2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
36 #define MGMT_VERSION 1
37 #define MGMT_REVISION 4
39 static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
76 MGMT_OP_UNBLOCK_DEVICE,
77 MGMT_OP_SET_DEVICE_ID,
78 MGMT_OP_SET_ADVERTISING,
80 MGMT_OP_SET_STATIC_ADDRESS,
81 MGMT_OP_SET_SCAN_PARAMS,
84 static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
87 MGMT_EV_INDEX_REMOVED,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
100 MGMT_EV_DEVICE_FOUND,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
105 MGMT_EV_PASSKEY_NOTIFY,
108 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
110 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
111 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
114 struct list_head list;
122 /* HCI to MGMT error code conversion table */
123 static u8 mgmt_status_table[] = {
125 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
126 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
127 MGMT_STATUS_FAILED, /* Hardware Failure */
128 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
129 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
130 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
131 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
132 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
133 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
135 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
136 MGMT_STATUS_BUSY, /* Command Disallowed */
137 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
138 MGMT_STATUS_REJECTED, /* Rejected Security */
139 MGMT_STATUS_REJECTED, /* Rejected Personal */
140 MGMT_STATUS_TIMEOUT, /* Host Timeout */
141 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
142 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
143 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
144 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
145 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
146 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
147 MGMT_STATUS_BUSY, /* Repeated Attempts */
148 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
149 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
151 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
152 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
153 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
155 MGMT_STATUS_FAILED, /* Unspecified Error */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
157 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
158 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
159 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
160 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
161 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
162 MGMT_STATUS_FAILED, /* Unit Link Key Used */
163 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
164 MGMT_STATUS_TIMEOUT, /* Instant Passed */
165 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
166 MGMT_STATUS_FAILED, /* Transaction Collision */
167 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
168 MGMT_STATUS_REJECTED, /* QoS Rejected */
169 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
170 MGMT_STATUS_REJECTED, /* Insufficient Security */
171 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
172 MGMT_STATUS_BUSY, /* Role Switch Pending */
173 MGMT_STATUS_FAILED, /* Slot Violation */
174 MGMT_STATUS_FAILED, /* Role Switch Failed */
175 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
176 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
177 MGMT_STATUS_BUSY, /* Host Busy Pairing */
178 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
179 MGMT_STATUS_BUSY, /* Controller Busy */
180 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
181 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
182 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
184 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
187 static u8 mgmt_status(u8 hci_status)
189 if (hci_status < ARRAY_SIZE(mgmt_status_table))
190 return mgmt_status_table[hci_status];
192 return MGMT_STATUS_FAILED;
195 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
198 struct mgmt_hdr *hdr;
199 struct mgmt_ev_cmd_status *ev;
202 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
204 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
208 hdr = (void *) skb_put(skb, sizeof(*hdr));
210 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
211 hdr->index = cpu_to_le16(index);
212 hdr->len = cpu_to_le16(sizeof(*ev));
214 ev = (void *) skb_put(skb, sizeof(*ev));
216 ev->opcode = cpu_to_le16(cmd);
218 err = sock_queue_rcv_skb(sk, skb);
225 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
226 void *rp, size_t rp_len)
229 struct mgmt_hdr *hdr;
230 struct mgmt_ev_cmd_complete *ev;
233 BT_DBG("sock %p", sk);
235 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
239 hdr = (void *) skb_put(skb, sizeof(*hdr));
241 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
242 hdr->index = cpu_to_le16(index);
243 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
245 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
246 ev->opcode = cpu_to_le16(cmd);
250 memcpy(ev->data, rp, rp_len);
252 err = sock_queue_rcv_skb(sk, skb);
259 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
262 struct mgmt_rp_read_version rp;
264 BT_DBG("sock %p", sk);
266 rp.version = MGMT_VERSION;
267 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
269 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
273 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
276 struct mgmt_rp_read_commands *rp;
277 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
278 const u16 num_events = ARRAY_SIZE(mgmt_events);
283 BT_DBG("sock %p", sk);
285 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
287 rp = kmalloc(rp_size, GFP_KERNEL);
291 rp->num_commands = __constant_cpu_to_le16(num_commands);
292 rp->num_events = __constant_cpu_to_le16(num_events);
294 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
295 put_unaligned_le16(mgmt_commands[i], opcode);
297 for (i = 0; i < num_events; i++, opcode++)
298 put_unaligned_le16(mgmt_events[i], opcode);
300 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
307 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
310 struct mgmt_rp_read_index_list *rp;
316 BT_DBG("sock %p", sk);
318 read_lock(&hci_dev_list_lock);
321 list_for_each_entry(d, &hci_dev_list, list) {
322 if (d->dev_type == HCI_BREDR)
326 rp_len = sizeof(*rp) + (2 * count);
327 rp = kmalloc(rp_len, GFP_ATOMIC);
329 read_unlock(&hci_dev_list_lock);
334 list_for_each_entry(d, &hci_dev_list, list) {
335 if (test_bit(HCI_SETUP, &d->dev_flags))
338 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
341 if (d->dev_type == HCI_BREDR) {
342 rp->index[count++] = cpu_to_le16(d->id);
343 BT_DBG("Added hci%u", d->id);
347 rp->num_controllers = cpu_to_le16(count);
348 rp_len = sizeof(*rp) + (2 * count);
350 read_unlock(&hci_dev_list_lock);
352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
360 static u32 get_supported_settings(struct hci_dev *hdev)
364 settings |= MGMT_SETTING_POWERED;
365 settings |= MGMT_SETTING_PAIRABLE;
367 if (lmp_bredr_capable(hdev)) {
368 settings |= MGMT_SETTING_CONNECTABLE;
369 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
370 settings |= MGMT_SETTING_FAST_CONNECTABLE;
371 settings |= MGMT_SETTING_DISCOVERABLE;
372 settings |= MGMT_SETTING_BREDR;
373 settings |= MGMT_SETTING_LINK_SECURITY;
375 if (lmp_ssp_capable(hdev)) {
376 settings |= MGMT_SETTING_SSP;
377 settings |= MGMT_SETTING_HS;
381 if (lmp_le_capable(hdev)) {
382 settings |= MGMT_SETTING_LE;
383 settings |= MGMT_SETTING_ADVERTISING;
389 static u32 get_current_settings(struct hci_dev *hdev)
393 if (hdev_is_powered(hdev))
394 settings |= MGMT_SETTING_POWERED;
396 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
397 settings |= MGMT_SETTING_CONNECTABLE;
399 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_FAST_CONNECTABLE;
402 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
403 settings |= MGMT_SETTING_DISCOVERABLE;
405 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
406 settings |= MGMT_SETTING_PAIRABLE;
408 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
409 settings |= MGMT_SETTING_BREDR;
411 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
412 settings |= MGMT_SETTING_LE;
414 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
415 settings |= MGMT_SETTING_LINK_SECURITY;
417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
418 settings |= MGMT_SETTING_SSP;
420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_HS;
423 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
424 settings |= MGMT_SETTING_ADVERTISING;
429 #define PNP_INFO_SVCLASS_ID 0x1200
431 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
433 u8 *ptr = data, *uuids_start = NULL;
434 struct bt_uuid *uuid;
439 list_for_each_entry(uuid, &hdev->uuids, list) {
442 if (uuid->size != 16)
445 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
449 if (uuid16 == PNP_INFO_SVCLASS_ID)
455 uuids_start[1] = EIR_UUID16_ALL;
459 /* Stop if not enough space to put next UUID */
460 if ((ptr - data) + sizeof(u16) > len) {
461 uuids_start[1] = EIR_UUID16_SOME;
465 *ptr++ = (uuid16 & 0x00ff);
466 *ptr++ = (uuid16 & 0xff00) >> 8;
467 uuids_start[0] += sizeof(uuid16);
473 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
475 u8 *ptr = data, *uuids_start = NULL;
476 struct bt_uuid *uuid;
481 list_for_each_entry(uuid, &hdev->uuids, list) {
482 if (uuid->size != 32)
488 uuids_start[1] = EIR_UUID32_ALL;
492 /* Stop if not enough space to put next UUID */
493 if ((ptr - data) + sizeof(u32) > len) {
494 uuids_start[1] = EIR_UUID32_SOME;
498 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
500 uuids_start[0] += sizeof(u32);
506 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
508 u8 *ptr = data, *uuids_start = NULL;
509 struct bt_uuid *uuid;
514 list_for_each_entry(uuid, &hdev->uuids, list) {
515 if (uuid->size != 128)
521 uuids_start[1] = EIR_UUID128_ALL;
525 /* Stop if not enough space to put next UUID */
526 if ((ptr - data) + 16 > len) {
527 uuids_start[1] = EIR_UUID128_SOME;
531 memcpy(ptr, uuid->uuid, 16);
533 uuids_start[0] += 16;
539 static u8 create_ad(struct hci_dev *hdev, u8 *ptr)
541 u8 ad_len = 0, flags = 0;
544 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
545 flags |= LE_AD_GENERAL;
547 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
548 if (lmp_le_br_capable(hdev))
549 flags |= LE_AD_SIM_LE_BREDR_CTRL;
550 if (lmp_host_le_br_capable(hdev))
551 flags |= LE_AD_SIM_LE_BREDR_HOST;
553 flags |= LE_AD_NO_BREDR;
557 BT_DBG("adv flags 0x%02x", flags);
567 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
569 ptr[1] = EIR_TX_POWER;
570 ptr[2] = (u8) hdev->adv_tx_power;
576 name_len = strlen(hdev->dev_name);
578 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
580 if (name_len > max_len) {
582 ptr[1] = EIR_NAME_SHORT;
584 ptr[1] = EIR_NAME_COMPLETE;
586 ptr[0] = name_len + 1;
588 memcpy(ptr + 2, hdev->dev_name, name_len);
590 ad_len += (name_len + 2);
591 ptr += (name_len + 2);
597 static void update_ad(struct hci_request *req)
