2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
35 #define MGMT_VERSION 1
36 #define MGMT_REVISION 4
38 static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_LINK_SECURITY,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_UNBLOCK_DEVICE,
76 MGMT_OP_SET_DEVICE_ID,
77 MGMT_OP_SET_ADVERTISING,
79 MGMT_OP_SET_STATIC_ADDRESS,
82 static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
103 MGMT_EV_PASSKEY_NOTIFY,
106 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
108 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112 struct list_head list;
120 /* HCI to MGMT error code conversion table */
121 static u8 mgmt_status_table[] = {
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185 bool mgmt_valid_hdev(struct hci_dev *hdev)
187 return hdev->dev_type == HCI_BREDR;
190 static u8 mgmt_status(u8 hci_status)
192 if (hci_status < ARRAY_SIZE(mgmt_status_table))
193 return mgmt_status_table[hci_status];
195 return MGMT_STATUS_FAILED;
198 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
201 struct mgmt_hdr *hdr;
202 struct mgmt_ev_cmd_status *ev;
205 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
207 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
211 hdr = (void *) skb_put(skb, sizeof(*hdr));
213 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
214 hdr->index = cpu_to_le16(index);
215 hdr->len = cpu_to_le16(sizeof(*ev));
217 ev = (void *) skb_put(skb, sizeof(*ev));
219 ev->opcode = cpu_to_le16(cmd);
221 err = sock_queue_rcv_skb(sk, skb);
228 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
229 void *rp, size_t rp_len)
232 struct mgmt_hdr *hdr;
233 struct mgmt_ev_cmd_complete *ev;
236 BT_DBG("sock %p", sk);
238 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
242 hdr = (void *) skb_put(skb, sizeof(*hdr));
244 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
245 hdr->index = cpu_to_le16(index);
246 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
248 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
249 ev->opcode = cpu_to_le16(cmd);
253 memcpy(ev->data, rp, rp_len);
255 err = sock_queue_rcv_skb(sk, skb);
262 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
265 struct mgmt_rp_read_version rp;
267 BT_DBG("sock %p", sk);
269 rp.version = MGMT_VERSION;
270 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
272 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
276 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
279 struct mgmt_rp_read_commands *rp;
280 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
281 const u16 num_events = ARRAY_SIZE(mgmt_events);
286 BT_DBG("sock %p", sk);
288 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
290 rp = kmalloc(rp_size, GFP_KERNEL);
294 rp->num_commands = __constant_cpu_to_le16(num_commands);
295 rp->num_events = __constant_cpu_to_le16(num_events);
297 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
298 put_unaligned_le16(mgmt_commands[i], opcode);
300 for (i = 0; i < num_events; i++, opcode++)
301 put_unaligned_le16(mgmt_events[i], opcode);
303 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
310 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
313 struct mgmt_rp_read_index_list *rp;
319 BT_DBG("sock %p", sk);
321 read_lock(&hci_dev_list_lock);
324 list_for_each_entry(d, &hci_dev_list, list) {
325 if (!mgmt_valid_hdev(d))
331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
334 read_unlock(&hci_dev_list_lock);
339 list_for_each_entry(d, &hci_dev_list, list) {
340 if (test_bit(HCI_SETUP, &d->dev_flags))
343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
346 if (!mgmt_valid_hdev(d))
349 rp->index[count++] = cpu_to_le16(d->id);
350 BT_DBG("Added hci%u", d->id);
353 rp->num_controllers = cpu_to_le16(count);
354 rp_len = sizeof(*rp) + (2 * count);
356 read_unlock(&hci_dev_list_lock);
358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
366 static u32 get_supported_settings(struct hci_dev *hdev)
370 settings |= MGMT_SETTING_POWERED;
371 settings |= MGMT_SETTING_PAIRABLE;
373 if (lmp_ssp_capable(hdev))
374 settings |= MGMT_SETTING_SSP;
376 if (lmp_bredr_capable(hdev)) {
377 settings |= MGMT_SETTING_CONNECTABLE;
378 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
379 settings |= MGMT_SETTING_FAST_CONNECTABLE;
380 settings |= MGMT_SETTING_DISCOVERABLE;
381 settings |= MGMT_SETTING_BREDR;
382 settings |= MGMT_SETTING_LINK_SECURITY;
383 settings |= MGMT_SETTING_HS;
386 if (lmp_le_capable(hdev)) {
387 settings |= MGMT_SETTING_LE;
388 settings |= MGMT_SETTING_ADVERTISING;
394 static u32 get_current_settings(struct hci_dev *hdev)
398 if (hdev_is_powered(hdev))
399 settings |= MGMT_SETTING_POWERED;
401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
402 settings |= MGMT_SETTING_CONNECTABLE;
404 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_FAST_CONNECTABLE;
407 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
408 settings |= MGMT_SETTING_DISCOVERABLE;
410 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
411 settings |= MGMT_SETTING_PAIRABLE;
413 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
414 settings |= MGMT_SETTING_BREDR;
416 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
417 settings |= MGMT_SETTING_LE;
419 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
420 settings |= MGMT_SETTING_LINK_SECURITY;
422 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
423 settings |= MGMT_SETTING_SSP;
425 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
426 settings |= MGMT_SETTING_HS;
428 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
429 settings |= MGMT_SETTING_ADVERTISING;
434 #define PNP_INFO_SVCLASS_ID 0x1200
436 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
438 u8 *ptr = data, *uuids_start = NULL;
439 struct bt_uuid *uuid;
444 list_for_each_entry(uuid, &hdev->uuids, list) {
447 if (uuid->size != 16)
450 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
454 if (uuid16 == PNP_INFO_SVCLASS_ID)
460 uuids_start[1] = EIR_UUID16_ALL;
464 /* Stop if not enough space to put next UUID */
465 if ((ptr - data) + sizeof(u16) > len) {
466 uuids_start[1] = EIR_UUID16_SOME;
470 *ptr++ = (uuid16 & 0x00ff);
471 *ptr++ = (uuid16 & 0xff00) >> 8;
472 uuids_start[0] += sizeof(uuid16);
478 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
480 u8 *ptr = data, *uuids_start = NULL;
481 struct bt_uuid *uuid;
486 list_for_each_entry(uuid, &hdev->uuids, list) {
487 if (uuid->size != 32)
493 uuids_start[1] = EIR_UUID32_ALL;
497 /* Stop if not enough space to put next UUID */
498 if ((ptr - data) + sizeof(u32) > len) {
499 uuids_start[1] = EIR_UUID32_SOME;
503 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
505 uuids_start[0] += sizeof(u32);
511 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
513 u8 *ptr = data, *uuids_start = NULL;
514 struct bt_uuid *uuid;
519 list_for_each_entry(uuid, &hdev->uuids, list) {
520 if (uuid->size != 128)
526 uuids_start[1] = EIR_UUID128_ALL;
530 /* Stop if not enough space to put next UUID */
531 if ((ptr - data) + 16 > len) {
532 uuids_start[1] = EIR_UUID128_SOME;
536 memcpy(ptr, uuid->uuid, 16);
538 uuids_start[0] += 16;
544 static void create_eir(struct hci_dev *hdev, u8 *data)
549 name_len = strlen(hdev->dev_name);
555 ptr[1] = EIR_NAME_SHORT;
557 ptr[1] = EIR_NAME_COMPLETE;
559 /* EIR Data length */
560 ptr[0] = name_len + 1;
562 memcpy(ptr + 2, hdev->dev_name, name_len);
564 ptr += (name_len + 2);
567 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
569 ptr[1] = EIR_TX_POWER;
570 ptr[2] = (u8) hdev->inq_tx_power;
575 if (hdev->devid_source > 0) {
577 ptr[1] = EIR_DEVICE_ID;
579 put_unaligned_le16(hdev->devid_source, ptr + 2);
580 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
581 put_unaligned_le16(hdev->devid_product, ptr + 6);
582 put_unaligned_le16(hdev->devid_version, ptr + 8);
587 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
588 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
589 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
592 static void update_eir(struct hci_request *req)
594 struct hci_dev *hdev = req->hdev;
595 struct hci_cp_write_eir cp;
597 if (!hdev_is_powered(hdev))
600 if (!lmp_ext_inq_capable(hdev))
603 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
606 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
609 memset(&cp, 0, sizeof(cp));
611 create_eir(hdev, cp.data);
613 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
616 memcpy(hdev->eir, cp.data, sizeof(cp.data));
618 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
621 static u8 get_service_classes(struct hci_dev *hdev)
623 struct bt_uuid *uuid;
626 list_for_each_entry(uuid, &hdev->uuids, list)
627 val |= uuid->svc_hint;
632 static void update_class(struct hci_request *req)
634 struct hci_dev *hdev = req->hdev;
637 BT_DBG("%s", hdev->name);
639 if (!hdev_is_powered(hdev))
642 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
645 cod[0] = hdev->minor_class;
646 cod[1] = hdev->major_class;
647 cod[2] = get_service_classes(hdev);
649 if (memcmp(cod, hdev->dev_class, 3) == 0)
652 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
655 static void service_cache_off(struct work_struct *work)
657 struct hci_dev *hdev = container_of(work, struct hci_dev,
659 struct hci_request req;
661 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
664 hci_req_init(&req, hdev);
671 hci_dev_unlock(hdev);
673 hci_req_run(&req, NULL);
676 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
678 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
681 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
683 /* Non-mgmt controlled devices get this bit set
684 * implicitly so that pairing works for them, however
685 * for mgmt we require user-space to explicitly enable
688 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
691 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
692 void *data, u16 data_len)
694 struct mgmt_rp_read_info rp;
696 BT_DBG("sock %p %s", sk, hdev->name);
700 memset(&rp, 0, sizeof(rp));
702 bacpy(&rp.bdaddr, &hdev->bdaddr);
704 rp.version = hdev->hci_ver;
705 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
707 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
708 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
710 memcpy(rp.dev_class, hdev->dev_class, 3);
712 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
713 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
715 hci_dev_unlock(hdev);
717 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
721 static void mgmt_pending_free(struct pending_cmd *cmd)
728 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
729 struct hci_dev *hdev, void *data,
732 struct pending_cmd *cmd;
734 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
738 cmd->opcode = opcode;
739 cmd->index = hdev->id;
741 cmd->param = kmalloc(len, GFP_KERNEL);
748 memcpy(cmd->param, data, len);
753 list_add(&cmd->list, &hdev->mgmt_pending);
758 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
759 void (*cb)(struct pending_cmd *cmd,
763 struct pending_cmd *cmd, *tmp;
765 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
766 if (opcode > 0 && cmd->opcode != opcode)
773 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
775 struct pending_cmd *cmd;
777 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
778 if (cmd->opcode == opcode)
785 static void mgmt_pending_remove(struct pending_cmd *cmd)
