDR:
2887 status = mgmt_bredr_support(hdev);
2889 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2891 mgmt_pending_remove(cmd);
2895 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2896 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2898 mgmt_pending_remove(cmd);
2902 hci_inquiry_cache_flush(hdev);
2904 memset(&inq_cp, 0, sizeof(inq_cp));
2905 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
2906 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
2907 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
2910 case DISCOV_TYPE_LE:
2911 case DISCOV_TYPE_INTERLEAVED:
2912 status = mgmt_le_support(hdev);
2914 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2916 mgmt_pending_remove(cmd);
2920 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
2921 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2922 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2923 MGMT_STATUS_NOT_SUPPORTED);
2924 mgmt_pending_remove(cmd);
2928 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2929 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2930 MGMT_STATUS_REJECTED);
2931 mgmt_pending_remove(cmd);
2935 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2936 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2938 mgmt_pending_remove(cmd);
2942 memset(¶m_cp, 0, sizeof(param_cp));
2943 param_cp.type = LE_SCAN_ACTIVE;
2944 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2945 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
2946 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
2947 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
2949 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
2950 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2953 memset(&enable_cp, 0, sizeof(enable_cp));
2954 enable_cp.enable = LE_SCAN_ENABLE;
2955 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2956 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2961 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2962 MGMT_STATUS_INVALID_PARAMS);
2963 mgmt_pending_remove(cmd);
2967 err = hci_req_run(&req, start_discovery_complete);
2969 mgmt_pending_remove(cmd);
2971 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2974 hci_dev_unlock(hdev);
2978 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2980 struct pending_cmd *cmd;
2983 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2987 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2988 &hdev->discovery.type, sizeof(hdev->discovery.type));
2989 mgmt_pending_remove(cmd);
2994 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2996 BT_DBG("status %d", status);
3001 mgmt_stop_discovery_failed(hdev, status);
3005 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3008 hci_dev_unlock(hdev);
3011 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3014 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3015 struct pending_cmd *cmd;
3016 struct hci_cp_remote_name_req_cancel cp;
3017 struct inquiry_entry *e;
3018 struct hci_request req;
3019 struct hci_cp_le_set_scan_enable enable_cp;
3022 BT_DBG("%s", hdev->name);
3026 if (!hci_discovery_active(hdev)) {
3027 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3028 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3029 sizeof(mgmt_cp->type));
3033 if (hdev->discovery.type != mgmt_cp->type) {
3034 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3035 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3036 sizeof(mgmt_cp->type));
3040 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3046 hci_req_init(&req, hdev);
3048 switch (hdev->discovery.state) {
3049 case DISCOVERY_FINDING:
3050 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3051 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3053 cancel_delayed_work(&hdev->le_scan_disable);
3055 memset(&enable_cp, 0, sizeof(enable_cp));
3056 enable_cp.enable = LE_SCAN_DISABLE;
3057 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3058 sizeof(enable_cp), &enable_cp);
3063 case DISCOVERY_RESOLVING:
3064 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3067 mgmt_pending_remove(cmd);
3068 err = cmd_complete(sk, hdev->id,
3069 MGMT_OP_STOP_DISCOVERY, 0,
3071 sizeof(mgmt_cp->type));
3072 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3076 bacpy(&cp.bdaddr, &e->data.bdaddr);
3077 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3083 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3085 mgmt_pending_remove(cmd);
3086 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3087 MGMT_STATUS_FAILED, &mgmt_cp->type,
3088 sizeof(mgmt_cp->type));
3092 err = hci_req_run(&req, stop_discovery_complete);
3094 mgmt_pending_remove(cmd);
3096 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3099 hci_dev_unlock(hdev);