599 struct hci_dev *hdev = req->hdev;
600 struct hci_cp_le_set_adv_data cp;
603 if (!lmp_le_capable(hdev))
606 memset(&cp, 0, sizeof(cp));
608 len = create_ad(hdev, cp.data);
610 if (hdev->adv_data_len == len &&
611 memcmp(cp.data, hdev->adv_data, len) == 0)
614 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
615 hdev->adv_data_len = len;
619 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
622 static void create_eir(struct hci_dev *hdev, u8 *data)
627 name_len = strlen(hdev->dev_name);
633 ptr[1] = EIR_NAME_SHORT;
635 ptr[1] = EIR_NAME_COMPLETE;
637 /* EIR Data length */
638 ptr[0] = name_len + 1;
640 memcpy(ptr + 2, hdev->dev_name, name_len);
642 ptr += (name_len + 2);
645 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
647 ptr[1] = EIR_TX_POWER;
648 ptr[2] = (u8) hdev->inq_tx_power;
653 if (hdev->devid_source > 0) {
655 ptr[1] = EIR_DEVICE_ID;
657 put_unaligned_le16(hdev->devid_source, ptr + 2);
658 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
659 put_unaligned_le16(hdev->devid_product, ptr + 6);
660 put_unaligned_le16(hdev->devid_version, ptr + 8);
665 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
666 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
667 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
670 static void update_eir(struct hci_request *req)
672 struct hci_dev *hdev = req->hdev;
673 struct hci_cp_write_eir cp;
675 if (!hdev_is_powered(hdev))
678 if (!lmp_ext_inq_capable(hdev))
681 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
684 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
687 memset(&cp, 0, sizeof(cp));
689 create_eir(hdev, cp.data);
691 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
694 memcpy(hdev->eir, cp.data, sizeof(cp.data));
696 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
699 static u8 get_service_classes(struct hci_dev *hdev)
701 struct bt_uuid *uuid;
704 list_for_each_entry(uuid, &hdev->uuids, list)
705 val |= uuid->svc_hint;
710 static void update_class(struct hci_request *req)
712 struct hci_dev *hdev = req->hdev;
715 BT_DBG("%s", hdev->name);
717 if (!hdev_is_powered(hdev))
720 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
723 cod[0] = hdev->minor_class;
724 cod[1] = hdev->major_class;
725 cod[2] = get_service_classes(hdev);
727 if (memcmp(cod, hdev->dev_class, 3) == 0)
730 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
733 static void service_cache_off(struct work_struct *work)
735 struct hci_dev *hdev = container_of(work, struct hci_dev,
737 struct hci_request req;
739 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
742 hci_req_init(&req, hdev);
749 hci_dev_unlock(hdev);
751 hci_req_run(&req, NULL);
754 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
756 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
759 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
761 /* Non-mgmt controlled devices get this bit set
762 * implicitly so that pairing works for them, however
763 * for mgmt we require user-space to explicitly enable
766 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
769 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
770 void *data, u16 data_len)
772 struct mgmt_rp_read_info rp;
774 BT_DBG("sock %p %s", sk, hdev->name);
778 memset(&rp, 0, sizeof(rp));
780 bacpy(&rp.bdaddr, &hdev->bdaddr);
782 rp.version = hdev->hci_ver;
783 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
785 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
786 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
788 memcpy(rp.dev_class, hdev->dev_class, 3);
790 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
791 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
793 hci_dev_unlock(hdev);
795 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
799 static void mgmt_pending_free(struct pending_cmd *cmd)
806 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
807 struct hci_dev *hdev, void *data,
810 struct pending_cmd *cmd;
812 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
816 cmd->opcode = opcode;
817 cmd->index = hdev->id;
819 cmd->param = kmalloc(len, GFP_KERNEL);
826 memcpy(cmd->param, data, len);
831 list_add(&cmd->list, &hdev->mgmt_pending);
836 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
837 void (*cb)(struct pending_cmd *cmd,
841 struct pending_cmd *cmd, *tmp;
843 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
844 if (opcode > 0 && cmd->opcode != opcode)
851 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
853 struct pending_cmd *cmd;
855 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
856 if (cmd->opcode == opcode)
863 static void mgmt_pending_remove(struct pending_cmd *cmd)
865 list_del(&cmd->list);
866 mgmt_pending_free(cmd);
869 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
871 __le32 settings = cpu_to_le32(get_current_settings(hdev));
873 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
877 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
880 struct mgmt_mode *cp = data;
881 struct pending_cmd *cmd;
884 BT_DBG("request for %s", hdev->name);
886 if (cp->val != 0x00 && cp->val != 0x01)
887 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
888 MGMT_STATUS_INVALID_PARAMS);
892 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
893 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
898 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
899 cancel_delayed_work(&hdev->power_off);
902 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
904 err = mgmt_powered(hdev, 1);
909 if (!!cp->val == hdev_is_powered(hdev)) {
910 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
914 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
921 queue_work(hdev->req_workqueue, &hdev->power_on);
923 queue_work(hdev->req_workqueue, &hdev->power_off.work);
928 hci_dev_unlock(hdev);
932 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
933 struct sock *skip_sk)
936 struct mgmt_hdr *hdr;
938 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
942 hdr = (void *) skb_put(skb, sizeof(*hdr));
943 hdr->opcode = cpu_to_le16(event);
945 hdr->index = cpu_to_le16(hdev->id);
947 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
948 hdr->len = cpu_to_le16(data_len);
951 memcpy(skb_put(skb, data_len), data, data_len);
954 __net_timestamp(skb);
956 hci_send_to_control(skb, skip_sk);
962 static int new_settings(struct hci_dev *hdev, struct sock *skip)
966 ev = cpu_to_le32(get_current_settings(hdev));
968 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
973 struct hci_dev *hdev;
977 static void settings_rsp(struct pending_cmd *cmd, void *data)
979 struct cmd_lookup *match = data;
981 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
983 list_del(&cmd->list);
985 if (match->sk == NULL) {
987 sock_hold(match->sk);
990 mgmt_pending_free(cmd);
993 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
997 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
998 mgmt_pending_remove(cmd);
1001 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1003 if (!lmp_bredr_capable(hdev))
1004 return MGMT_STATUS_NOT_SUPPORTED;
1005 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1006 return MGMT_STATUS_REJECTED;
1008 return MGMT_STATUS_SUCCESS;
1011 static u8 mgmt_le_support(struct hci_dev *hdev)
1013 if (!lmp_le_capable(hdev))
1014 return MGMT_STATUS_NOT_SUPPORTED;
1015 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1016 return MGMT_STATUS_REJECTED;
1018 return MGMT_STATUS_SUCCESS;
1021 static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1023 struct pending_cmd *cmd;
1024 struct mgmt_mode *cp;
1027 BT_DBG("status 0x%02x", status);
1031 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1036 u8 mgmt_err = mgmt_status(status);
1037 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1043 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1046 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1049 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1052 new_settings(hdev, cmd->sk);
1055 mgmt_pending_remove(cmd);
1058 hci_dev_unlock(hdev);
1061 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1064 struct mgmt_cp_set_discoverable *cp = data;
1065 struct pending_cmd *cmd;
1066 struct hci_request req;
1071 BT_DBG("request for %s", hdev->name);
1073 status = mgmt_bredr_support(hdev);
1075 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1078 if (cp->val != 0x00 && cp->val != 0x01)
1079 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1080 MGMT_STATUS_INVALID_PARAMS);
1082 timeout = __le16_to_cpu(cp->timeout);
1083 if (!cp->val && timeout > 0)
1084 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1085 MGMT_STATUS_INVALID_PARAMS);
1089 if (!hdev_is_powered(hdev) && timeout > 0) {
1090 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1091 MGMT_STATUS_NOT_POWERED);
1095 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1096 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1097 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1102 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1103 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1104 MGMT_STATUS_REJECTED);
1108 if (!hdev_is_powered(hdev)) {
1109 bool changed = false;
1111 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1112 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1116 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1121 err = new_settings(hdev, sk);
1126 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1127 if (hdev->discov_timeout > 0) {
1128 cancel_delayed_work(&hdev->discov_off);
1129 hdev->discov_timeout = 0;
1132 if (cp->val && timeout > 0) {
1133 hdev->discov_timeout = timeout;
1134 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1135 msecs_to_jiffies(hdev->discov_timeout * 1000));
1138 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1142 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1148 hci_req_init(&req, hdev);
1153 scan |= SCAN_INQUIRY;
1155 cancel_delayed_work(&hdev->discov_off);
1157 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1159 err = hci_req_run(&req, set_discoverable_complete);
1161 mgmt_pending_remove(cmd);
1164 hdev->discov_timeout = timeout;
1167 hci_dev_unlock(hdev);
1171 static void write_fast_connectable(struct hci_request *req, bool enable)
1173 struct hci_dev *hdev = req->hdev;
1174 struct hci_cp_write_page_scan_activity acp;
1177 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1181 type = PAGE_SCAN_TYPE_INTERLACED;
1183 /* 160 msec page scan interval */
1184 acp.interval = __constant_cpu_to_le16(0x0100);
1186 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1188 /* default 1.28 sec page scan */
1189 acp.interval = __constant_cpu_to_le16(0x0800);
1192 acp.window = __constant_cpu_to_le16(0x0012);
1194 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1195 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1196 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1199 if (hdev->page_scan_type != type)
1200 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1203 static u8 get_adv_type(struct hci_dev *hdev)
1205 struct pending_cmd *cmd;
1208 /* If there's a pending mgmt command the flag will not yet have
1209 * it's final value, so check for this first.