787 list_del(&cmd->list);
788 mgmt_pending_free(cmd);
791 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
793 __le32 settings = cpu_to_le32(get_current_settings(hdev));
795 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
799 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
802 struct mgmt_mode *cp = data;
803 struct pending_cmd *cmd;
806 BT_DBG("request for %s", hdev->name);
808 if (cp->val != 0x00 && cp->val != 0x01)
809 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
810 MGMT_STATUS_INVALID_PARAMS);
814 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
815 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
820 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
821 cancel_delayed_work(&hdev->power_off);
824 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
826 err = mgmt_powered(hdev, 1);
831 if (!!cp->val == hdev_is_powered(hdev)) {
832 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
843 queue_work(hdev->req_workqueue, &hdev->power_on);
845 queue_work(hdev->req_workqueue, &hdev->power_off.work);
850 hci_dev_unlock(hdev);
854 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
855 struct sock *skip_sk)
858 struct mgmt_hdr *hdr;
860 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
864 hdr = (void *) skb_put(skb, sizeof(*hdr));
865 hdr->opcode = cpu_to_le16(event);
867 hdr->index = cpu_to_le16(hdev->id);
869 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
870 hdr->len = cpu_to_le16(data_len);
873 memcpy(skb_put(skb, data_len), data, data_len);
876 __net_timestamp(skb);
878 hci_send_to_control(skb, skip_sk);
884 static int new_settings(struct hci_dev *hdev, struct sock *skip)
888 ev = cpu_to_le32(get_current_settings(hdev));
890 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
895 struct hci_dev *hdev;
899 static void settings_rsp(struct pending_cmd *cmd, void *data)
901 struct cmd_lookup *match = data;
903 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
905 list_del(&cmd->list);
907 if (match->sk == NULL) {
909 sock_hold(match->sk);
912 mgmt_pending_free(cmd);
915 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
919 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
920 mgmt_pending_remove(cmd);
923 static u8 mgmt_bredr_support(struct hci_dev *hdev)
925 if (!lmp_bredr_capable(hdev))
926 return MGMT_STATUS_NOT_SUPPORTED;
927 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
928 return MGMT_STATUS_REJECTED;
930 return MGMT_STATUS_SUCCESS;
933 static u8 mgmt_le_support(struct hci_dev *hdev)
935 if (!lmp_le_capable(hdev))
936 return MGMT_STATUS_NOT_SUPPORTED;
937 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
938 return MGMT_STATUS_REJECTED;
940 return MGMT_STATUS_SUCCESS;
943 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
946 struct mgmt_cp_set_discoverable *cp = data;
947 struct pending_cmd *cmd;
952 BT_DBG("request for %s", hdev->name);
954 status = mgmt_bredr_support(hdev);
956 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
959 if (cp->val != 0x00 && cp->val != 0x01)
960 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
961 MGMT_STATUS_INVALID_PARAMS);
963 timeout = __le16_to_cpu(cp->timeout);
964 if (!cp->val && timeout > 0)
965 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
966 MGMT_STATUS_INVALID_PARAMS);
970 if (!hdev_is_powered(hdev) && timeout > 0) {
971 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
972 MGMT_STATUS_NOT_POWERED);
976 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
977 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
978 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
983 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
984 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
985 MGMT_STATUS_REJECTED);
989 if (!hdev_is_powered(hdev)) {
990 bool changed = false;
992 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
993 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
997 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1002 err = new_settings(hdev, sk);
1007 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1008 if (hdev->discov_timeout > 0) {
1009 cancel_delayed_work(&hdev->discov_off);
1010 hdev->discov_timeout = 0;
1013 if (cp->val && timeout > 0) {
1014 hdev->discov_timeout = timeout;
1015 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1016 msecs_to_jiffies(hdev->discov_timeout * 1000));
1019 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1023 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1032 scan |= SCAN_INQUIRY;
1034 cancel_delayed_work(&hdev->discov_off);
1036 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1038 mgmt_pending_remove(cmd);
1041 hdev->discov_timeout = timeout;
1044 hci_dev_unlock(hdev);
1048 static void write_fast_connectable(struct hci_request *req, bool enable)
1050 struct hci_dev *hdev = req->hdev;
1051 struct hci_cp_write_page_scan_activity acp;
1054 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1058 type = PAGE_SCAN_TYPE_INTERLACED;
1060 /* 160 msec page scan interval */
1061 acp.interval = __constant_cpu_to_le16(0x0100);
1063 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1065 /* default 1.28 sec page scan */
1066 acp.interval = __constant_cpu_to_le16(0x0800);
1069 acp.window = __constant_cpu_to_le16(0x0012);
1071 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1072 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1073 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1076 if (hdev->page_scan_type != type)
1077 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1080 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1082 struct pending_cmd *cmd;
1084 BT_DBG("status 0x%02x", status);
1088 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1092 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1094 mgmt_pending_remove(cmd);
1097 hci_dev_unlock(hdev);
1100 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1103 struct mgmt_mode *cp = data;
1104 struct pending_cmd *cmd;
1105 struct hci_request req;
1109 BT_DBG("request for %s", hdev->name);
1111 status = mgmt_bredr_support(hdev);
1113 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1116 if (cp->val != 0x00 && cp->val != 0x01)
1117 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1118 MGMT_STATUS_INVALID_PARAMS);
1122 if (!hdev_is_powered(hdev)) {
1123 bool changed = false;
1125 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1129 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1131 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1132 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1135 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1140 err = new_settings(hdev, sk);
1145 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1146 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1147 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1152 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1153 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1157 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1168 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1169 hdev->discov_timeout > 0)
1170 cancel_delayed_work(&hdev->discov_off);
1173 hci_req_init(&req, hdev);
1175 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1177 /* If we're going from non-connectable to connectable or
1178 * vice-versa when fast connectable is enabled ensure that fast
1179 * connectable gets disabled. write_fast_connectable won't do
1180 * anything if the page scan parameters are already what they
1183 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1184 write_fast_connectable(&req, false);
1186 err = hci_req_run(&req, set_connectable_complete);
1188 mgmt_pending_remove(cmd);
1191 hci_dev_unlock(hdev);
1195 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1198 struct mgmt_mode *cp = data;
1201 BT_DBG("request for %s", hdev->name);
1203 if (cp->val != 0x00 && cp->val != 0x01)
1204 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1205 MGMT_STATUS_INVALID_PARAMS);
1210 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1212 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1214 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1218 err = new_settings(hdev, sk);
1221 hci_dev_unlock(hdev);
1225 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1228 struct mgmt_mode *cp = data;
1229 struct pending_cmd *cmd;
1233 BT_DBG("request for %s", hdev->name);
1235 status = mgmt_bredr_support(hdev);
1237 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1240 if (cp->val != 0x00 && cp->val != 0x01)
1241 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1242 MGMT_STATUS_INVALID_PARAMS);
1246 if (!hdev_is_powered(hdev)) {
1247 bool changed = false;
1249 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1250 &hdev->dev_flags)) {
1251 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1255 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1260 err = new_settings(hdev, sk);
1265 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1266 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1273 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1274 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1278 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1284 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1286 mgmt_pending_remove(cmd);
1291 hci_dev_unlock(hdev);
1295 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1297 struct mgmt_mode *cp = data;
1298 struct pending_cmd *cmd;
1302 BT_DBG("request for %s", hdev->name);
1304 status = mgmt_bredr_support(hdev);
1306 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1308 if (!lmp_ssp_capable(hdev))
1309 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1310 MGMT_STATUS_NOT_SUPPORTED);
1312 if (cp->val != 0x00 && cp->val != 0x01)
1313 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1314 MGMT_STATUS_INVALID_PARAMS);
1320 if (!hdev_is_powered(hdev)) {
1321 bool changed = false;
1323 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1324 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1328 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1333 err = new_settings(hdev, sk);
1338 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1339 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1344 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1345 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1349 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1355 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1357 mgmt_pending_remove(cmd);
1362 hci_dev_unlock(hdev);
1366 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1368 struct mgmt_mode *cp = data;
1373 BT_DBG("request for %s", hdev->name);
1375 status = mgmt_bredr_support(hdev);
1377 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1379 if (cp->val != 0x00 && cp->val != 0x01)
1380 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1381 MGMT_STATUS_INVALID_PARAMS);
1386 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1388 if (hdev_is_powered(hdev)) {
1389 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1390 MGMT_STATUS_REJECTED);
1394 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1397 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1402 err = new_settings(hdev, sk);
1405 hci_dev_unlock(hdev);
1409 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1411 struct cmd_lookup match = { NULL, hdev };