3103 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3106 struct mgmt_cp_confirm_name *cp = data;
3107 struct inquiry_entry *e;
3110 BT_DBG("%s", hdev->name);
3114 if (!hci_discovery_active(hdev)) {
3115 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3116 MGMT_STATUS_FAILED);
3120 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3122 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3123 MGMT_STATUS_INVALID_PARAMS);
3127 if (cp->name_known) {
3128 e->name_state = NAME_KNOWN;
3131 e->name_state = NAME_NEEDED;
3132 hci_inquiry_cache_update_resolve(hdev, e);
3135 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3139 hci_dev_unlock(hdev);
3143 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3146 struct mgmt_cp_block_device *cp = data;
3150 BT_DBG("%s", hdev->name);
3152 if (!bdaddr_type_is_valid(cp->addr.type))
3153 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3154 MGMT_STATUS_INVALID_PARAMS,
3155 &cp->addr, sizeof(cp->addr));
3159 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3161 status = MGMT_STATUS_FAILED;
3163 status = MGMT_STATUS_SUCCESS;
3165 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3166 &cp->addr, sizeof(cp->addr));
3168 hci_dev_unlock(hdev);
3173 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3176 struct mgmt_cp_unblock_device *cp = data;
3180 BT_DBG("%s", hdev->name);
3182 if (!bdaddr_type_is_valid(cp->addr.type))
3183 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3184 MGMT_STATUS_INVALID_PARAMS,
3185 &cp->addr, sizeof(cp->addr));
3189 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3191 status = MGMT_STATUS_INVALID_PARAMS;
3193 status = MGMT_STATUS_SUCCESS;
3195 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3196 &cp->addr, sizeof(cp->addr));
3198 hci_dev_unlock(hdev);
3203 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3206 struct mgmt_cp_set_device_id *cp = data;
3207 struct hci_request req;
3211 BT_DBG("%s", hdev->name);
3213 source = __le16_to_cpu(cp->source);
3215 if (source > 0x0002)
3216 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3217 MGMT_STATUS_INVALID_PARAMS);
3221 hdev->devid_source = source;
3222 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3223 hdev->devid_product = __le16_to_cpu(cp->product);
3224 hdev->devid_version = __le16_to_cpu(cp->version);
3226 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3228 hci_req_init(&req, hdev);
3230 hci_req_run(&req, NULL);
3232 hci_dev_unlock(hdev);
3237 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3239 struct cmd_lookup match = { NULL, hdev };
3242 u8 mgmt_err = mgmt_status(status);
3244 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3245 cmd_status_rsp, &mgmt_err);
3249 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3252 new_settings(hdev, match.sk);
3258 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3261 struct mgmt_mode *cp = data;
3262 struct pending_cmd *cmd;
3263 struct hci_request req;
3264 u8 val, enabled, status;
3267 BT_DBG("request for %s", hdev->name);
3269 status = mgmt_le_support(hdev);
3271 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3274 if (cp->val != 0x00 && cp->val != 0x01)
3275 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3276 MGMT_STATUS_INVALID_PARAMS);
3281 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3283 /* The following conditions are ones which mean that we should
3284 * not do any HCI communication but directly send a mgmt
3285 * response to user space (after toggling the flag if
3288 if (!hdev_is_powered(hdev) || val == enabled ||
3289 hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECTED)) {
3290 bool changed = false;
3292 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3293 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3297 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3302 err = new_settings(hdev, sk);
3307 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3308 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3309 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3314 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3320 hci_req_init(&req, hdev);
3323 enable_advertising(&req);
3325 disable_advertising(&req);
3327 err = hci_req_run(&req, set_advertising_complete);
3329 mgmt_pending_remove(cmd);
3332 hci_dev_unlock(hdev);
3336 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3337 void *data, u16 len)
3339 struct mgmt_cp_set_static_address *cp = data;
3342 BT_DBG("%s", hdev->name);
3344 if (!lmp_le_capable(hdev))
3345 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3346 MGMT_STATUS_NOT_SUPPORTED);
3348 if (hdev_is_powered(hdev))
3349 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3350 MGMT_STATUS_REJECTED);