1211 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1213 struct mgmt_mode *cp = cmd->param;
1214 connectable = !!cp->val;
1216 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1219 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1222 static void enable_advertising(struct hci_request *req)
1224 struct hci_dev *hdev = req->hdev;
1225 struct hci_cp_le_set_adv_param cp;
1228 memset(&cp, 0, sizeof(cp));
1229 cp.min_interval = __constant_cpu_to_le16(0x0800);
1230 cp.max_interval = __constant_cpu_to_le16(0x0800);
1231 cp.type = get_adv_type(hdev);
1232 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1233 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1235 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1236 cp.channel_map = 0x07;
1238 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1240 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1243 static void disable_advertising(struct hci_request *req)
1247 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1250 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1252 struct pending_cmd *cmd;
1253 struct mgmt_mode *cp;
1256 BT_DBG("status 0x%02x", status);
1260 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1265 u8 mgmt_err = mgmt_status(status);
1266 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1272 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1274 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1276 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1279 new_settings(hdev, cmd->sk);
1282 mgmt_pending_remove(cmd);
1285 hci_dev_unlock(hdev);
1288 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1291 struct mgmt_mode *cp = data;
1292 struct pending_cmd *cmd;
1293 struct hci_request req;
1297 BT_DBG("request for %s", hdev->name);
1299 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1300 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1301 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1302 MGMT_STATUS_REJECTED);
1304 if (cp->val != 0x00 && cp->val != 0x01)
1305 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1306 MGMT_STATUS_INVALID_PARAMS);
1310 if (!hdev_is_powered(hdev)) {
1311 bool changed = false;
1313 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1317 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1319 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1320 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1323 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1328 err = new_settings(hdev, sk);
1333 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1334 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1335 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1340 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1346 hci_req_init(&req, hdev);
1348 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
1349 cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1355 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1356 hdev->discov_timeout > 0)
1357 cancel_delayed_work(&hdev->discov_off);
1360 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1363 /* If we're going from non-connectable to connectable or
1364 * vice-versa when fast connectable is enabled ensure that fast
1365 * connectable gets disabled. write_fast_connectable won't do
1366 * anything if the page scan parameters are already what they
1369 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1370 write_fast_connectable(&req, false);
1372 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1373 hci_conn_num(hdev, LE_LINK) == 0) {
1374 disable_advertising(&req);
1375 enable_advertising(&req);
1378 err = hci_req_run(&req, set_connectable_complete);
1380 mgmt_pending_remove(cmd);
1381 if (err == -ENODATA)
1382 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE,
1388 hci_dev_unlock(hdev);
1392 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1395 struct mgmt_mode *cp = data;
1399 BT_DBG("request for %s", hdev->name);
1401 if (cp->val != 0x00 && cp->val != 0x01)
1402 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1403 MGMT_STATUS_INVALID_PARAMS);
1408 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1410 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1412 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1417 err = new_settings(hdev, sk);
1420 hci_dev_unlock(hdev);
1424 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1427 struct mgmt_mode *cp = data;
1428 struct pending_cmd *cmd;
1432 BT_DBG("request for %s", hdev->name);
1434 status = mgmt_bredr_support(hdev);
1436 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1439 if (cp->val != 0x00 && cp->val != 0x01)
1440 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1441 MGMT_STATUS_INVALID_PARAMS);
1445 if (!hdev_is_powered(hdev)) {
1446 bool changed = false;
1448 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1449 &hdev->dev_flags)) {
1450 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1454 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1459 err = new_settings(hdev, sk);
1464 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1465 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1472 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1473 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1477 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1483 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1485 mgmt_pending_remove(cmd);
1490 hci_dev_unlock(hdev);
1494 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1496 struct mgmt_mode *cp = data;
1497 struct pending_cmd *cmd;
1501 BT_DBG("request for %s", hdev->name);
1503 status = mgmt_bredr_support(hdev);
1505 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1507 if (!lmp_ssp_capable(hdev))
1508 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1509 MGMT_STATUS_NOT_SUPPORTED);
1511 if (cp->val != 0x00 && cp->val != 0x01)
1512 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1513 MGMT_STATUS_INVALID_PARAMS);
1517 if (!hdev_is_powered(hdev)) {
1521 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1524 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1527 changed = test_and_clear_bit(HCI_HS_ENABLED,
1530 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1533 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1538 err = new_settings(hdev, sk);
1543 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1544 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
1545 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1550 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1551 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1555 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1561 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1563 mgmt_pending_remove(cmd);
1568 hci_dev_unlock(hdev);
1572 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1574 struct mgmt_mode *cp = data;
1579 BT_DBG("request for %s", hdev->name);
1581 status = mgmt_bredr_support(hdev);
1583 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1585 if (!lmp_ssp_capable(hdev))
1586 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1587 MGMT_STATUS_NOT_SUPPORTED);
1589 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1590 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1591 MGMT_STATUS_REJECTED);
1593 if (cp->val != 0x00 && cp->val != 0x01)
1594 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1595 MGMT_STATUS_INVALID_PARAMS);
1600 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1602 if (hdev_is_powered(hdev)) {
1603 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1604 MGMT_STATUS_REJECTED);
1608 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1611 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1616 err = new_settings(hdev, sk);
1619 hci_dev_unlock(hdev);
1623 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1625 struct cmd_lookup match = { NULL, hdev };
1628 u8 mgmt_err = mgmt_status(status);
1630 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1635 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1637 new_settings(hdev, match.sk);
1642 /* Make sure the controller has a good default for
1643 * advertising data. Restrict the update to when LE
1644 * has actually been enabled. During power on, the
1645 * update in powered_update_hci will take care of it.
1647 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1648 struct hci_request req;
1652 hci_req_init(&req, hdev);
1654 hci_req_run(&req, NULL);
1656 hci_dev_unlock(hdev);
1660 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1662 struct mgmt_mode *cp = data;
1663 struct hci_cp_write_le_host_supported hci_cp;
1664 struct pending_cmd *cmd;
1665 struct hci_request req;
1669 BT_DBG("request for %s", hdev->name);
1671 if (!lmp_le_capable(hdev))
1672 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1673 MGMT_STATUS_NOT_SUPPORTED);
1675 if (cp->val != 0x00 && cp->val != 0x01)
1676 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1677 MGMT_STATUS_INVALID_PARAMS);
1679 /* LE-only devices do not allow toggling LE on/off */
1680 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1681 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1682 MGMT_STATUS_REJECTED);
1687 enabled = lmp_host_le_capable(hdev);
1689 if (!hdev_is_powered(hdev) || val == enabled) {
1690 bool changed = false;
1692 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1693 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1697 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1698 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1702 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1707 err = new_settings(hdev, sk);
1712 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1713 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1714 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1719 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1725 hci_req_init(&req, hdev);
1727 memset(&hci_cp, 0, sizeof(hci_cp));
1731 hci_cp.simul = lmp_le_br_capable(hdev);
1733 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1734 disable_advertising(&req);
1737 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1740 err = hci_req_run(&req, le_enable_complete);
1742 mgmt_pending_remove(cmd);
1745 hci_dev_unlock(hdev);
1749 /* This is a helper function to test for pending mgmt commands that can
1750 * cause CoD or EIR HCI commands. We can only allow one such pending
1751 * mgmt command at a time since otherwise we cannot easily track what
1752 * the current values are, will be, and based on that calculate if a new
1753 * HCI command needs to be sent and if yes with what value.