1414 u8 mgmt_err = mgmt_status(status);
1416 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1421 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1423 new_settings(hdev, match.sk);
1429 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1431 struct mgmt_mode *cp = data;
1432 struct hci_cp_write_le_host_supported hci_cp;
1433 struct pending_cmd *cmd;
1434 struct hci_request req;
1438 BT_DBG("request for %s", hdev->name);
1440 if (!lmp_le_capable(hdev))
1441 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1442 MGMT_STATUS_NOT_SUPPORTED);
1444 if (cp->val != 0x00 && cp->val != 0x01)
1445 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1446 MGMT_STATUS_INVALID_PARAMS);
1448 /* LE-only devices do not allow toggling LE on/off */
1449 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1450 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1451 MGMT_STATUS_REJECTED);
1456 enabled = lmp_host_le_capable(hdev);
1458 if (!hdev_is_powered(hdev) || val == enabled) {
1459 bool changed = false;
1461 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1462 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1466 if (!val && test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
1467 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1471 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1476 err = new_settings(hdev, sk);
1481 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1482 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1483 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1488 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1494 memset(&hci_cp, 0, sizeof(hci_cp));
1498 hci_cp.simul = lmp_le_br_capable(hdev);
1501 hci_req_init(&req, hdev);
1503 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags) && !val)
1504 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
1506 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1509 err = hci_req_run(&req, le_enable_complete);
1511 mgmt_pending_remove(cmd);
1514 hci_dev_unlock(hdev);
1518 /* This is a helper function to test for pending mgmt commands that can
1519 * cause CoD or EIR HCI commands. We can only allow one such pending
1520 * mgmt command at a time since otherwise we cannot easily track what
1521 * the current values are, will be, and based on that calculate if a new
1522 * HCI command needs to be sent and if yes with what value.
1524 static bool pending_eir_or_class(struct hci_dev *hdev)
1526 struct pending_cmd *cmd;
1528 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1529 switch (cmd->opcode) {
1530 case MGMT_OP_ADD_UUID:
1531 case MGMT_OP_REMOVE_UUID:
1532 case MGMT_OP_SET_DEV_CLASS:
1533 case MGMT_OP_SET_POWERED:
1541 static const u8 bluetooth_base_uuid[] = {
1542 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1543 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1546 static u8 get_uuid_size(const u8 *uuid)
1550 if (memcmp(uuid, bluetooth_base_uuid, 12))
1553 val = get_unaligned_le32(&uuid[12]);
1560 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1562 struct pending_cmd *cmd;
1566 cmd = mgmt_pending_find(mgmt_op, hdev);
1570 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1571 hdev->dev_class, 3);
1573 mgmt_pending_remove(cmd);
1576 hci_dev_unlock(hdev);
1579 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1581 BT_DBG("status 0x%02x", status);
1583 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1586 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1588 struct mgmt_cp_add_uuid *cp = data;
1589 struct pending_cmd *cmd;
1590 struct hci_request req;
1591 struct bt_uuid *uuid;
1594 BT_DBG("request for %s", hdev->name);
1598 if (pending_eir_or_class(hdev)) {
1599 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1604 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1610 memcpy(uuid->uuid, cp->uuid, 16);
1611 uuid->svc_hint = cp->svc_hint;
1612 uuid->size = get_uuid_size(cp->uuid);
1614 list_add_tail(&uuid->list, &hdev->uuids);
1616 hci_req_init(&req, hdev);
1621 err = hci_req_run(&req, add_uuid_complete);
1623 if (err != -ENODATA)
1626 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1627 hdev->dev_class, 3);
1631 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1640 hci_dev_unlock(hdev);
1644 static bool enable_service_cache(struct hci_dev *hdev)
1646 if (!hdev_is_powered(hdev))
1649 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1650 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1658 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1660 BT_DBG("status 0x%02x", status);
1662 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1665 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1668 struct mgmt_cp_remove_uuid *cp = data;
1669 struct pending_cmd *cmd;
1670 struct bt_uuid *match, *tmp;
1671 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1672 struct hci_request req;
1675 BT_DBG("request for %s", hdev->name);
1679 if (pending_eir_or_class(hdev)) {
1680 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1685 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1686 err = hci_uuids_clear(hdev);
1688 if (enable_service_cache(hdev)) {
1689 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1690 0, hdev->dev_class, 3);
1699 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1700 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1703 list_del(&match->list);
1709 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1710 MGMT_STATUS_INVALID_PARAMS);
1715 hci_req_init(&req, hdev);
1720 err = hci_req_run(&req, remove_uuid_complete);
1722 if (err != -ENODATA)
1725 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1726 hdev->dev_class, 3);
1730 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1739 hci_dev_unlock(hdev);
1743 static void set_class_complete(struct hci_dev *hdev, u8 status)
1745 BT_DBG("status 0x%02x", status);
1747 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1750 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1753 struct mgmt_cp_set_dev_class *cp = data;
1754 struct pending_cmd *cmd;
1755 struct hci_request req;
1758 BT_DBG("request for %s", hdev->name);
1760 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1761 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1762 MGMT_STATUS_NOT_SUPPORTED);
1766 if (pending_eir_or_class(hdev)) {
1767 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1772 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1773 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1774 MGMT_STATUS_INVALID_PARAMS);
1778 hdev->major_class = cp->major;
1779 hdev->minor_class = cp->minor;
1781 if (!hdev_is_powered(hdev)) {
1782 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1783 hdev->dev_class, 3);
1787 hci_req_init(&req, hdev);
1789 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1790 hci_dev_unlock(hdev);
1791 cancel_delayed_work_sync(&hdev->service_cache);
1798 err = hci_req_run(&req, set_class_complete);
1800 if (err != -ENODATA)
1803 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1804 hdev->dev_class, 3);
1808 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1817 hci_dev_unlock(hdev);
1821 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1824 struct mgmt_cp_load_link_keys *cp = data;
1825 u16 key_count, expected_len;
1828 key_count = __le16_to_cpu(cp->key_count);
1830 expected_len = sizeof(*cp) + key_count *
1831 sizeof(struct mgmt_link_key_info);
1832 if (expected_len != len) {
1833 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1835 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1836 MGMT_STATUS_INVALID_PARAMS);
1839 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1840 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1841 MGMT_STATUS_INVALID_PARAMS);
1843 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1846 for (i = 0; i < key_count; i++) {
1847 struct mgmt_link_key_info *key = &cp->keys[i];
1849 if (key->addr.type != BDADDR_BREDR)
1850 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1851 MGMT_STATUS_INVALID_PARAMS);
1856 hci_link_keys_clear(hdev);
1859 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1861 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1863 for (i = 0; i < key_count; i++) {
1864 struct mgmt_link_key_info *key = &cp->keys[i];
1866 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1867 key->type, key->pin_len);
1870 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1872 hci_dev_unlock(hdev);
1877 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1878 u8 addr_type, struct sock *skip_sk)
1880 struct mgmt_ev_device_unpaired ev;
1882 bacpy(&ev.addr.bdaddr, bdaddr);
1883 ev.addr.type = addr_type;
1885 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1889 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1892 struct mgmt_cp_unpair_device *cp = data;
1893 struct mgmt_rp_unpair_device rp;
1894 struct hci_cp_disconnect dc;
1895 struct pending_cmd *cmd;
1896 struct hci_conn *conn;
1899 memset(&rp, 0, sizeof(rp));
1900 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1901 rp.addr.type = cp->addr.type;
1903 if (!bdaddr_type_is_valid(cp->addr.type))
1904 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1905 MGMT_STATUS_INVALID_PARAMS,
1908 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1909 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1910 MGMT_STATUS_INVALID_PARAMS,
1915 if (!hdev_is_powered(hdev)) {
1916 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1917 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1921 if (cp->addr.type == BDADDR_BREDR)
1922 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1924 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1927 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1928 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1932 if (cp->disconnect) {
1933 if (cp->addr.type == BDADDR_BREDR)
1934 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1937 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1944 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1946 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1950 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1957 dc.handle = cpu_to_le16(conn->handle);
1958 dc.reason = 0x13; /* Remote User Terminated Connection */
1959 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1961 mgmt_pending_remove(cmd);
1964 hci_dev_unlock(hdev);
1968 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1971 struct mgmt_cp_disconnect *cp = data;
1972 struct mgmt_rp_disconnect rp;
1973 struct hci_cp_disconnect dc;
1974 struct pending_cmd *cmd;
1975 struct hci_conn *conn;
1980 memset(&rp, 0, sizeof(rp));
1981 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1982 rp.addr.type = cp->addr.type;
1984 if (!bdaddr_type_is_valid(cp->addr.type))
1985 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1986 MGMT_STATUS_INVALID_PARAMS,
1991 if (!test_bit(HCI_UP, &hdev->flags)) {
1992 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1993 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1997 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1998 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1999 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2003 if (cp->addr.type == BDADDR_BREDR)
