2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
35 #define MGMT_VERSION 1
36 #define MGMT_REVISION 4
38 static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_LINK_SECURITY,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_UNBLOCK_DEVICE,
76 MGMT_OP_SET_DEVICE_ID,
77 MGMT_OP_SET_ADVERTISING,
79 MGMT_OP_SET_STATIC_ADDRESS,
82 static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
103 MGMT_EV_PASSKEY_NOTIFY,
106 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
108 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112 struct list_head list;
120 /* HCI to MGMT error code conversion table */
121 static u8 mgmt_status_table[] = {
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185 bool mgmt_valid_hdev(struct hci_dev *hdev)
187 return hdev->dev_type == HCI_BREDR;
190 static u8 mgmt_status(u8 hci_status)
192 if (hci_status < ARRAY_SIZE(mgmt_status_table))
193 return mgmt_status_table[hci_status];
195 return MGMT_STATUS_FAILED;
198 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
201 struct mgmt_hdr *hdr;
202 struct mgmt_ev_cmd_status *ev;
205 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
207 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
211 hdr = (void *) skb_put(skb, sizeof(*hdr));
213 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
214 hdr->index = cpu_to_le16(index);
215 hdr->len = cpu_to_le16(sizeof(*ev));
217 ev = (void *) skb_put(skb, sizeof(*ev));
219 ev->opcode = cpu_to_le16(cmd);
221 err = sock_queue_rcv_skb(sk, skb);
228 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
229 void *rp, size_t rp_len)
232 struct mgmt_hdr *hdr;
233 struct mgmt_ev_cmd_complete *ev;
236 BT_DBG("sock %p", sk);
238 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
242 hdr = (void *) skb_put(skb, sizeof(*hdr));
244 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
245 hdr->index = cpu_to_le16(index);
246 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
248 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
249 ev->opcode = cpu_to_le16(cmd);
253 memcpy(ev->data, rp, rp_len);
255 err = sock_queue_rcv_skb(sk, skb);
262 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
265 struct mgmt_rp_read_version rp;
267 BT_DBG("sock %p", sk);
269 rp.version = MGMT_VERSION;
270 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
272 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
276 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
279 struct mgmt_rp_read_commands *rp;
280 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
281 const u16 num_events = ARRAY_SIZE(mgmt_events);
286 BT_DBG("sock %p", sk);
288 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
290 rp = kmalloc(rp_size, GFP_KERNEL);
294 rp->num_commands = __constant_cpu_to_le16(num_commands);
295 rp->num_events = __constant_cpu_to_le16(num_events);
297 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
298 put_unaligned_le16(mgmt_commands[i], opcode);
300 for (i = 0; i < num_events; i++, opcode++)
301 put_unaligned_le16(mgmt_events[i], opcode);
303 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
310 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
313 struct mgmt_rp_read_index_list *rp;
319 BT_DBG("sock %p", sk);
321 read_lock(&hci_dev_list_lock);
324 list_for_each_entry(d, &hci_dev_list, list) {
325 if (!mgmt_valid_hdev(d))
331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
334 read_unlock(&hci_dev_list_lock);
339 list_for_each_entry(d, &hci_dev_list, list) {
340 if (test_bit(HCI_SETUP, &d->dev_flags))
343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
346 if (!mgmt_valid_hdev(d))
349 rp->index[count++] = cpu_to_le16(d->id);
350 BT_DBG("Added hci%u", d->id);
353 rp->num_controllers = cpu_to_le16(count);
354 rp_len = sizeof(*rp) + (2 * count);
356 read_unlock(&hci_dev_list_lock);
358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
366 static u32 get_supported_settings(struct hci_dev *hdev)
370 settings |= MGMT_SETTING_POWERED;
371 settings |= MGMT_SETTING_PAIRABLE;
373 if (lmp_ssp_capable(hdev))
374 settings |= MGMT_SETTING_SSP;
376 if (lmp_bredr_capable(hdev)) {
377 settings |= MGMT_SETTING_CONNECTABLE;
378 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
379 settings |= MGMT_SETTING_FAST_CONNECTABLE;
380 settings |= MGMT_SETTING_DISCOVERABLE;
381 settings |= MGMT_SETTING_BREDR;
382 settings |= MGMT_SETTING_LINK_SECURITY;
383 settings |= MGMT_SETTING_HS;
386 if (lmp_le_capable(hdev)) {
387 settings |= MGMT_SETTING_LE;
388 settings |= MGMT_SETTING_ADVERTISING;
394 static u32 get_current_settings(struct hci_dev *hdev)
398 if (hdev_is_powered(hdev))
399 settings |= MGMT_SETTING_POWERED;
401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
402 settings |= MGMT_SETTING_CONNECTABLE;
404 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_FAST_CONNECTABLE;
407 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
408 settings |= MGMT_SETTING_DISCOVERABLE;
410 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
411 settings |= MGMT_SETTING_PAIRABLE;
413 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
414 settings |= MGMT_SETTING_BREDR;
416 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
417 settings |= MGMT_SETTING_LE;
419 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
420 settings |= MGMT_SETTING_LINK_SECURITY;
422 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
423 settings |= MGMT_SETTING_SSP;
425 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
426 settings |= MGMT_SETTING_HS;
428 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
429 settings |= MGMT_SETTING_ADVERTISING;
434 #define PNP_INFO_SVCLASS_ID 0x1200
436 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
438 u8 *ptr = data, *uuids_start = NULL;
439 struct bt_uuid *uuid;
444 list_for_each_entry(uuid, &hdev->uuids, list) {
447 if (uuid->size != 16)
450 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
454 if (uuid16 == PNP_INFO_SVCLASS_ID)
460 uuids_start[1] = EIR_UUID16_ALL;
464 /* Stop if not enough space to put next UUID */
465 if ((ptr - data) + sizeof(u16) > len) {
466 uuids_start[1] = EIR_UUID16_SOME;
470 *ptr++ = (uuid16 & 0x00ff);
471 *ptr++ = (uuid16 & 0xff00) >> 8;
472 uuids_start[0] += sizeof(uuid16);
478 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
480 u8 *ptr = data, *uuids_start = NULL;
481 struct bt_uuid *uuid;
486 list_for_each_entry(uuid, &hdev->uuids, list) {
487 if (uuid->size != 32)
493 uuids_start[1] = EIR_UUID32_ALL;
497 /* Stop if not enough space to put next UUID */
498 if ((ptr - data) + sizeof(u32) > len) {
499 uuids_start[1] = EIR_UUID32_SOME;
503 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
505 uuids_start[0] += sizeof(u32);
511 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
513 u8 *ptr = data, *uuids_start = NULL;
514 struct bt_uuid *uuid;
519 list_for_each_entry(uuid, &hdev->uuids, list) {
520 if (uuid->size != 128)
526 uuids_start[1] = EIR_UUID128_ALL;
530 /* Stop if not enough space to put next UUID */
531 if ((ptr - data) + 16 > len) {
532 uuids_start[1] = EIR_UUID128_SOME;
536 memcpy(ptr, uuid->uuid, 16);
538 uuids_start[0] += 16;
544 static void create_eir(struct hci_dev *hdev, u8 *data)
549 name_len = strlen(hdev->dev_name);
555 ptr[1] = EIR_NAME_SHORT;
557 ptr[1] = EIR_NAME_COMPLETE;
559 /* EIR Data length */
560 ptr[0] = name_len + 1;
562 memcpy(ptr + 2, hdev->dev_name, name_len);
564 ptr += (name_len + 2);
567 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
569 ptr[1] = EIR_TX_POWER;
570 ptr[2] = (u8) hdev->inq_tx_power;
575 if (hdev->devid_source > 0) {
577 ptr[1] = EIR_DEVICE_ID;
579 put_unaligned_le16(hdev->devid_source, ptr + 2);
580 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
581 put_unaligned_le16(hdev->devid_product, ptr + 6);
582 put_unaligned_le16(hdev->devid_version, ptr + 8);
587 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
588 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
589 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
592 static void update_eir(struct hci_request *req)
594 struct hci_dev *hdev = req->hdev;
595 struct hci_cp_write_eir cp;
597 if (!hdev_is_powered(hdev))
600 if (!lmp_ext_inq_capable(hdev))
603 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
606 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
609 memset(&cp, 0, sizeof(cp));
611 create_eir(hdev, cp.data);
613 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
616 memcpy(hdev->eir, cp.data, sizeof(cp.data));
618 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
621 static u8 get_service_classes(struct hci_dev *hdev)
623 struct bt_uuid *uuid;
626 list_for_each_entry(uuid, &hdev->uuids, list)
627 val |= uuid->svc_hint;
632 static void update_class(struct hci_request *req)
634 struct hci_dev *hdev = req->hdev;
637 BT_DBG("%s", hdev->name);
639 if (!hdev_is_powered(hdev))
642 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
645 cod[0] = hdev->minor_class;
646 cod[1] = hdev->major_class;
647 cod[2] = get_service_classes(hdev);
649 if (memcmp(cod, hdev->dev_class, 3) == 0)
652 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
655 static void service_cache_off(struct work_struct *work)
657 struct hci_dev *hdev = container_of(work, struct hci_dev,
659 struct hci_request req;
661 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
664 hci_req_init(&req, hdev);
671 hci_dev_unlock(hdev);
673 hci_req_run(&req, NULL);
676 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
678 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
681 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
683 /* Non-mgmt controlled devices get this bit set
684 * implicitly so that pairing works for them, however
685 * for mgmt we require user-space to explicitly enable
688 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
691 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
692 void *data, u16 data_len)
694 struct mgmt_rp_read_info rp;
696 BT_DBG("sock %p %s", sk, hdev->name);
700 memset(&rp, 0, sizeof(rp));
702 bacpy(&rp.bdaddr, &hdev->bdaddr);
704 rp.version = hdev->hci_ver;
705 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
707 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
708 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
710 memcpy(rp.dev_class, hdev->dev_class, 3);
712 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
713 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
715 hci_dev_unlock(hdev);
717 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
721 static void mgmt_pending_free(struct pending_cmd *cmd)
728 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
729 struct hci_dev *hdev, void *data,
732 struct pending_cmd *cmd;
734 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
738 cmd->opcode = opcode;
739 cmd->index = hdev->id;
741 cmd->param = kmalloc(len, GFP_KERNEL);
748 memcpy(cmd->param, data, len);
753 list_add(&cmd->list, &hdev->mgmt_pending);
758 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
759 void (*cb)(struct pending_cmd *cmd,
763 struct pending_cmd *cmd, *tmp;
765 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
766 if (opcode > 0 && cmd->opcode != opcode)
773 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
775 struct pending_cmd *cmd;
777 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
778 if (cmd->opcode == opcode)
785 static void mgmt_pending_remove(struct pending_cmd *cmd)
787 list_del(&cmd->list);
788 mgmt_pending_free(cmd);
