2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
36 #define MGMT_VERSION 1
37 #define MGMT_REVISION 4
39 static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
76 MGMT_OP_UNBLOCK_DEVICE,
77 MGMT_OP_SET_DEVICE_ID,
78 MGMT_OP_SET_ADVERTISING,
80 MGMT_OP_SET_STATIC_ADDRESS,
81 MGMT_OP_SET_SCAN_PARAMS,
84 static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
87 MGMT_EV_INDEX_REMOVED,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
100 MGMT_EV_DEVICE_FOUND,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
105 MGMT_EV_PASSKEY_NOTIFY,
108 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
110 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
111 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
114 struct list_head list;
122 /* HCI to MGMT error code conversion table */
123 static u8 mgmt_status_table[] = {
125 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
126 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
127 MGMT_STATUS_FAILED, /* Hardware Failure */
128 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
129 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
130 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
131 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
132 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
133 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
135 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
136 MGMT_STATUS_BUSY, /* Command Disallowed */
137 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
138 MGMT_STATUS_REJECTED, /* Rejected Security */
139 MGMT_STATUS_REJECTED, /* Rejected Personal */
140 MGMT_STATUS_TIMEOUT, /* Host Timeout */
141 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
142 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
143 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
144 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
145 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
146 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
147 MGMT_STATUS_BUSY, /* Repeated Attempts */
148 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
149 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
151 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
152 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
153 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
155 MGMT_STATUS_FAILED, /* Unspecified Error */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
157 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
158 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
159 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
160 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
161 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
162 MGMT_STATUS_FAILED, /* Unit Link Key Used */
163 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
164 MGMT_STATUS_TIMEOUT, /* Instant Passed */
165 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
166 MGMT_STATUS_FAILED, /* Transaction Collision */
167 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
168 MGMT_STATUS_REJECTED, /* QoS Rejected */
169 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
170 MGMT_STATUS_REJECTED, /* Insufficient Security */
171 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
172 MGMT_STATUS_BUSY, /* Role Switch Pending */
173 MGMT_STATUS_FAILED, /* Slot Violation */
174 MGMT_STATUS_FAILED, /* Role Switch Failed */
175 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
176 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
177 MGMT_STATUS_BUSY, /* Host Busy Pairing */
178 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
179 MGMT_STATUS_BUSY, /* Controller Busy */
180 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
181 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
182 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
184 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
187 static u8 mgmt_status(u8 hci_status)
189 if (hci_status < ARRAY_SIZE(mgmt_status_table))
190 return mgmt_status_table[hci_status];
192 return MGMT_STATUS_FAILED;
195 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
198 struct mgmt_hdr *hdr;
199 struct mgmt_ev_cmd_status *ev;
202 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
204 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
208 hdr = (void *) skb_put(skb, sizeof(*hdr));
210 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
211 hdr->index = cpu_to_le16(index);
212 hdr->len = cpu_to_le16(sizeof(*ev));
214 ev = (void *) skb_put(skb, sizeof(*ev));
216 ev->opcode = cpu_to_le16(cmd);
218 err = sock_queue_rcv_skb(sk, skb);
225 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
226 void *rp, size_t rp_len)
229 struct mgmt_hdr *hdr;
230 struct mgmt_ev_cmd_complete *ev;
233 BT_DBG("sock %p", sk);
235 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
239 hdr = (void *) skb_put(skb, sizeof(*hdr));
241 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
242 hdr->index = cpu_to_le16(index);
243 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
245 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
246 ev->opcode = cpu_to_le16(cmd);
250 memcpy(ev->data, rp, rp_len);
252 err = sock_queue_rcv_skb(sk, skb);
259 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
262 struct mgmt_rp_read_version rp;
264 BT_DBG("sock %p", sk);
266 rp.version = MGMT_VERSION;
267 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
269 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
273 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
276 struct mgmt_rp_read_commands *rp;
277 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
278 const u16 num_events = ARRAY_SIZE(mgmt_events);
283 BT_DBG("sock %p", sk);
285 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
287 rp = kmalloc(rp_size, GFP_KERNEL);
291 rp->num_commands = __constant_cpu_to_le16(num_commands);
292 rp->num_events = __constant_cpu_to_le16(num_events);
294 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
295 put_unaligned_le16(mgmt_commands[i], opcode);
297 for (i = 0; i < num_events; i++, opcode++)
298 put_unaligned_le16(mgmt_events[i], opcode);
300 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
307 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
310 struct mgmt_rp_read_index_list *rp;
316 BT_DBG("sock %p", sk);
318 read_lock(&hci_dev_list_lock);
321 list_for_each_entry(d, &hci_dev_list, list) {
322 if (d->dev_type == HCI_BREDR)
326 rp_len = sizeof(*rp) + (2 * count);
327 rp = kmalloc(rp_len, GFP_ATOMIC);
329 read_unlock(&hci_dev_list_lock);
334 list_for_each_entry(d, &hci_dev_list, list) {
335 if (test_bit(HCI_SETUP, &d->dev_flags))
338 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
341 if (d->dev_type == HCI_BREDR) {
342 rp->index[count++] = cpu_to_le16(d->id);
343 BT_DBG("Added hci%u", d->id);
347 rp->num_controllers = cpu_to_le16(count);
348 rp_len = sizeof(*rp) + (2 * count);
350 read_unlock(&hci_dev_list_lock);
352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
360 static u32 get_supported_settings(struct hci_dev *hdev)
364 settings |= MGMT_SETTING_POWERED;
365 settings |= MGMT_SETTING_PAIRABLE;
367 if (lmp_bredr_capable(hdev)) {
368 settings |= MGMT_SETTING_CONNECTABLE;
369 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
370 settings |= MGMT_SETTING_FAST_CONNECTABLE;
371 settings |= MGMT_SETTING_DISCOVERABLE;
372 settings |= MGMT_SETTING_BREDR;
373 settings |= MGMT_SETTING_LINK_SECURITY;
375 if (lmp_ssp_capable(hdev)) {
376 settings |= MGMT_SETTING_SSP;
377 settings |= MGMT_SETTING_HS;
381 if (lmp_le_capable(hdev)) {
382 settings |= MGMT_SETTING_LE;
383 settings |= MGMT_SETTING_ADVERTISING;
389 static u32 get_current_settings(struct hci_dev *hdev)
393 if (hdev_is_powered(hdev))
394 settings |= MGMT_SETTING_POWERED;
396 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
397 settings |= MGMT_SETTING_CONNECTABLE;
399 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_FAST_CONNECTABLE;
402 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
403 settings |= MGMT_SETTING_DISCOVERABLE;
405 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
406 settings |= MGMT_SETTING_PAIRABLE;
408 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
409 settings |= MGMT_SETTING_BREDR;
411 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
412 settings |= MGMT_SETTING_LE;
414 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
415 settings |= MGMT_SETTING_LINK_SECURITY;
417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
418 settings |= MGMT_SETTING_SSP;
420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_HS;
423 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
424 settings |= MGMT_SETTING_ADVERTISING;
429 #define PNP_INFO_SVCLASS_ID 0x1200
431 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
433 u8 *ptr = data, *uuids_start = NULL;
434 struct bt_uuid *uuid;
439 list_for_each_entry(uuid, &hdev->uuids, list) {
442 if (uuid->size != 16)
445 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
449 if (uuid16 == PNP_INFO_SVCLASS_ID)
455 uuids_start[1] = EIR_UUID16_ALL;
459 /* Stop if not enough space to put next UUID */
460 if ((ptr - data) + sizeof(u16) > len) {
461 uuids_start[1] = EIR_UUID16_SOME;
465 *ptr++ = (uuid16 & 0x00ff);
466 *ptr++ = (uuid16 & 0xff00) >> 8;
467 uuids_start[0] += sizeof(uuid16);
473 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
475 u8 *ptr = data, *uuids_start = NULL;
476 struct bt_uuid *uuid;
481 list_for_each_entry(uuid, &hdev->uuids, list) {
482 if (uuid->size != 32)
488 uuids_start[1] = EIR_UUID32_ALL;
492 /* Stop if not enough space to put next UUID */
493 if ((ptr - data) + sizeof(u32) > len) {
494 uuids_start[1] = EIR_UUID32_SOME;
498 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
500 uuids_start[0] += sizeof(u32);
506 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
508 u8 *ptr = data, *uuids_start = NULL;
509 struct bt_uuid *uuid;
514 list_for_each_entry(uuid, &hdev->uuids, list) {
515 if (uuid->size != 128)
521 uuids_start[1] = EIR_UUID128_ALL;
525 /* Stop if not enough space to put next UUID */
526 if ((ptr - data) + 16 > len) {
527 uuids_start[1] = EIR_UUID128_SOME;
531 memcpy(ptr, uuid->uuid, 16);
533 uuids_start[0] += 16;
539 static u8 create_ad(struct hci_dev *hdev, u8 *ptr)
541 u8 ad_len = 0, flags = 0;
544 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
545 flags |= LE_AD_GENERAL;
547 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
548 if (lmp_le_br_capable(hdev))
549 flags |= LE_AD_SIM_LE_BREDR_CTRL;
550 if (lmp_host_le_br_capable(hdev))
551 flags |= LE_AD_SIM_LE_BREDR_HOST;
553 flags |= LE_AD_NO_BREDR;
557 BT_DBG("adv flags 0x%02x", flags);
567 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
569 ptr[1] = EIR_TX_POWER;
570 ptr[2] = (u8) hdev->adv_tx_power;
576 name_len = strlen(hdev->dev_name);
578 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
580 if (name_len > max_len) {
582 ptr[1] = EIR_NAME_SHORT;
584 ptr[1] = EIR_NAME_COMPLETE;
586 ptr[0] = name_len + 1;
588 memcpy(ptr + 2, hdev->dev_name, name_len);
590 ad_len += (name_len + 2);
591 ptr += (name_len + 2);
597 static void update_ad(struct hci_request *req)
599 struct hci_dev *hdev = req->hdev;
600 struct hci_cp_le_set_adv_data cp;
603 if (!lmp_le_capable(hdev))
606 memset(&cp, 0, sizeof(cp));
608 len = create_ad(hdev, cp.data);
610 if (hdev->adv_data_len == len &&