2004 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2007 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2009 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2010 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2011 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2015 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2021 dc.handle = cpu_to_le16(conn->handle);
2022 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2024 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2026 mgmt_pending_remove(cmd);
2029 hci_dev_unlock(hdev);
2033 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2035 switch (link_type) {
2037 switch (addr_type) {
2038 case ADDR_LE_DEV_PUBLIC:
2039 return BDADDR_LE_PUBLIC;
2042 /* Fallback to LE Random address type */
2043 return BDADDR_LE_RANDOM;
2047 /* Fallback to BR/EDR type */
2048 return BDADDR_BREDR;
2052 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2055 struct mgmt_rp_get_connections *rp;
2065 if (!hdev_is_powered(hdev)) {
2066 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2067 MGMT_STATUS_NOT_POWERED);
2072 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2073 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2077 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2078 rp = kmalloc(rp_len, GFP_KERNEL);
2085 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2086 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2088 bacpy(&rp->addr[i].bdaddr, &c->dst);
2089 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2090 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2095 rp->conn_count = cpu_to_le16(i);
2097 /* Recalculate length in case of filtered SCO connections, etc */
2098 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2100 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2106 hci_dev_unlock(hdev);
2110 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2111 struct mgmt_cp_pin_code_neg_reply *cp)
2113 struct pending_cmd *cmd;
2116 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2121 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2122 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2124 mgmt_pending_remove(cmd);
2129 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2132 struct hci_conn *conn;
2133 struct mgmt_cp_pin_code_reply *cp = data;
2134 struct hci_cp_pin_code_reply reply;
2135 struct pending_cmd *cmd;
2142 if (!hdev_is_powered(hdev)) {
2143 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2144 MGMT_STATUS_NOT_POWERED);
2148 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2150 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2151 MGMT_STATUS_NOT_CONNECTED);
2155 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2156 struct mgmt_cp_pin_code_neg_reply ncp;
2158 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2160 BT_ERR("PIN code is not 16 bytes long");
2162 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2164 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2165 MGMT_STATUS_INVALID_PARAMS);
2170 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2176 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2177 reply.pin_len = cp->pin_len;
2178 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2180 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2182 mgmt_pending_remove(cmd);
2185 hci_dev_unlock(hdev);
2189 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2192 struct mgmt_cp_set_io_capability *cp = data;
2198 hdev->io_capability = cp->io_capability;
2200 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2201 hdev->io_capability);
2203 hci_dev_unlock(hdev);
2205 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2209 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2211 struct hci_dev *hdev = conn->hdev;
2212 struct pending_cmd *cmd;
2214 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2215 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2218 if (cmd->user_data != conn)
2227 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2229 struct mgmt_rp_pair_device rp;
2230 struct hci_conn *conn = cmd->user_data;
2232 bacpy(&rp.addr.bdaddr, &conn->dst);
2233 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2235 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2238 /* So we don't get further callbacks for this connection */
2239 conn->connect_cfm_cb = NULL;
2240 conn->security_cfm_cb = NULL;
2241 conn->disconn_cfm_cb = NULL;
2243 hci_conn_drop(conn);
2245 mgmt_pending_remove(cmd);
2248 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2250 struct pending_cmd *cmd;
2252 BT_DBG("status %u", status);
2254 cmd = find_pairing(conn);
2256 BT_DBG("Unable to find a pending command");
2258 pairing_complete(cmd, mgmt_status(status));
2261 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2263 struct pending_cmd *cmd;
2265 BT_DBG("status %u", status);
2270 cmd = find_pairing(conn);
2272 BT_DBG("Unable to find a pending command");
2274 pairing_complete(cmd, mgmt_status(status));
2277 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2280 struct mgmt_cp_pair_device *cp = data;
2281 struct mgmt_rp_pair_device rp;
2282 struct pending_cmd *cmd;
2283 u8 sec_level, auth_type;
2284 struct hci_conn *conn;
2289 memset(&rp, 0, sizeof(rp));
2290 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2291 rp.addr.type = cp->addr.type;
2293 if (!bdaddr_type_is_valid(cp->addr.type))
2294 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2295 MGMT_STATUS_INVALID_PARAMS,
2300 if (!hdev_is_powered(hdev)) {
2301 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2302 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2306 sec_level = BT_SECURITY_MEDIUM;
2307 if (cp->io_cap == 0x03)
2308 auth_type = HCI_AT_DEDICATED_BONDING;
2310 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2312 if (cp->addr.type == BDADDR_BREDR)
2313 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2314 cp->addr.type, sec_level, auth_type);
2316 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2317 cp->addr.type, sec_level, auth_type);
2322 if (PTR_ERR(conn) == -EBUSY)
2323 status = MGMT_STATUS_BUSY;
2325 status = MGMT_STATUS_CONNECT_FAILED;
2327 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2333 if (conn->connect_cfm_cb) {
2334 hci_conn_drop(conn);
2335 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2336 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2340 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2343 hci_conn_drop(conn);
2347 /* For LE, just connecting isn't a proof that the pairing finished */
2348 if (cp->addr.type == BDADDR_BREDR)
2349 conn->connect_cfm_cb = pairing_complete_cb;
2351 conn->connect_cfm_cb = le_connect_complete_cb;
2353 conn->security_cfm_cb = pairing_complete_cb;
2354 conn->disconn_cfm_cb = pairing_complete_cb;
2355 conn->io_capability = cp->io_cap;
2356 cmd->user_data = conn;
2358 if (conn->state == BT_CONNECTED &&
2359 hci_conn_security(conn, sec_level, auth_type))
2360 pairing_complete(cmd, 0);
2365 hci_dev_unlock(hdev);
2369 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2372 struct mgmt_addr_info *addr = data;
2373 struct pending_cmd *cmd;
2374 struct hci_conn *conn;
2381 if (!hdev_is_powered(hdev)) {
2382 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2383 MGMT_STATUS_NOT_POWERED);
2387 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2389 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2390 MGMT_STATUS_INVALID_PARAMS);
2394 conn = cmd->user_data;
2396 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2397 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2398 MGMT_STATUS_INVALID_PARAMS);
2402 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2404 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2405 addr, sizeof(*addr));
2407 hci_dev_unlock(hdev);
2411 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2412 struct mgmt_addr_info *addr, u16 mgmt_op,
2413 u16 hci_op, __le32 passkey)
2415 struct pending_cmd *cmd;
2416 struct hci_conn *conn;
2421 if (!hdev_is_powered(hdev)) {
2422 err = cmd_complete(sk, hdev->id, mgmt_op,
2423 MGMT_STATUS_NOT_POWERED, addr,
2428 if (addr->type == BDADDR_BREDR)
2429 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2431 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2434 err = cmd_complete(sk, hdev->id, mgmt_op,
2435 MGMT_STATUS_NOT_CONNECTED, addr,
2440 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2441 /* Continue with pairing via SMP */
2442 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2445 err = cmd_complete(sk, hdev->id, mgmt_op,
2446 MGMT_STATUS_SUCCESS, addr,
2449 err = cmd_complete(sk, hdev->id, mgmt_op,
2450 MGMT_STATUS_FAILED, addr,
2456 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2462 /* Continue with pairing via HCI */
2463 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2464 struct hci_cp_user_passkey_reply cp;
2466 bacpy(&cp.bdaddr, &addr->bdaddr);
2467 cp.passkey = passkey;
2468 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2470 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2474 mgmt_pending_remove(cmd);
2477 hci_dev_unlock(hdev);
2481 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2482 void *data, u16 len)
2484 struct mgmt_cp_pin_code_neg_reply *cp = data;
2488 return user_pairing_resp(sk, hdev, &cp->addr,
2489 MGMT_OP_PIN_CODE_NEG_REPLY,
2490 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2493 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2496 struct mgmt_cp_user_confirm_reply *cp = data;
2500 if (len != sizeof(*cp))
2501 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2502 MGMT_STATUS_INVALID_PARAMS);
2504 return user_pairing_resp(sk, hdev, &cp->addr,
2505 MGMT_OP_USER_CONFIRM_REPLY,
2506 HCI_OP_USER_CONFIRM_REPLY, 0);
2509 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2510 void *data, u16 len)
2512 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2516 return user_pairing_resp(sk, hdev, &cp->addr,
2517 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2518 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2521 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2524 struct mgmt_cp_user_passkey_reply *cp = data;
2528 return user_pairing_resp(sk, hdev, &cp->addr,
2529 MGMT_OP_USER_PASSKEY_REPLY,
2530 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2533 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2534 void *data, u16 len)
2536 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2540 return user_pairing_resp(sk, hdev, &cp->addr,
2541 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2542 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2545 static void update_name(struct hci_request *req)
2547 struct hci_dev *hdev = req->hdev;
2548 struct hci_cp_write_local_name cp;
2550 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2552 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2555 static void set_name_complete(struct hci_dev *hdev, u8 status)
2557 struct mgmt_cp_set_local_name *cp;
2558 struct pending_cmd *cmd;
2560 BT_DBG("status 0x%02x", status);
2564 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2571 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2572 mgmt_status(status));
2574 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2577 mgmt_pending_remove(cmd);
2580 hci_dev_unlock(hdev);
2583 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2586 struct mgmt_cp_set_local_name *cp = data;
2587 struct pending_cmd *cmd;
2588 struct hci_request req;
2595 /* If the old values are the same as the new ones just return a
2596 * direct command complete event.