3352 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3353 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3354 return cmd_status(sk, hdev->id,
3355 MGMT_OP_SET_STATIC_ADDRESS,
3356 MGMT_STATUS_INVALID_PARAMS);
3358 /* Two most significant bits shall be set */
3359 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3360 return cmd_status(sk, hdev->id,
3361 MGMT_OP_SET_STATIC_ADDRESS,
3362 MGMT_STATUS_INVALID_PARAMS);
3367 bacpy(&hdev->static_addr, &cp->bdaddr);
3369 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3371 hci_dev_unlock(hdev);
3376 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3378 struct pending_cmd *cmd;
3380 BT_DBG("status 0x%02x", status);
3384 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3389 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3390 mgmt_status(status));
3392 struct mgmt_mode *cp = cmd->param;
3395 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3397 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3399 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3400 new_settings(hdev, cmd->sk);
3403 mgmt_pending_remove(cmd);
3406 hci_dev_unlock(hdev);
3409 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3410 void *data, u16 len)
3412 struct mgmt_mode *cp = data;
3413 struct pending_cmd *cmd;
3414 struct hci_request req;
3417 BT_DBG("%s", hdev->name);
3419 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3420 hdev->hci_ver < BLUETOOTH_VER_1_2)
3421 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3422 MGMT_STATUS_NOT_SUPPORTED);
3424 if (cp->val != 0x00 && cp->val != 0x01)
3425 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3426 MGMT_STATUS_INVALID_PARAMS);
3428 if (!hdev_is_powered(hdev))
3429 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3430 MGMT_STATUS_NOT_POWERED);
3432 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3433 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3434 MGMT_STATUS_REJECTED);
3438 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3439 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3444 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3445 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3450 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3457 hci_req_init(&req, hdev);
3459 write_fast_connectable(&req, cp->val);
3461 err = hci_req_run(&req, fast_connectable_complete);
3463 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3464 MGMT_STATUS_FAILED);
3465 mgmt_pending_remove(cmd);
3469 hci_dev_unlock(hdev);
3474 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3476 struct pending_cmd *cmd;
3478 BT_DBG("status 0x%02x", status);
3482 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3487 u8 mgmt_err = mgmt_status(status);
3489 /* We need to restore the flag if related HCI commands
3492 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3494 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3496 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3497 new_settings(hdev, cmd->sk);
3500 mgmt_pending_remove(cmd);
3503 hci_dev_unlock(hdev);
3506 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3508 struct mgmt_mode *cp = data;
3509 struct pending_cmd *cmd;
3510 struct hci_request req;
3513 BT_DBG("request for %s", hdev->name);
3515 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3516 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3517 MGMT_STATUS_NOT_SUPPORTED);
3519 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3520 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3521 MGMT_STATUS_REJECTED);
3523 if (cp->val != 0x00 && cp->val != 0x01)
3524 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3525 MGMT_STATUS_INVALID_PARAMS);
3529 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3530 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3534 if (!hdev_is_powered(hdev)) {
3536 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3537 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3538 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3539 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3540 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3541 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3544 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3546 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3550 err = new_settings(hdev, sk);
3554 /* Reject disabling when powered on */
3556 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3557 MGMT_STATUS_REJECTED);
3561 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3562 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3567 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3573 /* We need to flip the bit already here so that hci_update_ad
3574 * generates the correct flags.