1755 static bool pending_eir_or_class(struct hci_dev *hdev)
1757 struct pending_cmd *cmd;
1759 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1760 switch (cmd->opcode) {
1761 case MGMT_OP_ADD_UUID:
1762 case MGMT_OP_REMOVE_UUID:
1763 case MGMT_OP_SET_DEV_CLASS:
1764 case MGMT_OP_SET_POWERED:
1772 static const u8 bluetooth_base_uuid[] = {
1773 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1774 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1777 static u8 get_uuid_size(const u8 *uuid)
1781 if (memcmp(uuid, bluetooth_base_uuid, 12))
1784 val = get_unaligned_le32(&uuid[12]);
1791 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1793 struct pending_cmd *cmd;
1797 cmd = mgmt_pending_find(mgmt_op, hdev);
1801 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1802 hdev->dev_class, 3);
1804 mgmt_pending_remove(cmd);
1807 hci_dev_unlock(hdev);
1810 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1812 BT_DBG("status 0x%02x", status);
1814 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1817 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1819 struct mgmt_cp_add_uuid *cp = data;
1820 struct pending_cmd *cmd;
1821 struct hci_request req;
1822 struct bt_uuid *uuid;
1825 BT_DBG("request for %s", hdev->name);
1829 if (pending_eir_or_class(hdev)) {
1830 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1835 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1841 memcpy(uuid->uuid, cp->uuid, 16);
1842 uuid->svc_hint = cp->svc_hint;
1843 uuid->size = get_uuid_size(cp->uuid);
1845 list_add_tail(&uuid->list, &hdev->uuids);
1847 hci_req_init(&req, hdev);
1852 err = hci_req_run(&req, add_uuid_complete);
1854 if (err != -ENODATA)
1857 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1858 hdev->dev_class, 3);
1862 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1871 hci_dev_unlock(hdev);
1875 static bool enable_service_cache(struct hci_dev *hdev)
1877 if (!hdev_is_powered(hdev))
1880 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1881 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1889 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1891 BT_DBG("status 0x%02x", status);
1893 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1896 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1899 struct mgmt_cp_remove_uuid *cp = data;
1900 struct pending_cmd *cmd;
1901 struct bt_uuid *match, *tmp;
1902 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1903 struct hci_request req;
1906 BT_DBG("request for %s", hdev->name);
1910 if (pending_eir_or_class(hdev)) {
1911 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1916 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1917 err = hci_uuids_clear(hdev);
1919 if (enable_service_cache(hdev)) {
1920 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1921 0, hdev->dev_class, 3);
1930 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1931 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1934 list_del(&match->list);
1940 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1941 MGMT_STATUS_INVALID_PARAMS);
1946 hci_req_init(&req, hdev);
1951 err = hci_req_run(&req, remove_uuid_complete);
1953 if (err != -ENODATA)
1956 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1957 hdev->dev_class, 3);
1961 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1970 hci_dev_unlock(hdev);
1974 static void set_class_complete(struct hci_dev *hdev, u8 status)
1976 BT_DBG("status 0x%02x", status);
1978 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1981 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1984 struct mgmt_cp_set_dev_class *cp = data;
1985 struct pending_cmd *cmd;
1986 struct hci_request req;
1989 BT_DBG("request for %s", hdev->name);
1991 if (!lmp_bredr_capable(hdev))
1992 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1993 MGMT_STATUS_NOT_SUPPORTED);
1997 if (pending_eir_or_class(hdev)) {
1998 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2003 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2004 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2005 MGMT_STATUS_INVALID_PARAMS);
2009 hdev->major_class = cp->major;
2010 hdev->minor_class = cp->minor;
2012 if (!hdev_is_powered(hdev)) {
2013 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2014 hdev->dev_class, 3);
2018 hci_req_init(&req, hdev);
2020 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2021 hci_dev_unlock(hdev);
2022 cancel_delayed_work_sync(&hdev->service_cache);
2029 err = hci_req_run(&req, set_class_complete);
2031 if (err != -ENODATA)
2034 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2035 hdev->dev_class, 3);
2039 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2048 hci_dev_unlock(hdev);
2052 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2055 struct mgmt_cp_load_link_keys *cp = data;
2056 u16 key_count, expected_len;
2059 BT_DBG("request for %s", hdev->name);
2061 if (!lmp_bredr_capable(hdev))
2062 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2063 MGMT_STATUS_NOT_SUPPORTED);
2065 key_count = __le16_to_cpu(cp->key_count);
2067 expected_len = sizeof(*cp) + key_count *
2068 sizeof(struct mgmt_link_key_info);
2069 if (expected_len != len) {
2070 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2072 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2073 MGMT_STATUS_INVALID_PARAMS);
2076 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2077 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2078 MGMT_STATUS_INVALID_PARAMS);
2080 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2083 for (i = 0; i < key_count; i++) {
2084 struct mgmt_link_key_info *key = &cp->keys[i];
2086 if (key->addr.type != BDADDR_BREDR)
2087 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2088 MGMT_STATUS_INVALID_PARAMS);
2093 hci_link_keys_clear(hdev);
2096 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2098 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2100 for (i = 0; i < key_count; i++) {
2101 struct mgmt_link_key_info *key = &cp->keys[i];
2103 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
2104 key->type, key->pin_len);
2107 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2109 hci_dev_unlock(hdev);
2114 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2115 u8 addr_type, struct sock *skip_sk)
2117 struct mgmt_ev_device_unpaired ev;
2119 bacpy(&ev.addr.bdaddr, bdaddr);
2120 ev.addr.type = addr_type;
2122 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2126 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2129 struct mgmt_cp_unpair_device *cp = data;
2130 struct mgmt_rp_unpair_device rp;
2131 struct hci_cp_disconnect dc;
2132 struct pending_cmd *cmd;
2133 struct hci_conn *conn;
2136 memset(&rp, 0, sizeof(rp));
2137 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2138 rp.addr.type = cp->addr.type;
2140 if (!bdaddr_type_is_valid(cp->addr.type))
2141 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2142 MGMT_STATUS_INVALID_PARAMS,
2145 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2146 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2147 MGMT_STATUS_INVALID_PARAMS,
2152 if (!hdev_is_powered(hdev)) {
2153 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2154 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2158 if (cp->addr.type == BDADDR_BREDR)
2159 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2161 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
2164 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2165 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2169 if (cp->disconnect) {
2170 if (cp->addr.type == BDADDR_BREDR)
2171 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2174 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2181 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2183 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2187 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2194 dc.handle = cpu_to_le16(conn->handle);
2195 dc.reason = 0x13; /* Remote User Terminated Connection */
2196 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2198 mgmt_pending_remove(cmd);
2201 hci_dev_unlock(hdev);
2205 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2208 struct mgmt_cp_disconnect *cp = data;
2209 struct mgmt_rp_disconnect rp;
2210 struct hci_cp_disconnect dc;
2211 struct pending_cmd *cmd;
2212 struct hci_conn *conn;
2217 memset(&rp, 0, sizeof(rp));
2218 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2219 rp.addr.type = cp->addr.type;
2221 if (!bdaddr_type_is_valid(cp->addr.type))
2222 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2223 MGMT_STATUS_INVALID_PARAMS,
2228 if (!test_bit(HCI_UP, &hdev->flags)) {
2229 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2230 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2234 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2235 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2236 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2240 if (cp->addr.type == BDADDR_BREDR)
2241 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2244 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2246 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2247 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2248 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2252 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2258 dc.handle = cpu_to_le16(conn->handle);
2259 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2261 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2263 mgmt_pending_remove(cmd);
2266 hci_dev_unlock(hdev);
2270 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2272 switch (link_type) {
2274 switch (addr_type) {
2275 case ADDR_LE_DEV_PUBLIC:
2276 return BDADDR_LE_PUBLIC;
2279 /* Fallback to LE Random address type */
2280 return BDADDR_LE_RANDOM;
2284 /* Fallback to BR/EDR type */
2285 return BDADDR_BREDR;
2289 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2292 struct mgmt_rp_get_connections *rp;
2302 if (!hdev_is_powered(hdev)) {
2303 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2304 MGMT_STATUS_NOT_POWERED);
2309 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2310 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2314 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2315 rp = kmalloc(rp_len, GFP_KERNEL);
2322 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2323 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2325 bacpy(&rp->addr[i].bdaddr, &c->dst);
2326 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2327 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2332 rp->conn_count = cpu_to_le16(i);
2334 /* Recalculate length in case of filtered SCO connections, etc */
2335 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2337 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2343 hci_dev_unlock(hdev);
2347 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2348 struct mgmt_cp_pin_code_neg_reply *cp)
2350 struct pending_cmd *cmd;
2353 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2358 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2359 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2361 mgmt_pending_remove(cmd);
2366 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2369 struct hci_conn *conn;
2370 struct mgmt_cp_pin_code_reply *cp = data;
2371 struct hci_cp_pin_code_reply reply;
2372 struct pending_cmd *cmd;
2379 if (!hdev_is_powered(hdev)) {
2380 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2381 MGMT_STATUS_NOT_POWERED);
2385 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2387 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2388 MGMT_STATUS_NOT_CONNECTED);
2392 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2393 struct mgmt_cp_pin_code_neg_reply ncp;
2395 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2397 BT_ERR("PIN code is not 16 bytes long");
2399 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2401 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2402 MGMT_STATUS_INVALID_PARAMS);
2407 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2413 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2414 reply.pin_len = cp->pin_len;
2415 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2417 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2419 mgmt_pending_remove(cmd);
2422 hci_dev_unlock(hdev);
2426 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2429 struct mgmt_cp_set_io_capability *cp = data;
2435 hdev->io_capability = cp->io_capability;
2437 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2438 hdev->io_capability);
2440 hci_dev_unlock(hdev);
2442 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2446 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2448 struct hci_dev *hdev = conn->hdev;
2449 struct pending_cmd *cmd;
2451 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2452 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2455 if (cmd->user_data != conn)
2464 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2466 struct mgmt_rp_pair_device rp;
2467 struct hci_conn *conn = cmd->user_data;
2469 bacpy(&rp.addr.bdaddr, &conn->dst);
2470 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2472 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2475 /* So we don't get further callbacks for this connection */
2476 conn->connect_cfm_cb = NULL;
2477 conn->security_cfm_cb = NULL;
2478 conn->disconn_cfm_cb = NULL;
2480 hci_conn_drop(conn);
2482 mgmt_pending_remove(cmd);