2598 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2599 !memcmp(hdev->short_name, cp->short_name,
2600 sizeof(hdev->short_name))) {
2601 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2606 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2608 if (!hdev_is_powered(hdev)) {
2609 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2611 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2616 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2622 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2628 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2630 hci_req_init(&req, hdev);
2632 if (lmp_bredr_capable(hdev)) {
2637 if (lmp_le_capable(hdev))
2638 hci_update_ad(&req);
2640 err = hci_req_run(&req, set_name_complete);
2642 mgmt_pending_remove(cmd);
2645 hci_dev_unlock(hdev);
2649 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2650 void *data, u16 data_len)
2652 struct pending_cmd *cmd;
2655 BT_DBG("%s", hdev->name);
2659 if (!hdev_is_powered(hdev)) {
2660 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2661 MGMT_STATUS_NOT_POWERED);
2665 if (!lmp_ssp_capable(hdev)) {
2666 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2667 MGMT_STATUS_NOT_SUPPORTED);
2671 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2672 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2677 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2683 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2685 mgmt_pending_remove(cmd);
2688 hci_dev_unlock(hdev);
2692 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2693 void *data, u16 len)
2695 struct mgmt_cp_add_remote_oob_data *cp = data;
2699 BT_DBG("%s ", hdev->name);
2703 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2706 status = MGMT_STATUS_FAILED;
2708 status = MGMT_STATUS_SUCCESS;
2710 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2711 &cp->addr, sizeof(cp->addr));
2713 hci_dev_unlock(hdev);
2717 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2718 void *data, u16 len)
2720 struct mgmt_cp_remove_remote_oob_data *cp = data;
2724 BT_DBG("%s", hdev->name);
2728 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2730 status = MGMT_STATUS_INVALID_PARAMS;
2732 status = MGMT_STATUS_SUCCESS;
2734 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2735 status, &cp->addr, sizeof(cp->addr));
2737 hci_dev_unlock(hdev);
2741 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2743 struct pending_cmd *cmd;
2747 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2749 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2753 type = hdev->discovery.type;
2755 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2756 &type, sizeof(type));
2757 mgmt_pending_remove(cmd);
2762 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2764 BT_DBG("status %d", status);
2768 mgmt_start_discovery_failed(hdev, status);
2769 hci_dev_unlock(hdev);
2774 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2775 hci_dev_unlock(hdev);
2777 switch (hdev->discovery.type) {
2778 case DISCOV_TYPE_LE:
2779 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2783 case DISCOV_TYPE_INTERLEAVED:
2784 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2785 DISCOV_INTERLEAVED_TIMEOUT);
2788 case DISCOV_TYPE_BREDR:
2792 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2796 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2797 void *data, u16 len)
2799 struct mgmt_cp_start_discovery *cp = data;
2800 struct pending_cmd *cmd;
2801 struct hci_cp_le_set_scan_param param_cp;
2802 struct hci_cp_le_set_scan_enable enable_cp;
2803 struct hci_cp_inquiry inq_cp;
2804 struct hci_request req;
2805 /* General inquiry access code (GIAC) */
2806 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2810 BT_DBG("%s", hdev->name);
2814 if (!hdev_is_powered(hdev)) {
2815 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2816 MGMT_STATUS_NOT_POWERED);
2820 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2821 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2826 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2827 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2832 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2838 hdev->discovery.type = cp->type;
2840 hci_req_init(&req, hdev);
2842 switch (hdev->discovery.type) {
2843 case DISCOV_TYPE_BREDR:
2844 status = mgmt_bredr_support(hdev);
2846 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2848 mgmt_pending_remove(cmd);
2852 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2853 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2855 mgmt_pending_remove(cmd);
2859 hci_inquiry_cache_flush(hdev);
2861 memset(&inq_cp, 0, sizeof(inq_cp));
2862 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
2863 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
2864 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
2867 case DISCOV_TYPE_LE:
2868 case DISCOV_TYPE_INTERLEAVED:
2869 status = mgmt_le_support(hdev);
2871 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2873 mgmt_pending_remove(cmd);
2877 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
2878 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2879 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2880 MGMT_STATUS_NOT_SUPPORTED);
2881 mgmt_pending_remove(cmd);
2885 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
2886 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2887 MGMT_STATUS_REJECTED);
2888 mgmt_pending_remove(cmd);
2892 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2893 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2895 mgmt_pending_remove(cmd);
2899 memset(¶m_cp, 0, sizeof(param_cp));
2900 param_cp.type = LE_SCAN_ACTIVE;
2901 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2902 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
2903 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2906 memset(&enable_cp, 0, sizeof(enable_cp));
2907 enable_cp.enable = LE_SCAN_ENABLE;
2908 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2909 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2914 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2915 MGMT_STATUS_INVALID_PARAMS);
2916 mgmt_pending_remove(cmd);
2920 err = hci_req_run(&req, start_discovery_complete);
2922 mgmt_pending_remove(cmd);
2924 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2927 hci_dev_unlock(hdev);
2931 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2933 struct pending_cmd *cmd;
2936 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2940 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2941 &hdev->discovery.type, sizeof(hdev->discovery.type));
2942 mgmt_pending_remove(cmd);
2947 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2949 BT_DBG("status %d", status);
2954 mgmt_stop_discovery_failed(hdev, status);
2958 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2961 hci_dev_unlock(hdev);
2964 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2967 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2968 struct pending_cmd *cmd;
2969 struct hci_cp_remote_name_req_cancel cp;
2970 struct inquiry_entry *e;
2971 struct hci_request req;
2972 struct hci_cp_le_set_scan_enable enable_cp;
2975 BT_DBG("%s", hdev->name);
2979 if (!hci_discovery_active(hdev)) {
2980 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2981 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2982 sizeof(mgmt_cp->type));
2986 if (hdev->discovery.type != mgmt_cp->type) {
2987 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2988 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2989 sizeof(mgmt_cp->type));
2993 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2999 hci_req_init(&req, hdev);
3001 switch (hdev->discovery.state) {
3002 case DISCOVERY_FINDING:
3003 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3004 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3006 cancel_delayed_work(&hdev->le_scan_disable);
3008 memset(&enable_cp, 0, sizeof(enable_cp));
3009 enable_cp.enable = LE_SCAN_DISABLE;
3010 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3011 sizeof(enable_cp), &enable_cp);
3016 case DISCOVERY_RESOLVING:
3017 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3020 mgmt_pending_remove(cmd);
3021 err = cmd_complete(sk, hdev->id,
3022 MGMT_OP_STOP_DISCOVERY, 0,
3024 sizeof(mgmt_cp->type));
3025 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3029 bacpy(&cp.bdaddr, &e->data.bdaddr);
3030 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3036 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3038 mgmt_pending_remove(cmd);
3039 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3040 MGMT_STATUS_FAILED, &mgmt_cp->type,
3041 sizeof(mgmt_cp->type));
3045 err = hci_req_run(&req, stop_discovery_complete);
3047 mgmt_pending_remove(cmd);
3049 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3052 hci_dev_unlock(hdev);
3056 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3059 struct mgmt_cp_confirm_name *cp = data;
3060 struct inquiry_entry *e;
3063 BT_DBG("%s", hdev->name);
3067 if (!hci_discovery_active(hdev)) {
