2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
36 #define MGMT_VERSION 1
37 #define MGMT_REVISION 4
39 static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
76 MGMT_OP_UNBLOCK_DEVICE,
77 MGMT_OP_SET_DEVICE_ID,
78 MGMT_OP_SET_ADVERTISING,
80 MGMT_OP_SET_STATIC_ADDRESS,
81 MGMT_OP_SET_SCAN_PARAMS,
84 static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
87 MGMT_EV_INDEX_REMOVED,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
100 MGMT_EV_DEVICE_FOUND,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
105 MGMT_EV_PASSKEY_NOTIFY,
108 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
110 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
111 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
114 struct list_head list;
122 /* HCI to MGMT error code conversion table */
123 static u8 mgmt_status_table[] = {
125 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
126 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
127 MGMT_STATUS_FAILED, /* Hardware Failure */
128 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
129 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
130 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
131 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
132 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
133 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
135 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
136 MGMT_STATUS_BUSY, /* Command Disallowed */
137 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
138 MGMT_STATUS_REJECTED, /* Rejected Security */
139 MGMT_STATUS_REJECTED, /* Rejected Personal */
140 MGMT_STATUS_TIMEOUT, /* Host Timeout */
141 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
142 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
143 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
144 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
145 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
146 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
147 MGMT_STATUS_BUSY, /* Repeated Attempts */
148 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
149 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
151 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
152 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
153 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
155 MGMT_STATUS_FAILED, /* Unspecified Error */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
157 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
158 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
159 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
160 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
161 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
162 MGMT_STATUS_FAILED, /* Unit Link Key Used */
163 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
164 MGMT_STATUS_TIMEOUT, /* Instant Passed */
165 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
166 MGMT_STATUS_FAILED, /* Transaction Collision */
167 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
168 MGMT_STATUS_REJECTED, /* QoS Rejected */
169 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
170 MGMT_STATUS_REJECTED, /* Insufficient Security */
171 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
172 MGMT_STATUS_BUSY, /* Role Switch Pending */
173 MGMT_STATUS_FAILED, /* Slot Violation */
174 MGMT_STATUS_FAILED, /* Role Switch Failed */
175 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
176 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
177 MGMT_STATUS_BUSY, /* Host Busy Pairing */
178 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
179 MGMT_STATUS_BUSY, /* Controller Busy */
180 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
181 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
182 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
184 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
187 static u8 mgmt_status(u8 hci_status)
189 if (hci_status < ARRAY_SIZE(mgmt_status_table))
190 return mgmt_status_table[hci_status];
192 return MGMT_STATUS_FAILED;
195 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
198 struct mgmt_hdr *hdr;
199 struct mgmt_ev_cmd_status *ev;
202 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
204 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
208 hdr = (void *) skb_put(skb, sizeof(*hdr));
210 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
211 hdr->index = cpu_to_le16(index);
212 hdr->len = cpu_to_le16(sizeof(*ev));
214 ev = (void *) skb_put(skb, sizeof(*ev));
216 ev->opcode = cpu_to_le16(cmd);
218 err = sock_queue_rcv_skb(sk, skb);
225 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
226 void *rp, size_t rp_len)
229 struct mgmt_hdr *hdr;
230 struct mgmt_ev_cmd_complete *ev;
233 BT_DBG("sock %p", sk);
235 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
239 hdr = (void *) skb_put(skb, sizeof(*hdr));
241 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
242 hdr->index = cpu_to_le16(index);
243 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
245 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
246 ev->opcode = cpu_to_le16(cmd);
250 memcpy(ev->data, rp, rp_len);
252 err = sock_queue_rcv_skb(sk, skb);
259 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
262 struct mgmt_rp_read_version rp;
264 BT_DBG("sock %p", sk);
266 rp.version = MGMT_VERSION;
267 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
269 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
273 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
276 struct mgmt_rp_read_commands *rp;
277 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
278 const u16 num_events = ARRAY_SIZE(mgmt_events);
283 BT_DBG("sock %p", sk);
285 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
287 rp = kmalloc(rp_size, GFP_KERNEL);
291 rp->num_commands = __constant_cpu_to_le16(num_commands);
292 rp->num_events = __constant_cpu_to_le16(num_events);
294 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
295 put_unaligned_le16(mgmt_commands[i], opcode);
297 for (i = 0; i < num_events; i++, opcode++)
298 put_unaligned_le16(mgmt_events[i], opcode);
300 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
307 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
310 struct mgmt_rp_read_index_list *rp;
316 BT_DBG("sock %p", sk);
318 read_lock(&hci_dev_list_lock);
321 list_for_each_entry(d, &hci_dev_list, list) {
322 if (d->dev_type == HCI_BREDR)
326 rp_len = sizeof(*rp) + (2 * count);
327 rp = kmalloc(rp_len, GFP_ATOMIC);
329 read_unlock(&hci_dev_list_lock);
334 list_for_each_entry(d, &hci_dev_list, list) {
335 if (test_bit(HCI_SETUP, &d->dev_flags))
338 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
341 if (d->dev_type == HCI_BREDR) {
342 rp->index[count++] = cpu_to_le16(d->id);
343 BT_DBG("Added hci%u", d->id);
347 rp->num_controllers = cpu_to_le16(count);
348 rp_len = sizeof(*rp) + (2 * count);
350 read_unlock(&hci_dev_list_lock);
352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
360 static u32 get_supported_settings(struct hci_dev *hdev)
364 settings |= MGMT_SETTING_POWERED;
365 settings |= MGMT_SETTING_PAIRABLE;
367 if (lmp_bredr_capable(hdev)) {
368 settings |= MGMT_SETTING_CONNECTABLE;
369 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
370 settings |= MGMT_SETTING_FAST_CONNECTABLE;
371 settings |= MGMT_SETTING_DISCOVERABLE;
372 settings |= MGMT_SETTING_BREDR;
373 settings |= MGMT_SETTING_LINK_SECURITY;
375 if (lmp_ssp_capable(hdev)) {
376 settings |= MGMT_SETTING_SSP;
377 settings |= MGMT_SETTING_HS;
381 if (lmp_le_capable(hdev)) {
382 settings |= MGMT_SETTING_LE;
383 settings |= MGMT_SETTING_ADVERTISING;
389 static u32 get_current_settings(struct hci_dev *hdev)
393 if (hdev_is_powered(hdev))
394 settings |= MGMT_SETTING_POWERED;
396 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
397 settings |= MGMT_SETTING_CONNECTABLE;
399 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_FAST_CONNECTABLE;
402 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
403 settings |= MGMT_SETTING_DISCOVERABLE;
405 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
406 settings |= MGMT_SETTING_PAIRABLE;
408 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
409 settings |= MGMT_SETTING_BREDR;
411 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
412 settings |= MGMT_SETTING_LE;
414 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
415 settings |= MGMT_SETTING_LINK_SECURITY;
417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
418 settings |= MGMT_SETTING_SSP;
420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_HS;
423 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
424 settings |= MGMT_SETTING_ADVERTISING;
429 #define PNP_INFO_SVCLASS_ID 0x1200
431 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
433 u8 *ptr = data, *uuids_start = NULL;
434 struct bt_uuid *uuid;
439 list_for_each_entry(uuid, &hdev->uuids, list) {
442 if (uuid->size != 16)