3576 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3578 hci_req_init(&req, hdev);
3579 hci_update_ad(&req);
3580 err = hci_req_run(&req, set_bredr_complete);
3582 mgmt_pending_remove(cmd);
3585 hci_dev_unlock(hdev);
3589 static bool ltk_is_valid(struct mgmt_ltk_info *key)
3591 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3593 if (key->master != 0x00 && key->master != 0x01)
3595 if (!bdaddr_type_is_le(key->addr.type))
3600 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
3601 void *cp_data, u16 len)
3603 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3604 u16 key_count, expected_len;
3607 BT_DBG("request for %s", hdev->name);
3609 if (!lmp_le_capable(hdev))
3610 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3611 MGMT_STATUS_NOT_SUPPORTED);
3613 key_count = __le16_to_cpu(cp->key_count);
3615 expected_len = sizeof(*cp) + key_count *
3616 sizeof(struct mgmt_ltk_info);
3617 if (expected_len != len) {
3618 BT_ERR("load_keys: expected %u bytes, got %u bytes",
3620 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3621 MGMT_STATUS_INVALID_PARAMS);
3624 BT_DBG("%s key_count %u", hdev->name, key_count);
3626 for (i = 0; i < key_count; i++) {
3627 struct mgmt_ltk_info *key = &cp->keys[i];
3629 if (!ltk_is_valid(key))
3630 return cmd_status(sk, hdev->id,
3631 MGMT_OP_LOAD_LONG_TERM_KEYS,
3632 MGMT_STATUS_INVALID_PARAMS);
3637 hci_smp_ltks_clear(hdev);
3639 for (i = 0; i < key_count; i++) {
3640 struct mgmt_ltk_info *key = &cp->keys[i];
3646 type = HCI_SMP_LTK_SLAVE;
3648 hci_add_ltk(hdev, &key->addr.bdaddr,
3649 bdaddr_to_le(key->addr.type),
3650 type, 0, key->authenticated, key->val,
3651 key->enc_size, key->ediv, key->rand);
3654 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3657 hci_dev_unlock(hdev);
3662 static const struct mgmt_handler {
3663 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3667 } mgmt_handlers[] = {
3668 { NULL }, /* 0x0000 (no command) */
3669 { read_version, false, MGMT_READ_VERSION_SIZE },
3670 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3671 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3672 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3673 { set_powered, false, MGMT_SETTING_SIZE },
3674 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3675 { set_connectable, false, MGMT_SETTING_SIZE },
3676 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3677 { set_pairable, false, MGMT_SETTING_SIZE },
3678 { set_link_security, false, MGMT_SETTING_SIZE },
3679 { set_ssp, false, MGMT_SETTING_SIZE },
3680 { set_hs, false, MGMT_SETTING_SIZE },
3681 { set_le, false, MGMT_SETTING_SIZE },
3682 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3683 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3684 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3685 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3686 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3687 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3688 { disconnect, false, MGMT_DISCONNECT_SIZE },
3689 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3690 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3691 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3692 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3693 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3694 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3695 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3696 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3697 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3698 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3699 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3700 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3701 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3702 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3703 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3704 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3705 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3706 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3707 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
3708 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
3709 { set_advertising, false, MGMT_SETTING_SIZE },
3710 { set_bredr, false, MGMT_SETTING_SIZE },
3711 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
3715 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3719 struct mgmt_hdr *hdr;
3720 u16 opcode, index, len;
3721 struct hci_dev *hdev = NULL;
3722 const struct mgmt_handler *handler;
3725 BT_DBG("got %zu bytes", msglen);
3727 if (msglen < sizeof(*hdr))
3730 buf = kmalloc(msglen, GFP_KERNEL);
3734 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3740 opcode = __le16_to_cpu(hdr->opcode);
3741 index = __le16_to_cpu(hdr->index);
3742 len = __le16_to_cpu(hdr->len);
3744 if (len != msglen - sizeof(*hdr)) {
3749 if (index != MGMT_INDEX_NONE) {
3750 hdev = hci_dev_get(index);
3752 err = cmd_status(sk, index, opcode,
3753 MGMT_STATUS_INVALID_INDEX);
3757 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
3758 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3759 err = cmd_status(sk, index, opcode,
3760 MGMT_STATUS_INVALID_INDEX);