3068 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3069 MGMT_STATUS_FAILED);
3073 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3075 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3076 MGMT_STATUS_INVALID_PARAMS);
3080 if (cp->name_known) {
3081 e->name_state = NAME_KNOWN;
3084 e->name_state = NAME_NEEDED;
3085 hci_inquiry_cache_update_resolve(hdev, e);
3088 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3092 hci_dev_unlock(hdev);
3096 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3099 struct mgmt_cp_block_device *cp = data;
3103 BT_DBG("%s", hdev->name);
3105 if (!bdaddr_type_is_valid(cp->addr.type))
3106 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3107 MGMT_STATUS_INVALID_PARAMS,
3108 &cp->addr, sizeof(cp->addr));
3112 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3114 status = MGMT_STATUS_FAILED;
3116 status = MGMT_STATUS_SUCCESS;
3118 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3119 &cp->addr, sizeof(cp->addr));
3121 hci_dev_unlock(hdev);
3126 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3129 struct mgmt_cp_unblock_device *cp = data;
3133 BT_DBG("%s", hdev->name);
3135 if (!bdaddr_type_is_valid(cp->addr.type))
3136 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3137 MGMT_STATUS_INVALID_PARAMS,
3138 &cp->addr, sizeof(cp->addr));
3142 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3144 status = MGMT_STATUS_INVALID_PARAMS;
3146 status = MGMT_STATUS_SUCCESS;
3148 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3149 &cp->addr, sizeof(cp->addr));
3151 hci_dev_unlock(hdev);
3156 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3159 struct mgmt_cp_set_device_id *cp = data;
3160 struct hci_request req;
3164 BT_DBG("%s", hdev->name);
3166 source = __le16_to_cpu(cp->source);
3168 if (source > 0x0002)
3169 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3170 MGMT_STATUS_INVALID_PARAMS);
3174 hdev->devid_source = source;
3175 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3176 hdev->devid_product = __le16_to_cpu(cp->product);
3177 hdev->devid_version = __le16_to_cpu(cp->version);
3179 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3181 hci_req_init(&req, hdev);
3183 hci_req_run(&req, NULL);
3185 hci_dev_unlock(hdev);
3190 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3192 struct cmd_lookup match = { NULL, hdev };
3195 u8 mgmt_err = mgmt_status(status);
3197 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3198 cmd_status_rsp, &mgmt_err);
3202 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3205 new_settings(hdev, match.sk);
3211 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3213 struct mgmt_mode *cp = data;
3214 struct pending_cmd *cmd;
3215 struct hci_request req;
3216 u8 val, enabled, status;
3219 BT_DBG("request for %s", hdev->name);
3221 status = mgmt_le_support(hdev);
3223 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3226 if (cp->val != 0x00 && cp->val != 0x01)
3227 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3228 MGMT_STATUS_INVALID_PARAMS);
3233 enabled = test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3235 if (!hdev_is_powered(hdev) || val == enabled) {
3236 bool changed = false;
3238 if (val != test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3239 change_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3243 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3248 err = new_settings(hdev, sk);
3253 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3254 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3255 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3260 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3266 hci_req_init(&req, hdev);
3268 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
3270 err = hci_req_run(&req, set_advertising_complete);
3272 mgmt_pending_remove(cmd);
3275 hci_dev_unlock(hdev);
3279 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3280 void *data, u16 len)
3282 struct mgmt_cp_set_static_address *cp = data;
3285 BT_DBG("%s", hdev->name);
3287 if (!lmp_le_capable(hdev))
3288 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3289 MGMT_STATUS_NOT_SUPPORTED);
3291 if (hdev_is_powered(hdev))
3292 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3293 MGMT_STATUS_REJECTED);
3295 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3296 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3297 return cmd_status(sk, hdev->id,
3298 MGMT_OP_SET_STATIC_ADDRESS,
3299 MGMT_STATUS_INVALID_PARAMS);
3301 /* Two most significant bits shall be set */
3302 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3303 return cmd_status(sk, hdev->id,
3304 MGMT_OP_SET_STATIC_ADDRESS,
3305 MGMT_STATUS_INVALID_PARAMS);
3310 bacpy(&hdev->static_addr, &cp->bdaddr);
3312 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3314 hci_dev_unlock(hdev);
3319 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3321 struct pending_cmd *cmd;
3323 BT_DBG("status 0x%02x", status);
3327 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3332 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3333 mgmt_status(status));
3335 struct mgmt_mode *cp = cmd->param;
3338 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3340 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3342 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3343 new_settings(hdev, cmd->sk);
3346 mgmt_pending_remove(cmd);
3349 hci_dev_unlock(hdev);
3352 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3353 void *data, u16 len)
3355 struct mgmt_mode *cp = data;
3356 struct pending_cmd *cmd;
3357 struct hci_request req;
3360 BT_DBG("%s", hdev->name);
3362 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3363 hdev->hci_ver < BLUETOOTH_VER_1_2)
3364 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3365 MGMT_STATUS_NOT_SUPPORTED);
3367 if (cp->val != 0x00 && cp->val != 0x01)
3368 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3369 MGMT_STATUS_INVALID_PARAMS);
3371 if (!hdev_is_powered(hdev))
3372 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3373 MGMT_STATUS_NOT_POWERED);
3375 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3376 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3377 MGMT_STATUS_REJECTED);
3381 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3382 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3387 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3388 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3393 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3400 hci_req_init(&req, hdev);
3402 write_fast_connectable(&req, cp->val);
3404 err = hci_req_run(&req, fast_connectable_complete);
3406 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3407 MGMT_STATUS_FAILED);
3408 mgmt_pending_remove(cmd);
3412 hci_dev_unlock(hdev);
3417 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3419 struct pending_cmd *cmd;
3421 BT_DBG("status 0x%02x", status);
3425 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3430 u8 mgmt_err = mgmt_status(status);
3432 /* We need to restore the flag if related HCI commands
3435 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3437 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3439 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3440 new_settings(hdev, cmd->sk);
3443 mgmt_pending_remove(cmd);
3446 hci_dev_unlock(hdev);
3449 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3451 struct mgmt_mode *cp = data;
3452 struct pending_cmd *cmd;
3453 struct hci_request req;
3456 BT_DBG("request for %s", hdev->name);
3458 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3459 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3460 MGMT_STATUS_NOT_SUPPORTED);
3462 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3463 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3464 MGMT_STATUS_REJECTED);
3466 if (cp->val != 0x00 && cp->val != 0x01)
3467 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3468 MGMT_STATUS_INVALID_PARAMS);
3472 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3473 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3477 if (!hdev_is_powered(hdev)) {
3479 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3480 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3481 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3482 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3483 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3484 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3487 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3489 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3493 err = new_settings(hdev, sk);
3497 /* Reject disabling when powered on */
3499 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3500 MGMT_STATUS_REJECTED);
3504 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3505 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3510 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3516 /* We need to flip the bit already here so that hci_update_ad
3517 * generates the correct flags.