445 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
449 if (uuid16 == PNP_INFO_SVCLASS_ID)
455 uuids_start[1] = EIR_UUID16_ALL;
459 /* Stop if not enough space to put next UUID */
460 if ((ptr - data) + sizeof(u16) > len) {
461 uuids_start[1] = EIR_UUID16_SOME;
465 *ptr++ = (uuid16 & 0x00ff);
466 *ptr++ = (uuid16 & 0xff00) >> 8;
467 uuids_start[0] += sizeof(uuid16);
473 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
475 u8 *ptr = data, *uuids_start = NULL;
476 struct bt_uuid *uuid;
481 list_for_each_entry(uuid, &hdev->uuids, list) {
482 if (uuid->size != 32)
488 uuids_start[1] = EIR_UUID32_ALL;
492 /* Stop if not enough space to put next UUID */
493 if ((ptr - data) + sizeof(u32) > len) {
494 uuids_start[1] = EIR_UUID32_SOME;
498 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
500 uuids_start[0] += sizeof(u32);
506 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
508 u8 *ptr = data, *uuids_start = NULL;
509 struct bt_uuid *uuid;
514 list_for_each_entry(uuid, &hdev->uuids, list) {
515 if (uuid->size != 128)
521 uuids_start[1] = EIR_UUID128_ALL;
525 /* Stop if not enough space to put next UUID */
526 if ((ptr - data) + 16 > len) {
527 uuids_start[1] = EIR_UUID128_SOME;
531 memcpy(ptr, uuid->uuid, 16);
533 uuids_start[0] += 16;
539 static u8 create_ad(struct hci_dev *hdev, u8 *ptr)
541 u8 ad_len = 0, flags = 0;
544 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
545 flags |= LE_AD_GENERAL;
547 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
548 if (lmp_le_br_capable(hdev))
549 flags |= LE_AD_SIM_LE_BREDR_CTRL;
550 if (lmp_host_le_br_capable(hdev))
551 flags |= LE_AD_SIM_LE_BREDR_HOST;
553 flags |= LE_AD_NO_BREDR;
557 BT_DBG("adv flags 0x%02x", flags);
567 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
569 ptr[1] = EIR_TX_POWER;
570 ptr[2] = (u8) hdev->adv_tx_power;
576 name_len = strlen(hdev->dev_name);
578 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
580 if (name_len > max_len) {
582 ptr[1] = EIR_NAME_SHORT;
584 ptr[1] = EIR_NAME_COMPLETE;
586 ptr[0] = name_len + 1;
588 memcpy(ptr + 2, hdev->dev_name, name_len);
590 ad_len += (name_len + 2);
591 ptr += (name_len + 2);
597 static void update_ad(struct hci_request *req)
599 struct hci_dev *hdev = req->hdev;
600 struct hci_cp_le_set_adv_data cp;
603 if (!lmp_le_capable(hdev))
606 memset(&cp, 0, sizeof(cp));
608 len = create_ad(hdev, cp.data);
610 if (hdev->adv_data_len == len &&
611 memcmp(cp.data, hdev->adv_data, len) == 0)
614 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
615 hdev->adv_data_len = len;
619 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
622 static void create_eir(struct hci_dev *hdev, u8 *data)
627 name_len = strlen(hdev->dev_name);
633 ptr[1] = EIR_NAME_SHORT;
635 ptr[1] = EIR_NAME_COMPLETE;
637 /* EIR Data length */
638 ptr[0] = name_len + 1;
640 memcpy(ptr + 2, hdev->dev_name, name_len);
642 ptr += (name_len + 2);
645 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
647 ptr[1] = EIR_TX_POWER;
648 ptr[2] = (u8) hdev->inq_tx_power;
653 if (hdev->devid_source > 0) {
655 ptr[1] = EIR_DEVICE_ID;
657 put_unaligned_le16(hdev->devid_source, ptr + 2);
658 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
659 put_unaligned_le16(hdev->devid_product, ptr + 6);
660 put_unaligned_le16(hdev->devid_version, ptr + 8);
665 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
666 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
667 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
670 static void update_eir(struct hci_request *req)
672 struct hci_dev *hdev = req->hdev;
673 struct hci_cp_write_eir cp;
675 if (!hdev_is_powered(hdev))
678 if (!lmp_ext_inq_capable(hdev))
681 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
684 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
687 memset(&cp, 0, sizeof(cp));
689 create_eir(hdev, cp.data);
691 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
694 memcpy(hdev->eir, cp.data, sizeof(cp.data));
696 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
699 static u8 get_service_classes(struct hci_dev *hdev)
701 struct bt_uuid *uuid;
704 list_for_each_entry(uuid, &hdev->uuids, list)
705 val |= uuid->svc_hint;
710 static void update_class(struct hci_request *req)
712 struct hci_dev *hdev = req->hdev;
715 BT_DBG("%s", hdev->name);
717 if (!hdev_is_powered(hdev))
720 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
723 cod[0] = hdev->minor_class;
724 cod[1] = hdev->major_class;
725 cod[2] = get_service_classes(hdev);
727 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
730 if (memcmp(cod, hdev->dev_class, 3) == 0)
733 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
736 static void service_cache_off(struct work_struct *work)
738 struct hci_dev *hdev = container_of(work, struct hci_dev,
740 struct hci_request req;
742 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
745 hci_req_init(&req, hdev);
752 hci_dev_unlock(hdev);
754 hci_req_run(&req, NULL);
757 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
759 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
762 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
764 /* Non-mgmt controlled devices get this bit set
765 * implicitly so that pairing works for them, however
766 * for mgmt we require user-space to explicitly enable
769 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
772 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
773 void *data, u16 data_len)
775 struct mgmt_rp_read_info rp;
777 BT_DBG("sock %p %s", sk, hdev->name);
781 memset(&rp, 0, sizeof(rp));
783 bacpy(&rp.bdaddr, &hdev->bdaddr);
785 rp.version = hdev->hci_ver;
786 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
788 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
789 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
791 memcpy(rp.dev_class, hdev->dev_class, 3);
793 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
794 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
796 hci_dev_unlock(hdev);
798 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
802 static void mgmt_pending_free(struct pending_cmd *cmd)
809 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
810 struct hci_dev *hdev, void *data,
813 struct pending_cmd *cmd;
815 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
819 cmd->opcode = opcode;
820 cmd->index = hdev->id;
822 cmd->param = kmalloc(len, GFP_KERNEL);
829 memcpy(cmd->param, data, len);
834 list_add(&cmd->list, &hdev->mgmt_pending);
839 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
840 void (*cb)(struct pending_cmd *cmd,
844 struct pending_cmd *cmd, *tmp;
846 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
847 if (opcode > 0 && cmd->opcode != opcode)
854 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
856 struct pending_cmd *cmd;
858 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
859 if (cmd->opcode == opcode)
866 static void mgmt_pending_remove(struct pending_cmd *cmd)
868 list_del(&cmd->list);
869 mgmt_pending_free(cmd);
872 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
874 __le32 settings = cpu_to_le32(get_current_settings(hdev));
876 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
880 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
883 struct mgmt_mode *cp = data;
884 struct pending_cmd *cmd;
887 BT_DBG("request for %s", hdev->name);
889 if (cp->val != 0x00 && cp->val != 0x01)
890 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
891 MGMT_STATUS_INVALID_PARAMS);
895 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
896 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
901 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
902 cancel_delayed_work(&hdev->power_off);
905 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
907 err = mgmt_powered(hdev, 1);
912 if (!!cp->val == hdev_is_powered(hdev)) {
913 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
917 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
924 queue_work(hdev->req_workqueue, &hdev->power_on);
926 queue_work(hdev->req_workqueue, &hdev->power_off.work);
931 hci_dev_unlock(hdev);
935 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
936 struct sock *skip_sk)
939 struct mgmt_hdr *hdr;
941 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
945 hdr = (void *) skb_put(skb, sizeof(*hdr));
946 hdr->opcode = cpu_to_le16(event);
948 hdr->index = cpu_to_le16(hdev->id);
950 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
951 hdr->len = cpu_to_le16(data_len);
954 memcpy(skb_put(skb, data_len), data, data_len);
957 __net_timestamp(skb);
959 hci_send_to_control(skb, skip_sk);
965 static int new_settings(struct hci_dev *hdev, struct sock *skip)
969 ev = cpu_to_le32(get_current_settings(hdev));
971 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
976 struct hci_dev *hdev;
980 static void settings_rsp(struct pending_cmd *cmd, void *data)
982 struct cmd_lookup *match = data;
984 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