3765 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
3766 mgmt_handlers[opcode].func == NULL) {
3767 BT_DBG("Unknown op %u", opcode);
3768 err = cmd_status(sk, index, opcode,
3769 MGMT_STATUS_UNKNOWN_COMMAND);
3773 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
3774 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
3775 err = cmd_status(sk, index, opcode,
3776 MGMT_STATUS_INVALID_INDEX);
3780 handler = &mgmt_handlers[opcode];
3782 if ((handler->var_len && len < handler->data_len) ||
3783 (!handler->var_len && len != handler->data_len)) {
3784 err = cmd_status(sk, index, opcode,
3785 MGMT_STATUS_INVALID_PARAMS);
3790 mgmt_init_hdev(sk, hdev);
3792 cp = buf + sizeof(*hdr);
3794 err = handler->func(sk, hdev, cp, len);
3808 void mgmt_index_added(struct hci_dev *hdev)
3810 if (hdev->dev_type != HCI_BREDR)
3813 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
3816 void mgmt_index_removed(struct hci_dev *hdev)
3818 u8 status = MGMT_STATUS_INVALID_INDEX;
3820 if (hdev->dev_type != HCI_BREDR)
3823 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3825 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
3828 static void set_bredr_scan(struct hci_request *req)
3830 struct hci_dev *hdev = req->hdev;
3833 /* Ensure that fast connectable is disabled. This function will
3834 * not do anything if the page scan parameters are already what
3837 write_fast_connectable(req, false);
3839 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3841 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3842 scan |= SCAN_INQUIRY;
3845 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3848 static void powered_complete(struct hci_dev *hdev, u8 status)
3850 struct cmd_lookup match = { NULL, hdev };
3852 BT_DBG("status 0x%02x", status);
3856 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3858 new_settings(hdev, match.sk);
3860 hci_dev_unlock(hdev);
3866 static int powered_update_hci(struct hci_dev *hdev)
3868 struct hci_request req;
3871 hci_req_init(&req, hdev);
3873 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3874 !lmp_host_ssp_capable(hdev)) {
3877 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
3880 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3881 lmp_bredr_capable(hdev)) {
3882 struct hci_cp_write_le_host_supported cp;
3885 cp.simul = lmp_le_br_capable(hdev);
3887 /* Check first if we already have the right
3888 * host state (host features set)
3890 if (cp.le != lmp_host_le_capable(hdev) ||
3891 cp.simul != lmp_host_le_br_capable(hdev))
3892 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3895 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3896 hci_update_ad(&req);
3899 if (lmp_le_capable(hdev)) {
3900 /* Set random address to static address if configured */
3901 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3902 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3903 &hdev->static_addr);
3905 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
3906 enable_advertising(&req);
3909 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3910 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
3911 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3912 sizeof(link_sec), &link_sec);
3914 if (lmp_bredr_capable(hdev)) {
3915 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3916 set_bredr_scan(&req);
3922 return hci_req_run(&req, powered_complete);
3925 int mgmt_powered(struct hci_dev *hdev, u8 powered)
3927 struct cmd_lookup match = { NULL, hdev };
3928 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3929 u8 zero_cod[] = { 0, 0, 0 };
3932 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3936 if (powered_update_hci(hdev) == 0)
3939 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3944 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3945 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3947 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3948 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3949 zero_cod, sizeof(zero_cod), NULL);
3952 err = new_settings(hdev, match.sk);
3960 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3962 struct pending_cmd *cmd;
3965 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3969 if (err == -ERFKILL)
3970 status = MGMT_STATUS_RFKILLED;
3972 status = MGMT_STATUS_FAILED;
3974 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3976 mgmt_pending_remove(cmd);
3979 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3981 struct cmd_lookup match = { NULL, hdev };
3982 bool changed = false;
3986 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3989 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3993 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3997 err = new_settings(hdev, match.sk);
4005 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
4007 struct pending_cmd *cmd;
4008 bool changed = false;
4012 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4015 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4019 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
4022 err = new_settings(hdev, cmd ? cmd->sk : NULL);
4027 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
4029 u8 mgmt_err = mgmt_status(status);
4031 if (scan & SCAN_PAGE)