3519 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3521 hci_req_init(&req, hdev);
3522 hci_update_ad(&req);
3523 err = hci_req_run(&req, set_bredr_complete);
3525 mgmt_pending_remove(cmd);
3528 hci_dev_unlock(hdev);
3532 static bool ltk_is_valid(struct mgmt_ltk_info *key)
3534 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3536 if (key->master != 0x00 && key->master != 0x01)
3538 if (!bdaddr_type_is_le(key->addr.type))
3543 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
3544 void *cp_data, u16 len)
3546 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3547 u16 key_count, expected_len;
3550 key_count = __le16_to_cpu(cp->key_count);
3552 expected_len = sizeof(*cp) + key_count *
3553 sizeof(struct mgmt_ltk_info);
3554 if (expected_len != len) {
3555 BT_ERR("load_keys: expected %u bytes, got %u bytes",
3557 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3558 MGMT_STATUS_INVALID_PARAMS);
3561 BT_DBG("%s key_count %u", hdev->name, key_count);
3563 for (i = 0; i < key_count; i++) {
3564 struct mgmt_ltk_info *key = &cp->keys[i];
3566 if (!ltk_is_valid(key))
3567 return cmd_status(sk, hdev->id,
3568 MGMT_OP_LOAD_LONG_TERM_KEYS,
3569 MGMT_STATUS_INVALID_PARAMS);
3574 hci_smp_ltks_clear(hdev);
3576 for (i = 0; i < key_count; i++) {
3577 struct mgmt_ltk_info *key = &cp->keys[i];
3583 type = HCI_SMP_LTK_SLAVE;
3585 hci_add_ltk(hdev, &key->addr.bdaddr,
3586 bdaddr_to_le(key->addr.type),
3587 type, 0, key->authenticated, key->val,
3588 key->enc_size, key->ediv, key->rand);
3591 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3594 hci_dev_unlock(hdev);
3599 static const struct mgmt_handler {
3600 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3604 } mgmt_handlers[] = {
3605 { NULL }, /* 0x0000 (no command) */
3606 { read_version, false, MGMT_READ_VERSION_SIZE },
3607 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3608 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3609 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3610 { set_powered, false, MGMT_SETTING_SIZE },
3611 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3612 { set_connectable, false, MGMT_SETTING_SIZE },
3613 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3614 { set_pairable, false, MGMT_SETTING_SIZE },
3615 { set_link_security, false, MGMT_SETTING_SIZE },
3616 { set_ssp, false, MGMT_SETTING_SIZE },
3617 { set_hs, false, MGMT_SETTING_SIZE },
3618 { set_le, false, MGMT_SETTING_SIZE },
3619 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3620 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3621 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3622 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3623 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3624 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3625 { disconnect, false, MGMT_DISCONNECT_SIZE },
3626 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3627 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3628 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3629 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3630 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3631 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3632 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3633 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3634 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3635 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3636 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3637 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3638 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3639 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3640 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3641 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3642 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3643 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3644 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
3645 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
3646 { set_advertising, false, MGMT_SETTING_SIZE },
3647 { set_bredr, false, MGMT_SETTING_SIZE },
3648 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
3652 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3656 struct mgmt_hdr *hdr;
3657 u16 opcode, index, len;
3658 struct hci_dev *hdev = NULL;
3659 const struct mgmt_handler *handler;
3662 BT_DBG("got %zu bytes", msglen);
3664 if (msglen < sizeof(*hdr))
3667 buf = kmalloc(msglen, GFP_KERNEL);
3671 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3677 opcode = __le16_to_cpu(hdr->opcode);
3678 index = __le16_to_cpu(hdr->index);
3679 len = __le16_to_cpu(hdr->len);
3681 if (len != msglen - sizeof(*hdr)) {
3686 if (index != MGMT_INDEX_NONE) {
3687 hdev = hci_dev_get(index);
3689 err = cmd_status(sk, index, opcode,
3690 MGMT_STATUS_INVALID_INDEX);
3694 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3695 err = cmd_status(sk, index, opcode,
3696 MGMT_STATUS_INVALID_INDEX);
3701 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
3702 mgmt_handlers[opcode].func == NULL) {
3703 BT_DBG("Unknown op %u", opcode);
3704 err = cmd_status(sk, index, opcode,
3705 MGMT_STATUS_UNKNOWN_COMMAND);
3709 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
3710 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
3711 err = cmd_status(sk, index, opcode,
3712 MGMT_STATUS_INVALID_INDEX);
3716 handler = &mgmt_handlers[opcode];
3718 if ((handler->var_len && len < handler->data_len) ||
3719 (!handler->var_len && len != handler->data_len)) {
3720 err = cmd_status(sk, index, opcode,
3721 MGMT_STATUS_INVALID_PARAMS);
3726 mgmt_init_hdev(sk, hdev);
3728 cp = buf + sizeof(*hdr);
3730 err = handler->func(sk, hdev, cp, len);
3744 int mgmt_index_added(struct hci_dev *hdev)
3746 if (!mgmt_valid_hdev(hdev))
3749 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
3752 int mgmt_index_removed(struct hci_dev *hdev)
3754 u8 status = MGMT_STATUS_INVALID_INDEX;
3756 if (!mgmt_valid_hdev(hdev))
3759 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3761 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
3764 static void set_bredr_scan(struct hci_request *req)
3766 struct hci_dev *hdev = req->hdev;
3769 /* Ensure that fast connectable is disabled. This function will
3770 * not do anything if the page scan parameters are already what
3773 write_fast_connectable(req, false);
3775 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3777 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3778 scan |= SCAN_INQUIRY;
3781 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3784 static void powered_complete(struct hci_dev *hdev, u8 status)
3786 struct cmd_lookup match = { NULL, hdev };
3788 BT_DBG("status 0x%02x", status);
3792 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3794 new_settings(hdev, match.sk);
3796 hci_dev_unlock(hdev);
3802 static int powered_update_hci(struct hci_dev *hdev)
3804 struct hci_request req;
3807 hci_req_init(&req, hdev);
3809 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3810 !lmp_host_ssp_capable(hdev)) {
3813 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
3816 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3817 lmp_bredr_capable(hdev)) {
3818 struct hci_cp_write_le_host_supported cp;
3821 cp.simul = lmp_le_br_capable(hdev);
3823 /* Check first if we already have the right
3824 * host state (host features set)
3826 if (cp.le != lmp_host_le_capable(hdev) ||
3827 cp.simul != lmp_host_le_br_capable(hdev))
3828 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3831 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3832 hci_update_ad(&req);
3835 if (lmp_le_capable(hdev)) {
3836 /* Set random address to static address if configured */
3837 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3838 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3839 &hdev->static_addr);
3842 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3845 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(adv), &adv);
3848 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3849 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
3850 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3851 sizeof(link_sec), &link_sec);
3853 if (lmp_bredr_capable(hdev)) {
3854 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3855 set_bredr_scan(&req);
3861 return hci_req_run(&req, powered_complete);
3864 int mgmt_powered(struct hci_dev *hdev, u8 powered)
3866 struct cmd_lookup match = { NULL, hdev };
3867 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3868 u8 zero_cod[] = { 0, 0, 0 };
3871 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3875 if (powered_update_hci(hdev) == 0)
3878 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3883 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3884 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3886 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3887 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3888 zero_cod, sizeof(zero_cod), NULL);
3891 err = new_settings(hdev, match.sk);
3899 int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3901 struct pending_cmd *cmd;
3904 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3908 if (err == -ERFKILL)
3909 status = MGMT_STATUS_RFKILLED;
3911 status = MGMT_STATUS_FAILED;
3913 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3915 mgmt_pending_remove(cmd);
3920 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3922 struct cmd_lookup match = { NULL, hdev };
3923 bool changed = false;
3927 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3930 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3934 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3938 err = new_settings(hdev, match.sk);
3946 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3948 struct pending_cmd *cmd;
3949 bool changed = false;
3953 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3956 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3960 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
3963 err = new_settings(hdev, cmd ? cmd->sk : NULL);
3968 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3970 u8 mgmt_err = mgmt_status(status);
3972 if (scan & SCAN_PAGE)
3973 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3974 cmd_status_rsp, &mgmt_err);
3976 if (scan & SCAN_INQUIRY)
3977 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3978 cmd_status_rsp, &mgmt_err);
3983 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3986 struct mgmt_ev_new_link_key ev;
3988 memset(&ev, 0, sizeof(ev));
3990 ev.store_hint = persistent;
3991 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3992 ev.key.addr.type = BDADDR_BREDR;
3993 ev.key.type = key->type;
3994 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
3995 ev.key.pin_len = key->pin_len;
3997 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4000 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4002 struct mgmt_ev_new_long_term_key ev;
4004 memset(&ev, 0, sizeof(ev));
4006 ev.store_hint = persistent;
4007 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4008 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4009 ev.key.authenticated = key->authenticated;
4010 ev.key.enc_size = key->enc_size;
4011 ev.key.ediv = key->ediv;
4013 if (key->type == HCI_SMP_LTK)
4016 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4017 memcpy(ev.key.val, key->val, sizeof(key->val));
4019 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4023 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4024 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4028 struct mgmt_ev_device_connected *ev = (void *) buf;
4031 bacpy(&ev->addr.bdaddr, bdaddr);
4032 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4034 ev->flags = __cpu_to_le32(flags);
4037 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4040 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4041 eir_len = eir_append_data(ev->eir, eir_len,
4042 EIR_CLASS_OF_DEV, dev_class, 3);