791 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
793 __le32 settings = cpu_to_le32(get_current_settings(hdev));
795 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
799 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
802 struct mgmt_mode *cp = data;
803 struct pending_cmd *cmd;
806 BT_DBG("request for %s", hdev->name);
808 if (cp->val != 0x00 && cp->val != 0x01)
809 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
810 MGMT_STATUS_INVALID_PARAMS);
814 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
815 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
820 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
821 cancel_delayed_work(&hdev->power_off);
824 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
826 err = mgmt_powered(hdev, 1);
831 if (!!cp->val == hdev_is_powered(hdev)) {
832 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
843 queue_work(hdev->req_workqueue, &hdev->power_on);
845 queue_work(hdev->req_workqueue, &hdev->power_off.work);
850 hci_dev_unlock(hdev);
854 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
855 struct sock *skip_sk)
858 struct mgmt_hdr *hdr;
860 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
864 hdr = (void *) skb_put(skb, sizeof(*hdr));
865 hdr->opcode = cpu_to_le16(event);
867 hdr->index = cpu_to_le16(hdev->id);
869 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
870 hdr->len = cpu_to_le16(data_len);
873 memcpy(skb_put(skb, data_len), data, data_len);
876 __net_timestamp(skb);
878 hci_send_to_control(skb, skip_sk);
884 static int new_settings(struct hci_dev *hdev, struct sock *skip)
888 ev = cpu_to_le32(get_current_settings(hdev));
890 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
895 struct hci_dev *hdev;
899 static void settings_rsp(struct pending_cmd *cmd, void *data)
901 struct cmd_lookup *match = data;
903 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
905 list_del(&cmd->list);
907 if (match->sk == NULL) {
909 sock_hold(match->sk);
912 mgmt_pending_free(cmd);
915 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
919 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
920 mgmt_pending_remove(cmd);
923 static u8 mgmt_bredr_support(struct hci_dev *hdev)
925 if (!lmp_bredr_capable(hdev))
926 return MGMT_STATUS_NOT_SUPPORTED;
927 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
928 return MGMT_STATUS_REJECTED;
930 return MGMT_STATUS_SUCCESS;
933 static u8 mgmt_le_support(struct hci_dev *hdev)
935 if (!lmp_le_capable(hdev))
936 return MGMT_STATUS_NOT_SUPPORTED;
937 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
938 return MGMT_STATUS_REJECTED;
940 return MGMT_STATUS_SUCCESS;
943 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
946 struct mgmt_cp_set_discoverable *cp = data;
947 struct pending_cmd *cmd;
952 BT_DBG("request for %s", hdev->name);
954 status = mgmt_bredr_support(hdev);
956 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
959 if (cp->val != 0x00 && cp->val != 0x01)
960 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
961 MGMT_STATUS_INVALID_PARAMS);
963 timeout = __le16_to_cpu(cp->timeout);
964 if (!cp->val && timeout > 0)
965 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
966 MGMT_STATUS_INVALID_PARAMS);
970 if (!hdev_is_powered(hdev) && timeout > 0) {
971 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
972 MGMT_STATUS_NOT_POWERED);
976 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
977 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
978 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
983 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
984 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
985 MGMT_STATUS_REJECTED);
989 if (!hdev_is_powered(hdev)) {
990 bool changed = false;
992 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
993 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
997 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1002 err = new_settings(hdev, sk);
1007 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1008 if (hdev->discov_timeout > 0) {
1009 cancel_delayed_work(&hdev->discov_off);
1010 hdev->discov_timeout = 0;
1013 if (cp->val && timeout > 0) {
1014 hdev->discov_timeout = timeout;
1015 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1016 msecs_to_jiffies(hdev->discov_timeout * 1000));
1019 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1023 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1032 scan |= SCAN_INQUIRY;
1034 cancel_delayed_work(&hdev->discov_off);
1036 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1038 mgmt_pending_remove(cmd);
1041 hdev->discov_timeout = timeout;
1044 hci_dev_unlock(hdev);
1048 static void write_fast_connectable(struct hci_request *req, bool enable)
1050 struct hci_dev *hdev = req->hdev;
1051 struct hci_cp_write_page_scan_activity acp;
1054 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1058 type = PAGE_SCAN_TYPE_INTERLACED;
1060 /* 160 msec page scan interval */
1061 acp.interval = __constant_cpu_to_le16(0x0100);
1063 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1065 /* default 1.28 sec page scan */
1066 acp.interval = __constant_cpu_to_le16(0x0800);
1069 acp.window = __constant_cpu_to_le16(0x0012);
1071 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1072 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1073 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1076 if (hdev->page_scan_type != type)
1077 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1080 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1082 struct pending_cmd *cmd;
1084 BT_DBG("status 0x%02x", status);
1088 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1092 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1094 mgmt_pending_remove(cmd);
1097 hci_dev_unlock(hdev);
1100 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1103 struct mgmt_mode *cp = data;
1104 struct pending_cmd *cmd;
1105 struct hci_request req;
1109 BT_DBG("request for %s", hdev->name);
1111 status = mgmt_bredr_support(hdev);
1113 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1116 if (cp->val != 0x00 && cp->val != 0x01)
1117 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1118 MGMT_STATUS_INVALID_PARAMS);
1122 if (!hdev_is_powered(hdev)) {
1123 bool changed = false;
1125 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1129 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1131 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1132 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1135 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1140 err = new_settings(hdev, sk);
1145 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1146 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1147 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1152 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1153 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1157 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1168 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1169 hdev->discov_timeout > 0)
1170 cancel_delayed_work(&hdev->discov_off);
1173 hci_req_init(&req, hdev);
1175 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1177 /* If we're going from non-connectable to connectable or
1178 * vice-versa when fast connectable is enabled ensure that fast
1179 * connectable gets disabled. write_fast_connectable won't do
1180 * anything if the page scan parameters are already what they
1183 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1184 write_fast_connectable(&req, false);
1186 err = hci_req_run(&req, set_connectable_complete);
1188 mgmt_pending_remove(cmd);
1191 hci_dev_unlock(hdev);
1195 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1198 struct mgmt_mode *cp = data;
1201 BT_DBG("request for %s", hdev->name);
1203 if (cp->val != 0x00 && cp->val != 0x01)
1204 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1205 MGMT_STATUS_INVALID_PARAMS);
1210 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1212 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1214 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1218 err = new_settings(hdev, sk);
1221 hci_dev_unlock(hdev);
1225 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1228 struct mgmt_mode *cp = data;
1229 struct pending_cmd *cmd;
1233 BT_DBG("request for %s", hdev->name);
1235 status = mgmt_bredr_support(hdev);
1237 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1240 if (cp->val != 0x00 && cp->val != 0x01)
1241 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1242 MGMT_STATUS_INVALID_PARAMS);
1246 if (!hdev_is_powered(hdev)) {
1247 bool changed = false;
1249 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1250 &hdev->dev_flags)) {
1251 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1255 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1260 err = new_settings(hdev, sk);
1265 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1266 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1273 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1274 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1278 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1284 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1286 mgmt_pending_remove(cmd);
1291 hci_dev_unlock(hdev);
1295 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1297 struct mgmt_mode *cp = data;
1298 struct pending_cmd *cmd;
1302 BT_DBG("request for %s", hdev->name);
1304 status = mgmt_bredr_support(hdev);
1306 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1308 if (!lmp_ssp_capable(hdev))
1309 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1310 MGMT_STATUS_NOT_SUPPORTED);
1312 if (cp->val != 0x00 && cp->val != 0x01)
1313 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1314 MGMT_STATUS_INVALID_PARAMS);
1320 if (!hdev_is_powered(hdev)) {
1321 bool changed = false;
1323 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1324 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1328 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1333 err = new_settings(hdev, sk);
1338 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1339 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1344 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1345 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1349 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1355 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1357 mgmt_pending_remove(cmd);
1362 hci_dev_unlock(hdev);
1366 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1368 struct mgmt_mode *cp = data;
1373 BT_DBG("request for %s", hdev->name);
1375 status = mgmt_bredr_support(hdev);
1377 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1379 if (cp->val != 0x00 && cp->val != 0x01)
1380 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1381 MGMT_STATUS_INVALID_PARAMS);
1386 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1388 if (hdev_is_powered(hdev)) {
1389 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1390 MGMT_STATUS_REJECTED);
1394 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1397 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1402 err = new_settings(hdev, sk);
1405 hci_dev_unlock(hdev);
1409 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1411 struct cmd_lookup match = { NULL, hdev };
1414 u8 mgmt_err = mgmt_status(status);