611 memcmp(cp.data, hdev->adv_data, len) == 0)
614 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
615 hdev->adv_data_len = len;
619 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
622 static void create_eir(struct hci_dev *hdev, u8 *data)
627 name_len = strlen(hdev->dev_name);
633 ptr[1] = EIR_NAME_SHORT;
635 ptr[1] = EIR_NAME_COMPLETE;
637 /* EIR Data length */
638 ptr[0] = name_len + 1;
640 memcpy(ptr + 2, hdev->dev_name, name_len);
642 ptr += (name_len + 2);
645 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
647 ptr[1] = EIR_TX_POWER;
648 ptr[2] = (u8) hdev->inq_tx_power;
653 if (hdev->devid_source > 0) {
655 ptr[1] = EIR_DEVICE_ID;
657 put_unaligned_le16(hdev->devid_source, ptr + 2);
658 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
659 put_unaligned_le16(hdev->devid_product, ptr + 6);
660 put_unaligned_le16(hdev->devid_version, ptr + 8);
665 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
666 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
667 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
670 static void update_eir(struct hci_request *req)
672 struct hci_dev *hdev = req->hdev;
673 struct hci_cp_write_eir cp;
675 if (!hdev_is_powered(hdev))
678 if (!lmp_ext_inq_capable(hdev))
681 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
684 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
687 memset(&cp, 0, sizeof(cp));
689 create_eir(hdev, cp.data);
691 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
694 memcpy(hdev->eir, cp.data, sizeof(cp.data));
696 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
699 static u8 get_service_classes(struct hci_dev *hdev)
701 struct bt_uuid *uuid;
704 list_for_each_entry(uuid, &hdev->uuids, list)
705 val |= uuid->svc_hint;
710 static void update_class(struct hci_request *req)
712 struct hci_dev *hdev = req->hdev;
715 BT_DBG("%s", hdev->name);
717 if (!hdev_is_powered(hdev))
720 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
723 cod[0] = hdev->minor_class;
724 cod[1] = hdev->major_class;
725 cod[2] = get_service_classes(hdev);
727 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
730 if (memcmp(cod, hdev->dev_class, 3) == 0)
733 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
736 static void service_cache_off(struct work_struct *work)
738 struct hci_dev *hdev = container_of(work, struct hci_dev,
740 struct hci_request req;
742 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
745 hci_req_init(&req, hdev);
752 hci_dev_unlock(hdev);
754 hci_req_run(&req, NULL);
757 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
759 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
762 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
764 /* Non-mgmt controlled devices get this bit set
765 * implicitly so that pairing works for them, however
766 * for mgmt we require user-space to explicitly enable
769 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
772 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
773 void *data, u16 data_len)
775 struct mgmt_rp_read_info rp;
777 BT_DBG("sock %p %s", sk, hdev->name);
781 memset(&rp, 0, sizeof(rp));
783 bacpy(&rp.bdaddr, &hdev->bdaddr);
785 rp.version = hdev->hci_ver;
786 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
788 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
789 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
791 memcpy(rp.dev_class, hdev->dev_class, 3);
793 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
794 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
796 hci_dev_unlock(hdev);
798 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
802 static void mgmt_pending_free(struct pending_cmd *cmd)
809 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
810 struct hci_dev *hdev, void *data,
813 struct pending_cmd *cmd;
815 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
819 cmd->opcode = opcode;
820 cmd->index = hdev->id;
822 cmd->param = kmalloc(len, GFP_KERNEL);
829 memcpy(cmd->param, data, len);
834 list_add(&cmd->list, &hdev->mgmt_pending);
839 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
840 void (*cb)(struct pending_cmd *cmd,
844 struct pending_cmd *cmd, *tmp;
846 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
847 if (opcode > 0 && cmd->opcode != opcode)
854 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
856 struct pending_cmd *cmd;
858 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
859 if (cmd->opcode == opcode)
866 static void mgmt_pending_remove(struct pending_cmd *cmd)
868 list_del(&cmd->list);
869 mgmt_pending_free(cmd);
872 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
874 __le32 settings = cpu_to_le32(get_current_settings(hdev));
876 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
880 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
883 struct mgmt_mode *cp = data;
884 struct pending_cmd *cmd;
887 BT_DBG("request for %s", hdev->name);
889 if (cp->val != 0x00 && cp->val != 0x01)
890 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
891 MGMT_STATUS_INVALID_PARAMS);
895 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
896 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
901 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
902 cancel_delayed_work(&hdev->power_off);
905 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
907 err = mgmt_powered(hdev, 1);
912 if (!!cp->val == hdev_is_powered(hdev)) {
913 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
917 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
924 queue_work(hdev->req_workqueue, &hdev->power_on);
926 queue_work(hdev->req_workqueue, &hdev->power_off.work);
931 hci_dev_unlock(hdev);
935 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
936 struct sock *skip_sk)
939 struct mgmt_hdr *hdr;
941 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
945 hdr = (void *) skb_put(skb, sizeof(*hdr));
946 hdr->opcode = cpu_to_le16(event);
948 hdr->index = cpu_to_le16(hdev->id);
950 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
951 hdr->len = cpu_to_le16(data_len);
954 memcpy(skb_put(skb, data_len), data, data_len);
957 __net_timestamp(skb);
959 hci_send_to_control(skb, skip_sk);
965 static int new_settings(struct hci_dev *hdev, struct sock *skip)
969 ev = cpu_to_le32(get_current_settings(hdev));
971 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
976 struct hci_dev *hdev;
980 static void settings_rsp(struct pending_cmd *cmd, void *data)
982 struct cmd_lookup *match = data;
984 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
986 list_del(&cmd->list);
988 if (match->sk == NULL) {
990 sock_hold(match->sk);
993 mgmt_pending_free(cmd);
996 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1000 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1001 mgmt_pending_remove(cmd);
1004 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1006 if (!lmp_bredr_capable(hdev))
1007 return MGMT_STATUS_NOT_SUPPORTED;
1008 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1009 return MGMT_STATUS_REJECTED;
1011 return MGMT_STATUS_SUCCESS;
1014 static u8 mgmt_le_support(struct hci_dev *hdev)
1016 if (!lmp_le_capable(hdev))
1017 return MGMT_STATUS_NOT_SUPPORTED;
1018 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1019 return MGMT_STATUS_REJECTED;
1021 return MGMT_STATUS_SUCCESS;
1024 static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1026 struct pending_cmd *cmd;
1027 struct mgmt_mode *cp;
1028 struct hci_request req;
1031 BT_DBG("status 0x%02x", status);
1035 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1040 u8 mgmt_err = mgmt_status(status);
1041 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1047 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1050 if (hdev->discov_timeout > 0) {
1051 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1052 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1056 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1060 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1063 new_settings(hdev, cmd->sk);
1065 /* When the discoverable mode gets changed, make sure
1066 * that class of device has the limited discoverable
1067 * bit correctly set.
1069 hci_req_init(&req, hdev);
1071 hci_req_run(&req, NULL);
1074 mgmt_pending_remove(cmd);
1077 hci_dev_unlock(hdev);
1080 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1083 struct mgmt_cp_set_discoverable *cp = data;
1084 struct pending_cmd *cmd;
1085 struct hci_request req;
1090 BT_DBG("request for %s", hdev->name);
1092 status = mgmt_bredr_support(hdev);
1094 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1097 if (cp->val != 0x00 && cp->val != 0x01)
1098 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1099 MGMT_STATUS_INVALID_PARAMS);
1101 timeout = __le16_to_cpu(cp->timeout);
1102 if (!cp->val && timeout > 0)
1103 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1104 MGMT_STATUS_INVALID_PARAMS);
1108 if (!hdev_is_powered(hdev) && timeout > 0) {
1109 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1110 MGMT_STATUS_NOT_POWERED);
1114 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1115 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1116 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1121 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1122 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1123 MGMT_STATUS_REJECTED);
1127 if (!hdev_is_powered(hdev)) {
1128 bool changed = false;
1130 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1131 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1135 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1140 err = new_settings(hdev, sk);
1145 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1146 cancel_delayed_work(&hdev->discov_off);
1147 hdev->discov_timeout = timeout;
1149 if (cp->val && hdev->discov_timeout > 0) {
1150 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1151 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1155 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1159 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1165 hci_req_init(&req, hdev);
1170 scan |= SCAN_INQUIRY;
1172 cancel_delayed_work(&hdev->discov_off);
1174 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1176 err = hci_req_run(&req, set_discoverable_complete);
1178 mgmt_pending_remove(cmd);
1181 hdev->discov_timeout = timeout;
1184 hci_dev_unlock(hdev);
1188 static void write_fast_connectable(struct hci_request *req, bool enable)
1190 struct hci_dev *hdev = req->hdev;
1191 struct hci_cp_write_page_scan_activity acp;
1194 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1198 type = PAGE_SCAN_TYPE_INTERLACED;
1200 /* 160 msec page scan interval */
1201 acp.interval = __constant_cpu_to_le16(0x0100);
1203 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1205 /* default 1.28 sec page scan */
1206 acp.interval = __constant_cpu_to_le16(0x0800);
1209 acp.window = __constant_cpu_to_le16(0x0012);
1211 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1212 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1213 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1216 if (hdev->page_scan_type != type)
1217 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1220 static u8 get_adv_type(struct hci_dev *hdev)
1222 struct pending_cmd *cmd;
1225 /* If there's a pending mgmt command the flag will not yet have
1226 * it's final value, so check for this first.