4032 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
4033 cmd_status_rsp, &mgmt_err);
4035 if (scan & SCAN_INQUIRY)
4036 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
4037 cmd_status_rsp, &mgmt_err);
4042 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4045 struct mgmt_ev_new_link_key ev;
4047 memset(&ev, 0, sizeof(ev));
4049 ev.store_hint = persistent;
4050 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4051 ev.key.addr.type = BDADDR_BREDR;
4052 ev.key.type = key->type;
4053 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
4054 ev.key.pin_len = key->pin_len;
4056 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4059 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4061 struct mgmt_ev_new_long_term_key ev;
4063 memset(&ev, 0, sizeof(ev));
4065 ev.store_hint = persistent;
4066 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4067 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4068 ev.key.authenticated = key->authenticated;
4069 ev.key.enc_size = key->enc_size;
4070 ev.key.ediv = key->ediv;
4072 if (key->type == HCI_SMP_LTK)
4075 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4076 memcpy(ev.key.val, key->val, sizeof(key->val));
4078 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4082 void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4083 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4087 struct mgmt_ev_device_connected *ev = (void *) buf;
4090 bacpy(&ev->addr.bdaddr, bdaddr);
4091 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4093 ev->flags = __cpu_to_le32(flags);
4096 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4099 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4100 eir_len = eir_append_data(ev->eir, eir_len,
4101 EIR_CLASS_OF_DEV, dev_class, 3);
4103 ev->eir_len = cpu_to_le16(eir_len);
4105 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4106 sizeof(*ev) + eir_len, NULL);
4109 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4111 struct mgmt_cp_disconnect *cp = cmd->param;
4112 struct sock **sk = data;
4113 struct mgmt_rp_disconnect rp;
4115 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4116 rp.addr.type = cp->addr.type;
4118 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4124 mgmt_pending_remove(cmd);
4127 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4129 struct hci_dev *hdev = data;
4130 struct mgmt_cp_unpair_device *cp = cmd->param;
4131 struct mgmt_rp_unpair_device rp;
4133 memset(&rp, 0, sizeof(rp));
4134 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4135 rp.addr.type = cp->addr.type;
4137 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4139 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4141 mgmt_pending_remove(cmd);
4144 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4145 u8 link_type, u8 addr_type, u8 reason)
4147 struct mgmt_ev_device_disconnected ev;
4148 struct sock *sk = NULL;
4150 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4152 bacpy(&ev.addr.bdaddr, bdaddr);
4153 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4156 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
4161 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4165 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4166 u8 link_type, u8 addr_type, u8 status)
4168 struct mgmt_rp_disconnect rp;
4169 struct pending_cmd *cmd;
4171 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4174 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4178 bacpy(&rp.addr.bdaddr, bdaddr);
4179 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4181 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4182 mgmt_status(status), &rp, sizeof(rp));
4184 mgmt_pending_remove(cmd);
4187 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4188 u8 addr_type, u8 status)
4190 struct mgmt_ev_connect_failed ev;
4192 bacpy(&ev.addr.bdaddr, bdaddr);
4193 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4194 ev.status = mgmt_status(status);
4196 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4199 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
4201 struct mgmt_ev_pin_code_request ev;
4203 bacpy(&ev.addr.bdaddr, bdaddr);
4204 ev.addr.type = BDADDR_BREDR;
4207 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4211 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4214 struct pending_cmd *cmd;
4215 struct mgmt_rp_pin_code_reply rp;
4218 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
4222 bacpy(&rp.addr.bdaddr, bdaddr);
4223 rp.addr.type = BDADDR_BREDR;
4225 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4226 mgmt_status(status), &rp, sizeof(rp));
4228 mgmt_pending_remove(cmd);
4233 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4236 struct pending_cmd *cmd;
4237 struct mgmt_rp_pin_code_reply rp;
4240 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
4244 bacpy(&rp.addr.bdaddr, bdaddr);
4245 rp.addr.type = BDADDR_BREDR;
4247 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4248 mgmt_status(status), &rp, sizeof(rp));
4250 mgmt_pending_remove(cmd);
4255 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4256 u8 link_type, u8 addr_type, __le32 value,
4259 struct mgmt_ev_user_confirm_request ev;
4261 BT_DBG("%s", hdev->name);