986 list_del(&cmd->list);
988 if (match->sk == NULL) {
990 sock_hold(match->sk);
993 mgmt_pending_free(cmd);
996 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1000 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1001 mgmt_pending_remove(cmd);
1004 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1006 if (!lmp_bredr_capable(hdev))
1007 return MGMT_STATUS_NOT_SUPPORTED;
1008 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1009 return MGMT_STATUS_REJECTED;
1011 return MGMT_STATUS_SUCCESS;
1014 static u8 mgmt_le_support(struct hci_dev *hdev)
1016 if (!lmp_le_capable(hdev))
1017 return MGMT_STATUS_NOT_SUPPORTED;
1018 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1019 return MGMT_STATUS_REJECTED;
1021 return MGMT_STATUS_SUCCESS;
1024 static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1026 struct pending_cmd *cmd;
1027 struct mgmt_mode *cp;
1028 struct hci_request req;
1031 BT_DBG("status 0x%02x", status);
1035 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1040 u8 mgmt_err = mgmt_status(status);
1041 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1047 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1050 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1053 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1056 new_settings(hdev, cmd->sk);
1058 /* When the discoverable mode gets changed, make sure
1059 * that class of device has the limited discoverable
1060 * bit correctly set.
1062 hci_req_init(&req, hdev);
1064 hci_req_run(&req, NULL);
1067 mgmt_pending_remove(cmd);
1070 hci_dev_unlock(hdev);
1073 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1076 struct mgmt_cp_set_discoverable *cp = data;
1077 struct pending_cmd *cmd;
1078 struct hci_request req;
1083 BT_DBG("request for %s", hdev->name);
1085 status = mgmt_bredr_support(hdev);
1087 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1090 if (cp->val != 0x00 && cp->val != 0x01)
1091 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1092 MGMT_STATUS_INVALID_PARAMS);
1094 timeout = __le16_to_cpu(cp->timeout);
1095 if (!cp->val && timeout > 0)
1096 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1097 MGMT_STATUS_INVALID_PARAMS);
1101 if (!hdev_is_powered(hdev) && timeout > 0) {
1102 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1103 MGMT_STATUS_NOT_POWERED);
1107 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1108 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1109 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1114 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1115 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1116 MGMT_STATUS_REJECTED);
1120 if (!hdev_is_powered(hdev)) {
1121 bool changed = false;
1123 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1124 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1128 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1133 err = new_settings(hdev, sk);
1138 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1139 if (hdev->discov_timeout > 0) {
1140 cancel_delayed_work(&hdev->discov_off);
1141 hdev->discov_timeout = 0;
1144 if (cp->val && timeout > 0) {
1145 hdev->discov_timeout = timeout;
1146 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1147 msecs_to_jiffies(hdev->discov_timeout * 1000));
1150 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1154 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1160 hci_req_init(&req, hdev);
1165 scan |= SCAN_INQUIRY;
1167 cancel_delayed_work(&hdev->discov_off);
1169 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1171 err = hci_req_run(&req, set_discoverable_complete);
1173 mgmt_pending_remove(cmd);
1176 hdev->discov_timeout = timeout;
1179 hci_dev_unlock(hdev);
1183 static void write_fast_connectable(struct hci_request *req, bool enable)
1185 struct hci_dev *hdev = req->hdev;
1186 struct hci_cp_write_page_scan_activity acp;
1189 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1193 type = PAGE_SCAN_TYPE_INTERLACED;
1195 /* 160 msec page scan interval */
1196 acp.interval = __constant_cpu_to_le16(0x0100);
1198 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1200 /* default 1.28 sec page scan */
1201 acp.interval = __constant_cpu_to_le16(0x0800);
1204 acp.window = __constant_cpu_to_le16(0x0012);
1206 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1207 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1208 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1211 if (hdev->page_scan_type != type)
1212 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1215 static u8 get_adv_type(struct hci_dev *hdev)
1217 struct pending_cmd *cmd;
1220 /* If there's a pending mgmt command the flag will not yet have
1221 * it's final value, so check for this first.
1223 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1225 struct mgmt_mode *cp = cmd->param;
1226 connectable = !!cp->val;
1228 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1231 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1234 static void enable_advertising(struct hci_request *req)
1236 struct hci_dev *hdev = req->hdev;
1237 struct hci_cp_le_set_adv_param cp;
1240 memset(&cp, 0, sizeof(cp));
1241 cp.min_interval = __constant_cpu_to_le16(0x0800);
1242 cp.max_interval = __constant_cpu_to_le16(0x0800);
1243 cp.type = get_adv_type(hdev);
1244 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1245 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1247 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1248 cp.channel_map = 0x07;
1250 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1252 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1255 static void disable_advertising(struct hci_request *req)
1259 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1262 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1264 struct pending_cmd *cmd;
1265 struct mgmt_mode *cp;
1268 BT_DBG("status 0x%02x", status);
1272 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1277 u8 mgmt_err = mgmt_status(status);
1278 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1284 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1286 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1288 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1291 new_settings(hdev, cmd->sk);
1294 mgmt_pending_remove(cmd);
1297 hci_dev_unlock(hdev);
1300 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1303 struct mgmt_mode *cp = data;
1304 struct pending_cmd *cmd;
1305 struct hci_request req;
1309 BT_DBG("request for %s", hdev->name);
1311 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1312 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1313 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1314 MGMT_STATUS_REJECTED);
1316 if (cp->val != 0x00 && cp->val != 0x01)
1317 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1318 MGMT_STATUS_INVALID_PARAMS);
1322 if (!hdev_is_powered(hdev)) {
1323 bool changed = false;
1325 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1329 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1331 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1332 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1335 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1340 err = new_settings(hdev, sk);
1345 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1346 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1347 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1352 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1358 hci_req_init(&req, hdev);
1360 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
1361 cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1367 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1368 hdev->discov_timeout > 0)
1369 cancel_delayed_work(&hdev->discov_off);
1372 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1375 /* If we're going from non-connectable to connectable or
1376 * vice-versa when fast connectable is enabled ensure that fast
1377 * connectable gets disabled. write_fast_connectable won't do
1378 * anything if the page scan parameters are already what they
1381 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1382 write_fast_connectable(&req, false);
1384 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1385 hci_conn_num(hdev, LE_LINK) == 0) {
1386 disable_advertising(&req);
1387 enable_advertising(&req);
1390 err = hci_req_run(&req, set_connectable_complete);
1392 mgmt_pending_remove(cmd);
1393 if (err == -ENODATA)
1394 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE,
1400 hci_dev_unlock(hdev);
1404 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1407 struct mgmt_mode *cp = data;
1411 BT_DBG("request for %s", hdev->name);
1413 if (cp->val != 0x00 && cp->val != 0x01)
1414 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1415 MGMT_STATUS_INVALID_PARAMS);
1420 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1422 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1424 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1429 err = new_settings(hdev, sk);