2485 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2487 struct pending_cmd *cmd;
2489 BT_DBG("status %u", status);
2491 cmd = find_pairing(conn);
2493 BT_DBG("Unable to find a pending command");
2495 pairing_complete(cmd, mgmt_status(status));
2498 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2500 struct pending_cmd *cmd;
2502 BT_DBG("status %u", status);
2507 cmd = find_pairing(conn);
2509 BT_DBG("Unable to find a pending command");
2511 pairing_complete(cmd, mgmt_status(status));
2514 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2517 struct mgmt_cp_pair_device *cp = data;
2518 struct mgmt_rp_pair_device rp;
2519 struct pending_cmd *cmd;
2520 u8 sec_level, auth_type;
2521 struct hci_conn *conn;
2526 memset(&rp, 0, sizeof(rp));
2527 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2528 rp.addr.type = cp->addr.type;
2530 if (!bdaddr_type_is_valid(cp->addr.type))
2531 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2532 MGMT_STATUS_INVALID_PARAMS,
2537 if (!hdev_is_powered(hdev)) {
2538 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2539 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2543 sec_level = BT_SECURITY_MEDIUM;
2544 if (cp->io_cap == 0x03)
2545 auth_type = HCI_AT_DEDICATED_BONDING;
2547 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2549 if (cp->addr.type == BDADDR_BREDR)
2550 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2551 cp->addr.type, sec_level, auth_type);
2553 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2554 cp->addr.type, sec_level, auth_type);
2559 if (PTR_ERR(conn) == -EBUSY)
2560 status = MGMT_STATUS_BUSY;
2562 status = MGMT_STATUS_CONNECT_FAILED;
2564 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2570 if (conn->connect_cfm_cb) {
2571 hci_conn_drop(conn);
2572 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2573 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2577 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2580 hci_conn_drop(conn);
2584 /* For LE, just connecting isn't a proof that the pairing finished */
2585 if (cp->addr.type == BDADDR_BREDR)
2586 conn->connect_cfm_cb = pairing_complete_cb;
2588 conn->connect_cfm_cb = le_connect_complete_cb;
2590 conn->security_cfm_cb = pairing_complete_cb;
2591 conn->disconn_cfm_cb = pairing_complete_cb;
2592 conn->io_capability = cp->io_cap;
2593 cmd->user_data = conn;
2595 if (conn->state == BT_CONNECTED &&
2596 hci_conn_security(conn, sec_level, auth_type))
2597 pairing_complete(cmd, 0);
2602 hci_dev_unlock(hdev);
2606 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2609 struct mgmt_addr_info *addr = data;
2610 struct pending_cmd *cmd;
2611 struct hci_conn *conn;
2618 if (!hdev_is_powered(hdev)) {
2619 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2620 MGMT_STATUS_NOT_POWERED);
2624 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2626 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2627 MGMT_STATUS_INVALID_PARAMS);
2631 conn = cmd->user_data;
2633 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2634 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2635 MGMT_STATUS_INVALID_PARAMS);
2639 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2641 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2642 addr, sizeof(*addr));
2644 hci_dev_unlock(hdev);
2648 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2649 struct mgmt_addr_info *addr, u16 mgmt_op,
2650 u16 hci_op, __le32 passkey)
2652 struct pending_cmd *cmd;
2653 struct hci_conn *conn;
2658 if (!hdev_is_powered(hdev)) {
2659 err = cmd_complete(sk, hdev->id, mgmt_op,
2660 MGMT_STATUS_NOT_POWERED, addr,
2665 if (addr->type == BDADDR_BREDR)
2666 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2668 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2671 err = cmd_complete(sk, hdev->id, mgmt_op,
2672 MGMT_STATUS_NOT_CONNECTED, addr,
2677 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2678 /* Continue with pairing via SMP */
2679 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2682 err = cmd_complete(sk, hdev->id, mgmt_op,
2683 MGMT_STATUS_SUCCESS, addr,
2686 err = cmd_complete(sk, hdev->id, mgmt_op,
2687 MGMT_STATUS_FAILED, addr,
2693 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2699 /* Continue with pairing via HCI */
2700 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2701 struct hci_cp_user_passkey_reply cp;
2703 bacpy(&cp.bdaddr, &addr->bdaddr);
2704 cp.passkey = passkey;
2705 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2707 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2711 mgmt_pending_remove(cmd);
2714 hci_dev_unlock(hdev);
2718 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2719 void *data, u16 len)
2721 struct mgmt_cp_pin_code_neg_reply *cp = data;
2725 return user_pairing_resp(sk, hdev, &cp->addr,
2726 MGMT_OP_PIN_CODE_NEG_REPLY,
2727 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2730 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2733 struct mgmt_cp_user_confirm_reply *cp = data;
2737 if (len != sizeof(*cp))
2738 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2739 MGMT_STATUS_INVALID_PARAMS);
2741 return user_pairing_resp(sk, hdev, &cp->addr,
2742 MGMT_OP_USER_CONFIRM_REPLY,
2743 HCI_OP_USER_CONFIRM_REPLY, 0);
2746 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2747 void *data, u16 len)
2749 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2753 return user_pairing_resp(sk, hdev, &cp->addr,
2754 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2755 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2758 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2761 struct mgmt_cp_user_passkey_reply *cp = data;
2765 return user_pairing_resp(sk, hdev, &cp->addr,
2766 MGMT_OP_USER_PASSKEY_REPLY,
2767 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2770 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2771 void *data, u16 len)
2773 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2777 return user_pairing_resp(sk, hdev, &cp->addr,
2778 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2779 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2782 static void update_name(struct hci_request *req)
2784 struct hci_dev *hdev = req->hdev;
2785 struct hci_cp_write_local_name cp;
2787 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2789 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2792 static void set_name_complete(struct hci_dev *hdev, u8 status)
2794 struct mgmt_cp_set_local_name *cp;
2795 struct pending_cmd *cmd;
2797 BT_DBG("status 0x%02x", status);
2801 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2808 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2809 mgmt_status(status));
2811 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2814 mgmt_pending_remove(cmd);
2817 hci_dev_unlock(hdev);
2820 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2823 struct mgmt_cp_set_local_name *cp = data;
2824 struct pending_cmd *cmd;
2825 struct hci_request req;
2832 /* If the old values are the same as the new ones just return a
2833 * direct command complete event.
2835 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2836 !memcmp(hdev->short_name, cp->short_name,
2837 sizeof(hdev->short_name))) {
2838 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2843 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2845 if (!hdev_is_powered(hdev)) {
2846 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2848 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2853 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2859 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2865 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2867 hci_req_init(&req, hdev);
2869 if (lmp_bredr_capable(hdev)) {
2874 if (lmp_le_capable(hdev))
2877 err = hci_req_run(&req, set_name_complete);
2879 mgmt_pending_remove(cmd);
2882 hci_dev_unlock(hdev);
2886 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2887 void *data, u16 data_len)
2889 struct pending_cmd *cmd;
2892 BT_DBG("%s", hdev->name);
2896 if (!hdev_is_powered(hdev)) {
2897 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2898 MGMT_STATUS_NOT_POWERED);
2902 if (!lmp_ssp_capable(hdev)) {
2903 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2904 MGMT_STATUS_NOT_SUPPORTED);
2908 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2909 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2914 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2920 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2922 mgmt_pending_remove(cmd);
2925 hci_dev_unlock(hdev);
2929 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2930 void *data, u16 len)
2932 struct mgmt_cp_add_remote_oob_data *cp = data;
2936 BT_DBG("%s ", hdev->name);
2940 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2943 status = MGMT_STATUS_FAILED;
2945 status = MGMT_STATUS_SUCCESS;
2947 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2948 &cp->addr, sizeof(cp->addr));
2950 hci_dev_unlock(hdev);
2954 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2955 void *data, u16 len)
2957 struct mgmt_cp_remove_remote_oob_data *cp = data;
2961 BT_DBG("%s", hdev->name);
2965 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2967 status = MGMT_STATUS_INVALID_PARAMS;
2969 status = MGMT_STATUS_SUCCESS;
2971 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2972 status, &cp->addr, sizeof(cp->addr));
2974 hci_dev_unlock(hdev);
2978 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2980 struct pending_cmd *cmd;
2984 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2986 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2990 type = hdev->discovery.type;
2992 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2993 &type, sizeof(type));
2994 mgmt_pending_remove(cmd);
2999 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3001 BT_DBG("status %d", status);
3005 mgmt_start_discovery_failed(hdev, status);
3006 hci_dev_unlock(hdev);
3011 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3012 hci_dev_unlock(hdev);
3014 switch (hdev->discovery.type) {
3015 case DISCOV_TYPE_LE:
3016 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
3020 case DISCOV_TYPE_INTERLEAVED:
3021 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
3022 DISCOV_INTERLEAVED_TIMEOUT);
3025 case DISCOV_TYPE_BREDR:
3029 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3033 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3034 void *data, u16 len)
3036 struct mgmt_cp_start_discovery *cp = data;
3037 struct pending_cmd *cmd;
3038 struct hci_cp_le_set_scan_param param_cp;
3039 struct hci_cp_le_set_scan_enable enable_cp;
3040 struct hci_cp_inquiry inq_cp;
3041 struct hci_request req;
3042 /* General inquiry access code (GIAC) */
3043 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3047 BT_DBG("%s", hdev->name);
3051 if (!hdev_is_powered(hdev)) {
3052 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3053 MGMT_STATUS_NOT_POWERED);
3057 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3058 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3063 if (hdev->discovery.state != DISCOVERY_STOPPED) {
3064 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3069 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
3075 hdev->discovery.type = cp->type;
3077 hci_req_init(&req, hdev);
3079 switch (hdev->discovery.type) {
3080 case DISCOV_TYPE_BREDR:
3081 status = mgmt_bredr_support(hdev);
3083 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3085 mgmt_pending_remove(cmd);
3089 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3090 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3092 mgmt_pending_remove(cmd);
3096 hci_inquiry_cache_flush(hdev);
3098 memset(&inq_cp, 0, sizeof(inq_cp));
3099 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3100 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3101 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3104 case DISCOV_TYPE_LE:
3105 case DISCOV_TYPE_INTERLEAVED:
3106 status = mgmt_le_support(hdev);
3108 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3110 mgmt_pending_remove(cmd);
3114 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3115 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3116 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3117 MGMT_STATUS_NOT_SUPPORTED);
3118 mgmt_pending_remove(cmd);
3122 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3123 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3124 MGMT_STATUS_REJECTED);
3125 mgmt_pending_remove(cmd);
3129 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3130 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3132 mgmt_pending_remove(cmd);
3136 memset(¶m_cp, 0, sizeof(param_cp));
3137 param_cp.type = LE_SCAN_ACTIVE;
3138 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3139 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3140 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
3141 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
3143 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
3144 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3147 memset(&enable_cp, 0, sizeof(enable_cp));
3148 enable_cp.enable = LE_SCAN_ENABLE;
3149 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3150 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3155 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3156 MGMT_STATUS_INVALID_PARAMS);
3157 mgmt_pending_remove(cmd);
3161 err = hci_req_run(&req, start_discovery_complete);