4044 ev->eir_len = cpu_to_le16(eir_len);
4046 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4047 sizeof(*ev) + eir_len, NULL);
4050 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4052 struct mgmt_cp_disconnect *cp = cmd->param;
4053 struct sock **sk = data;
4054 struct mgmt_rp_disconnect rp;
4056 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4057 rp.addr.type = cp->addr.type;
4059 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4065 mgmt_pending_remove(cmd);
4068 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4070 struct hci_dev *hdev = data;
4071 struct mgmt_cp_unpair_device *cp = cmd->param;
4072 struct mgmt_rp_unpair_device rp;
4074 memset(&rp, 0, sizeof(rp));
4075 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4076 rp.addr.type = cp->addr.type;
4078 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4080 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4082 mgmt_pending_remove(cmd);
4085 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4086 u8 link_type, u8 addr_type, u8 reason)
4088 struct mgmt_ev_device_disconnected ev;
4089 struct sock *sk = NULL;
4092 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4094 bacpy(&ev.addr.bdaddr, bdaddr);
4095 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4098 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
4104 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4110 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4111 u8 link_type, u8 addr_type, u8 status)
4113 struct mgmt_rp_disconnect rp;
4114 struct pending_cmd *cmd;
4117 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4120 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4124 bacpy(&rp.addr.bdaddr, bdaddr);
4125 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4127 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4128 mgmt_status(status), &rp, sizeof(rp));
4130 mgmt_pending_remove(cmd);
4135 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4136 u8 addr_type, u8 status)
4138 struct mgmt_ev_connect_failed ev;
4140 bacpy(&ev.addr.bdaddr, bdaddr);
4141 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4142 ev.status = mgmt_status(status);
4144 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4147 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
4149 struct mgmt_ev_pin_code_request ev;
4151 bacpy(&ev.addr.bdaddr, bdaddr);
4152 ev.addr.type = BDADDR_BREDR;
4155 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4159 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4162 struct pending_cmd *cmd;
4163 struct mgmt_rp_pin_code_reply rp;
4166 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
4170 bacpy(&rp.addr.bdaddr, bdaddr);
4171 rp.addr.type = BDADDR_BREDR;
4173 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4174 mgmt_status(status), &rp, sizeof(rp));
4176 mgmt_pending_remove(cmd);
4181 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4184 struct pending_cmd *cmd;
4185 struct mgmt_rp_pin_code_reply rp;
4188 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
4192 bacpy(&rp.addr.bdaddr, bdaddr);
4193 rp.addr.type = BDADDR_BREDR;
4195 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4196 mgmt_status(status), &rp, sizeof(rp));
4198 mgmt_pending_remove(cmd);
4203 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4204 u8 link_type, u8 addr_type, __le32 value,
4207 struct mgmt_ev_user_confirm_request ev;
4209 BT_DBG("%s", hdev->name);
4211 bacpy(&ev.addr.bdaddr, bdaddr);
4212 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4213 ev.confirm_hint = confirm_hint;
4216 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4220 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4221 u8 link_type, u8 addr_type)
4223 struct mgmt_ev_user_passkey_request ev;
4225 BT_DBG("%s", hdev->name);
4227 bacpy(&ev.addr.bdaddr, bdaddr);
4228 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4230 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
4234 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4235 u8 link_type, u8 addr_type, u8 status,
4238 struct pending_cmd *cmd;
4239 struct mgmt_rp_user_confirm_reply rp;
4242 cmd = mgmt_pending_find(opcode, hdev);
4246 bacpy(&rp.addr.bdaddr, bdaddr);
4247 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4248 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
4251 mgmt_pending_remove(cmd);
4256 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4257 u8 link_type, u8 addr_type, u8 status)
4259 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4260 status, MGMT_OP_USER_CONFIRM_REPLY);
4263 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4264 u8 link_type, u8 addr_type, u8 status)
4266 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4268 MGMT_OP_USER_CONFIRM_NEG_REPLY);
4271 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4272 u8 link_type, u8 addr_type, u8 status)
4274 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4275 status, MGMT_OP_USER_PASSKEY_REPLY);
4278 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4279 u8 link_type, u8 addr_type, u8 status)
4281 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4283 MGMT_OP_USER_PASSKEY_NEG_REPLY);
4286 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4287 u8 link_type, u8 addr_type, u32 passkey,
4290 struct mgmt_ev_passkey_notify ev;
4292 BT_DBG("%s", hdev->name);
4294 bacpy(&ev.addr.bdaddr, bdaddr);
4295 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4296 ev.passkey = __cpu_to_le32(passkey);
4297 ev.entered = entered;
4299 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4302 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4303 u8 addr_type, u8 status)
4305 struct mgmt_ev_auth_failed ev;
4307 bacpy(&ev.addr.bdaddr, bdaddr);
4308 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4309 ev.status = mgmt_status(status);
4311 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
4314 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4316 struct cmd_lookup match = { NULL, hdev };
4317 bool changed = false;
4321 u8 mgmt_err = mgmt_status(status);
4322 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
4323 cmd_status_rsp, &mgmt_err);
4327 if (test_bit(HCI_AUTH, &hdev->flags)) {
4328 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4331 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4335 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
4339 err = new_settings(hdev, match.sk);
4347 static void clear_eir(struct hci_request *req)
4349 struct hci_dev *hdev = req->hdev;
4350 struct hci_cp_write_eir cp;
4352 if (!lmp_ext_inq_capable(hdev))
4355 memset(hdev->eir, 0, sizeof(hdev->eir));
4357 memset(&cp, 0, sizeof(cp));
4359 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
4362 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4364 struct cmd_lookup match = { NULL, hdev };
4365 struct hci_request req;
4366 bool changed = false;
4370 u8 mgmt_err = mgmt_status(status);
4372 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
4374 err = new_settings(hdev, NULL);
4376 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4383 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4386 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4390 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4393 err = new_settings(hdev, match.sk);
4398 hci_req_init(&req, hdev);
4400 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4405 hci_req_run(&req, NULL);
4410 static void sk_lookup(struct pending_cmd *cmd, void *data)
4412 struct cmd_lookup *match = data;
4414 if (match->sk == NULL) {
4415 match->sk = cmd->sk;
4416 sock_hold(match->sk);
4420 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4423 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4426 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4427 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4428 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
4431 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4440 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
4442 struct mgmt_cp_set_local_name ev;
4443 struct pending_cmd *cmd;
4448 memset(&ev, 0, sizeof(ev));
4449 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
4450 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
4452 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
4454 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
4456 /* If this is a HCI command related to powering on the
4457 * HCI dev don't send any mgmt signals.
4459 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4463 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4464 cmd ? cmd->sk : NULL);
4467 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4468 u8 *randomizer, u8 status)
4470 struct pending_cmd *cmd;
4473 BT_DBG("%s status %u", hdev->name, status);
4475 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4480 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4481 mgmt_status(status));
4483 struct mgmt_rp_read_local_oob_data rp;
4485 memcpy(rp.hash, hash, sizeof(rp.hash));
4486 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4488 err = cmd_complete(cmd->sk, hdev->id,
4489 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4493 mgmt_pending_remove(cmd);
4498 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4499 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4500 ssp, u8 *eir, u16 eir_len)
4503 struct mgmt_ev_device_found *ev = (void *) buf;
4506 if (!hci_discovery_active(hdev))
4509 /* Leave 5 bytes for a potential CoD field */
4510 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
4513 memset(buf, 0, sizeof(buf));
4515 bacpy(&ev->addr.bdaddr, bdaddr);
4516 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4519 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
4521 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
4524 memcpy(ev->eir, eir, eir_len);
4526 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4527 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
4530 ev->eir_len = cpu_to_le16(eir_len);
4531 ev_size = sizeof(*ev) + eir_len;
4533 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
4536 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4537 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
4539 struct mgmt_ev_device_found *ev;
4540 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4543 ev = (struct mgmt_ev_device_found *) buf;
4545 memset(buf, 0, sizeof(buf));
4547 bacpy(&ev->addr.bdaddr, bdaddr);
4548 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4551 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
4554 ev->eir_len = cpu_to_le16(eir_len);
4556 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
4557 sizeof(*ev) + eir_len, NULL);
4560 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
4562 struct mgmt_ev_discovering ev;
4563 struct pending_cmd *cmd;
4565 BT_DBG("%s discovering %u", hdev->name, discovering);
4568 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
4570 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4573 u8 type = hdev->discovery.type;
4575 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4577 mgmt_pending_remove(cmd);
4580 memset(&ev, 0, sizeof(ev));
4581 ev.type = hdev->discovery.type;
4582 ev.discovering = discovering;
4584 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
4587 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4589 struct pending_cmd *cmd;
4590 struct mgmt_ev_device_blocked ev;
4592 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
4594 bacpy(&ev.addr.bdaddr, bdaddr);
4595 ev.addr.type = type;
4597 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
4598 cmd ? cmd->sk : NULL);
4601 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4603 struct pending_cmd *cmd;
4604 struct mgmt_ev_device_unblocked ev;
4606 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
4608 bacpy(&ev.addr.bdaddr, bdaddr);
4609 ev.addr.type = type;
4611 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
4612 cmd ? cmd->sk : NULL);
projects / karo-tx-linux.git / blob