1432 hci_dev_unlock(hdev);
1436 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1439 struct mgmt_mode *cp = data;
1440 struct pending_cmd *cmd;
1444 BT_DBG("request for %s", hdev->name);
1446 status = mgmt_bredr_support(hdev);
1448 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1451 if (cp->val != 0x00 && cp->val != 0x01)
1452 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1453 MGMT_STATUS_INVALID_PARAMS);
1457 if (!hdev_is_powered(hdev)) {
1458 bool changed = false;
1460 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1461 &hdev->dev_flags)) {
1462 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1466 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1471 err = new_settings(hdev, sk);
1476 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1477 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1484 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1485 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1489 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1495 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1497 mgmt_pending_remove(cmd);
1502 hci_dev_unlock(hdev);
1506 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1508 struct mgmt_mode *cp = data;
1509 struct pending_cmd *cmd;
1513 BT_DBG("request for %s", hdev->name);
1515 status = mgmt_bredr_support(hdev);
1517 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1519 if (!lmp_ssp_capable(hdev))
1520 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1521 MGMT_STATUS_NOT_SUPPORTED);
1523 if (cp->val != 0x00 && cp->val != 0x01)
1524 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1525 MGMT_STATUS_INVALID_PARAMS);
1529 if (!hdev_is_powered(hdev)) {
1533 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1536 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1539 changed = test_and_clear_bit(HCI_HS_ENABLED,
1542 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1545 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1550 err = new_settings(hdev, sk);
1555 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1556 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
1557 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1562 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1563 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1567 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1573 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1575 mgmt_pending_remove(cmd);
1580 hci_dev_unlock(hdev);
1584 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1586 struct mgmt_mode *cp = data;
1591 BT_DBG("request for %s", hdev->name);
1593 status = mgmt_bredr_support(hdev);
1595 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1597 if (!lmp_ssp_capable(hdev))
1598 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1599 MGMT_STATUS_NOT_SUPPORTED);
1601 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1602 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1603 MGMT_STATUS_REJECTED);
1605 if (cp->val != 0x00 && cp->val != 0x01)
1606 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1607 MGMT_STATUS_INVALID_PARAMS);
1612 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1614 if (hdev_is_powered(hdev)) {
1615 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1616 MGMT_STATUS_REJECTED);
1620 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1623 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1628 err = new_settings(hdev, sk);
1631 hci_dev_unlock(hdev);
1635 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1637 struct cmd_lookup match = { NULL, hdev };
1640 u8 mgmt_err = mgmt_status(status);
1642 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1647 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1649 new_settings(hdev, match.sk);
1654 /* Make sure the controller has a good default for
1655 * advertising data. Restrict the update to when LE
1656 * has actually been enabled. During power on, the
1657 * update in powered_update_hci will take care of it.
1659 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1660 struct hci_request req;
1664 hci_req_init(&req, hdev);
1666 hci_req_run(&req, NULL);
1668 hci_dev_unlock(hdev);
1672 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1674 struct mgmt_mode *cp = data;
1675 struct hci_cp_write_le_host_supported hci_cp;
1676 struct pending_cmd *cmd;
1677 struct hci_request req;
1681 BT_DBG("request for %s", hdev->name);
1683 if (!lmp_le_capable(hdev))
1684 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1685 MGMT_STATUS_NOT_SUPPORTED);
1687 if (cp->val != 0x00 && cp->val != 0x01)
1688 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1689 MGMT_STATUS_INVALID_PARAMS);
1691 /* LE-only devices do not allow toggling LE on/off */
1692 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1693 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1694 MGMT_STATUS_REJECTED);
1699 enabled = lmp_host_le_capable(hdev);
1701 if (!hdev_is_powered(hdev) || val == enabled) {
1702 bool changed = false;
1704 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1705 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1709 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1710 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1714 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1719 err = new_settings(hdev, sk);
1724 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1725 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1726 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1731 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1737 hci_req_init(&req, hdev);
1739 memset(&hci_cp, 0, sizeof(hci_cp));
1743 hci_cp.simul = lmp_le_br_capable(hdev);
1745 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1746 disable_advertising(&req);
1749 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1752 err = hci_req_run(&req, le_enable_complete);
1754 mgmt_pending_remove(cmd);
1757 hci_dev_unlock(hdev);
1761 /* This is a helper function to test for pending mgmt commands that can
1762 * cause CoD or EIR HCI commands. We can only allow one such pending
1763 * mgmt command at a time since otherwise we cannot easily track what
1764 * the current values are, will be, and based on that calculate if a new
1765 * HCI command needs to be sent and if yes with what value.
1767 static bool pending_eir_or_class(struct hci_dev *hdev)
1769 struct pending_cmd *cmd;
1771 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1772 switch (cmd->opcode) {
1773 case MGMT_OP_ADD_UUID:
1774 case MGMT_OP_REMOVE_UUID:
1775 case MGMT_OP_SET_DEV_CLASS:
1776 case MGMT_OP_SET_POWERED:
1784 static const u8 bluetooth_base_uuid[] = {
1785 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1786 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1789 static u8 get_uuid_size(const u8 *uuid)
1793 if (memcmp(uuid, bluetooth_base_uuid, 12))
1796 val = get_unaligned_le32(&uuid[12]);
1803 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1805 struct pending_cmd *cmd;
1809 cmd = mgmt_pending_find(mgmt_op, hdev);
1813 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1814 hdev->dev_class, 3);
1816 mgmt_pending_remove(cmd);
1819 hci_dev_unlock(hdev);
1822 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1824 BT_DBG("status 0x%02x", status);
1826 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1829 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1831 struct mgmt_cp_add_uuid *cp = data;
1832 struct pending_cmd *cmd;
1833 struct hci_request req;
1834 struct bt_uuid *uuid;
1837 BT_DBG("request for %s", hdev->name);
1841 if (pending_eir_or_class(hdev)) {
1842 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1847 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1853 memcpy(uuid->uuid, cp->uuid, 16);
1854 uuid->svc_hint = cp->svc_hint;
1855 uuid->size = get_uuid_size(cp->uuid);
1857 list_add_tail(&uuid->list, &hdev->uuids);
1859 hci_req_init(&req, hdev);
1864 err = hci_req_run(&req, add_uuid_complete);
1866 if (err != -ENODATA)
1869 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1870 hdev->dev_class, 3);
1874 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1883 hci_dev_unlock(hdev);
1887 static bool enable_service_cache(struct hci_dev *hdev)
1889 if (!hdev_is_powered(hdev))
1892 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1893 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1901 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1903 BT_DBG("status 0x%02x", status);
1905 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1908 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1911 struct mgmt_cp_remove_uuid *cp = data;
1912 struct pending_cmd *cmd;
1913 struct bt_uuid *match, *tmp;
1914 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1915 struct hci_request req;
1918 BT_DBG("request for %s", hdev->name);
1922 if (pending_eir_or_class(hdev)) {