1416 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1421 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1423 new_settings(hdev, match.sk);
1429 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1431 struct mgmt_mode *cp = data;
1432 struct hci_cp_write_le_host_supported hci_cp;
1433 struct pending_cmd *cmd;
1434 struct hci_request req;
1438 BT_DBG("request for %s", hdev->name);
1440 if (!lmp_le_capable(hdev))
1441 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1442 MGMT_STATUS_NOT_SUPPORTED);
1444 if (cp->val != 0x00 && cp->val != 0x01)
1445 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1446 MGMT_STATUS_INVALID_PARAMS);
1448 /* LE-only devices do not allow toggling LE on/off */
1449 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1450 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1451 MGMT_STATUS_REJECTED);
1456 enabled = lmp_host_le_capable(hdev);
1458 if (!hdev_is_powered(hdev) || val == enabled) {
1459 bool changed = false;
1461 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1462 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1466 if (!val && test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
1467 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1471 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1476 err = new_settings(hdev, sk);
1481 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1482 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1483 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1488 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1494 memset(&hci_cp, 0, sizeof(hci_cp));
1498 hci_cp.simul = lmp_le_br_capable(hdev);
1501 hci_req_init(&req, hdev);
1503 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags) && !val)
1504 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
1506 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1509 err = hci_req_run(&req, le_enable_complete);
1511 mgmt_pending_remove(cmd);
1514 hci_dev_unlock(hdev);
1518 /* This is a helper function to test for pending mgmt commands that can
1519 * cause CoD or EIR HCI commands. We can only allow one such pending
1520 * mgmt command at a time since otherwise we cannot easily track what
1521 * the current values are, will be, and based on that calculate if a new
1522 * HCI command needs to be sent and if yes with what value.
1524 static bool pending_eir_or_class(struct hci_dev *hdev)
1526 struct pending_cmd *cmd;
1528 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1529 switch (cmd->opcode) {
1530 case MGMT_OP_ADD_UUID:
1531 case MGMT_OP_REMOVE_UUID:
1532 case MGMT_OP_SET_DEV_CLASS:
1533 case MGMT_OP_SET_POWERED:
1541 static const u8 bluetooth_base_uuid[] = {
1542 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1543 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1546 static u8 get_uuid_size(const u8 *uuid)
1550 if (memcmp(uuid, bluetooth_base_uuid, 12))
1553 val = get_unaligned_le32(&uuid[12]);
1560 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1562 struct pending_cmd *cmd;
1566 cmd = mgmt_pending_find(mgmt_op, hdev);
1570 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1571 hdev->dev_class, 3);
1573 mgmt_pending_remove(cmd);
1576 hci_dev_unlock(hdev);
1579 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1581 BT_DBG("status 0x%02x", status);
1583 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1586 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1588 struct mgmt_cp_add_uuid *cp = data;
1589 struct pending_cmd *cmd;
1590 struct hci_request req;
1591 struct bt_uuid *uuid;
1594 BT_DBG("request for %s", hdev->name);
1598 if (pending_eir_or_class(hdev)) {
1599 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1604 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1610 memcpy(uuid->uuid, cp->uuid, 16);
1611 uuid->svc_hint = cp->svc_hint;
1612 uuid->size = get_uuid_size(cp->uuid);
1614 list_add_tail(&uuid->list, &hdev->uuids);
1616 hci_req_init(&req, hdev);
1621 err = hci_req_run(&req, add_uuid_complete);
1623 if (err != -ENODATA)
1626 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1627 hdev->dev_class, 3);
1631 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1640 hci_dev_unlock(hdev);
1644 static bool enable_service_cache(struct hci_dev *hdev)
1646 if (!hdev_is_powered(hdev))
1649 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1650 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1658 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1660 BT_DBG("status 0x%02x", status);
1662 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1665 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1668 struct mgmt_cp_remove_uuid *cp = data;
1669 struct pending_cmd *cmd;
1670 struct bt_uuid *match, *tmp;
1671 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1672 struct hci_request req;
1675 BT_DBG("request for %s", hdev->name);
1679 if (pending_eir_or_class(hdev)) {
1680 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1685 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1686 err = hci_uuids_clear(hdev);
1688 if (enable_service_cache(hdev)) {
1689 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1690 0, hdev->dev_class, 3);
1699 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1700 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1703 list_del(&match->list);
1709 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1710 MGMT_STATUS_INVALID_PARAMS);
1715 hci_req_init(&req, hdev);
1720 err = hci_req_run(&req, remove_uuid_complete);
1722 if (err != -ENODATA)
1725 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1726 hdev->dev_class, 3);
1730 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1739 hci_dev_unlock(hdev);
1743 static void set_class_complete(struct hci_dev *hdev, u8 status)
1745 BT_DBG("status 0x%02x", status);
1747 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1750 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1753 struct mgmt_cp_set_dev_class *cp = data;
1754 struct pending_cmd *cmd;
1755 struct hci_request req;
1758 BT_DBG("request for %s", hdev->name);
1760 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1761 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1762 MGMT_STATUS_NOT_SUPPORTED);
1766 if (pending_eir_or_class(hdev)) {
1767 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1772 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1773 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1774 MGMT_STATUS_INVALID_PARAMS);
1778 hdev->major_class = cp->major;
1779 hdev->minor_class = cp->minor;
1781 if (!hdev_is_powered(hdev)) {
1782 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1783 hdev->dev_class, 3);
1787 hci_req_init(&req, hdev);
1789 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1790 hci_dev_unlock(hdev);
1791 cancel_delayed_work_sync(&hdev->service_cache);
1798 err = hci_req_run(&req, set_class_complete);
1800 if (err != -ENODATA)
1803 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1804 hdev->dev_class, 3);
1808 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1817 hci_dev_unlock(hdev);
1821 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1824 struct mgmt_cp_load_link_keys *cp = data;
1825 u16 key_count, expected_len;
1828 BT_DBG("request for %s", hdev->name);
1830 if (!lmp_bredr_capable(hdev))
1831 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1832 MGMT_STATUS_NOT_SUPPORTED);
1834 key_count = __le16_to_cpu(cp->key_count);
1836 expected_len = sizeof(*cp) + key_count *
1837 sizeof(struct mgmt_link_key_info);
1838 if (expected_len != len) {
1839 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1841 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1842 MGMT_STATUS_INVALID_PARAMS);
1845 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1846 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1847 MGMT_STATUS_INVALID_PARAMS);
1849 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1852 for (i = 0; i < key_count; i++) {
1853 struct mgmt_link_key_info *key = &cp->keys[i];
1855 if (key->addr.type != BDADDR_BREDR)
1856 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1857 MGMT_STATUS_INVALID_PARAMS);
1862 hci_link_keys_clear(hdev);
1865 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1867 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1869 for (i = 0; i < key_count; i++) {
1870 struct mgmt_link_key_info *key = &cp->keys[i];
1872 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1873 key->type, key->pin_len);
1876 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1878 hci_dev_unlock(hdev);
1883 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1884 u8 addr_type, struct sock *skip_sk)
1886 struct mgmt_ev_device_unpaired ev;
1888 bacpy(&ev.addr.bdaddr, bdaddr);
1889 ev.addr.type = addr_type;
1891 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1895 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1898 struct mgmt_cp_unpair_device *cp = data;
1899 struct mgmt_rp_unpair_device rp;
1900 struct hci_cp_disconnect dc;
1901 struct pending_cmd *cmd;
1902 struct hci_conn *conn;
1905 memset(&rp, 0, sizeof(rp));
1906 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1907 rp.addr.type = cp->addr.type;
1909 if (!bdaddr_type_is_valid(cp->addr.type))
1910 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1911 MGMT_STATUS_INVALID_PARAMS,
1914 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1915 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1916 MGMT_STATUS_INVALID_PARAMS,
1921 if (!hdev_is_powered(hdev)) {
1922 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1923 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1927 if (cp->addr.type == BDADDR_BREDR)
1928 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1930 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1933 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1934 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1938 if (cp->disconnect) {
1939 if (cp->addr.type == BDADDR_BREDR)
1940 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1943 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1950 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1952 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1956 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1963 dc.handle = cpu_to_le16(conn->handle);
1964 dc.reason = 0x13; /* Remote User Terminated Connection */
1965 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1967 mgmt_pending_remove(cmd);
1970 hci_dev_unlock(hdev);
1974 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1977 struct mgmt_cp_disconnect *cp = data;
1978 struct mgmt_rp_disconnect rp;
1979 struct hci_cp_disconnect dc;
1980 struct pending_cmd *cmd;
1981 struct hci_conn *conn;
1986 memset(&rp, 0, sizeof(rp));
1987 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1988 rp.addr.type = cp->addr.type;
1990 if (!bdaddr_type_is_valid(cp->addr.type))
1991 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1992 MGMT_STATUS_INVALID_PARAMS,
1997 if (!test_bit(HCI_UP, &hdev->flags)) {
1998 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1999 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2003 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2004 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2005 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2009 if (cp->addr.type == BDADDR_BREDR)