3163 mgmt_pending_remove(cmd);
3165 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3168 hci_dev_unlock(hdev);
3172 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3174 struct pending_cmd *cmd;
3177 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3181 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3182 &hdev->discovery.type, sizeof(hdev->discovery.type));
3183 mgmt_pending_remove(cmd);
3188 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3190 BT_DBG("status %d", status);
3195 mgmt_stop_discovery_failed(hdev, status);
3199 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3202 hci_dev_unlock(hdev);
3205 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3208 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3209 struct pending_cmd *cmd;
3210 struct hci_cp_remote_name_req_cancel cp;
3211 struct inquiry_entry *e;
3212 struct hci_request req;
3213 struct hci_cp_le_set_scan_enable enable_cp;
3216 BT_DBG("%s", hdev->name);
3220 if (!hci_discovery_active(hdev)) {
3221 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3222 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3223 sizeof(mgmt_cp->type));
3227 if (hdev->discovery.type != mgmt_cp->type) {
3228 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3229 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3230 sizeof(mgmt_cp->type));
3234 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3240 hci_req_init(&req, hdev);
3242 switch (hdev->discovery.state) {
3243 case DISCOVERY_FINDING:
3244 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3245 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3247 cancel_delayed_work(&hdev->le_scan_disable);
3249 memset(&enable_cp, 0, sizeof(enable_cp));
3250 enable_cp.enable = LE_SCAN_DISABLE;
3251 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3252 sizeof(enable_cp), &enable_cp);
3257 case DISCOVERY_RESOLVING:
3258 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3261 mgmt_pending_remove(cmd);
3262 err = cmd_complete(sk, hdev->id,
3263 MGMT_OP_STOP_DISCOVERY, 0,
3265 sizeof(mgmt_cp->type));
3266 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3270 bacpy(&cp.bdaddr, &e->data.bdaddr);
3271 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3277 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3279 mgmt_pending_remove(cmd);
3280 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3281 MGMT_STATUS_FAILED, &mgmt_cp->type,
3282 sizeof(mgmt_cp->type));
3286 err = hci_req_run(&req, stop_discovery_complete);
3288 mgmt_pending_remove(cmd);
3290 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3293 hci_dev_unlock(hdev);
3297 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3300 struct mgmt_cp_confirm_name *cp = data;
3301 struct inquiry_entry *e;
3304 BT_DBG("%s", hdev->name);
3308 if (!hci_discovery_active(hdev)) {
3309 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3310 MGMT_STATUS_FAILED);
3314 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3316 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3317 MGMT_STATUS_INVALID_PARAMS);
3321 if (cp->name_known) {
3322 e->name_state = NAME_KNOWN;
3325 e->name_state = NAME_NEEDED;
3326 hci_inquiry_cache_update_resolve(hdev, e);
3329 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3333 hci_dev_unlock(hdev);
3337 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3340 struct mgmt_cp_block_device *cp = data;
3344 BT_DBG("%s", hdev->name);
3346 if (!bdaddr_type_is_valid(cp->addr.type))
3347 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3348 MGMT_STATUS_INVALID_PARAMS,
3349 &cp->addr, sizeof(cp->addr));
3353 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3355 status = MGMT_STATUS_FAILED;
3357 status = MGMT_STATUS_SUCCESS;
3359 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3360 &cp->addr, sizeof(cp->addr));
3362 hci_dev_unlock(hdev);
3367 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3370 struct mgmt_cp_unblock_device *cp = data;
3374 BT_DBG("%s", hdev->name);
3376 if (!bdaddr_type_is_valid(cp->addr.type))
3377 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3378 MGMT_STATUS_INVALID_PARAMS,
3379 &cp->addr, sizeof(cp->addr));
3383 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3385 status = MGMT_STATUS_INVALID_PARAMS;
3387 status = MGMT_STATUS_SUCCESS;
3389 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3390 &cp->addr, sizeof(cp->addr));
3392 hci_dev_unlock(hdev);
3397 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3400 struct mgmt_cp_set_device_id *cp = data;
3401 struct hci_request req;
3405 BT_DBG("%s", hdev->name);
3407 source = __le16_to_cpu(cp->source);
3409 if (source > 0x0002)
3410 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3411 MGMT_STATUS_INVALID_PARAMS);
3415 hdev->devid_source = source;
3416 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3417 hdev->devid_product = __le16_to_cpu(cp->product);
3418 hdev->devid_version = __le16_to_cpu(cp->version);
3420 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3422 hci_req_init(&req, hdev);
3424 hci_req_run(&req, NULL);
3426 hci_dev_unlock(hdev);
3431 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3433 struct cmd_lookup match = { NULL, hdev };
3436 u8 mgmt_err = mgmt_status(status);
3438 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3439 cmd_status_rsp, &mgmt_err);
3443 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3446 new_settings(hdev, match.sk);
3452 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3455 struct mgmt_mode *cp = data;
3456 struct pending_cmd *cmd;
3457 struct hci_request req;
3458 u8 val, enabled, status;
3461 BT_DBG("request for %s", hdev->name);
3463 status = mgmt_le_support(hdev);
3465 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3468 if (cp->val != 0x00 && cp->val != 0x01)
3469 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3470 MGMT_STATUS_INVALID_PARAMS);
3475 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3477 /* The following conditions are ones which mean that we should
3478 * not do any HCI communication but directly send a mgmt
3479 * response to user space (after toggling the flag if
3482 if (!hdev_is_powered(hdev) || val == enabled ||
3483 hci_conn_num(hdev, LE_LINK) > 0) {
3484 bool changed = false;
3486 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3487 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3491 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3496 err = new_settings(hdev, sk);
3501 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3502 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3503 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3508 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3514 hci_req_init(&req, hdev);
3517 enable_advertising(&req);
3519 disable_advertising(&req);
3521 err = hci_req_run(&req, set_advertising_complete);
3523 mgmt_pending_remove(cmd);
3526 hci_dev_unlock(hdev);
3530 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3531 void *data, u16 len)
3533 struct mgmt_cp_set_static_address *cp = data;
3536 BT_DBG("%s", hdev->name);
3538 if (!lmp_le_capable(hdev))
3539 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3540 MGMT_STATUS_NOT_SUPPORTED);
3542 if (hdev_is_powered(hdev))
3543 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3544 MGMT_STATUS_REJECTED);
3546 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3547 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3548 return cmd_status(sk, hdev->id,
3549 MGMT_OP_SET_STATIC_ADDRESS,
3550 MGMT_STATUS_INVALID_PARAMS);
3552 /* Two most significant bits shall be set */
3553 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3554 return cmd_status(sk, hdev->id,
3555 MGMT_OP_SET_STATIC_ADDRESS,
3556 MGMT_STATUS_INVALID_PARAMS);
3561 bacpy(&hdev->static_addr, &cp->bdaddr);
3563 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3565 hci_dev_unlock(hdev);
3570 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3571 void *data, u16 len)
3573 struct mgmt_cp_set_scan_params *cp = data;
3574 __u16 interval, window;
3577 BT_DBG("%s", hdev->name);
3579 if (!lmp_le_capable(hdev))
3580 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3581 MGMT_STATUS_NOT_SUPPORTED);
3583 interval = __le16_to_cpu(cp->interval);
3585 if (interval < 0x0004 || interval > 0x4000)
3586 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3587 MGMT_STATUS_INVALID_PARAMS);
3589 window = __le16_to_cpu(cp->window);
3591 if (window < 0x0004 || window > 0x4000)
3592 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3593 MGMT_STATUS_INVALID_PARAMS);
3595 if (window > interval)
3596 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3597 MGMT_STATUS_INVALID_PARAMS);
3601 hdev->le_scan_interval = interval;
3602 hdev->le_scan_window = window;
3604 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3606 hci_dev_unlock(hdev);
3611 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3613 struct pending_cmd *cmd;
3615 BT_DBG("status 0x%02x", status);
3619 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3624 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3625 mgmt_status(status));
3627 struct mgmt_mode *cp = cmd->param;
3630 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3632 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3634 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3635 new_settings(hdev, cmd->sk);
3638 mgmt_pending_remove(cmd);
3641 hci_dev_unlock(hdev);
3644 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3645 void *data, u16 len)
3647 struct mgmt_mode *cp = data;
3648 struct pending_cmd *cmd;
3649 struct hci_request req;
3652 BT_DBG("%s", hdev->name);
3654 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3655 hdev->hci_ver < BLUETOOTH_VER_1_2)
3656 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3657 MGMT_STATUS_NOT_SUPPORTED);
3659 if (cp->val != 0x00 && cp->val != 0x01)
3660 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3661 MGMT_STATUS_INVALID_PARAMS);
3663 if (!hdev_is_powered(hdev))
3664 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3665 MGMT_STATUS_NOT_POWERED);
3667 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3668 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3669 MGMT_STATUS_REJECTED);
3673 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3674 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3679 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3680 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3685 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3692 hci_req_init(&req, hdev);
3694 write_fast_connectable(&req, cp->val);
3696 err = hci_req_run(&req, fast_connectable_complete);
3698 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3699 MGMT_STATUS_FAILED);
3700 mgmt_pending_remove(cmd);
3704 hci_dev_unlock(hdev);
3709 static void set_bredr_scan(struct hci_request *req)
3711 struct hci_dev *hdev = req->hdev;
3714 /* Ensure that fast connectable is disabled. This function will
3715 * not do anything if the page scan parameters are already what
3718 write_fast_connectable(req, false);
3720 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3722 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3723 scan |= SCAN_INQUIRY;
3726 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3729 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3731 struct pending_cmd *cmd;
3733 BT_DBG("status 0x%02x", status);
3737 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3742 u8 mgmt_err = mgmt_status(status);
3744 /* We need to restore the flag if related HCI commands
3747 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3749 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3751 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3752 new_settings(hdev, cmd->sk);
3755 mgmt_pending_remove(cmd);
3758 hci_dev_unlock(hdev);
3761 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3763 struct mgmt_mode *cp = data;
3764 struct pending_cmd *cmd;
3765 struct hci_request req;
3768 BT_DBG("request for %s", hdev->name);
3770 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3771 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3772 MGMT_STATUS_NOT_SUPPORTED);
3774 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3775 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3776 MGMT_STATUS_REJECTED);
3778 if (cp->val != 0x00 && cp->val != 0x01)
3779 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3780 MGMT_STATUS_INVALID_PARAMS);
3784 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3785 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3789 if (!hdev_is_powered(hdev)) {
3791 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3792 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3793 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3794 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3795 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3798 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3800 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3804 err = new_settings(hdev, sk);
3808 /* Reject disabling when powered on */
3810 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3811 MGMT_STATUS_REJECTED);
3815 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3816 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3821 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3827 /* We need to flip the bit already here so that update_ad
3828 * generates the correct flags.