1923 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1928 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1929 err = hci_uuids_clear(hdev);
1931 if (enable_service_cache(hdev)) {
1932 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1933 0, hdev->dev_class, 3);
1942 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1943 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1946 list_del(&match->list);
1952 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1953 MGMT_STATUS_INVALID_PARAMS);
1958 hci_req_init(&req, hdev);
1963 err = hci_req_run(&req, remove_uuid_complete);
1965 if (err != -ENODATA)
1968 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1969 hdev->dev_class, 3);
1973 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1982 hci_dev_unlock(hdev);
1986 static void set_class_complete(struct hci_dev *hdev, u8 status)
1988 BT_DBG("status 0x%02x", status);
1990 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1993 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1996 struct mgmt_cp_set_dev_class *cp = data;
1997 struct pending_cmd *cmd;
1998 struct hci_request req;
2001 BT_DBG("request for %s", hdev->name);
2003 if (!lmp_bredr_capable(hdev))
2004 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2005 MGMT_STATUS_NOT_SUPPORTED);
2009 if (pending_eir_or_class(hdev)) {
2010 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2015 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2016 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2017 MGMT_STATUS_INVALID_PARAMS);
2021 hdev->major_class = cp->major;
2022 hdev->minor_class = cp->minor;
2024 if (!hdev_is_powered(hdev)) {
2025 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2026 hdev->dev_class, 3);
2030 hci_req_init(&req, hdev);
2032 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2033 hci_dev_unlock(hdev);
2034 cancel_delayed_work_sync(&hdev->service_cache);
2041 err = hci_req_run(&req, set_class_complete);
2043 if (err != -ENODATA)
2046 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2047 hdev->dev_class, 3);
2051 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2060 hci_dev_unlock(hdev);
2064 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2067 struct mgmt_cp_load_link_keys *cp = data;
2068 u16 key_count, expected_len;
2071 BT_DBG("request for %s", hdev->name);
2073 if (!lmp_bredr_capable(hdev))
2074 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2075 MGMT_STATUS_NOT_SUPPORTED);
2077 key_count = __le16_to_cpu(cp->key_count);
2079 expected_len = sizeof(*cp) + key_count *
2080 sizeof(struct mgmt_link_key_info);
2081 if (expected_len != len) {
2082 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2084 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2085 MGMT_STATUS_INVALID_PARAMS);
2088 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2089 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2090 MGMT_STATUS_INVALID_PARAMS);
2092 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2095 for (i = 0; i < key_count; i++) {
2096 struct mgmt_link_key_info *key = &cp->keys[i];
2098 if (key->addr.type != BDADDR_BREDR)
2099 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2100 MGMT_STATUS_INVALID_PARAMS);
2105 hci_link_keys_clear(hdev);
2108 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2110 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2112 for (i = 0; i < key_count; i++) {
2113 struct mgmt_link_key_info *key = &cp->keys[i];
2115 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
2116 key->type, key->pin_len);
2119 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2121 hci_dev_unlock(hdev);
2126 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2127 u8 addr_type, struct sock *skip_sk)
2129 struct mgmt_ev_device_unpaired ev;
2131 bacpy(&ev.addr.bdaddr, bdaddr);
2132 ev.addr.type = addr_type;
2134 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2138 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2141 struct mgmt_cp_unpair_device *cp = data;
2142 struct mgmt_rp_unpair_device rp;
2143 struct hci_cp_disconnect dc;
2144 struct pending_cmd *cmd;
2145 struct hci_conn *conn;
2148 memset(&rp, 0, sizeof(rp));
2149 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2150 rp.addr.type = cp->addr.type;
2152 if (!bdaddr_type_is_valid(cp->addr.type))
2153 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2154 MGMT_STATUS_INVALID_PARAMS,
2157 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2158 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2159 MGMT_STATUS_INVALID_PARAMS,
2164 if (!hdev_is_powered(hdev)) {
2165 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2166 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2170 if (cp->addr.type == BDADDR_BREDR)
2171 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2173 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
2176 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2177 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2181 if (cp->disconnect) {
2182 if (cp->addr.type == BDADDR_BREDR)
2183 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2186 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2193 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2195 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2199 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2206 dc.handle = cpu_to_le16(conn->handle);
2207 dc.reason = 0x13; /* Remote User Terminated Connection */
2208 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2210 mgmt_pending_remove(cmd);
2213 hci_dev_unlock(hdev);
2217 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2220 struct mgmt_cp_disconnect *cp = data;
2221 struct mgmt_rp_disconnect rp;
2222 struct hci_cp_disconnect dc;
2223 struct pending_cmd *cmd;
2224 struct hci_conn *conn;
2229 memset(&rp, 0, sizeof(rp));
2230 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2231 rp.addr.type = cp->addr.type;
2233 if (!bdaddr_type_is_valid(cp->addr.type))
2234 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2235 MGMT_STATUS_INVALID_PARAMS,
2240 if (!test_bit(HCI_UP, &hdev->flags)) {
2241 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2242 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2246 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2247 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2248 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2252 if (cp->addr.type == BDADDR_BREDR)
2253 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2256 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2258 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2259 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2260 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2264 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2270 dc.handle = cpu_to_le16(conn->handle);
2271 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2273 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2275 mgmt_pending_remove(cmd);
2278 hci_dev_unlock(hdev);
2282 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2284 switch (link_type) {
2286 switch (addr_type) {
2287 case ADDR_LE_DEV_PUBLIC:
2288 return BDADDR_LE_PUBLIC;
2291 /* Fallback to LE Random address type */
2292 return BDADDR_LE_RANDOM;
2296 /* Fallback to BR/EDR type */
2297 return BDADDR_BREDR;
2301 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2304 struct mgmt_rp_get_connections *rp;
2314 if (!hdev_is_powered(hdev)) {
2315 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2316 MGMT_STATUS_NOT_POWERED);
2321 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2322 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2326 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2327 rp = kmalloc(rp_len, GFP_KERNEL);
2334 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2335 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2337 bacpy(&rp->addr[i].bdaddr, &c->dst);
2338 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2339 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2344 rp->conn_count = cpu_to_le16(i);
2346 /* Recalculate length in case of filtered SCO connections, etc */
2347 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2349 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2355 hci_dev_unlock(hdev);
2359 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2360 struct mgmt_cp_pin_code_neg_reply *cp)
2362 struct pending_cmd *cmd;
2365 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2370 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2371 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2373 mgmt_pending_remove(cmd);
2378 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2381 struct hci_conn *conn;
2382 struct mgmt_cp_pin_code_reply *cp = data;
2383 struct hci_cp_pin_code_reply reply;
2384 struct pending_cmd *cmd;
2391 if (!hdev_is_powered(hdev)) {
2392 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2393 MGMT_STATUS_NOT_POWERED);