2010 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2013 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2015 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2016 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2017 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2021 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2027 dc.handle = cpu_to_le16(conn->handle);
2028 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2030 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2032 mgmt_pending_remove(cmd);
2035 hci_dev_unlock(hdev);
2039 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2041 switch (link_type) {
2043 switch (addr_type) {
2044 case ADDR_LE_DEV_PUBLIC:
2045 return BDADDR_LE_PUBLIC;
2048 /* Fallback to LE Random address type */
2049 return BDADDR_LE_RANDOM;
2053 /* Fallback to BR/EDR type */
2054 return BDADDR_BREDR;
2058 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2061 struct mgmt_rp_get_connections *rp;
2071 if (!hdev_is_powered(hdev)) {
2072 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2073 MGMT_STATUS_NOT_POWERED);
2078 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2079 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2083 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2084 rp = kmalloc(rp_len, GFP_KERNEL);
2091 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2092 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2094 bacpy(&rp->addr[i].bdaddr, &c->dst);
2095 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2096 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2101 rp->conn_count = cpu_to_le16(i);
2103 /* Recalculate length in case of filtered SCO connections, etc */
2104 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2106 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2112 hci_dev_unlock(hdev);
2116 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2117 struct mgmt_cp_pin_code_neg_reply *cp)
2119 struct pending_cmd *cmd;
2122 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2127 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2128 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2130 mgmt_pending_remove(cmd);
2135 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2138 struct hci_conn *conn;
2139 struct mgmt_cp_pin_code_reply *cp = data;
2140 struct hci_cp_pin_code_reply reply;
2141 struct pending_cmd *cmd;
2148 if (!hdev_is_powered(hdev)) {
2149 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2150 MGMT_STATUS_NOT_POWERED);
2154 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2156 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2157 MGMT_STATUS_NOT_CONNECTED);
2161 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2162 struct mgmt_cp_pin_code_neg_reply ncp;
2164 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2166 BT_ERR("PIN code is not 16 bytes long");
2168 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2170 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2171 MGMT_STATUS_INVALID_PARAMS);
2176 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2182 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2183 reply.pin_len = cp->pin_len;
2184 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2186 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2188 mgmt_pending_remove(cmd);
2191 hci_dev_unlock(hdev);
2195 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2198 struct mgmt_cp_set_io_capability *cp = data;
2204 hdev->io_capability = cp->io_capability;
2206 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2207 hdev->io_capability);
2209 hci_dev_unlock(hdev);
2211 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2215 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2217 struct hci_dev *hdev = conn->hdev;
2218 struct pending_cmd *cmd;
2220 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2221 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2224 if (cmd->user_data != conn)
2233 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2235 struct mgmt_rp_pair_device rp;
2236 struct hci_conn *conn = cmd->user_data;
2238 bacpy(&rp.addr.bdaddr, &conn->dst);
2239 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2241 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2244 /* So we don't get further callbacks for this connection */
2245 conn->connect_cfm_cb = NULL;
2246 conn->security_cfm_cb = NULL;
2247 conn->disconn_cfm_cb = NULL;
2249 hci_conn_drop(conn);
2251 mgmt_pending_remove(cmd);
2254 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2256 struct pending_cmd *cmd;
2258 BT_DBG("status %u", status);
2260 cmd = find_pairing(conn);
2262 BT_DBG("Unable to find a pending command");
2264 pairing_complete(cmd, mgmt_status(status));
2267 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2269 struct pending_cmd *cmd;
2271 BT_DBG("status %u", status);
2276 cmd = find_pairing(conn);
2278 BT_DBG("Unable to find a pending command");
2280 pairing_complete(cmd, mgmt_status(status));
2283 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2286 struct mgmt_cp_pair_device *cp = data;
2287 struct mgmt_rp_pair_device rp;
2288 struct pending_cmd *cmd;
2289 u8 sec_level, auth_type;
2290 struct hci_conn *conn;
2295 memset(&rp, 0, sizeof(rp));
2296 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2297 rp.addr.type = cp->addr.type;
2299 if (!bdaddr_type_is_valid(cp->addr.type))
2300 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2301 MGMT_STATUS_INVALID_PARAMS,
2306 if (!hdev_is_powered(hdev)) {
2307 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2308 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2312 sec_level = BT_SECURITY_MEDIUM;
2313 if (cp->io_cap == 0x03)
2314 auth_type = HCI_AT_DEDICATED_BONDING;
2316 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2318 if (cp->addr.type == BDADDR_BREDR)
2319 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2320 cp->addr.type, sec_level, auth_type);
2322 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2323 cp->addr.type, sec_level, auth_type);
2328 if (PTR_ERR(conn) == -EBUSY)
2329 status = MGMT_STATUS_BUSY;
2331 status = MGMT_STATUS_CONNECT_FAILED;
2333 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2339 if (conn->connect_cfm_cb) {
2340 hci_conn_drop(conn);
2341 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2342 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2346 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2349 hci_conn_drop(conn);
2353 /* For LE, just connecting isn't a proof that the pairing finished */
2354 if (cp->addr.type == BDADDR_BREDR)
2355 conn->connect_cfm_cb = pairing_complete_cb;
2357 conn->connect_cfm_cb = le_connect_complete_cb;
2359 conn->security_cfm_cb = pairing_complete_cb;
2360 conn->disconn_cfm_cb = pairing_complete_cb;
2361 conn->io_capability = cp->io_cap;
2362 cmd->user_data = conn;
2364 if (conn->state == BT_CONNECTED &&
2365 hci_conn_security(conn, sec_level, auth_type))
2366 pairing_complete(cmd, 0);
2371 hci_dev_unlock(hdev);
2375 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2378 struct mgmt_addr_info *addr = data;
2379 struct pending_cmd *cmd;
2380 struct hci_conn *conn;
2387 if (!hdev_is_powered(hdev)) {
2388 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2389 MGMT_STATUS_NOT_POWERED);
2393 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2395 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2396 MGMT_STATUS_INVALID_PARAMS);
2400 conn = cmd->user_data;
2402 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2403 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2404 MGMT_STATUS_INVALID_PARAMS);
2408 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2410 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2411 addr, sizeof(*addr));
2413 hci_dev_unlock(hdev);
2417 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2418 struct mgmt_addr_info *addr, u16 mgmt_op,
2419 u16 hci_op, __le32 passkey)
2421 struct pending_cmd *cmd;
2422 struct hci_conn *conn;
2427 if (!hdev_is_powered(hdev)) {
2428 err = cmd_complete(sk, hdev->id, mgmt_op,
2429 MGMT_STATUS_NOT_POWERED, addr,
2434 if (addr->type == BDADDR_BREDR)
2435 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2437 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2440 err = cmd_complete(sk, hdev->id, mgmt_op,
2441 MGMT_STATUS_NOT_CONNECTED, addr,
2446 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2447 /* Continue with pairing via SMP */
2448 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2451 err = cmd_complete(sk, hdev->id, mgmt_op,
2452 MGMT_STATUS_SUCCESS, addr,
2455 err = cmd_complete(sk, hdev->id, mgmt_op,
2456 MGMT_STATUS_FAILED, addr,
2462 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2468 /* Continue with pairing via HCI */
2469 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2470 struct hci_cp_user_passkey_reply cp;
2472 bacpy(&cp.bdaddr, &addr->bdaddr);
2473 cp.passkey = passkey;
2474 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2476 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2480 mgmt_pending_remove(cmd);
2483 hci_dev_unlock(hdev);
2487 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2488 void *data, u16 len)
2490 struct mgmt_cp_pin_code_neg_reply *cp = data;
2494 return user_pairing_resp(sk, hdev, &cp->addr,
2495 MGMT_OP_PIN_CODE_NEG_REPLY,
2496 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2499 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2502 struct mgmt_cp_user_confirm_reply *cp = data;
2506 if (len != sizeof(*cp))
2507 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2508 MGMT_STATUS_INVALID_PARAMS);
2510 return user_pairing_resp(sk, hdev, &cp->addr,
2511 MGMT_OP_USER_CONFIRM_REPLY,
2512 HCI_OP_USER_CONFIRM_REPLY, 0);
2515 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2516 void *data, u16 len)
2518 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2522 return user_pairing_resp(sk, hdev, &cp->addr,
2523 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2524 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2527 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2530 struct mgmt_cp_user_passkey_reply *cp = data;
2534 return user_pairing_resp(sk, hdev, &cp->addr,
2535 MGMT_OP_USER_PASSKEY_REPLY,
2536 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2539 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2540 void *data, u16 len)
2542 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2546 return user_pairing_resp(sk, hdev, &cp->addr,
2547 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2548 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2551 static void update_name(struct hci_request *req)
2553 struct hci_dev *hdev = req->hdev;
2554 struct hci_cp_write_local_name cp;
2556 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2558 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2561 static void set_name_complete(struct hci_dev *hdev, u8 status)
2563 struct mgmt_cp_set_local_name *cp;
2564 struct pending_cmd *cmd;
2566 BT_DBG("status 0x%02x", status);
2570 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2577 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2578 mgmt_status(status));
2580 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2583 mgmt_pending_remove(cmd);
2586 hci_dev_unlock(hdev);
2589 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2592 struct mgmt_cp_set_local_name *cp = data;
2593 struct pending_cmd *cmd;
2594 struct hci_request req;
2601 /* If the old values are the same as the new ones just return a
2602 * direct command complete event.