3830 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3832 hci_req_init(&req, hdev);
3834 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3835 set_bredr_scan(&req);
3839 err = hci_req_run(&req, set_bredr_complete);
3841 mgmt_pending_remove(cmd);
3844 hci_dev_unlock(hdev);
3848 static bool ltk_is_valid(struct mgmt_ltk_info *key)
3850 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3852 if (key->master != 0x00 && key->master != 0x01)
3854 if (!bdaddr_type_is_le(key->addr.type))
3859 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
3860 void *cp_data, u16 len)
3862 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3863 u16 key_count, expected_len;
3866 BT_DBG("request for %s", hdev->name);
3868 if (!lmp_le_capable(hdev))
3869 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3870 MGMT_STATUS_NOT_SUPPORTED);
3872 key_count = __le16_to_cpu(cp->key_count);
3874 expected_len = sizeof(*cp) + key_count *
3875 sizeof(struct mgmt_ltk_info);
3876 if (expected_len != len) {
3877 BT_ERR("load_keys: expected %u bytes, got %u bytes",
3879 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3880 MGMT_STATUS_INVALID_PARAMS);
3883 BT_DBG("%s key_count %u", hdev->name, key_count);
3885 for (i = 0; i < key_count; i++) {
3886 struct mgmt_ltk_info *key = &cp->keys[i];
3888 if (!ltk_is_valid(key))
3889 return cmd_status(sk, hdev->id,
3890 MGMT_OP_LOAD_LONG_TERM_KEYS,
3891 MGMT_STATUS_INVALID_PARAMS);
3896 hci_smp_ltks_clear(hdev);
3898 for (i = 0; i < key_count; i++) {
3899 struct mgmt_ltk_info *key = &cp->keys[i];
3902 if (key->addr.type == BDADDR_LE_PUBLIC)
3903 addr_type = ADDR_LE_DEV_PUBLIC;
3905 addr_type = ADDR_LE_DEV_RANDOM;
3910 type = HCI_SMP_LTK_SLAVE;
3912 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
3913 type, 0, key->authenticated, key->val,
3914 key->enc_size, key->ediv, key->rand);
3917 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3920 hci_dev_unlock(hdev);
3925 static const struct mgmt_handler {
3926 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3930 } mgmt_handlers[] = {
3931 { NULL }, /* 0x0000 (no command) */
3932 { read_version, false, MGMT_READ_VERSION_SIZE },
3933 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3934 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3935 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3936 { set_powered, false, MGMT_SETTING_SIZE },
3937 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3938 { set_connectable, false, MGMT_SETTING_SIZE },
3939 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3940 { set_pairable, false, MGMT_SETTING_SIZE },
3941 { set_link_security, false, MGMT_SETTING_SIZE },
3942 { set_ssp, false, MGMT_SETTING_SIZE },
3943 { set_hs, false, MGMT_SETTING_SIZE },
3944 { set_le, false, MGMT_SETTING_SIZE },
3945 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3946 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3947 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3948 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3949 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3950 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3951 { disconnect, false, MGMT_DISCONNECT_SIZE },
3952 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3953 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3954 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3955 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3956 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3957 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3958 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3959 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3960 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3961 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3962 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3963 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3964 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3965 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3966 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3967 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3968 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3969 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3970 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
3971 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
3972 { set_advertising, false, MGMT_SETTING_SIZE },
3973 { set_bredr, false, MGMT_SETTING_SIZE },
3974 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
3975 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
3979 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3983 struct mgmt_hdr *hdr;
3984 u16 opcode, index, len;
3985 struct hci_dev *hdev = NULL;
3986 const struct mgmt_handler *handler;
3989 BT_DBG("got %zu bytes", msglen);
3991 if (msglen < sizeof(*hdr))
3994 buf = kmalloc(msglen, GFP_KERNEL);
3998 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4004 opcode = __le16_to_cpu(hdr->opcode);
4005 index = __le16_to_cpu(hdr->index);
4006 len = __le16_to_cpu(hdr->len);
4008 if (len != msglen - sizeof(*hdr)) {
4013 if (index != MGMT_INDEX_NONE) {
4014 hdev = hci_dev_get(index);
4016 err = cmd_status(sk, index, opcode,
4017 MGMT_STATUS_INVALID_INDEX);
4021 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4022 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
4023 err = cmd_status(sk, index, opcode,
4024 MGMT_STATUS_INVALID_INDEX);
4029 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
4030 mgmt_handlers[opcode].func == NULL) {
4031 BT_DBG("Unknown op %u", opcode);
4032 err = cmd_status(sk, index, opcode,
4033 MGMT_STATUS_UNKNOWN_COMMAND);
4037 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
4038 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
4039 err = cmd_status(sk, index, opcode,
4040 MGMT_STATUS_INVALID_INDEX);
4044 handler = &mgmt_handlers[opcode];
4046 if ((handler->var_len && len < handler->data_len) ||
4047 (!handler->var_len && len != handler->data_len)) {
4048 err = cmd_status(sk, index, opcode,
4049 MGMT_STATUS_INVALID_PARAMS);
4054 mgmt_init_hdev(sk, hdev);
4056 cp = buf + sizeof(*hdr);
4058 err = handler->func(sk, hdev, cp, len);
4072 void mgmt_index_added(struct hci_dev *hdev)
4074 if (hdev->dev_type != HCI_BREDR)
4077 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
4080 void mgmt_index_removed(struct hci_dev *hdev)
4082 u8 status = MGMT_STATUS_INVALID_INDEX;
4084 if (hdev->dev_type != HCI_BREDR)
4087 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
4089 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
4092 static void powered_complete(struct hci_dev *hdev, u8 status)
4094 struct cmd_lookup match = { NULL, hdev };
4096 BT_DBG("status 0x%02x", status);
4100 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4102 new_settings(hdev, match.sk);
4104 hci_dev_unlock(hdev);
4110 static int powered_update_hci(struct hci_dev *hdev)
4112 struct hci_request req;
4115 hci_req_init(&req, hdev);
4117 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4118 !lmp_host_ssp_capable(hdev)) {
4121 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
4124 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4125 lmp_bredr_capable(hdev)) {
4126 struct hci_cp_write_le_host_supported cp;
4129 cp.simul = lmp_le_br_capable(hdev);
4131 /* Check first if we already have the right
4132 * host state (host features set)
4134 if (cp.le != lmp_host_le_capable(hdev) ||
4135 cp.simul != lmp_host_le_br_capable(hdev))
4136 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4140 if (lmp_le_capable(hdev)) {
4141 /* Set random address to static address if configured */
4142 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4143 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4144 &hdev->static_addr);
4146 /* Make sure the controller has a good default for
4147 * advertising data. This also applies to the case
4148 * where BR/EDR was toggled during the AUTO_OFF phase.
4150 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4153 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4154 enable_advertising(&req);
4157 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4158 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
4159 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4160 sizeof(link_sec), &link_sec);
4162 if (lmp_bredr_capable(hdev)) {
4163 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4164 set_bredr_scan(&req);
4170 return hci_req_run(&req, powered_complete);
4173 int mgmt_powered(struct hci_dev *hdev, u8 powered)
4175 struct cmd_lookup match = { NULL, hdev };
4176 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4177 u8 zero_cod[] = { 0, 0, 0 };
4180 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4184 if (powered_update_hci(hdev) == 0)
4187 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4192 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4193 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4195 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4196 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4197 zero_cod, sizeof(zero_cod), NULL);
4200 err = new_settings(hdev, match.sk);
4208 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
4210 struct pending_cmd *cmd;
4213 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4217 if (err == -ERFKILL)
4218 status = MGMT_STATUS_RFKILLED;
4220 status = MGMT_STATUS_FAILED;
4222 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
4224 mgmt_pending_remove(cmd);
4227 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
4229 bool changed = false;
4232 /* Nothing needed here if there's a pending command since that
4233 * commands request completion callback takes care of everything
4236 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
4240 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4243 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4248 err = new_settings(hdev, NULL);
4253 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
4255 bool changed = false;
4258 /* Nothing needed here if there's a pending command since that
4259 * commands request completion callback takes care of everything
4262 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
4266 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4269 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4274 err = new_settings(hdev, NULL);
4279 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
4281 u8 mgmt_err = mgmt_status(status);
4283 if (scan & SCAN_PAGE)
4284 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
4285 cmd_status_rsp, &mgmt_err);
4287 if (scan & SCAN_INQUIRY)
4288 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
4289 cmd_status_rsp, &mgmt_err);
4294 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4297 struct mgmt_ev_new_link_key ev;
4299 memset(&ev, 0, sizeof(ev));
4301 ev.store_hint = persistent;
4302 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4303 ev.key.addr.type = BDADDR_BREDR;
4304 ev.key.type = key->type;
4305 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
4306 ev.key.pin_len = key->pin_len;
4308 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4311 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4313 struct mgmt_ev_new_long_term_key ev;
4315 memset(&ev, 0, sizeof(ev));
4317 ev.store_hint = persistent;
4318 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4319 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4320 ev.key.authenticated = key->authenticated;
4321 ev.key.enc_size = key->enc_size;
4322 ev.key.ediv = key->ediv;
4324 if (key->type == HCI_SMP_LTK)
4327 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4328 memcpy(ev.key.val, key->val, sizeof(key->val));
4330 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4334 void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4335 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4339 struct mgmt_ev_device_connected *ev = (void *) buf;
4342 bacpy(&ev->addr.bdaddr, bdaddr);
4343 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4345 ev->flags = __cpu_to_le32(flags);
4348 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4351 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4352 eir_len = eir_append_data(ev->eir, eir_len,
4353 EIR_CLASS_OF_DEV, dev_class, 3);
4355 ev->eir_len = cpu_to_le16(eir_len);
4357 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4358 sizeof(*ev) + eir_len, NULL);
4361 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4363 struct mgmt_cp_disconnect *cp = cmd->param;
4364 struct sock **sk = data;
4365 struct mgmt_rp_disconnect rp;