2397 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2399 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2400 MGMT_STATUS_NOT_CONNECTED);
2404 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2405 struct mgmt_cp_pin_code_neg_reply ncp;
2407 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2409 BT_ERR("PIN code is not 16 bytes long");
2411 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2413 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2414 MGMT_STATUS_INVALID_PARAMS);
2419 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2425 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2426 reply.pin_len = cp->pin_len;
2427 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2429 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2431 mgmt_pending_remove(cmd);
2434 hci_dev_unlock(hdev);
2438 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2441 struct mgmt_cp_set_io_capability *cp = data;
2447 hdev->io_capability = cp->io_capability;
2449 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2450 hdev->io_capability);
2452 hci_dev_unlock(hdev);
2454 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2458 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2460 struct hci_dev *hdev = conn->hdev;
2461 struct pending_cmd *cmd;
2463 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2464 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2467 if (cmd->user_data != conn)
2476 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2478 struct mgmt_rp_pair_device rp;
2479 struct hci_conn *conn = cmd->user_data;
2481 bacpy(&rp.addr.bdaddr, &conn->dst);
2482 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2484 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2487 /* So we don't get further callbacks for this connection */
2488 conn->connect_cfm_cb = NULL;
2489 conn->security_cfm_cb = NULL;
2490 conn->disconn_cfm_cb = NULL;
2492 hci_conn_drop(conn);
2494 mgmt_pending_remove(cmd);
2497 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2499 struct pending_cmd *cmd;
2501 BT_DBG("status %u", status);
2503 cmd = find_pairing(conn);
2505 BT_DBG("Unable to find a pending command");
2507 pairing_complete(cmd, mgmt_status(status));
2510 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2512 struct pending_cmd *cmd;
2514 BT_DBG("status %u", status);
2519 cmd = find_pairing(conn);
2521 BT_DBG("Unable to find a pending command");
2523 pairing_complete(cmd, mgmt_status(status));
2526 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2529 struct mgmt_cp_pair_device *cp = data;
2530 struct mgmt_rp_pair_device rp;
2531 struct pending_cmd *cmd;
2532 u8 sec_level, auth_type;
2533 struct hci_conn *conn;
2538 memset(&rp, 0, sizeof(rp));
2539 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2540 rp.addr.type = cp->addr.type;
2542 if (!bdaddr_type_is_valid(cp->addr.type))
2543 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2544 MGMT_STATUS_INVALID_PARAMS,
2549 if (!hdev_is_powered(hdev)) {
2550 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2551 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2555 sec_level = BT_SECURITY_MEDIUM;
2556 if (cp->io_cap == 0x03)
2557 auth_type = HCI_AT_DEDICATED_BONDING;
2559 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2561 if (cp->addr.type == BDADDR_BREDR)
2562 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2563 cp->addr.type, sec_level, auth_type);
2565 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2566 cp->addr.type, sec_level, auth_type);
2571 if (PTR_ERR(conn) == -EBUSY)
2572 status = MGMT_STATUS_BUSY;
2574 status = MGMT_STATUS_CONNECT_FAILED;
2576 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2582 if (conn->connect_cfm_cb) {
2583 hci_conn_drop(conn);
2584 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2585 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2589 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2592 hci_conn_drop(conn);
2596 /* For LE, just connecting isn't a proof that the pairing finished */
2597 if (cp->addr.type == BDADDR_BREDR)
2598 conn->connect_cfm_cb = pairing_complete_cb;
2600 conn->connect_cfm_cb = le_connect_complete_cb;
2602 conn->security_cfm_cb = pairing_complete_cb;
2603 conn->disconn_cfm_cb = pairing_complete_cb;
2604 conn->io_capability = cp->io_cap;
2605 cmd->user_data = conn;
2607 if (conn->state == BT_CONNECTED &&
2608 hci_conn_security(conn, sec_level, auth_type))
2609 pairing_complete(cmd, 0);
2614 hci_dev_unlock(hdev);
2618 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2621 struct mgmt_addr_info *addr = data;
2622 struct pending_cmd *cmd;
2623 struct hci_conn *conn;
2630 if (!hdev_is_powered(hdev)) {
2631 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2632 MGMT_STATUS_NOT_POWERED);
2636 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2638 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2639 MGMT_STATUS_INVALID_PARAMS);
2643 conn = cmd->user_data;
2645 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2646 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2647 MGMT_STATUS_INVALID_PARAMS);
2651 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2653 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2654 addr, sizeof(*addr));
2656 hci_dev_unlock(hdev);
2660 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2661 struct mgmt_addr_info *addr, u16 mgmt_op,
2662 u16 hci_op, __le32 passkey)
2664 struct pending_cmd *cmd;
2665 struct hci_conn *conn;
2670 if (!hdev_is_powered(hdev)) {
2671 err = cmd_complete(sk, hdev->id, mgmt_op,
2672 MGMT_STATUS_NOT_POWERED, addr,
2677 if (addr->type == BDADDR_BREDR)
2678 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2680 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2683 err = cmd_complete(sk, hdev->id, mgmt_op,
2684 MGMT_STATUS_NOT_CONNECTED, addr,
2689 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2690 /* Continue with pairing via SMP */
2691 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2694 err = cmd_complete(sk, hdev->id, mgmt_op,
2695 MGMT_STATUS_SUCCESS, addr,
2698 err = cmd_complete(sk, hdev->id, mgmt_op,
2699 MGMT_STATUS_FAILED, addr,
2705 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2711 /* Continue with pairing via HCI */
2712 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2713 struct hci_cp_user_passkey_reply cp;
2715 bacpy(&cp.bdaddr, &addr->bdaddr);
2716 cp.passkey = passkey;
2717 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2719 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2723 mgmt_pending_remove(cmd);
2726 hci_dev_unlock(hdev);
2730 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2731 void *data, u16 len)
2733 struct mgmt_cp_pin_code_neg_reply *cp = data;
2737 return user_pairing_resp(sk, hdev, &cp->addr,
2738 MGMT_OP_PIN_CODE_NEG_REPLY,
2739 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2742 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2745 struct mgmt_cp_user_confirm_reply *cp = data;
2749 if (len != sizeof(*cp))
2750 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2751 MGMT_STATUS_INVALID_PARAMS);
2753 return user_pairing_resp(sk, hdev, &cp->addr,
2754 MGMT_OP_USER_CONFIRM_REPLY,
2755 HCI_OP_USER_CONFIRM_REPLY, 0);
2758 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2759 void *data, u16 len)
2761 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2765 return user_pairing_resp(sk, hdev, &cp->addr,
2766 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2767 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2770 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2773 struct mgmt_cp_user_passkey_reply *cp = data;
2777 return user_pairing_resp(sk, hdev, &cp->addr,
2778 MGMT_OP_USER_PASSKEY_REPLY,
2779 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2782 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2783 void *data, u16 len)
2785 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2789 return user_pairing_resp(sk, hdev, &cp->addr,
2790 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2791 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2794 static void update_name(struct hci_request *req)
2796 struct hci_dev *hdev = req->hdev;
2797 struct hci_cp_write_local_name cp;
2799 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2801 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2804 static void set_name_complete(struct hci_dev *hdev, u8 status)
2806 struct mgmt_cp_set_local_name *cp;
2807 struct pending_cmd *cmd;
2809 BT_DBG("status 0x%02x", status);
2813 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2820 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2821 mgmt_status(status));
2823 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2826 mgmt_pending_remove(cmd);
2829 hci_dev_unlock(hdev);
2832 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2835 struct mgmt_cp_set_local_name *cp = data;
2836 struct pending_cmd *cmd;
2837 struct hci_request req;
2844 /* If the old values are the same as the new ones just return a
2845 * direct command complete event.