2604 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2605 !memcmp(hdev->short_name, cp->short_name,
2606 sizeof(hdev->short_name))) {
2607 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2612 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2614 if (!hdev_is_powered(hdev)) {
2615 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2617 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2622 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2628 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2634 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2636 hci_req_init(&req, hdev);
2638 if (lmp_bredr_capable(hdev)) {
2643 if (lmp_le_capable(hdev))
2644 hci_update_ad(&req);
2646 err = hci_req_run(&req, set_name_complete);
2648 mgmt_pending_remove(cmd);
2651 hci_dev_unlock(hdev);
2655 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2656 void *data, u16 data_len)
2658 struct pending_cmd *cmd;
2661 BT_DBG("%s", hdev->name);
2665 if (!hdev_is_powered(hdev)) {
2666 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2667 MGMT_STATUS_NOT_POWERED);
2671 if (!lmp_ssp_capable(hdev)) {
2672 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2673 MGMT_STATUS_NOT_SUPPORTED);
2677 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2678 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2683 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2689 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2691 mgmt_pending_remove(cmd);
2694 hci_dev_unlock(hdev);
2698 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2699 void *data, u16 len)
2701 struct mgmt_cp_add_remote_oob_data *cp = data;
2705 BT_DBG("%s ", hdev->name);
2709 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2712 status = MGMT_STATUS_FAILED;
2714 status = MGMT_STATUS_SUCCESS;
2716 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2717 &cp->addr, sizeof(cp->addr));
2719 hci_dev_unlock(hdev);
2723 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2724 void *data, u16 len)
2726 struct mgmt_cp_remove_remote_oob_data *cp = data;
2730 BT_DBG("%s", hdev->name);
2734 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2736 status = MGMT_STATUS_INVALID_PARAMS;
2738 status = MGMT_STATUS_SUCCESS;
2740 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2741 status, &cp->addr, sizeof(cp->addr));
2743 hci_dev_unlock(hdev);
2747 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2749 struct pending_cmd *cmd;
2753 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2755 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2759 type = hdev->discovery.type;
2761 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2762 &type, sizeof(type));
2763 mgmt_pending_remove(cmd);
2768 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2770 BT_DBG("status %d", status);
2774 mgmt_start_discovery_failed(hdev, status);
2775 hci_dev_unlock(hdev);
2780 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2781 hci_dev_unlock(hdev);
2783 switch (hdev->discovery.type) {
2784 case DISCOV_TYPE_LE:
2785 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2789 case DISCOV_TYPE_INTERLEAVED:
2790 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2791 DISCOV_INTERLEAVED_TIMEOUT);
2794 case DISCOV_TYPE_BREDR:
2798 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2802 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2803 void *data, u16 len)
2805 struct mgmt_cp_start_discovery *cp = data;
2806 struct pending_cmd *cmd;
2807 struct hci_cp_le_set_scan_param param_cp;
2808 struct hci_cp_le_set_scan_enable enable_cp;
2809 struct hci_cp_inquiry inq_cp;
2810 struct hci_request req;
2811 /* General inquiry access code (GIAC) */
2812 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2816 BT_DBG("%s", hdev->name);
2820 if (!hdev_is_powered(hdev)) {
2821 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2822 MGMT_STATUS_NOT_POWERED);
2826 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2827 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2832 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2833 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2838 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2844 hdev->discovery.type = cp->type;
2846 hci_req_init(&req, hdev);
2848 switch (hdev->discovery.type) {
2849 case DISCOV_TYPE_BREDR:
2850 status = mgmt_bredr_support(hdev);
2852 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2854 mgmt_pending_remove(cmd);
2858 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2859 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2861 mgmt_pending_remove(cmd);
2865 hci_inquiry_cache_flush(hdev);
2867 memset(&inq_cp, 0, sizeof(inq_cp));
2868 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
2869 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
2870 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
2873 case DISCOV_TYPE_LE:
2874 case DISCOV_TYPE_INTERLEAVED:
2875 status = mgmt_le_support(hdev);
2877 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2879 mgmt_pending_remove(cmd);
2883 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
2884 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2885 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2886 MGMT_STATUS_NOT_SUPPORTED);
2887 mgmt_pending_remove(cmd);
2891 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
2892 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2893 MGMT_STATUS_REJECTED);
2894 mgmt_pending_remove(cmd);
2898 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2899 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2901 mgmt_pending_remove(cmd);
2905 memset(¶m_cp, 0, sizeof(param_cp));
2906 param_cp.type = LE_SCAN_ACTIVE;
2907 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2908 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
2909 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2912 memset(&enable_cp, 0, sizeof(enable_cp));
2913 enable_cp.enable = LE_SCAN_ENABLE;
2914 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2915 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2920 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2921 MGMT_STATUS_INVALID_PARAMS);
2922 mgmt_pending_remove(cmd);
2926 err = hci_req_run(&req, start_discovery_complete);
2928 mgmt_pending_remove(cmd);
2930 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2933 hci_dev_unlock(hdev);
2937 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2939 struct pending_cmd *cmd;
2942 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2946 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2947 &hdev->discovery.type, sizeof(hdev->discovery.type));
2948 mgmt_pending_remove(cmd);
2953 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2955 BT_DBG("status %d", status);
2960 mgmt_stop_discovery_failed(hdev, status);
2964 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2967 hci_dev_unlock(hdev);
2970 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2973 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2974 struct pending_cmd *cmd;
2975 struct hci_cp_remote_name_req_cancel cp;
2976 struct inquiry_entry *e;
2977 struct hci_request req;
2978 struct hci_cp_le_set_scan_enable enable_cp;
2981 BT_DBG("%s", hdev->name);
2985 if (!hci_discovery_active(hdev)) {
2986 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2987 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2988 sizeof(mgmt_cp->type));
2992 if (hdev->discovery.type != mgmt_cp->type) {
2993 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2994 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2995 sizeof(mgmt_cp->type));
2999 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3005 hci_req_init(&req, hdev);
3007 switch (hdev->discovery.state) {
3008 case DISCOVERY_FINDING:
3009 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3010 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3012 cancel_delayed_work(&hdev->le_scan_disable);
3014 memset(&enable_cp, 0, sizeof(enable_cp));
3015 enable_cp.enable = LE_SCAN_DISABLE;
3016 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3017 sizeof(enable_cp), &enable_cp);
3022 case DISCOVERY_RESOLVING:
3023 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3026 mgmt_pending_remove(cmd);
3027 err = cmd_complete(sk, hdev->id,
3028 MGMT_OP_STOP_DISCOVERY, 0,
3030 sizeof(mgmt_cp->type));
3031 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3035 bacpy(&cp.bdaddr, &e->data.bdaddr);
3036 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3042 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3044 mgmt_pending_remove(cmd);
3045 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3046 MGMT_STATUS_FAILED, &mgmt_cp->type,
3047 sizeof(mgmt_cp->type));
3051 err = hci_req_run(&req, stop_discovery_complete);
3053 mgmt_pending_remove(cmd);
3055 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3058 hci_dev_unlock(hdev);
3062 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3065 struct mgmt_cp_confirm_name *cp = data;
3066 struct inquiry_entry *e;
3069 BT_DBG("%s", hdev->name);
3073 if (!hci_discovery_active(hdev)) {