1228 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1230 struct mgmt_mode *cp = cmd->param;
1231 connectable = !!cp->val;
1233 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1236 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1239 static void enable_advertising(struct hci_request *req)
1241 struct hci_dev *hdev = req->hdev;
1242 struct hci_cp_le_set_adv_param cp;
1245 memset(&cp, 0, sizeof(cp));
1246 cp.min_interval = __constant_cpu_to_le16(0x0800);
1247 cp.max_interval = __constant_cpu_to_le16(0x0800);
1248 cp.type = get_adv_type(hdev);
1249 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1250 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1252 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1253 cp.channel_map = 0x07;
1255 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1257 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1260 static void disable_advertising(struct hci_request *req)
1264 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1267 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1269 struct pending_cmd *cmd;
1270 struct mgmt_mode *cp;
1273 BT_DBG("status 0x%02x", status);
1277 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1282 u8 mgmt_err = mgmt_status(status);
1283 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1289 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1291 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1293 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1296 new_settings(hdev, cmd->sk);
1299 mgmt_pending_remove(cmd);
1302 hci_dev_unlock(hdev);
1305 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1308 struct mgmt_mode *cp = data;
1309 struct pending_cmd *cmd;
1310 struct hci_request req;
1314 BT_DBG("request for %s", hdev->name);
1316 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1317 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1318 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1319 MGMT_STATUS_REJECTED);
1321 if (cp->val != 0x00 && cp->val != 0x01)
1322 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1323 MGMT_STATUS_INVALID_PARAMS);
1327 if (!hdev_is_powered(hdev)) {
1328 bool changed = false;
1330 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1334 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1336 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1337 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1340 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1345 err = new_settings(hdev, sk);
1350 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1351 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1352 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1357 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1363 hci_req_init(&req, hdev);
1365 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
1366 cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1372 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1373 hdev->discov_timeout > 0)
1374 cancel_delayed_work(&hdev->discov_off);
1377 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1380 /* If we're going from non-connectable to connectable or
1381 * vice-versa when fast connectable is enabled ensure that fast
1382 * connectable gets disabled. write_fast_connectable won't do
1383 * anything if the page scan parameters are already what they
1386 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1387 write_fast_connectable(&req, false);
1389 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1390 hci_conn_num(hdev, LE_LINK) == 0) {
1391 disable_advertising(&req);
1392 enable_advertising(&req);
1395 err = hci_req_run(&req, set_connectable_complete);
1397 mgmt_pending_remove(cmd);
1398 if (err == -ENODATA)
1399 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE,
1405 hci_dev_unlock(hdev);
1409 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1412 struct mgmt_mode *cp = data;
1416 BT_DBG("request for %s", hdev->name);
1418 if (cp->val != 0x00 && cp->val != 0x01)
1419 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1420 MGMT_STATUS_INVALID_PARAMS);
1425 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1427 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1429 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1434 err = new_settings(hdev, sk);
1437 hci_dev_unlock(hdev);
1441 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1444 struct mgmt_mode *cp = data;
1445 struct pending_cmd *cmd;
1449 BT_DBG("request for %s", hdev->name);
1451 status = mgmt_bredr_support(hdev);
1453 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1456 if (cp->val != 0x00 && cp->val != 0x01)
1457 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1458 MGMT_STATUS_INVALID_PARAMS);
1462 if (!hdev_is_powered(hdev)) {
1463 bool changed = false;
1465 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1466 &hdev->dev_flags)) {
1467 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1471 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1476 err = new_settings(hdev, sk);
1481 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1482 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1489 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1490 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1494 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1500 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1502 mgmt_pending_remove(cmd);
1507 hci_dev_unlock(hdev);
1511 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1513 struct mgmt_mode *cp = data;
1514 struct pending_cmd *cmd;
1518 BT_DBG("request for %s", hdev->name);
1520 status = mgmt_bredr_support(hdev);
1522 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1524 if (!lmp_ssp_capable(hdev))
1525 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1526 MGMT_STATUS_NOT_SUPPORTED);
1528 if (cp->val != 0x00 && cp->val != 0x01)
1529 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1530 MGMT_STATUS_INVALID_PARAMS);
1534 if (!hdev_is_powered(hdev)) {
1538 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1541 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1544 changed = test_and_clear_bit(HCI_HS_ENABLED,
1547 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1550 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1555 err = new_settings(hdev, sk);
1560 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1561 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
1562 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1567 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1568 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1572 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1578 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1580 mgmt_pending_remove(cmd);
1585 hci_dev_unlock(hdev);
1589 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1591 struct mgmt_mode *cp = data;
1596 BT_DBG("request for %s", hdev->name);
1598 status = mgmt_bredr_support(hdev);
1600 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1602 if (!lmp_ssp_capable(hdev))
1603 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1604 MGMT_STATUS_NOT_SUPPORTED);
1606 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1607 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1608 MGMT_STATUS_REJECTED);
1610 if (cp->val != 0x00 && cp->val != 0x01)
1611 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1612 MGMT_STATUS_INVALID_PARAMS);
1617 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1619 if (hdev_is_powered(hdev)) {
1620 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1621 MGMT_STATUS_REJECTED);
1625 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1628 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1633 err = new_settings(hdev, sk);
1636 hci_dev_unlock(hdev);
1640 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1642 struct cmd_lookup match = { NULL, hdev };
1645 u8 mgmt_err = mgmt_status(status);
1647 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1652 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1654 new_settings(hdev, match.sk);
1659 /* Make sure the controller has a good default for
1660 * advertising data. Restrict the update to when LE
1661 * has actually been enabled. During power on, the
1662 * update in powered_update_hci will take care of it.
1664 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1665 struct hci_request req;
1669 hci_req_init(&req, hdev);
1671 hci_req_run(&req, NULL);
1673 hci_dev_unlock(hdev);
1677 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1679 struct mgmt_mode *cp = data;
1680 struct hci_cp_write_le_host_supported hci_cp;
1681 struct pending_cmd *cmd;
1682 struct hci_request req;
1686 BT_DBG("request for %s", hdev->name);
1688 if (!lmp_le_capable(hdev))
1689 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1690 MGMT_STATUS_NOT_SUPPORTED);
1692 if (cp->val != 0x00 && cp->val != 0x01)
1693 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1694 MGMT_STATUS_INVALID_PARAMS);
1696 /* LE-only devices do not allow toggling LE on/off */
1697 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1698 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1699 MGMT_STATUS_REJECTED);
1704 enabled = lmp_host_le_capable(hdev);
1706 if (!hdev_is_powered(hdev) || val == enabled) {
1707 bool changed = false;
1709 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1710 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1714 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1715 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1719 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1724 err = new_settings(hdev, sk);
1729 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1730 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1731 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1736 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1742 hci_req_init(&req, hdev);
1744 memset(&hci_cp, 0, sizeof(hci_cp));
1748 hci_cp.simul = lmp_le_br_capable(hdev);
1750 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1751 disable_advertising(&req);
1754 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1757 err = hci_req_run(&req, le_enable_complete);
1759 mgmt_pending_remove(cmd);
1762 hci_dev_unlock(hdev);
1766 /* This is a helper function to test for pending mgmt commands that can
1767 * cause CoD or EIR HCI commands. We can only allow one such pending
1768 * mgmt command at a time since otherwise we cannot easily track what
1769 * the current values are, will be, and based on that calculate if a new
1770 * HCI command needs to be sent and if yes with what value.