2847 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2848 !memcmp(hdev->short_name, cp->short_name,
2849 sizeof(hdev->short_name))) {
2850 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2855 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2857 if (!hdev_is_powered(hdev)) {
2858 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2860 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2865 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2871 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2877 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2879 hci_req_init(&req, hdev);
2881 if (lmp_bredr_capable(hdev)) {
2886 if (lmp_le_capable(hdev))
2889 err = hci_req_run(&req, set_name_complete);
2891 mgmt_pending_remove(cmd);
2894 hci_dev_unlock(hdev);
2898 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2899 void *data, u16 data_len)
2901 struct pending_cmd *cmd;
2904 BT_DBG("%s", hdev->name);
2908 if (!hdev_is_powered(hdev)) {
2909 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2910 MGMT_STATUS_NOT_POWERED);
2914 if (!lmp_ssp_capable(hdev)) {
2915 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2916 MGMT_STATUS_NOT_SUPPORTED);
2920 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2921 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2926 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2932 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2934 mgmt_pending_remove(cmd);
2937 hci_dev_unlock(hdev);
2941 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2942 void *data, u16 len)
2944 struct mgmt_cp_add_remote_oob_data *cp = data;
2948 BT_DBG("%s ", hdev->name);
2952 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2955 status = MGMT_STATUS_FAILED;
2957 status = MGMT_STATUS_SUCCESS;
2959 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2960 &cp->addr, sizeof(cp->addr));
2962 hci_dev_unlock(hdev);
2966 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2967 void *data, u16 len)
2969 struct mgmt_cp_remove_remote_oob_data *cp = data;
2973 BT_DBG("%s", hdev->name);
2977 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2979 status = MGMT_STATUS_INVALID_PARAMS;
2981 status = MGMT_STATUS_SUCCESS;
2983 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2984 status, &cp->addr, sizeof(cp->addr));
2986 hci_dev_unlock(hdev);
2990 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2992 struct pending_cmd *cmd;
2996 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2998 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3002 type = hdev->discovery.type;
3004 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3005 &type, sizeof(type));
3006 mgmt_pending_remove(cmd);
3011 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3013 BT_DBG("status %d", status);
3017 mgmt_start_discovery_failed(hdev, status);
3018 hci_dev_unlock(hdev);
3023 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3024 hci_dev_unlock(hdev);
3026 switch (hdev->discovery.type) {
3027 case DISCOV_TYPE_LE:
3028 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
3032 case DISCOV_TYPE_INTERLEAVED:
3033 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
3034 DISCOV_INTERLEAVED_TIMEOUT);
3037 case DISCOV_TYPE_BREDR:
3041 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3045 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3046 void *data, u16 len)
3048 struct mgmt_cp_start_discovery *cp = data;
3049 struct pending_cmd *cmd;
3050 struct hci_cp_le_set_scan_param param_cp;
3051 struct hci_cp_le_set_scan_enable enable_cp;
3052 struct hci_cp_inquiry inq_cp;
3053 struct hci_request req;
3054 /* General inquiry access code (GIAC) */
3055 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3059 BT_DBG("%s", hdev->name);
3063 if (!hdev_is_powered(hdev)) {
3064 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3065 MGMT_STATUS_NOT_POWERED);
3069 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3070 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3075 if (hdev->discovery.state != DISCOVERY_STOPPED) {
3076 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3081 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
3087 hdev->discovery.type = cp->type;
3089 hci_req_init(&req, hdev);
3091 switch (hdev->discovery.type) {
3092 case DISCOV_TYPE_BREDR:
3093 status = mgmt_bredr_support(hdev);
3095 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3097 mgmt_pending_remove(cmd);
3101 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3102 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3104 mgmt_pending_remove(cmd);
3108 hci_inquiry_cache_flush(hdev);
3110 memset(&inq_cp, 0, sizeof(inq_cp));
3111 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3112 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3113 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3116 case DISCOV_TYPE_LE:
3117 case DISCOV_TYPE_INTERLEAVED:
3118 status = mgmt_le_support(hdev);
3120 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3122 mgmt_pending_remove(cmd);
3126 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3127 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3128 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3129 MGMT_STATUS_NOT_SUPPORTED);
3130 mgmt_pending_remove(cmd);
3134 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3135 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3136 MGMT_STATUS_REJECTED);
3137 mgmt_pending_remove(cmd);
3141 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3142 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3144 mgmt_pending_remove(cmd);
3148 memset(¶m_cp, 0, sizeof(param_cp));
3149 param_cp.type = LE_SCAN_ACTIVE;
3150 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3151 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3152 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
3153 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
3155 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
3156 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3159 memset(&enable_cp, 0, sizeof(enable_cp));
3160 enable_cp.enable = LE_SCAN_ENABLE;
3161 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3162 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3167 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3168 MGMT_STATUS_INVALID_PARAMS);
3169 mgmt_pending_remove(cmd);
3173 err = hci_req_run(&req, start_discovery_complete);
3175 mgmt_pending_remove(cmd);
3177 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3180 hci_dev_unlock(hdev);
3184 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3186 struct pending_cmd *cmd;
3189 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3193 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3194 &hdev->discovery.type, sizeof(hdev->discovery.type));
3195 mgmt_pending_remove(cmd);
3200 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3202 BT_DBG("status %d", status);
3207 mgmt_stop_discovery_failed(hdev, status);
3211 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3214 hci_dev_unlock(hdev);
3217 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3220 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3221 struct pending_cmd *cmd;
3222 struct hci_cp_remote_name_req_cancel cp;
3223 struct inquiry_entry *e;
3224 struct hci_request req;
3225 struct hci_cp_le_set_scan_enable enable_cp;
3228 BT_DBG("%s", hdev->name);
3232 if (!hci_discovery_active(hdev)) {
3233 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3234 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3235 sizeof(mgmt_cp->type));
3239 if (hdev->discovery.type != mgmt_cp->type) {
3240 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3241 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3242 sizeof(mgmt_cp->type));
3246 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3252 hci_req_init(&req, hdev);
3254 switch (hdev->discovery.state) {
3255 case DISCOVERY_FINDING:
3256 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3257 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3259 cancel_delayed_work(&hdev->le_scan_disable);
3261 memset(&enable_cp, 0, sizeof(enable_cp));
3262 enable_cp.enable = LE_SCAN_DISABLE;
3263 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3264 sizeof(enable_cp), &enable_cp);
3269 case DISCOVERY_RESOLVING:
3270 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3273 mgmt_pending_remove(cmd);
3274 err = cmd_complete(sk, hdev->id,
3275 MGMT_OP_STOP_DISCOVERY, 0,
3277 sizeof(mgmt_cp->type));
3278 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3282 bacpy(&cp.bdaddr, &e->data.bdaddr);
3283 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3289 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3291 mgmt_pending_remove(cmd);
3292 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3293 MGMT_STATUS_FAILED, &mgmt_cp->type,
3294 sizeof(mgmt_cp->type));
3298 err = hci_req_run(&req, stop_discovery_complete);
3300 mgmt_pending_remove(cmd);
3302 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3305 hci_dev_unlock(hdev);
3309 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3312 struct mgmt_cp_confirm_name *cp = data;
3313 struct inquiry_entry *e;
3316 BT_DBG("%s", hdev->name);
3320 if (!hci_discovery_active(hdev)) {
3321 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3322 MGMT_STATUS_FAILED);