3074 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3075 MGMT_STATUS_FAILED);
3079 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3081 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3082 MGMT_STATUS_INVALID_PARAMS);
3086 if (cp->name_known) {
3087 e->name_state = NAME_KNOWN;
3090 e->name_state = NAME_NEEDED;
3091 hci_inquiry_cache_update_resolve(hdev, e);
3094 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3098 hci_dev_unlock(hdev);
3102 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3105 struct mgmt_cp_block_device *cp = data;
3109 BT_DBG("%s", hdev->name);
3111 if (!bdaddr_type_is_valid(cp->addr.type))
3112 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3113 MGMT_STATUS_INVALID_PARAMS,
3114 &cp->addr, sizeof(cp->addr));
3118 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3120 status = MGMT_STATUS_FAILED;
3122 status = MGMT_STATUS_SUCCESS;
3124 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3125 &cp->addr, sizeof(cp->addr));
3127 hci_dev_unlock(hdev);
3132 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3135 struct mgmt_cp_unblock_device *cp = data;
3139 BT_DBG("%s", hdev->name);
3141 if (!bdaddr_type_is_valid(cp->addr.type))
3142 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3143 MGMT_STATUS_INVALID_PARAMS,
3144 &cp->addr, sizeof(cp->addr));
3148 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3150 status = MGMT_STATUS_INVALID_PARAMS;
3152 status = MGMT_STATUS_SUCCESS;
3154 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3155 &cp->addr, sizeof(cp->addr));
3157 hci_dev_unlock(hdev);
3162 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3165 struct mgmt_cp_set_device_id *cp = data;
3166 struct hci_request req;
3170 BT_DBG("%s", hdev->name);
3172 source = __le16_to_cpu(cp->source);
3174 if (source > 0x0002)
3175 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3176 MGMT_STATUS_INVALID_PARAMS);
3180 hdev->devid_source = source;
3181 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3182 hdev->devid_product = __le16_to_cpu(cp->product);
3183 hdev->devid_version = __le16_to_cpu(cp->version);
3185 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3187 hci_req_init(&req, hdev);
3189 hci_req_run(&req, NULL);
3191 hci_dev_unlock(hdev);
3196 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3198 struct cmd_lookup match = { NULL, hdev };
3201 u8 mgmt_err = mgmt_status(status);
3203 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3204 cmd_status_rsp, &mgmt_err);
3208 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3211 new_settings(hdev, match.sk);
3217 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3219 struct mgmt_mode *cp = data;
3220 struct pending_cmd *cmd;
3221 struct hci_request req;
3222 u8 val, enabled, status;
3225 BT_DBG("request for %s", hdev->name);
3227 status = mgmt_le_support(hdev);
3229 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3232 if (cp->val != 0x00 && cp->val != 0x01)
3233 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3234 MGMT_STATUS_INVALID_PARAMS);
3239 enabled = test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3241 if (!hdev_is_powered(hdev) || val == enabled) {
3242 bool changed = false;
3244 if (val != test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3245 change_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3249 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3254 err = new_settings(hdev, sk);
3259 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3260 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3261 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3266 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3272 hci_req_init(&req, hdev);
3274 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
3276 err = hci_req_run(&req, set_advertising_complete);
3278 mgmt_pending_remove(cmd);
3281 hci_dev_unlock(hdev);
3285 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3286 void *data, u16 len)
3288 struct mgmt_cp_set_static_address *cp = data;
3291 BT_DBG("%s", hdev->name);
3293 if (!lmp_le_capable(hdev))
3294 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3295 MGMT_STATUS_NOT_SUPPORTED);
3297 if (hdev_is_powered(hdev))
3298 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3299 MGMT_STATUS_REJECTED);
3301 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3302 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3303 return cmd_status(sk, hdev->id,
3304 MGMT_OP_SET_STATIC_ADDRESS,
3305 MGMT_STATUS_INVALID_PARAMS);
3307 /* Two most significant bits shall be set */
3308 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3309 return cmd_status(sk, hdev->id,
3310 MGMT_OP_SET_STATIC_ADDRESS,
3311 MGMT_STATUS_INVALID_PARAMS);
3316 bacpy(&hdev->static_addr, &cp->bdaddr);
3318 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3320 hci_dev_unlock(hdev);
3325 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3327 struct pending_cmd *cmd;
3329 BT_DBG("status 0x%02x", status);
3333 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3338 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3339 mgmt_status(status));
3341 struct mgmt_mode *cp = cmd->param;
3344 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3346 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3348 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3349 new_settings(hdev, cmd->sk);
3352 mgmt_pending_remove(cmd);
3355 hci_dev_unlock(hdev);
3358 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3359 void *data, u16 len)
3361 struct mgmt_mode *cp = data;
3362 struct pending_cmd *cmd;
3363 struct hci_request req;
3366 BT_DBG("%s", hdev->name);
3368 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3369 hdev->hci_ver < BLUETOOTH_VER_1_2)
3370 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3371 MGMT_STATUS_NOT_SUPPORTED);
3373 if (cp->val != 0x00 && cp->val != 0x01)
3374 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3375 MGMT_STATUS_INVALID_PARAMS);
3377 if (!hdev_is_powered(hdev))
3378 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3379 MGMT_STATUS_NOT_POWERED);
3381 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3382 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3383 MGMT_STATUS_REJECTED);
3387 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3388 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3393 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3394 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3399 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3406 hci_req_init(&req, hdev);
3408 write_fast_connectable(&req, cp->val);
3410 err = hci_req_run(&req, fast_connectable_complete);
3412 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3413 MGMT_STATUS_FAILED);
3414 mgmt_pending_remove(cmd);
3418 hci_dev_unlock(hdev);
3423 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3425 struct pending_cmd *cmd;
3427 BT_DBG("status 0x%02x", status);
3431 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3436 u8 mgmt_err = mgmt_status(status);
3438 /* We need to restore the flag if related HCI commands
3441 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3443 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3445 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3446 new_settings(hdev, cmd->sk);
3449 mgmt_pending_remove(cmd);
3452 hci_dev_unlock(hdev);
3455 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3457 struct mgmt_mode *cp = data;
3458 struct pending_cmd *cmd;
3459 struct hci_request req;
3462 BT_DBG("request for %s", hdev->name);
3464 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3465 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3466 MGMT_STATUS_NOT_SUPPORTED);
3468 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3469 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3470 MGMT_STATUS_REJECTED);
3472 if (cp->val != 0x00 && cp->val != 0x01)
3473 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3474 MGMT_STATUS_INVALID_PARAMS);
3478 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3479 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3483 if (!hdev_is_powered(hdev)) {
3485 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3486 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3487 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3488 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3489 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3490 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3493 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3495 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3499 err = new_settings(hdev, sk);
3503 /* Reject disabling when powered on */
3505 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3506 MGMT_STATUS_REJECTED);
3510 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3511 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3516 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3522 /* We need to flip the bit already here so that hci_update_ad
3523 * generates the correct flags.