1772 static bool pending_eir_or_class(struct hci_dev *hdev)
1774 struct pending_cmd *cmd;
1776 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1777 switch (cmd->opcode) {
1778 case MGMT_OP_ADD_UUID:
1779 case MGMT_OP_REMOVE_UUID:
1780 case MGMT_OP_SET_DEV_CLASS:
1781 case MGMT_OP_SET_POWERED:
1789 static const u8 bluetooth_base_uuid[] = {
1790 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1791 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1794 static u8 get_uuid_size(const u8 *uuid)
1798 if (memcmp(uuid, bluetooth_base_uuid, 12))
1801 val = get_unaligned_le32(&uuid[12]);
1808 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1810 struct pending_cmd *cmd;
1814 cmd = mgmt_pending_find(mgmt_op, hdev);
1818 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1819 hdev->dev_class, 3);
1821 mgmt_pending_remove(cmd);
1824 hci_dev_unlock(hdev);
1827 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1829 BT_DBG("status 0x%02x", status);
1831 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1834 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1836 struct mgmt_cp_add_uuid *cp = data;
1837 struct pending_cmd *cmd;
1838 struct hci_request req;
1839 struct bt_uuid *uuid;
1842 BT_DBG("request for %s", hdev->name);
1846 if (pending_eir_or_class(hdev)) {
1847 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1852 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1858 memcpy(uuid->uuid, cp->uuid, 16);
1859 uuid->svc_hint = cp->svc_hint;
1860 uuid->size = get_uuid_size(cp->uuid);
1862 list_add_tail(&uuid->list, &hdev->uuids);
1864 hci_req_init(&req, hdev);
1869 err = hci_req_run(&req, add_uuid_complete);
1871 if (err != -ENODATA)
1874 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1875 hdev->dev_class, 3);
1879 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1888 hci_dev_unlock(hdev);
1892 static bool enable_service_cache(struct hci_dev *hdev)
1894 if (!hdev_is_powered(hdev))
1897 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1898 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1906 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1908 BT_DBG("status 0x%02x", status);
1910 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1913 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1916 struct mgmt_cp_remove_uuid *cp = data;
1917 struct pending_cmd *cmd;
1918 struct bt_uuid *match, *tmp;
1919 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1920 struct hci_request req;
1923 BT_DBG("request for %s", hdev->name);
1927 if (pending_eir_or_class(hdev)) {
1928 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1933 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1934 err = hci_uuids_clear(hdev);
1936 if (enable_service_cache(hdev)) {
1937 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1938 0, hdev->dev_class, 3);
1947 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1948 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1951 list_del(&match->list);
1957 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1958 MGMT_STATUS_INVALID_PARAMS);
1963 hci_req_init(&req, hdev);
1968 err = hci_req_run(&req, remove_uuid_complete);
1970 if (err != -ENODATA)
1973 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1974 hdev->dev_class, 3);
1978 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1987 hci_dev_unlock(hdev);
1991 static void set_class_complete(struct hci_dev *hdev, u8 status)
1993 BT_DBG("status 0x%02x", status);
1995 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1998 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2001 struct mgmt_cp_set_dev_class *cp = data;
2002 struct pending_cmd *cmd;
2003 struct hci_request req;
2006 BT_DBG("request for %s", hdev->name);
2008 if (!lmp_bredr_capable(hdev))
2009 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2010 MGMT_STATUS_NOT_SUPPORTED);
2014 if (pending_eir_or_class(hdev)) {
2015 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2020 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2021 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2022 MGMT_STATUS_INVALID_PARAMS);
2026 hdev->major_class = cp->major;
2027 hdev->minor_class = cp->minor;
2029 if (!hdev_is_powered(hdev)) {
2030 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2031 hdev->dev_class, 3);
2035 hci_req_init(&req, hdev);
2037 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2038 hci_dev_unlock(hdev);
2039 cancel_delayed_work_sync(&hdev->service_cache);
2046 err = hci_req_run(&req, set_class_complete);
2048 if (err != -ENODATA)
2051 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2052 hdev->dev_class, 3);
2056 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2065 hci_dev_unlock(hdev);
2069 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2072 struct mgmt_cp_load_link_keys *cp = data;
2073 u16 key_count, expected_len;
2076 BT_DBG("request for %s", hdev->name);
2078 if (!lmp_bredr_capable(hdev))
2079 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2080 MGMT_STATUS_NOT_SUPPORTED);
2082 key_count = __le16_to_cpu(cp->key_count);
2084 expected_len = sizeof(*cp) + key_count *
2085 sizeof(struct mgmt_link_key_info);
2086 if (expected_len != len) {
2087 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2089 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2090 MGMT_STATUS_INVALID_PARAMS);
2093 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2094 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2095 MGMT_STATUS_INVALID_PARAMS);
2097 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2100 for (i = 0; i < key_count; i++) {
2101 struct mgmt_link_key_info *key = &cp->keys[i];
2103 if (key->addr.type != BDADDR_BREDR)
2104 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2105 MGMT_STATUS_INVALID_PARAMS);
2110 hci_link_keys_clear(hdev);
2113 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2115 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2117 for (i = 0; i < key_count; i++) {
2118 struct mgmt_link_key_info *key = &cp->keys[i];
2120 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
2121 key->type, key->pin_len);
2124 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2126 hci_dev_unlock(hdev);
2131 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2132 u8 addr_type, struct sock *skip_sk)
2134 struct mgmt_ev_device_unpaired ev;
2136 bacpy(&ev.addr.bdaddr, bdaddr);
2137 ev.addr.type = addr_type;
2139 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2143 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2146 struct mgmt_cp_unpair_device *cp = data;
2147 struct mgmt_rp_unpair_device rp;
2148 struct hci_cp_disconnect dc;
2149 struct pending_cmd *cmd;
2150 struct hci_conn *conn;
2153 memset(&rp, 0, sizeof(rp));
2154 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2155 rp.addr.type = cp->addr.type;
2157 if (!bdaddr_type_is_valid(cp->addr.type))
2158 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2159 MGMT_STATUS_INVALID_PARAMS,
2162 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2163 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2164 MGMT_STATUS_INVALID_PARAMS,
2169 if (!hdev_is_powered(hdev)) {
2170 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2171 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2175 if (cp->addr.type == BDADDR_BREDR)
2176 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2178 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
2181 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2182 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2186 if (cp->disconnect) {
2187 if (cp->addr.type == BDADDR_BREDR)
2188 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2191 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2198 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2200 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2204 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2211 dc.handle = cpu_to_le16(conn->handle);
2212 dc.reason = 0x13; /* Remote User Terminated Connection */
2213 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2215 mgmt_pending_remove(cmd);
2218 hci_dev_unlock(hdev);
2222 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2225 struct mgmt_cp_disconnect *cp = data;
2226 struct mgmt_rp_disconnect rp;
2227 struct hci_cp_disconnect dc;
2228 struct pending_cmd *cmd;
2229 struct hci_conn *conn;
2234 memset(&rp, 0, sizeof(rp));
2235 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2236 rp.addr.type = cp->addr.type;
2238 if (!bdaddr_type_is_valid(cp->addr.type))
2239 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2240 MGMT_STATUS_INVALID_PARAMS,
2245 if (!test_bit(HCI_UP, &hdev->flags)) {
2246 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2247 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2251 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2252 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2253 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2257 if (cp->addr.type == BDADDR_BREDR)
2258 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2261 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2263 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2264 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2265 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2269 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2275 dc.handle = cpu_to_le16(conn->handle);
2276 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2278 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2280 mgmt_pending_remove(cmd);
2283 hci_dev_unlock(hdev);
2287 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2289 switch (link_type) {
2291 switch (addr_type) {
2292 case ADDR_LE_DEV_PUBLIC:
2293 return BDADDR_LE_PUBLIC;
2296 /* Fallback to LE Random address type */
2297 return BDADDR_LE_RANDOM;
2301 /* Fallback to BR/EDR type */
2302 return BDADDR_BREDR;
2306 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2309 struct mgmt_rp_get_connections *rp;
2319 if (!hdev_is_powered(hdev)) {
2320 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2321 MGMT_STATUS_NOT_POWERED);
2326 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2327 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2331 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2332 rp = kmalloc(rp_len, GFP_KERNEL);
2339 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2340 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2342 bacpy(&rp->addr[i].bdaddr, &c->dst);
2343 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2344 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2349 rp->conn_count = cpu_to_le16(i);
2351 /* Recalculate length in case of filtered SCO connections, etc */
2352 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2354 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2360 hci_dev_unlock(hdev);
2364 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2365 struct mgmt_cp_pin_code_neg_reply *cp)
2367 struct pending_cmd *cmd;
2370 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2375 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2376 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2378 mgmt_pending_remove(cmd);
2383 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2386 struct hci_conn *conn;
2387 struct mgmt_cp_pin_code_reply *cp = data;
2388 struct hci_cp_pin_code_reply reply;
2389 struct pending_cmd *cmd;
2396 if (!hdev_is_powered(hdev)) {
2397 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2398 MGMT_STATUS_NOT_POWERED);
2402 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2404 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2405 MGMT_STATUS_NOT_CONNECTED);
2409 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2410 struct mgmt_cp_pin_code_neg_reply ncp;
2412 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2414 BT_ERR("PIN code is not 16 bytes long");
2416 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2418 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2419 MGMT_STATUS_INVALID_PARAMS);
2424 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2430 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2431 reply.pin_len = cp->pin_len;
2432 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2434 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2436 mgmt_pending_remove(cmd);
2439 hci_dev_unlock(hdev);
2443 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2446 struct mgmt_cp_set_io_capability *cp = data;
2452 hdev->io_capability = cp->io_capability;
2454 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2455 hdev->io_capability);
2457 hci_dev_unlock(hdev);
2459 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2463 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2465 struct hci_dev *hdev = conn->hdev;
2466 struct pending_cmd *cmd;
2468 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2469 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2472 if (cmd->user_data != conn)
2481 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2483 struct mgmt_rp_pair_device rp;
2484 struct hci_conn *conn = cmd->user_data;
2486 bacpy(&rp.addr.bdaddr, &conn->dst);
2487 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2489 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2492 /* So we don't get further callbacks for this connection */
2493 conn->connect_cfm_cb = NULL;
2494 conn->security_cfm_cb = NULL;
2495 conn->disconn_cfm_cb = NULL;
2497 hci_conn_drop(conn);
2499 mgmt_pending_remove(cmd);