4263 bacpy(&ev.addr.bdaddr, bdaddr);
4264 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4265 ev.confirm_hint = confirm_hint;
4268 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4272 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4273 u8 link_type, u8 addr_type)
4275 struct mgmt_ev_user_passkey_request ev;
4277 BT_DBG("%s", hdev->name);
4279 bacpy(&ev.addr.bdaddr, bdaddr);
4280 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4282 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
4286 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4287 u8 link_type, u8 addr_type, u8 status,
4290 struct pending_cmd *cmd;
4291 struct mgmt_rp_user_confirm_reply rp;
4294 cmd = mgmt_pending_find(opcode, hdev);
4298 bacpy(&rp.addr.bdaddr, bdaddr);
4299 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4300 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
4303 mgmt_pending_remove(cmd);
4308 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4309 u8 link_type, u8 addr_type, u8 status)
4311 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4312 status, MGMT_OP_USER_CONFIRM_REPLY);
4315 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4316 u8 link_type, u8 addr_type, u8 status)
4318 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4320 MGMT_OP_USER_CONFIRM_NEG_REPLY);
4323 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4324 u8 link_type, u8 addr_type, u8 status)
4326 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4327 status, MGMT_OP_USER_PASSKEY_REPLY);
4330 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4331 u8 link_type, u8 addr_type, u8 status)
4333 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4335 MGMT_OP_USER_PASSKEY_NEG_REPLY);
4338 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4339 u8 link_type, u8 addr_type, u32 passkey,
4342 struct mgmt_ev_passkey_notify ev;
4344 BT_DBG("%s", hdev->name);
4346 bacpy(&ev.addr.bdaddr, bdaddr);
4347 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4348 ev.passkey = __cpu_to_le32(passkey);
4349 ev.entered = entered;
4351 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4354 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4355 u8 addr_type, u8 status)
4357 struct mgmt_ev_auth_failed ev;
4359 bacpy(&ev.addr.bdaddr, bdaddr);
4360 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4361 ev.status = mgmt_status(status);
4363 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
4366 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4368 struct cmd_lookup match = { NULL, hdev };
4369 bool changed = false;
4373 u8 mgmt_err = mgmt_status(status);
4374 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
4375 cmd_status_rsp, &mgmt_err);
4379 if (test_bit(HCI_AUTH, &hdev->flags)) {
4380 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4383 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4387 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
4391 err = new_settings(hdev, match.sk);
4399 static void clear_eir(struct hci_request *req)
4401 struct hci_dev *hdev = req->hdev;
4402 struct hci_cp_write_eir cp;
4404 if (!lmp_ext_inq_capable(hdev))
4407 memset(hdev->eir, 0, sizeof(hdev->eir));
4409 memset(&cp, 0, sizeof(cp));
4411 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
4414 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4416 struct cmd_lookup match = { NULL, hdev };
4417 struct hci_request req;
4418 bool changed = false;
4422 u8 mgmt_err = mgmt_status(status);
4424 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
4425 &hdev->dev_flags)) {
4426 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4427 err = new_settings(hdev, NULL);
4430 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4437 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4439 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4441 changed = test_and_clear_bit(HCI_HS_ENABLED,
4444 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4447 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4450 err = new_settings(hdev, match.sk);
4455 hci_req_init(&req, hdev);
4457 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4462 hci_req_run(&req, NULL);
4467 static void sk_lookup(struct pending_cmd *cmd, void *data)
4469 struct cmd_lookup *match = data;
4471 if (match->sk == NULL) {
4472 match->sk = cmd->sk;
4473 sock_hold(match->sk);
4477 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4480 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4483 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4484 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4485 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
4488 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4497 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
4499 struct mgmt_cp_set_local_name ev;
4500 struct pending_cmd *cmd;
4505 memset(&ev, 0, sizeof(ev));
4506 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
4507 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
4509 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
4511 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
4513 /* If this is a HCI command related to powering on the
4514 * HCI dev don't send any mgmt signals.