3525 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3527 hci_req_init(&req, hdev);
3528 hci_update_ad(&req);
3529 err = hci_req_run(&req, set_bredr_complete);
3531 mgmt_pending_remove(cmd);
3534 hci_dev_unlock(hdev);
3538 static bool ltk_is_valid(struct mgmt_ltk_info *key)
3540 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3542 if (key->master != 0x00 && key->master != 0x01)
3544 if (!bdaddr_type_is_le(key->addr.type))
3549 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
3550 void *cp_data, u16 len)
3552 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3553 u16 key_count, expected_len;
3556 key_count = __le16_to_cpu(cp->key_count);
3558 expected_len = sizeof(*cp) + key_count *
3559 sizeof(struct mgmt_ltk_info);
3560 if (expected_len != len) {
3561 BT_ERR("load_keys: expected %u bytes, got %u bytes",
3563 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3564 MGMT_STATUS_INVALID_PARAMS);
3567 BT_DBG("%s key_count %u", hdev->name, key_count);
3569 for (i = 0; i < key_count; i++) {
3570 struct mgmt_ltk_info *key = &cp->keys[i];
3572 if (!ltk_is_valid(key))
3573 return cmd_status(sk, hdev->id,
3574 MGMT_OP_LOAD_LONG_TERM_KEYS,
3575 MGMT_STATUS_INVALID_PARAMS);
3580 hci_smp_ltks_clear(hdev);
3582 for (i = 0; i < key_count; i++) {
3583 struct mgmt_ltk_info *key = &cp->keys[i];
3589 type = HCI_SMP_LTK_SLAVE;
3591 hci_add_ltk(hdev, &key->addr.bdaddr,
3592 bdaddr_to_le(key->addr.type),
3593 type, 0, key->authenticated, key->val,
3594 key->enc_size, key->ediv, key->rand);
3597 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3600 hci_dev_unlock(hdev);
3605 static const struct mgmt_handler {
3606 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3610 } mgmt_handlers[] = {
3611 { NULL }, /* 0x0000 (no command) */
3612 { read_version, false, MGMT_READ_VERSION_SIZE },
3613 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3614 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3615 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3616 { set_powered, false, MGMT_SETTING_SIZE },
3617 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3618 { set_connectable, false, MGMT_SETTING_SIZE },
3619 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3620 { set_pairable, false, MGMT_SETTING_SIZE },
3621 { set_link_security, false, MGMT_SETTING_SIZE },
3622 { set_ssp, false, MGMT_SETTING_SIZE },
3623 { set_hs, false, MGMT_SETTING_SIZE },
3624 { set_le, false, MGMT_SETTING_SIZE },
3625 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3626 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3627 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3628 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3629 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3630 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3631 { disconnect, false, MGMT_DISCONNECT_SIZE },
3632 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3633 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3634 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3635 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3636 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3637 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3638 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3639 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3640 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3641 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3642 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3643 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3644 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3645 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3646 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3647 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3648 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3649 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3650 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
3651 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
3652 { set_advertising, false, MGMT_SETTING_SIZE },
3653 { set_bredr, false, MGMT_SETTING_SIZE },
3654 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
3658 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3662 struct mgmt_hdr *hdr;
3663 u16 opcode, index, len;
3664 struct hci_dev *hdev = NULL;
3665 const struct mgmt_handler *handler;
3668 BT_DBG("got %zu bytes", msglen);
3670 if (msglen < sizeof(*hdr))
3673 buf = kmalloc(msglen, GFP_KERNEL);
3677 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3683 opcode = __le16_to_cpu(hdr->opcode);
3684 index = __le16_to_cpu(hdr->index);
3685 len = __le16_to_cpu(hdr->len);
3687 if (len != msglen - sizeof(*hdr)) {
3692 if (index != MGMT_INDEX_NONE) {
3693 hdev = hci_dev_get(index);
3695 err = cmd_status(sk, index, opcode,
3696 MGMT_STATUS_INVALID_INDEX);
3700 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3701 err = cmd_status(sk, index, opcode,
3702 MGMT_STATUS_INVALID_INDEX);
3707 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
3708 mgmt_handlers[opcode].func == NULL) {
3709 BT_DBG("Unknown op %u", opcode);
3710 err = cmd_status(sk, index, opcode,
3711 MGMT_STATUS_UNKNOWN_COMMAND);
3715 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
3716 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
3717 err = cmd_status(sk, index, opcode,
3718 MGMT_STATUS_INVALID_INDEX);
3722 handler = &mgmt_handlers[opcode];
3724 if ((handler->var_len && len < handler->data_len) ||
3725 (!handler->var_len && len != handler->data_len)) {
3726 err = cmd_status(sk, index, opcode,
3727 MGMT_STATUS_INVALID_PARAMS);
3732 mgmt_init_hdev(sk, hdev);
3734 cp = buf + sizeof(*hdr);
3736 err = handler->func(sk, hdev, cp, len);
3750 int mgmt_index_added(struct hci_dev *hdev)
3752 if (!mgmt_valid_hdev(hdev))
3755 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
3758 int mgmt_index_removed(struct hci_dev *hdev)
3760 u8 status = MGMT_STATUS_INVALID_INDEX;
3762 if (!mgmt_valid_hdev(hdev))
3765 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3767 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
3770 static void set_bredr_scan(struct hci_request *req)
3772 struct hci_dev *hdev = req->hdev;
3775 /* Ensure that fast connectable is disabled. This function will
3776 * not do anything if the page scan parameters are already what
3779 write_fast_connectable(req, false);
3781 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3783 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3784 scan |= SCAN_INQUIRY;
3787 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3790 static void powered_complete(struct hci_dev *hdev, u8 status)
3792 struct cmd_lookup match = { NULL, hdev };
3794 BT_DBG("status 0x%02x", status);
3798 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3800 new_settings(hdev, match.sk);
3802 hci_dev_unlock(hdev);
3808 static int powered_update_hci(struct hci_dev *hdev)
3810 struct hci_request req;
3813 hci_req_init(&req, hdev);
3815 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3816 !lmp_host_ssp_capable(hdev)) {
3819 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
3822 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3823 lmp_bredr_capable(hdev)) {
3824 struct hci_cp_write_le_host_supported cp;
3827 cp.simul = lmp_le_br_capable(hdev);
3829 /* Check first if we already have the right
3830 * host state (host features set)
3832 if (cp.le != lmp_host_le_capable(hdev) ||
3833 cp.simul != lmp_host_le_br_capable(hdev))
3834 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3837 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3838 hci_update_ad(&req);
3841 if (lmp_le_capable(hdev)) {
3842 /* Set random address to static address if configured */
3843 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3844 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3845 &hdev->static_addr);
3848 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3851 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(adv), &adv);
3854 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3855 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
3856 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3857 sizeof(link_sec), &link_sec);
3859 if (lmp_bredr_capable(hdev)) {
3860 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3861 set_bredr_scan(&req);
3867 return hci_req_run(&req, powered_complete);
3870 int mgmt_powered(struct hci_dev *hdev, u8 powered)
3872 struct cmd_lookup match = { NULL, hdev };
3873 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3874 u8 zero_cod[] = { 0, 0, 0 };
3877 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3881 if (powered_update_hci(hdev) == 0)
3884 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3889 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3890 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3892 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3893 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3894 zero_cod, sizeof(zero_cod), NULL);
3897 err = new_settings(hdev, match.sk);
3905 int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3907 struct pending_cmd *cmd;
3910 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3914 if (err == -ERFKILL)
3915 status = MGMT_STATUS_RFKILLED;
3917 status = MGMT_STATUS_FAILED;
3919 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3921 mgmt_pending_remove(cmd);
3926 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3928 struct cmd_lookup match = { NULL, hdev };
3929 bool changed = false;
3933 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3936 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3940 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3944 err = new_settings(hdev, match.sk);
3952 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3954 struct pending_cmd *cmd;
3955 bool changed = false;
3959 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3962 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3966 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
3969 err = new_settings(hdev, cmd ? cmd->sk : NULL);
3974 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3976 u8 mgmt_err = mgmt_status(status);
3978 if (scan & SCAN_PAGE)
3979 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3980 cmd_status_rsp, &mgmt_err);
3982 if (scan & SCAN_INQUIRY)
3983 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3984 cmd_status_rsp, &mgmt_err);
3989 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3992 struct mgmt_ev_new_link_key ev;
3994 memset(&ev, 0, sizeof(ev));
3996 ev.store_hint = persistent;
3997 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3998 ev.key.addr.type = BDADDR_BREDR;
3999 ev.key.type = key->type;
4000 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
4001 ev.key.pin_len = key->pin_len;
4003 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4006 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4008 struct mgmt_ev_new_long_term_key ev;
4010 memset(&ev, 0, sizeof(ev));
4012 ev.store_hint = persistent;
4013 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4014 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4015 ev.key.authenticated = key->authenticated;
4016 ev.key.enc_size = key->enc_size;
4017 ev.key.ediv = key->ediv;
4019 if (key->type == HCI_SMP_LTK)
4022 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4023 memcpy(ev.key.val, key->val, sizeof(key->val));
4025 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4029 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4030 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4034 struct mgmt_ev_device_connected *ev = (void *) buf;
4037 bacpy(&ev->addr.bdaddr, bdaddr);
4038 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4040 ev->flags = __cpu_to_le32(flags);
4043 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4046 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4047 eir_len = eir_append_data(ev->eir, eir_len,
4048 EIR_CLASS_OF_DEV, dev_class, 3);