2502 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2504 struct pending_cmd *cmd;
2506 BT_DBG("status %u", status);
2508 cmd = find_pairing(conn);
2510 BT_DBG("Unable to find a pending command");
2512 pairing_complete(cmd, mgmt_status(status));
2515 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2517 struct pending_cmd *cmd;
2519 BT_DBG("status %u", status);
2524 cmd = find_pairing(conn);
2526 BT_DBG("Unable to find a pending command");
2528 pairing_complete(cmd, mgmt_status(status));
2531 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2534 struct mgmt_cp_pair_device *cp = data;
2535 struct mgmt_rp_pair_device rp;
2536 struct pending_cmd *cmd;
2537 u8 sec_level, auth_type;
2538 struct hci_conn *conn;
2543 memset(&rp, 0, sizeof(rp));
2544 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2545 rp.addr.type = cp->addr.type;
2547 if (!bdaddr_type_is_valid(cp->addr.type))
2548 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2549 MGMT_STATUS_INVALID_PARAMS,
2554 if (!hdev_is_powered(hdev)) {
2555 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2556 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2560 sec_level = BT_SECURITY_MEDIUM;
2561 if (cp->io_cap == 0x03)
2562 auth_type = HCI_AT_DEDICATED_BONDING;
2564 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2566 if (cp->addr.type == BDADDR_BREDR)
2567 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2568 cp->addr.type, sec_level, auth_type);
2570 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2571 cp->addr.type, sec_level, auth_type);
2576 if (PTR_ERR(conn) == -EBUSY)
2577 status = MGMT_STATUS_BUSY;
2579 status = MGMT_STATUS_CONNECT_FAILED;
2581 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2587 if (conn->connect_cfm_cb) {
2588 hci_conn_drop(conn);
2589 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2590 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2594 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2597 hci_conn_drop(conn);
2601 /* For LE, just connecting isn't a proof that the pairing finished */
2602 if (cp->addr.type == BDADDR_BREDR)
2603 conn->connect_cfm_cb = pairing_complete_cb;
2605 conn->connect_cfm_cb = le_connect_complete_cb;
2607 conn->security_cfm_cb = pairing_complete_cb;
2608 conn->disconn_cfm_cb = pairing_complete_cb;
2609 conn->io_capability = cp->io_cap;
2610 cmd->user_data = conn;
2612 if (conn->state == BT_CONNECTED &&
2613 hci_conn_security(conn, sec_level, auth_type))
2614 pairing_complete(cmd, 0);
2619 hci_dev_unlock(hdev);
2623 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2626 struct mgmt_addr_info *addr = data;
2627 struct pending_cmd *cmd;
2628 struct hci_conn *conn;
2635 if (!hdev_is_powered(hdev)) {
2636 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2637 MGMT_STATUS_NOT_POWERED);
2641 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2643 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2644 MGMT_STATUS_INVALID_PARAMS);
2648 conn = cmd->user_data;
2650 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2651 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2652 MGMT_STATUS_INVALID_PARAMS);
2656 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2658 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2659 addr, sizeof(*addr));
2661 hci_dev_unlock(hdev);
2665 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2666 struct mgmt_addr_info *addr, u16 mgmt_op,
2667 u16 hci_op, __le32 passkey)
2669 struct pending_cmd *cmd;
2670 struct hci_conn *conn;
2675 if (!hdev_is_powered(hdev)) {
2676 err = cmd_complete(sk, hdev->id, mgmt_op,
2677 MGMT_STATUS_NOT_POWERED, addr,
2682 if (addr->type == BDADDR_BREDR)
2683 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2685 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2688 err = cmd_complete(sk, hdev->id, mgmt_op,
2689 MGMT_STATUS_NOT_CONNECTED, addr,
2694 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2695 /* Continue with pairing via SMP */
2696 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2699 err = cmd_complete(sk, hdev->id, mgmt_op,
2700 MGMT_STATUS_SUCCESS, addr,
2703 err = cmd_complete(sk, hdev->id, mgmt_op,
2704 MGMT_STATUS_FAILED, addr,
2710 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2716 /* Continue with pairing via HCI */
2717 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2718 struct hci_cp_user_passkey_reply cp;
2720 bacpy(&cp.bdaddr, &addr->bdaddr);
2721 cp.passkey = passkey;
2722 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2724 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2728 mgmt_pending_remove(cmd);
2731 hci_dev_unlock(hdev);
2735 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2736 void *data, u16 len)
2738 struct mgmt_cp_pin_code_neg_reply *cp = data;
2742 return user_pairing_resp(sk, hdev, &cp->addr,
2743 MGMT_OP_PIN_CODE_NEG_REPLY,
2744 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2747 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2750 struct mgmt_cp_user_confirm_reply *cp = data;
2754 if (len != sizeof(*cp))
2755 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2756 MGMT_STATUS_INVALID_PARAMS);
2758 return user_pairing_resp(sk, hdev, &cp->addr,
2759 MGMT_OP_USER_CONFIRM_REPLY,
2760 HCI_OP_USER_CONFIRM_REPLY, 0);
2763 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2764 void *data, u16 len)
2766 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2770 return user_pairing_resp(sk, hdev, &cp->addr,
2771 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2772 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2775 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2778 struct mgmt_cp_user_passkey_reply *cp = data;
2782 return user_pairing_resp(sk, hdev, &cp->addr,
2783 MGMT_OP_USER_PASSKEY_REPLY,
2784 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2787 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2788 void *data, u16 len)
2790 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2794 return user_pairing_resp(sk, hdev, &cp->addr,
2795 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2796 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2799 static void update_name(struct hci_request *req)
2801 struct hci_dev *hdev = req->hdev;
2802 struct hci_cp_write_local_name cp;
2804 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2806 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2809 static void set_name_complete(struct hci_dev *hdev, u8 status)
2811 struct mgmt_cp_set_local_name *cp;
2812 struct pending_cmd *cmd;
2814 BT_DBG("status 0x%02x", status);
2818 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2825 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2826 mgmt_status(status));
2828 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2831 mgmt_pending_remove(cmd);
2834 hci_dev_unlock(hdev);
2837 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2840 struct mgmt_cp_set_local_name *cp = data;
2841 struct pending_cmd *cmd;
2842 struct hci_request req;
2849 /* If the old values are the same as the new ones just return a
2850 * direct command complete event.
2852 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2853 !memcmp(hdev->short_name, cp->short_name,
2854 sizeof(hdev->short_name))) {
2855 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2860 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2862 if (!hdev_is_powered(hdev)) {
2863 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2865 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2870 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2876 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2882 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2884 hci_req_init(&req, hdev);
2886 if (lmp_bredr_capable(hdev)) {
2891 if (lmp_le_capable(hdev))
2894 err = hci_req_run(&req, set_name_complete);
2896 mgmt_pending_remove(cmd);
2899 hci_dev_unlock(hdev);
2903 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2904 void *data, u16 data_len)
2906 struct pending_cmd *cmd;
2909 BT_DBG("%s", hdev->name);
2913 if (!hdev_is_powered(hdev)) {
2914 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2915 MGMT_STATUS_NOT_POWERED);
2919 if (!lmp_ssp_capable(hdev)) {
2920 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2921 MGMT_STATUS_NOT_SUPPORTED);
2925 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2926 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2931 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2937 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2939 mgmt_pending_remove(cmd);
2942 hci_dev_unlock(hdev);
2946 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2947 void *data, u16 len)
2949 struct mgmt_cp_add_remote_oob_data *cp = data;
2953 BT_DBG("%s ", hdev->name);
2957 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2960 status = MGMT_STATUS_FAILED;
2962 status = MGMT_STATUS_SUCCESS;
2964 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2965 &cp->addr, sizeof(cp->addr));
2967 hci_dev_unlock(hdev);
2971 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2972 void *data, u16 len)
2974 struct mgmt_cp_remove_remote_oob_data *cp = data;
2978 BT_DBG("%s", hdev->name);
2982 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2984 status = MGMT_STATUS_INVALID_PARAMS;
2986 status = MGMT_STATUS_SUCCESS;
2988 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2989 status, &cp->addr, sizeof(cp->addr));
2991 hci_dev_unlock(hdev);
2995 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2997 struct pending_cmd *cmd;
3001 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3003 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3007 type = hdev->discovery.type;
3009 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3010 &type, sizeof(type));
3011 mgmt_pending_remove(cmd);
3016 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3018 BT_DBG("status %d", status);
3022 mgmt_start_discovery_failed(hdev, status);
3023 hci_dev_unlock(hdev);
3028 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3029 hci_dev_unlock(hdev);
3031 switch (hdev->discovery.type) {
3032 case DISCOV_TYPE_LE:
3033 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
3037 case DISCOV_TYPE_INTERLEAVED:
3038 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
3039 DISCOV_INTERLEAVED_TIMEOUT);
3042 case DISCOV_TYPE_BREDR:
3046 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3050 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3051 void *data, u16 len)
3053 struct mgmt_cp_start_discovery *cp = data;
3054 struct pending_cmd *cmd;
3055 struct hci_cp_le_set_scan_param param_cp;
3056 struct hci_cp_le_set_scan_enable enable_cp;
3057 struct hci_cp_inquiry inq_cp;
3058 struct hci_request req;
3059 /* General inquiry access code (GIAC) */
3060 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3064 BT_DBG("%s", hdev->name);
3068 if (!hdev_is_powered(hdev)) {
3069 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3070 MGMT_STATUS_NOT_POWERED);
3074 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3075 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3080 if (hdev->discovery.state != DISCOVERY_STOPPED) {
3081 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3086 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
3092 hdev->discovery.type = cp->type;
3094 hci_req_init(&req, hdev);
3096 switch (hdev->discovery.type) {
3097 case DISCOV_TYPE_BREDR:
3098 status = mgmt_bredr_support(hdev);
3100 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3102 mgmt_pending_remove(cmd);
3106 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3107 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3109 mgmt_pending_remove(cmd);
3113 hci_inquiry_cache_flush(hdev);
3115 memset(&inq_cp, 0, sizeof(inq_cp));
3116 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3117 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3118 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3121 case DISCOV_TYPE_LE:
3122 case DISCOV_TYPE_INTERLEAVED:
3123 status = mgmt_le_support(hdev);
3125 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3127 mgmt_pending_remove(cmd);
3131 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3132 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3133 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3134 MGMT_STATUS_NOT_SUPPORTED);
3135 mgmt_pending_remove(cmd);
3139 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3140 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3141 MGMT_STATUS_REJECTED);
3142 mgmt_pending_remove(cmd);
3146 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3147 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3149 mgmt_pending_remove(cmd);
3153 memset(¶m_cp, 0, sizeof(param_cp));
3154 param_cp.type = LE_SCAN_ACTIVE;
3155 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3156 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3157 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
3158 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
3160 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
3161 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3164 memset(&enable_cp, 0, sizeof(enable_cp));
3165 enable_cp.enable = LE_SCAN_ENABLE;
3166 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3167 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3172 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3173 MGMT_STATUS_INVALID_PARAMS);
3174 mgmt_pending_remove(cmd);
3178 err = hci_req_run(&req, start_discovery_complete);