4516 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4520 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4521 cmd ? cmd->sk : NULL);
4524 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4525 u8 *randomizer, u8 status)
4527 struct pending_cmd *cmd;
4530 BT_DBG("%s status %u", hdev->name, status);
4532 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4537 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4538 mgmt_status(status));
4540 struct mgmt_rp_read_local_oob_data rp;
4542 memcpy(rp.hash, hash, sizeof(rp.hash));
4543 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4545 err = cmd_complete(cmd->sk, hdev->id,
4546 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4550 mgmt_pending_remove(cmd);
4555 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4556 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4557 ssp, u8 *eir, u16 eir_len)
4560 struct mgmt_ev_device_found *ev = (void *) buf;
4563 if (!hci_discovery_active(hdev))
4566 /* Leave 5 bytes for a potential CoD field */
4567 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
4570 memset(buf, 0, sizeof(buf));
4572 bacpy(&ev->addr.bdaddr, bdaddr);
4573 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4576 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
4578 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
4581 memcpy(ev->eir, eir, eir_len);
4583 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4584 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
4587 ev->eir_len = cpu_to_le16(eir_len);
4588 ev_size = sizeof(*ev) + eir_len;
4590 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
4593 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4594 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
4596 struct mgmt_ev_device_found *ev;
4597 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4600 ev = (struct mgmt_ev_device_found *) buf;
4602 memset(buf, 0, sizeof(buf));
4604 bacpy(&ev->addr.bdaddr, bdaddr);
4605 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4608 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
4611 ev->eir_len = cpu_to_le16(eir_len);
4613 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
4616 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
4618 struct mgmt_ev_discovering ev;
4619 struct pending_cmd *cmd;
4621 BT_DBG("%s discovering %u", hdev->name, discovering);
4624 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
4626 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4629 u8 type = hdev->discovery.type;
4631 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4633 mgmt_pending_remove(cmd);
4636 memset(&ev, 0, sizeof(ev));
4637 ev.type = hdev->discovery.type;
4638 ev.discovering = discovering;
4640 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
4643 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4645 struct pending_cmd *cmd;
4646 struct mgmt_ev_device_blocked ev;
4648 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
4650 bacpy(&ev.addr.bdaddr, bdaddr);
4651 ev.addr.type = type;
4653 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
4654 cmd ? cmd->sk : NULL);
4657 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4659 struct pending_cmd *cmd;
4660 struct mgmt_ev_device_unblocked ev;
4662 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
4664 bacpy(&ev.addr.bdaddr, bdaddr);
4665 ev.addr.type = type;
4667 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
4668 cmd ? cmd->sk : NULL);
4671 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4673 BT_DBG("%s status %u", hdev->name, status);
4675 /* Clear the advertising mgmt setting if we failed to re-enable it */
4677 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4678 new_settings(hdev, NULL);
4682 void mgmt_reenable_advertising(struct hci_dev *hdev)
4684 struct hci_request req;
4686 if (hdev->conn_hash.le_num)
4689 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4692 hci_req_init(&req, hdev);
4693 enable_advertising(&req);
4695 /* If this fails we have no option but to let user space know
4696 * that we've disabled advertising.
4698 if (hci_req_run(&req, adv_enable_complete) < 0) {
4699 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4700 new_settings(hdev, NULL);
projects / karo-tx-linux.git / blob