4050 ev->eir_len = cpu_to_le16(eir_len);
4052 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4053 sizeof(*ev) + eir_len, NULL);
4056 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4058 struct mgmt_cp_disconnect *cp = cmd->param;
4059 struct sock **sk = data;
4060 struct mgmt_rp_disconnect rp;
4062 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4063 rp.addr.type = cp->addr.type;
4065 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4071 mgmt_pending_remove(cmd);
4074 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4076 struct hci_dev *hdev = data;
4077 struct mgmt_cp_unpair_device *cp = cmd->param;
4078 struct mgmt_rp_unpair_device rp;
4080 memset(&rp, 0, sizeof(rp));
4081 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4082 rp.addr.type = cp->addr.type;
4084 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4086 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4088 mgmt_pending_remove(cmd);
4091 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4092 u8 link_type, u8 addr_type, u8 reason)
4094 struct mgmt_ev_device_disconnected ev;
4095 struct sock *sk = NULL;
4098 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4100 bacpy(&ev.addr.bdaddr, bdaddr);
4101 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4104 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
4110 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4116 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4117 u8 link_type, u8 addr_type, u8 status)
4119 struct mgmt_rp_disconnect rp;
4120 struct pending_cmd *cmd;
4123 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4126 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4130 bacpy(&rp.addr.bdaddr, bdaddr);
4131 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4133 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4134 mgmt_status(status), &rp, sizeof(rp));
4136 mgmt_pending_remove(cmd);
4141 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4142 u8 addr_type, u8 status)
4144 struct mgmt_ev_connect_failed ev;
4146 bacpy(&ev.addr.bdaddr, bdaddr);
4147 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4148 ev.status = mgmt_status(status);
4150 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4153 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
4155 struct mgmt_ev_pin_code_request ev;
4157 bacpy(&ev.addr.bdaddr, bdaddr);
4158 ev.addr.type = BDADDR_BREDR;
4161 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4165 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4168 struct pending_cmd *cmd;
4169 struct mgmt_rp_pin_code_reply rp;
4172 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
4176 bacpy(&rp.addr.bdaddr, bdaddr);
4177 rp.addr.type = BDADDR_BREDR;
4179 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4180 mgmt_status(status), &rp, sizeof(rp));
4182 mgmt_pending_remove(cmd);
4187 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4190 struct pending_cmd *cmd;
4191 struct mgmt_rp_pin_code_reply rp;
4194 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
4198 bacpy(&rp.addr.bdaddr, bdaddr);
4199 rp.addr.type = BDADDR_BREDR;
4201 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4202 mgmt_status(status), &rp, sizeof(rp));
4204 mgmt_pending_remove(cmd);
4209 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4210 u8 link_type, u8 addr_type, __le32 value,
4213 struct mgmt_ev_user_confirm_request ev;
4215 BT_DBG("%s", hdev->name);
4217 bacpy(&ev.addr.bdaddr, bdaddr);
4218 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4219 ev.confirm_hint = confirm_hint;
4222 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4226 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4227 u8 link_type, u8 addr_type)
4229 struct mgmt_ev_user_passkey_request ev;
4231 BT_DBG("%s", hdev->name);
4233 bacpy(&ev.addr.bdaddr, bdaddr);
4234 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4236 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
4240 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4241 u8 link_type, u8 addr_type, u8 status,
4244 struct pending_cmd *cmd;
4245 struct mgmt_rp_user_confirm_reply rp;
4248 cmd = mgmt_pending_find(opcode, hdev);
4252 bacpy(&rp.addr.bdaddr, bdaddr);
4253 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4254 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
4257 mgmt_pending_remove(cmd);
4262 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4263 u8 link_type, u8 addr_type, u8 status)
4265 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4266 status, MGMT_OP_USER_CONFIRM_REPLY);
4269 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4270 u8 link_type, u8 addr_type, u8 status)
4272 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4274 MGMT_OP_USER_CONFIRM_NEG_REPLY);
4277 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4278 u8 link_type, u8 addr_type, u8 status)
4280 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4281 status, MGMT_OP_USER_PASSKEY_REPLY);
4284 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4285 u8 link_type, u8 addr_type, u8 status)
4287 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4289 MGMT_OP_USER_PASSKEY_NEG_REPLY);
4292 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4293 u8 link_type, u8 addr_type, u32 passkey,
4296 struct mgmt_ev_passkey_notify ev;
4298 BT_DBG("%s", hdev->name);
4300 bacpy(&ev.addr.bdaddr, bdaddr);
4301 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4302 ev.passkey = __cpu_to_le32(passkey);
4303 ev.entered = entered;
4305 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4308 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4309 u8 addr_type, u8 status)
4311 struct mgmt_ev_auth_failed ev;
4313 bacpy(&ev.addr.bdaddr, bdaddr);
4314 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4315 ev.status = mgmt_status(status);
4317 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
4320 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4322 struct cmd_lookup match = { NULL, hdev };
4323 bool changed = false;
4327 u8 mgmt_err = mgmt_status(status);
4328 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
4329 cmd_status_rsp, &mgmt_err);
4333 if (test_bit(HCI_AUTH, &hdev->flags)) {
4334 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4337 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4341 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
4345 err = new_settings(hdev, match.sk);
4353 static void clear_eir(struct hci_request *req)
4355 struct hci_dev *hdev = req->hdev;
4356 struct hci_cp_write_eir cp;
4358 if (!lmp_ext_inq_capable(hdev))
4361 memset(hdev->eir, 0, sizeof(hdev->eir));
4363 memset(&cp, 0, sizeof(cp));
4365 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
4368 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4370 struct cmd_lookup match = { NULL, hdev };
4371 struct hci_request req;
4372 bool changed = false;
4376 u8 mgmt_err = mgmt_status(status);
4378 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
4380 err = new_settings(hdev, NULL);
4382 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4389 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4392 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4396 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4399 err = new_settings(hdev, match.sk);
4404 hci_req_init(&req, hdev);
4406 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4411 hci_req_run(&req, NULL);
4416 static void sk_lookup(struct pending_cmd *cmd, void *data)
4418 struct cmd_lookup *match = data;
4420 if (match->sk == NULL) {
4421 match->sk = cmd->sk;
4422 sock_hold(match->sk);
4426 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4429 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4432 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4433 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4434 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
4437 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4446 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
4448 struct mgmt_cp_set_local_name ev;
4449 struct pending_cmd *cmd;
4454 memset(&ev, 0, sizeof(ev));
4455 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
4456 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
4458 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
4460 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
4462 /* If this is a HCI command related to powering on the
4463 * HCI dev don't send any mgmt signals.
4465 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4469 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4470 cmd ? cmd->sk : NULL);
4473 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4474 u8 *randomizer, u8 status)
4476 struct pending_cmd *cmd;
4479 BT_DBG("%s status %u", hdev->name, status);
4481 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4486 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4487 mgmt_status(status));
4489 struct mgmt_rp_read_local_oob_data rp;
4491 memcpy(rp.hash, hash, sizeof(rp.hash));
4492 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4494 err = cmd_complete(cmd->sk, hdev->id,
4495 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4499 mgmt_pending_remove(cmd);
4504 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4505 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4506 ssp, u8 *eir, u16 eir_len)
4509 struct mgmt_ev_device_found *ev = (void *) buf;
4512 if (!hci_discovery_active(hdev))
4515 /* Leave 5 bytes for a potential CoD field */
4516 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
4519 memset(buf, 0, sizeof(buf));
4521 bacpy(&ev->addr.bdaddr, bdaddr);
4522 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4525 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
4527 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
4530 memcpy(ev->eir, eir, eir_len);
4532 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4533 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
4536 ev->eir_len = cpu_to_le16(eir_len);
4537 ev_size = sizeof(*ev) + eir_len;
4539 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
4542 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4543 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
4545 struct mgmt_ev_device_found *ev;
4546 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4549 ev = (struct mgmt_ev_device_found *) buf;
4551 memset(buf, 0, sizeof(buf));
4553 bacpy(&ev->addr.bdaddr, bdaddr);
4554 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4557 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
4560 ev->eir_len = cpu_to_le16(eir_len);
4562 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
4563 sizeof(*ev) + eir_len, NULL);
4566 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
4568 struct mgmt_ev_discovering ev;
4569 struct pending_cmd *cmd;
4571 BT_DBG("%s discovering %u", hdev->name, discovering);
4574 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
4576 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4579 u8 type = hdev->discovery.type;
4581 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4583 mgmt_pending_remove(cmd);
4586 memset(&ev, 0, sizeof(ev));
4587 ev.type = hdev->discovery.type;
4588 ev.discovering = discovering;
4590 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
4593 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4595 struct pending_cmd *cmd;
4596 struct mgmt_ev_device_blocked ev;
4598 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
4600 bacpy(&ev.addr.bdaddr, bdaddr);
4601 ev.addr.type = type;
4603 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
4604 cmd ? cmd->sk : NULL);
4607 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4609 struct pending_cmd *cmd;
4610 struct mgmt_ev_device_unblocked ev;
4612 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
4614 bacpy(&ev.addr.bdaddr, bdaddr);
4615 ev.addr.type = type;
4617 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
4618 cmd ? cmd->sk : NULL);
projects / karo-tx-linux.git / blob