3180 mgmt_pending_remove(cmd);
3182 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3185 hci_dev_unlock(hdev);
3189 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3191 struct pending_cmd *cmd;
3194 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3198 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3199 &hdev->discovery.type, sizeof(hdev->discovery.type));
3200 mgmt_pending_remove(cmd);
3205 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3207 BT_DBG("status %d", status);
3212 mgmt_stop_discovery_failed(hdev, status);
3216 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3219 hci_dev_unlock(hdev);
3222 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3225 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3226 struct pending_cmd *cmd;
3227 struct hci_cp_remote_name_req_cancel cp;
3228 struct inquiry_entry *e;
3229 struct hci_request req;
3230 struct hci_cp_le_set_scan_enable enable_cp;
3233 BT_DBG("%s", hdev->name);
3237 if (!hci_discovery_active(hdev)) {
3238 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3239 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3240 sizeof(mgmt_cp->type));
3244 if (hdev->discovery.type != mgmt_cp->type) {
3245 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3246 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3247 sizeof(mgmt_cp->type));
3251 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3257 hci_req_init(&req, hdev);
3259 switch (hdev->discovery.state) {
3260 case DISCOVERY_FINDING:
3261 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3262 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3264 cancel_delayed_work(&hdev->le_scan_disable);
3266 memset(&enable_cp, 0, sizeof(enable_cp));
3267 enable_cp.enable = LE_SCAN_DISABLE;
3268 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3269 sizeof(enable_cp), &enable_cp);
3274 case DISCOVERY_RESOLVING:
3275 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3278 mgmt_pending_remove(cmd);
3279 err = cmd_complete(sk, hdev->id,
3280 MGMT_OP_STOP_DISCOVERY, 0,
3282 sizeof(mgmt_cp->type));
3283 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3287 bacpy(&cp.bdaddr, &e->data.bdaddr);
3288 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3294 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3296 mgmt_pending_remove(cmd);
3297 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3298 MGMT_STATUS_FAILED, &mgmt_cp->type,
3299 sizeof(mgmt_cp->type));
3303 err = hci_req_run(&req, stop_discovery_complete);
3305 mgmt_pending_remove(cmd);
3307 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3310 hci_dev_unlock(hdev);
3314 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3317 struct mgmt_cp_confirm_name *cp = data;
3318 struct inquiry_entry *e;
3321 BT_DBG("%s", hdev->name);
3325 if (!hci_discovery_active(hdev)) {
3326 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3327 MGMT_STATUS_FAILED);
3331 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3333 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3334 MGMT_STATUS_INVALID_PARAMS);
3338 if (cp->name_known) {
3339 e->name_state = NAME_KNOWN;
3342 e->name_state = NAME_NEEDED;
3343 hci_inquiry_cache_update_resolve(hdev, e);
3346 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3350 hci_dev_unlock(hdev);
3354 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3357 struct mgmt_cp_block_device *cp = data;
3361 BT_DBG("%s", hdev->name);
3363 if (!bdaddr_type_is_valid(cp->addr.type))
3364 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3365 MGMT_STATUS_INVALID_PARAMS,
3366 &cp->addr, sizeof(cp->addr));
3370 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3372 status = MGMT_STATUS_FAILED;
3374 status = MGMT_STATUS_SUCCESS;
3376 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3377 &cp->addr, sizeof(cp->addr));
3379 hci_dev_unlock(hdev);
3384 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3387 struct mgmt_cp_unblock_device *cp = data;
3391 BT_DBG("%s", hdev->name);
3393 if (!bdaddr_type_is_valid(cp->addr.type))
3394 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3395 MGMT_STATUS_INVALID_PARAMS,
3396 &cp->addr, sizeof(cp->addr));
3400 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3402 status = MGMT_STATUS_INVALID_PARAMS;
3404 status = MGMT_STATUS_SUCCESS;
3406 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3407 &cp->addr, sizeof(cp->addr));
3409 hci_dev_unlock(hdev);
3414 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3417 struct mgmt_cp_set_device_id *cp = data;
3418 struct hci_request req;
3422 BT_DBG("%s", hdev->name);
3424 source = __le16_to_cpu(cp->source);
3426 if (source > 0x0002)
3427 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3428 MGMT_STATUS_INVALID_PARAMS);
3432 hdev->devid_source = source;
3433 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3434 hdev->devid_product = __le16_to_cpu(cp->product);
3435 hdev->devid_version = __le16_to_cpu(cp->version);
3437 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3439 hci_req_init(&req, hdev);
3441 hci_req_run(&req, NULL);
3443 hci_dev_unlock(hdev);
3448 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3450 struct cmd_lookup match = { NULL, hdev };
3453 u8 mgmt_err = mgmt_status(status);
3455 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3456 cmd_status_rsp, &mgmt_err);
3460 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3463 new_settings(hdev, match.sk);
3469 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3472 struct mgmt_mode *cp = data;
3473 struct pending_cmd *cmd;
3474 struct hci_request req;
3475 u8 val, enabled, status;
3478 BT_DBG("request for %s", hdev->name);
3480 status = mgmt_le_support(hdev);
3482 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3485 if (cp->val != 0x00 && cp->val != 0x01)
3486 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3487 MGMT_STATUS_INVALID_PARAMS);
3492 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3494 /* The following conditions are ones which mean that we should
3495 * not do any HCI communication but directly send a mgmt
3496 * response to user space (after toggling the flag if
3499 if (!hdev_is_powered(hdev) || val == enabled ||
3500 hci_conn_num(hdev, LE_LINK) > 0) {
3501 bool changed = false;
3503 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3504 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3508 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3513 err = new_settings(hdev, sk);
3518 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3519 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3520 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3525 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3531 hci_req_init(&req, hdev);
3534 enable_advertising(&req);
3536 disable_advertising(&req);
3538 err = hci_req_run(&req, set_advertising_complete);
3540 mgmt_pending_remove(cmd);
3543 hci_dev_unlock(hdev);
3547 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3548 void *data, u16 len)
3550 struct mgmt_cp_set_static_address *cp = data;
3553 BT_DBG("%s", hdev->name);
3555 if (!lmp_le_capable(hdev))
3556 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3557 MGMT_STATUS_NOT_SUPPORTED);
3559 if (hdev_is_powered(hdev))
3560 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3561 MGMT_STATUS_REJECTED);
3563 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3564 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3565 return cmd_status(sk, hdev->id,
3566 MGMT_OP_SET_STATIC_ADDRESS,
3567 MGMT_STATUS_INVALID_PARAMS);
3569 /* Two most significant bits shall be set */
3570 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3571 return cmd_status(sk, hdev->id,
3572 MGMT_OP_SET_STATIC_ADDRESS,
3573 MGMT_STATUS_INVALID_PARAMS);
3578 bacpy(&hdev->static_addr, &cp->bdaddr);
3580 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3582 hci_dev_unlock(hdev);
3587 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3588 void *data, u16 len)
3590 struct mgmt_cp_set_scan_params *cp = data;
3591 __u16 interval, window;
3594 BT_DBG("%s", hdev->name);
3596 if (!lmp_le_capable(hdev))
3597 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3598 MGMT_STATUS_NOT_SUPPORTED);
3600 interval = __le16_to_cpu(cp->interval);
3602 if (interval < 0x0004 || interval > 0x4000)
3603 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3604 MGMT_STATUS_INVALID_PARAMS);
3606 window = __le16_to_cpu(cp->window);
3608 if (window < 0x0004 || window > 0x4000)
3609 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3610 MGMT_STATUS_INVALID_PARAMS);
3612 if (window > interval)
3613 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3614 MGMT_STATUS_INVALID_PARAMS);
3618 hdev->le_scan_interval = interval;
3619 hdev->le_scan_window = window;
3621 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3623 hci_dev_unlock(hdev);
3628 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3630 struct pending_cmd *cmd;
3632 BT_DBG("status 0x%02x", status);
3636 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3641 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3642 mgmt_status(status));
3644 struct mgmt_mode *cp = cmd->param;
3647 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3649 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3651 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3652 new_settings(hdev, cmd->sk);
3655 mgmt_pending_remove(cmd);
3658 hci_dev_unlock(hdev);
3661 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3662 void *data, u16 len)
3664 struct mgmt_mode *cp = data;
3665 struct pending_cmd *cmd;
3666 struct hci_request req;
3669 BT_DBG("%s", hdev->name);
3671 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3672 hdev->hci_ver < BLUETOOTH_VER_1_2)
3673 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3674 MGMT_STATUS_NOT_SUPPORTED);
3676 if (cp->val != 0x00 && cp->val != 0x01)
3677 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3678 MGMT_STATUS_INVALID_PARAMS);
3680 if (!hdev_is_powered(hdev))
3681 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3682 MGMT_STATUS_NOT_POWERED);
3684 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3685 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3686 MGMT_STATUS_REJECTED);
3690 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3691 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3696 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3697 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3702 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3709 hci_req_init(&req, hdev);
3711 write_fast_connectable(&req, cp->val);
3713 err = hci_req_run(&req, fast_connectable_complete);
3715 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3716 MGMT_STATUS_FAILED);
3717 mgmt_pending_remove(cmd);
3721 hci_dev_unlock(hdev);
3726 static void set_bredr_scan(struct hci_request *req)
3728 struct hci_dev *hdev = req->hdev;
3731 /* Ensure that fast connectable is disabled. This function will
3732 * not do anything if the page scan parameters are already what
3735 write_fast_connectable(req, false);
3737 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3739 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3740 scan |= SCAN_INQUIRY;
3743 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3746 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3748 struct pending_cmd *cmd;
3750 BT_DBG("status 0x%02x", status);
3754 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3759 u8 mgmt_err = mgmt_status(status);
3761 /* We need to restore the flag if related HCI commands
3764 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3766 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3768 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3769 new_settings(hdev, cmd->sk);
3772 mgmt_pending_remove(cmd);
3775 hci_dev_unlock(hdev);
3778 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3780 struct mgmt_mode *cp = data;
3781 struct pending_cmd *cmd;
3782 struct hci_request req;
3785 BT_DBG("request for %s", hdev->name);
3787 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3788 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3789 MGMT_STATUS_NOT_SUPPORTED);
3791 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3792 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3793 MGMT_STATUS_REJECTED);
3795 if (cp->val != 0x00 && cp->val != 0x01)
3796 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3797 MGMT_STATUS_INVALID_PARAMS);
3801 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3802 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3806 if (!hdev_is_powered(hdev)) {
3808 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3809 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3810 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3811 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3812 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3815 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3817 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3821 err = new_settings(hdev, sk);
3825 /* Reject disabling when powered on */
3827 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3828 MGMT_STATUS_REJECTED);
3832 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3833 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3838 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3844 /* We need to flip the bit already here so that update_ad
3845 * generates the correct flags.