4367 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4368 rp.addr.type = cp->addr.type;
4370 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4376 mgmt_pending_remove(cmd);
4379 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4381 struct hci_dev *hdev = data;
4382 struct mgmt_cp_unpair_device *cp = cmd->param;
4383 struct mgmt_rp_unpair_device rp;
4385 memset(&rp, 0, sizeof(rp));
4386 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4387 rp.addr.type = cp->addr.type;
4389 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4391 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4393 mgmt_pending_remove(cmd);
4396 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4397 u8 link_type, u8 addr_type, u8 reason)
4399 struct mgmt_ev_device_disconnected ev;
4400 struct sock *sk = NULL;
4402 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4404 bacpy(&ev.addr.bdaddr, bdaddr);
4405 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4408 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
4413 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4417 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4418 u8 link_type, u8 addr_type, u8 status)
4420 struct mgmt_rp_disconnect rp;
4421 struct pending_cmd *cmd;
4423 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4426 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4430 bacpy(&rp.addr.bdaddr, bdaddr);
4431 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4433 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4434 mgmt_status(status), &rp, sizeof(rp));
4436 mgmt_pending_remove(cmd);
4439 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4440 u8 addr_type, u8 status)
4442 struct mgmt_ev_connect_failed ev;
4444 bacpy(&ev.addr.bdaddr, bdaddr);
4445 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4446 ev.status = mgmt_status(status);
4448 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4451 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
4453 struct mgmt_ev_pin_code_request ev;
4455 bacpy(&ev.addr.bdaddr, bdaddr);
4456 ev.addr.type = BDADDR_BREDR;
4459 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4463 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4466 struct pending_cmd *cmd;
4467 struct mgmt_rp_pin_code_reply rp;
4470 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
4474 bacpy(&rp.addr.bdaddr, bdaddr);
4475 rp.addr.type = BDADDR_BREDR;
4477 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4478 mgmt_status(status), &rp, sizeof(rp));
4480 mgmt_pending_remove(cmd);
4485 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4488 struct pending_cmd *cmd;
4489 struct mgmt_rp_pin_code_reply rp;
4492 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
4496 bacpy(&rp.addr.bdaddr, bdaddr);
4497 rp.addr.type = BDADDR_BREDR;
4499 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4500 mgmt_status(status), &rp, sizeof(rp));
4502 mgmt_pending_remove(cmd);
4507 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4508 u8 link_type, u8 addr_type, __le32 value,
4511 struct mgmt_ev_user_confirm_request ev;
4513 BT_DBG("%s", hdev->name);
4515 bacpy(&ev.addr.bdaddr, bdaddr);
4516 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4517 ev.confirm_hint = confirm_hint;
4520 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4524 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4525 u8 link_type, u8 addr_type)
4527 struct mgmt_ev_user_passkey_request ev;
4529 BT_DBG("%s", hdev->name);
4531 bacpy(&ev.addr.bdaddr, bdaddr);
4532 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4534 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
4538 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4539 u8 link_type, u8 addr_type, u8 status,
4542 struct pending_cmd *cmd;
4543 struct mgmt_rp_user_confirm_reply rp;
4546 cmd = mgmt_pending_find(opcode, hdev);
4550 bacpy(&rp.addr.bdaddr, bdaddr);
4551 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4552 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
4555 mgmt_pending_remove(cmd);
4560 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4561 u8 link_type, u8 addr_type, u8 status)
4563 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4564 status, MGMT_OP_USER_CONFIRM_REPLY);
4567 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4568 u8 link_type, u8 addr_type, u8 status)
4570 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4572 MGMT_OP_USER_CONFIRM_NEG_REPLY);
4575 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4576 u8 link_type, u8 addr_type, u8 status)
4578 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4579 status, MGMT_OP_USER_PASSKEY_REPLY);
4582 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4583 u8 link_type, u8 addr_type, u8 status)
4585 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4587 MGMT_OP_USER_PASSKEY_NEG_REPLY);
4590 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4591 u8 link_type, u8 addr_type, u32 passkey,
4594 struct mgmt_ev_passkey_notify ev;
4596 BT_DBG("%s", hdev->name);
4598 bacpy(&ev.addr.bdaddr, bdaddr);
4599 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4600 ev.passkey = __cpu_to_le32(passkey);
4601 ev.entered = entered;
4603 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4606 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4607 u8 addr_type, u8 status)
4609 struct mgmt_ev_auth_failed ev;
4611 bacpy(&ev.addr.bdaddr, bdaddr);
4612 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4613 ev.status = mgmt_status(status);
4615 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
4618 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4620 struct cmd_lookup match = { NULL, hdev };
4621 bool changed = false;
4625 u8 mgmt_err = mgmt_status(status);
4626 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
4627 cmd_status_rsp, &mgmt_err);
4631 if (test_bit(HCI_AUTH, &hdev->flags)) {
4632 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4635 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4639 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
4643 err = new_settings(hdev, match.sk);
4651 static void clear_eir(struct hci_request *req)
4653 struct hci_dev *hdev = req->hdev;
4654 struct hci_cp_write_eir cp;
4656 if (!lmp_ext_inq_capable(hdev))
4659 memset(hdev->eir, 0, sizeof(hdev->eir));
4661 memset(&cp, 0, sizeof(cp));
4663 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
4666 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4668 struct cmd_lookup match = { NULL, hdev };
4669 struct hci_request req;
4670 bool changed = false;
4674 u8 mgmt_err = mgmt_status(status);
4676 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
4677 &hdev->dev_flags)) {
4678 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4679 err = new_settings(hdev, NULL);
4682 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4689 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4691 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4693 changed = test_and_clear_bit(HCI_HS_ENABLED,
4696 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4699 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4702 err = new_settings(hdev, match.sk);
4707 hci_req_init(&req, hdev);
4709 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4714 hci_req_run(&req, NULL);
4719 static void sk_lookup(struct pending_cmd *cmd, void *data)
4721 struct cmd_lookup *match = data;
4723 if (match->sk == NULL) {
4724 match->sk = cmd->sk;
4725 sock_hold(match->sk);
4729 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4732 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4735 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4736 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4737 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
4740 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4749 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
4751 struct mgmt_cp_set_local_name ev;
4752 struct pending_cmd *cmd;
4757 memset(&ev, 0, sizeof(ev));
4758 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
4759 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
4761 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
4763 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
4765 /* If this is a HCI command related to powering on the
4766 * HCI dev don't send any mgmt signals.
4768 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4772 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4773 cmd ? cmd->sk : NULL);
4776 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4777 u8 *randomizer, u8 status)
4779 struct pending_cmd *cmd;
4782 BT_DBG("%s status %u", hdev->name, status);
4784 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4789 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4790 mgmt_status(status));
4792 struct mgmt_rp_read_local_oob_data rp;
4794 memcpy(rp.hash, hash, sizeof(rp.hash));
4795 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4797 err = cmd_complete(cmd->sk, hdev->id,
4798 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4802 mgmt_pending_remove(cmd);
4807 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4808 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4809 ssp, u8 *eir, u16 eir_len)
4812 struct mgmt_ev_device_found *ev = (void *) buf;
4815 if (!hci_discovery_active(hdev))
4818 /* Leave 5 bytes for a potential CoD field */
4819 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
4822 memset(buf, 0, sizeof(buf));
4824 bacpy(&ev->addr.bdaddr, bdaddr);
4825 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4828 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
4830 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
4833 memcpy(ev->eir, eir, eir_len);
4835 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4836 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
4839 ev->eir_len = cpu_to_le16(eir_len);
4840 ev_size = sizeof(*ev) + eir_len;
4842 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
4845 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4846 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
4848 struct mgmt_ev_device_found *ev;
4849 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4852 ev = (struct mgmt_ev_device_found *) buf;
4854 memset(buf, 0, sizeof(buf));
4856 bacpy(&ev->addr.bdaddr, bdaddr);
4857 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4860 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
4863 ev->eir_len = cpu_to_le16(eir_len);
4865 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
4868 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
4870 struct mgmt_ev_discovering ev;
4871 struct pending_cmd *cmd;
4873 BT_DBG("%s discovering %u", hdev->name, discovering);
4876 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
4878 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4881 u8 type = hdev->discovery.type;
4883 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4885 mgmt_pending_remove(cmd);
4888 memset(&ev, 0, sizeof(ev));
4889 ev.type = hdev->discovery.type;
4890 ev.discovering = discovering;
4892 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
4895 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4897 struct pending_cmd *cmd;
4898 struct mgmt_ev_device_blocked ev;
4900 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
4902 bacpy(&ev.addr.bdaddr, bdaddr);
4903 ev.addr.type = type;
4905 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
4906 cmd ? cmd->sk : NULL);
4909 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4911 struct pending_cmd *cmd;
4912 struct mgmt_ev_device_unblocked ev;
4914 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
4916 bacpy(&ev.addr.bdaddr, bdaddr);
4917 ev.addr.type = type;
4919 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
4920 cmd ? cmd->sk : NULL);
4923 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4925 BT_DBG("%s status %u", hdev->name, status);
4927 /* Clear the advertising mgmt setting if we failed to re-enable it */
4929 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4930 new_settings(hdev, NULL);
4934 void mgmt_reenable_advertising(struct hci_dev *hdev)
4936 struct hci_request req;
4938 if (hci_conn_num(hdev, LE_LINK) > 0)
4941 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4944 hci_req_init(&req, hdev);
4945 enable_advertising(&req);
4947 /* If this fails we have no option but to let user space know
4948 * that we've disabled advertising.
4950 if (hci_req_run(&req, adv_enable_complete) < 0) {
4951 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4952 new_settings(hdev, NULL);
projects / karo-tx-linux.git / blob