3847 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3849 hci_req_init(&req, hdev);
3851 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3852 set_bredr_scan(&req);
3856 err = hci_req_run(&req, set_bredr_complete);
3858 mgmt_pending_remove(cmd);
3861 hci_dev_unlock(hdev);
3865 static bool ltk_is_valid(struct mgmt_ltk_info *key)
3867 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3869 if (key->master != 0x00 && key->master != 0x01)
3871 if (!bdaddr_type_is_le(key->addr.type))
3876 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
3877 void *cp_data, u16 len)
3879 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3880 u16 key_count, expected_len;
3883 BT_DBG("request for %s", hdev->name);
3885 if (!lmp_le_capable(hdev))
3886 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3887 MGMT_STATUS_NOT_SUPPORTED);
3889 key_count = __le16_to_cpu(cp->key_count);
3891 expected_len = sizeof(*cp) + key_count *
3892 sizeof(struct mgmt_ltk_info);
3893 if (expected_len != len) {
3894 BT_ERR("load_keys: expected %u bytes, got %u bytes",
3896 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3897 MGMT_STATUS_INVALID_PARAMS);
3900 BT_DBG("%s key_count %u", hdev->name, key_count);
3902 for (i = 0; i < key_count; i++) {
3903 struct mgmt_ltk_info *key = &cp->keys[i];
3905 if (!ltk_is_valid(key))
3906 return cmd_status(sk, hdev->id,
3907 MGMT_OP_LOAD_LONG_TERM_KEYS,
3908 MGMT_STATUS_INVALID_PARAMS);
3913 hci_smp_ltks_clear(hdev);
3915 for (i = 0; i < key_count; i++) {
3916 struct mgmt_ltk_info *key = &cp->keys[i];
3919 if (key->addr.type == BDADDR_LE_PUBLIC)
3920 addr_type = ADDR_LE_DEV_PUBLIC;
3922 addr_type = ADDR_LE_DEV_RANDOM;
3927 type = HCI_SMP_LTK_SLAVE;
3929 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
3930 type, 0, key->authenticated, key->val,
3931 key->enc_size, key->ediv, key->rand);
3934 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3937 hci_dev_unlock(hdev);
3942 static const struct mgmt_handler {
3943 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3947 } mgmt_handlers[] = {
3948 { NULL }, /* 0x0000 (no command) */
3949 { read_version, false, MGMT_READ_VERSION_SIZE },
3950 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3951 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3952 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3953 { set_powered, false, MGMT_SETTING_SIZE },
3954 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3955 { set_connectable, false, MGMT_SETTING_SIZE },
3956 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3957 { set_pairable, false, MGMT_SETTING_SIZE },
3958 { set_link_security, false, MGMT_SETTING_SIZE },
3959 { set_ssp, false, MGMT_SETTING_SIZE },
3960 { set_hs, false, MGMT_SETTING_SIZE },
3961 { set_le, false, MGMT_SETTING_SIZE },
3962 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3963 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3964 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3965 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3966 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3967 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3968 { disconnect, false, MGMT_DISCONNECT_SIZE },
3969 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3970 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3971 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3972 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3973 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3974 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3975 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3976 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3977 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3978 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3979 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3980 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3981 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3982 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3983 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3984 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3985 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3986 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3987 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
3988 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
3989 { set_advertising, false, MGMT_SETTING_SIZE },
3990 { set_bredr, false, MGMT_SETTING_SIZE },
3991 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
3992 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
3996 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4000 struct mgmt_hdr *hdr;
4001 u16 opcode, index, len;
4002 struct hci_dev *hdev = NULL;
4003 const struct mgmt_handler *handler;
4006 BT_DBG("got %zu bytes", msglen);
4008 if (msglen < sizeof(*hdr))
4011 buf = kmalloc(msglen, GFP_KERNEL);
4015 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4021 opcode = __le16_to_cpu(hdr->opcode);
4022 index = __le16_to_cpu(hdr->index);
4023 len = __le16_to_cpu(hdr->len);
4025 if (len != msglen - sizeof(*hdr)) {
4030 if (index != MGMT_INDEX_NONE) {
4031 hdev = hci_dev_get(index);
4033 err = cmd_status(sk, index, opcode,
4034 MGMT_STATUS_INVALID_INDEX);
4038 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4039 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
4040 err = cmd_status(sk, index, opcode,
4041 MGMT_STATUS_INVALID_INDEX);
4046 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
4047 mgmt_handlers[opcode].func == NULL) {
4048 BT_DBG("Unknown op %u", opcode);
4049 err = cmd_status(sk, index, opcode,
4050 MGMT_STATUS_UNKNOWN_COMMAND);
4054 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
4055 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
4056 err = cmd_status(sk, index, opcode,
4057 MGMT_STATUS_INVALID_INDEX);
4061 handler = &mgmt_handlers[opcode];
4063 if ((handler->var_len && len < handler->data_len) ||
4064 (!handler->var_len && len != handler->data_len)) {
4065 err = cmd_status(sk, index, opcode,
4066 MGMT_STATUS_INVALID_PARAMS);
4071 mgmt_init_hdev(sk, hdev);
4073 cp = buf + sizeof(*hdr);
4075 err = handler->func(sk, hdev, cp, len);
4089 void mgmt_index_added(struct hci_dev *hdev)
4091 if (hdev->dev_type != HCI_BREDR)
4094 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
4097 void mgmt_index_removed(struct hci_dev *hdev)
4099 u8 status = MGMT_STATUS_INVALID_INDEX;
4101 if (hdev->dev_type != HCI_BREDR)
4104 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
4106 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
4109 static void powered_complete(struct hci_dev *hdev, u8 status)
4111 struct cmd_lookup match = { NULL, hdev };
4113 BT_DBG("status 0x%02x", status);
4117 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4119 new_settings(hdev, match.sk);
4121 hci_dev_unlock(hdev);
4127 static int powered_update_hci(struct hci_dev *hdev)
4129 struct hci_request req;
4132 hci_req_init(&req, hdev);
4134 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4135 !lmp_host_ssp_capable(hdev)) {
4138 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
4141 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4142 lmp_bredr_capable(hdev)) {
4143 struct hci_cp_write_le_host_supported cp;
4146 cp.simul = lmp_le_br_capable(hdev);
4148 /* Check first if we already have the right
4149 * host state (host features set)
4151 if (cp.le != lmp_host_le_capable(hdev) ||
4152 cp.simul != lmp_host_le_br_capable(hdev))
4153 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4157 if (lmp_le_capable(hdev)) {
4158 /* Set random address to static address if configured */
4159 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4160 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4161 &hdev->static_addr);
4163 /* Make sure the controller has a good default for
4164 * advertising data. This also applies to the case
4165 * where BR/EDR was toggled during the AUTO_OFF phase.
4167 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4170 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4171 enable_advertising(&req);
4174 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4175 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
4176 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4177 sizeof(link_sec), &link_sec);
4179 if (lmp_bredr_capable(hdev)) {
4180 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4181 set_bredr_scan(&req);
4187 return hci_req_run(&req, powered_complete);
4190 int mgmt_powered(struct hci_dev *hdev, u8 powered)
4192 struct cmd_lookup match = { NULL, hdev };
4193 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4194 u8 zero_cod[] = { 0, 0, 0 };
4197 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4201 if (powered_update_hci(hdev) == 0)
4204 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4209 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4210 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4212 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4213 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4214 zero_cod, sizeof(zero_cod), NULL);
4217 err = new_settings(hdev, match.sk);
4225 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
4227 struct pending_cmd *cmd;
4230 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4234 if (err == -ERFKILL)
4235 status = MGMT_STATUS_RFKILLED;
4237 status = MGMT_STATUS_FAILED;
4239 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
4241 mgmt_pending_remove(cmd);
4244 void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
4248 /* Nothing needed here if there's a pending command since that
4249 * commands request completion callback takes care of everything
4252 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
4256 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4258 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4261 new_settings(hdev, NULL);
4264 void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
4268 /* Nothing needed here if there's a pending command since that
4269 * commands request completion callback takes care of everything
4272 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
4276 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4278 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4281 new_settings(hdev, NULL);
4284 void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
4286 u8 mgmt_err = mgmt_status(status);
4288 if (scan & SCAN_PAGE)
4289 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
4290 cmd_status_rsp, &mgmt_err);
4292 if (scan & SCAN_INQUIRY)
4293 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
4294 cmd_status_rsp, &mgmt_err);
4297 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4300 struct mgmt_ev_new_link_key ev;
4302 memset(&ev, 0, sizeof(ev));
4304 ev.store_hint = persistent;
4305 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4306 ev.key.addr.type = BDADDR_BREDR;
4307 ev.key.type = key->type;
4308 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
4309 ev.key.pin_len = key->pin_len;
4311 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4314 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4316 struct mgmt_ev_new_long_term_key ev;
4318 memset(&ev, 0, sizeof(ev));
4320 ev.store_hint = persistent;
4321 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4322 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4323 ev.key.authenticated = key->authenticated;
4324 ev.key.enc_size = key->enc_size;
4325 ev.key.ediv = key->ediv;
4327 if (key->type == HCI_SMP_LTK)
4330 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4331 memcpy(ev.key.val, key->val, sizeof(key->val));
4333 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4337 void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4338 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4342 struct mgmt_ev_device_connected *ev = (void *) buf;
4345 bacpy(&ev->addr.bdaddr, bdaddr);
4346 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4348 ev->flags = __cpu_to_le32(flags);
4351 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4354 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4355 eir_len = eir_append_data(ev->eir, eir_len,
4356 EIR_CLASS_OF_DEV, dev_class, 3);
4358 ev->eir_len = cpu_to_le16(eir_len);
4360 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4361 sizeof(*ev) + eir_len, NULL);
4364 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4366 struct mgmt_cp_disconnect *cp = cmd->param;
4367 struct sock **sk = data;
4368 struct mgmt_rp_disconnect rp;
4370 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4371 rp.addr.type = cp->addr.type;
4373 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4379 mgmt_pending_remove(cmd);
4382 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4384 struct hci_dev *hdev = data;
4385 struct mgmt_cp_unpair_device *cp = cmd->param;
4386 struct mgmt_rp_unpair_device rp;
4388 memset(&rp, 0, sizeof(rp));
4389 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4390 rp.addr.type = cp->addr.type;
4392 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4394 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4396 mgmt_pending_remove(cmd);
4399 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4400 u8 link_type, u8 addr_type, u8 reason)
4402 struct mgmt_ev_device_disconnected ev;
4403 struct sock *sk = NULL;
4405 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4407 bacpy(&ev.addr.bdaddr, bdaddr);
4408 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4411 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
4416 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4420 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4421 u8 link_type, u8 addr_type, u8 status)
4423 struct mgmt_rp_disconnect rp;
4424 struct pending_cmd *cmd;
4426 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4429 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4433 bacpy(&rp.addr.bdaddr, bdaddr);
4434 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4436 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4437 mgmt_status(status), &rp, sizeof(rp));
4439 mgmt_pending_remove(cmd);
4442 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4443 u8 addr_type, u8 status)
4445 struct mgmt_ev_connect_failed ev;
4447 bacpy(&ev.addr.bdaddr, bdaddr);
4448 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4449 ev.status = mgmt_status(status);
4451 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4454 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
4456 struct mgmt_ev_pin_code_request ev;
4458 bacpy(&ev.addr.bdaddr, bdaddr);
4459 ev.addr.type = BDADDR_BREDR;
4462 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4466 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4469 struct pending_cmd *cmd;
4470 struct mgmt_rp_pin_code_reply rp;
4473 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
4477 bacpy(&rp.addr.bdaddr, bdaddr);
4478 rp.addr.type = BDADDR_BREDR;
4480 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4481 mgmt_status(status), &rp, sizeof(rp));
4483 mgmt_pending_remove(cmd);
4488 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4491 struct pending_cmd *cmd;
4492 struct mgmt_rp_pin_code_reply rp;
4495 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
4499 bacpy(&rp.addr.bdaddr, bdaddr);
4500 rp.addr.type = BDADDR_BREDR;
4502 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4503 mgmt_status(status), &rp, sizeof(rp));
4505 mgmt_pending_remove(cmd);
4510 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4511 u8 link_type, u8 addr_type, __le32 value,
4514 struct mgmt_ev_user_confirm_request ev;
4516 BT_DBG("%s", hdev->name);
4518 bacpy(&ev.addr.bdaddr, bdaddr);
4519 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4520 ev.confirm_hint = confirm_hint;
4523 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4527 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4528 u8 link_type, u8 addr_type)
4530 struct mgmt_ev_user_passkey_request ev;
4532 BT_DBG("%s", hdev->name);
4534 bacpy(&ev.addr.bdaddr, bdaddr);
4535 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4537 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
4541 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4542 u8 link_type, u8 addr_type, u8 status,
4545 struct pending_cmd *cmd;
4546 struct mgmt_rp_user_confirm_reply rp;
4549 cmd = mgmt_pending_find(opcode, hdev);
4553 bacpy(&rp.addr.bdaddr, bdaddr);
4554 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4555 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
4558 mgmt_pending_remove(cmd);
4563 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4564 u8 link_type, u8 addr_type, u8 status)
4566 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4567 status, MGMT_OP_USER_CONFIRM_REPLY);
4570 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4571 u8 link_type, u8 addr_type, u8 status)
4573 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4575 MGMT_OP_USER_CONFIRM_NEG_REPLY);
4578 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4579 u8 link_type, u8 addr_type, u8 status)
4581 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4582 status, MGMT_OP_USER_PASSKEY_REPLY);
4585 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4586 u8 link_type, u8 addr_type, u8 status)
4588 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4590 MGMT_OP_USER_PASSKEY_NEG_REPLY);
4593 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4594 u8 link_type, u8 addr_type, u32 passkey,
4597 struct mgmt_ev_passkey_notify ev;
4599 BT_DBG("%s", hdev->name);
4601 bacpy(&ev.addr.bdaddr, bdaddr);
4602 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4603 ev.passkey = __cpu_to_le32(passkey);
4604 ev.entered = entered;
4606 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4609 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4610 u8 addr_type, u8 status)
4612 struct mgmt_ev_auth_failed ev;
4614 bacpy(&ev.addr.bdaddr, bdaddr);
4615 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4616 ev.status = mgmt_status(status);
4618 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
4621 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4623 struct cmd_lookup match = { NULL, hdev };
4624 bool changed = false;
4628 u8 mgmt_err = mgmt_status(status);
4629 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
4630 cmd_status_rsp, &mgmt_err);
4634 if (test_bit(HCI_AUTH, &hdev->flags)) {
4635 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4638 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4642 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
4646 err = new_settings(hdev, match.sk);
4654 static void clear_eir(struct hci_request *req)
4656 struct hci_dev *hdev = req->hdev;
4657 struct hci_cp_write_eir cp;
4659 if (!lmp_ext_inq_capable(hdev))
4662 memset(hdev->eir, 0, sizeof(hdev->eir));
4664 memset(&cp, 0, sizeof(cp));
4666 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
4669 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4671 struct cmd_lookup match = { NULL, hdev };
4672 struct hci_request req;
4673 bool changed = false;
4677 u8 mgmt_err = mgmt_status(status);
4679 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
4680 &hdev->dev_flags)) {
4681 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4682 err = new_settings(hdev, NULL);
4685 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4692 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4694 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4696 changed = test_and_clear_bit(HCI_HS_ENABLED,
4699 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4702 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4705 err = new_settings(hdev, match.sk);
4710 hci_req_init(&req, hdev);
4712 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4717 hci_req_run(&req, NULL);
4722 static void sk_lookup(struct pending_cmd *cmd, void *data)
4724 struct cmd_lookup *match = data;
4726 if (match->sk == NULL) {
4727 match->sk = cmd->sk;
4728 sock_hold(match->sk);
4732 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4735 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4738 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4739 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4740 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
4743 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4752 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
4754 struct mgmt_cp_set_local_name ev;
4755 struct pending_cmd *cmd;
4760 memset(&ev, 0, sizeof(ev));
4761 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
4762 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
4764 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
4766 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
4768 /* If this is a HCI command related to powering on the
4769 * HCI dev don't send any mgmt signals.
4771 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4775 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4776 cmd ? cmd->sk : NULL);
4779 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4780 u8 *randomizer, u8 status)
4782 struct pending_cmd *cmd;
4785 BT_DBG("%s status %u", hdev->name, status);
4787 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4792 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4793 mgmt_status(status));
4795 struct mgmt_rp_read_local_oob_data rp;
4797 memcpy(rp.hash, hash, sizeof(rp.hash));
4798 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4800 err = cmd_complete(cmd->sk, hdev->id,
4801 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4805 mgmt_pending_remove(cmd);
4810 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4811 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4812 ssp, u8 *eir, u16 eir_len)
4815 struct mgmt_ev_device_found *ev = (void *) buf;
4818 if (!hci_discovery_active(hdev))
4821 /* Leave 5 bytes for a potential CoD field */
4822 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
4825 memset(buf, 0, sizeof(buf));
4827 bacpy(&ev->addr.bdaddr, bdaddr);
4828 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4831 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
4833 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
4836 memcpy(ev->eir, eir, eir_len);
4838 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4839 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
4842 ev->eir_len = cpu_to_le16(eir_len);
4843 ev_size = sizeof(*ev) + eir_len;
4845 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
4848 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4849 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
4851 struct mgmt_ev_device_found *ev;
4852 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4855 ev = (struct mgmt_ev_device_found *) buf;
4857 memset(buf, 0, sizeof(buf));
4859 bacpy(&ev->addr.bdaddr, bdaddr);
4860 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4863 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
4866 ev->eir_len = cpu_to_le16(eir_len);
4868 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
4871 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
4873 struct mgmt_ev_discovering ev;
4874 struct pending_cmd *cmd;
4876 BT_DBG("%s discovering %u", hdev->name, discovering);
4879 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
4881 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4884 u8 type = hdev->discovery.type;
4886 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4888 mgmt_pending_remove(cmd);
4891 memset(&ev, 0, sizeof(ev));
4892 ev.type = hdev->discovery.type;
4893 ev.discovering = discovering;
4895 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
4898 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4900 struct pending_cmd *cmd;
4901 struct mgmt_ev_device_blocked ev;
4903 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
4905 bacpy(&ev.addr.bdaddr, bdaddr);
4906 ev.addr.type = type;
4908 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
4909 cmd ? cmd->sk : NULL);
4912 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4914 struct pending_cmd *cmd;
4915 struct mgmt_ev_device_unblocked ev;
4917 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
4919 bacpy(&ev.addr.bdaddr, bdaddr);
4920 ev.addr.type = type;
4922 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
4923 cmd ? cmd->sk : NULL);
4926 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4928 BT_DBG("%s status %u", hdev->name, status);
4930 /* Clear the advertising mgmt setting if we failed to re-enable it */
4932 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4933 new_settings(hdev, NULL);
4937 void mgmt_reenable_advertising(struct hci_dev *hdev)
4939 struct hci_request req;
4941 if (hci_conn_num(hdev, LE_LINK) > 0)
4944 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4947 hci_req_init(&req, hdev);
4948 enable_advertising(&req);
4950 /* If this fails we have no option but to let user space know
4951 * that we've disabled advertising.
4953 if (hci_req_run(&req, adv_enable_complete) < 0) {
4954 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4955 new_settings(hdev, NULL);
projects / karo-tx-linux.git / blob