3326 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3328 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3329 MGMT_STATUS_INVALID_PARAMS);
3333 if (cp->name_known) {
3334 e->name_state = NAME_KNOWN;
3337 e->name_state = NAME_NEEDED;
3338 hci_inquiry_cache_update_resolve(hdev, e);
3341 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3345 hci_dev_unlock(hdev);
3349 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3352 struct mgmt_cp_block_device *cp = data;
3356 BT_DBG("%s", hdev->name);
3358 if (!bdaddr_type_is_valid(cp->addr.type))
3359 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3360 MGMT_STATUS_INVALID_PARAMS,
3361 &cp->addr, sizeof(cp->addr));
3365 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3367 status = MGMT_STATUS_FAILED;
3369 status = MGMT_STATUS_SUCCESS;
3371 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3372 &cp->addr, sizeof(cp->addr));
3374 hci_dev_unlock(hdev);
3379 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3382 struct mgmt_cp_unblock_device *cp = data;
3386 BT_DBG("%s", hdev->name);
3388 if (!bdaddr_type_is_valid(cp->addr.type))
3389 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3390 MGMT_STATUS_INVALID_PARAMS,
3391 &cp->addr, sizeof(cp->addr));
3395 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3397 status = MGMT_STATUS_INVALID_PARAMS;
3399 status = MGMT_STATUS_SUCCESS;
3401 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3402 &cp->addr, sizeof(cp->addr));
3404 hci_dev_unlock(hdev);
3409 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3412 struct mgmt_cp_set_device_id *cp = data;
3413 struct hci_request req;
3417 BT_DBG("%s", hdev->name);
3419 source = __le16_to_cpu(cp->source);
3421 if (source > 0x0002)
3422 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3423 MGMT_STATUS_INVALID_PARAMS);
3427 hdev->devid_source = source;
3428 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3429 hdev->devid_product = __le16_to_cpu(cp->product);
3430 hdev->devid_version = __le16_to_cpu(cp->version);
3432 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3434 hci_req_init(&req, hdev);
3436 hci_req_run(&req, NULL);
3438 hci_dev_unlock(hdev);
3443 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3445 struct cmd_lookup match = { NULL, hdev };
3448 u8 mgmt_err = mgmt_status(status);
3450 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3451 cmd_status_rsp, &mgmt_err);
3455 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3458 new_settings(hdev, match.sk);
3464 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3467 struct mgmt_mode *cp = data;
3468 struct pending_cmd *cmd;
3469 struct hci_request req;
3470 u8 val, enabled, status;
3473 BT_DBG("request for %s", hdev->name);
3475 status = mgmt_le_support(hdev);
3477 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3480 if (cp->val != 0x00 && cp->val != 0x01)
3481 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3482 MGMT_STATUS_INVALID_PARAMS);
3487 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3489 /* The following conditions are ones which mean that we should
3490 * not do any HCI communication but directly send a mgmt
3491 * response to user space (after toggling the flag if
3494 if (!hdev_is_powered(hdev) || val == enabled ||
3495 hci_conn_num(hdev, LE_LINK) > 0) {
3496 bool changed = false;
3498 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3499 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3503 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3508 err = new_settings(hdev, sk);
3513 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3514 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3515 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3520 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3526 hci_req_init(&req, hdev);
3529 enable_advertising(&req);
3531 disable_advertising(&req);
3533 err = hci_req_run(&req, set_advertising_complete);
3535 mgmt_pending_remove(cmd);
3538 hci_dev_unlock(hdev);
3542 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3543 void *data, u16 len)
3545 struct mgmt_cp_set_static_address *cp = data;
3548 BT_DBG("%s", hdev->name);
3550 if (!lmp_le_capable(hdev))
3551 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3552 MGMT_STATUS_NOT_SUPPORTED);
3554 if (hdev_is_powered(hdev))
3555 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3556 MGMT_STATUS_REJECTED);
3558 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3559 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3560 return cmd_status(sk, hdev->id,
3561 MGMT_OP_SET_STATIC_ADDRESS,
3562 MGMT_STATUS_INVALID_PARAMS);
3564 /* Two most significant bits shall be set */
3565 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3566 return cmd_status(sk, hdev->id,
3567 MGMT_OP_SET_STATIC_ADDRESS,
3568 MGMT_STATUS_INVALID_PARAMS);
3573 bacpy(&hdev->static_addr, &cp->bdaddr);
3575 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3577 hci_dev_unlock(hdev);
3582 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3583 void *data, u16 len)
3585 struct mgmt_cp_set_scan_params *cp = data;
3586 __u16 interval, window;
3589 BT_DBG("%s", hdev->name);
3591 if (!lmp_le_capable(hdev))
3592 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3593 MGMT_STATUS_NOT_SUPPORTED);
3595 interval = __le16_to_cpu(cp->interval);
3597 if (interval < 0x0004 || interval > 0x4000)
3598 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3599 MGMT_STATUS_INVALID_PARAMS);
3601 window = __le16_to_cpu(cp->window);
3603 if (window < 0x0004 || window > 0x4000)
3604 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3605 MGMT_STATUS_INVALID_PARAMS);
3607 if (window > interval)
3608 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3609 MGMT_STATUS_INVALID_PARAMS);
3613 hdev->le_scan_interval = interval;
3614 hdev->le_scan_window = window;
3616 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3618 hci_dev_unlock(hdev);
3623 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3625 struct pending_cmd *cmd;
3627 BT_DBG("status 0x%02x", status);
3631 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3636 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3637 mgmt_status(status));
3639 struct mgmt_mode *cp = cmd->param;
3642 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3644 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3646 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3647 new_settings(hdev, cmd->sk);
3650 mgmt_pending_remove(cmd);
3653 hci_dev_unlock(hdev);
3656 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3657 void *data, u16 len)
3659 struct mgmt_mode *cp = data;
3660 struct pending_cmd *cmd;
3661 struct hci_request req;
3664 BT_DBG("%s", hdev->name);
3666 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3667 hdev->hci_ver < BLUETOOTH_VER_1_2)
3668 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3669 MGMT_STATUS_NOT_SUPPORTED);
3671 if (cp->val != 0x00 && cp->val != 0x01)
3672 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3673 MGMT_STATUS_INVALID_PARAMS);
3675 if (!hdev_is_powered(hdev))
3676 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3677 MGMT_STATUS_NOT_POWERED);
3679 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3680 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3681 MGMT_STATUS_REJECTED);
3685 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3686 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3691 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3692 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3697 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3704 hci_req_init(&req, hdev);
3706 write_fast_connectable(&req, cp->val);
3708 err = hci_req_run(&req, fast_connectable_complete);
3710 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3711 MGMT_STATUS_FAILED);
3712 mgmt_pending_remove(cmd);
3716 hci_dev_unlock(hdev);
3721 static void set_bredr_scan(struct hci_request *req)
3723 struct hci_dev *hdev = req->hdev;
3726 /* Ensure that fast connectable is disabled. This function will
3727 * not do anything if the page scan parameters are already what
3730 write_fast_connectable(req, false);
3732 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3734 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3735 scan |= SCAN_INQUIRY;
3738 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3741 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3743 struct pending_cmd *cmd;
3745 BT_DBG("status 0x%02x", status);
3749 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3754 u8 mgmt_err = mgmt_status(status);
3756 /* We need to restore the flag if related HCI commands
3759 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3761 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3763 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3764 new_settings(hdev, cmd->sk);
3767 mgmt_pending_remove(cmd);
3770 hci_dev_unlock(hdev);
3773 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3775 struct mgmt_mode *cp = data;
3776 struct pending_cmd *cmd;
3777 struct hci_request req;
3780 BT_DBG("request for %s", hdev->name);
3782 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3783 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3784 MGMT_STATUS_NOT_SUPPORTED);
3786 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3787 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3788 MGMT_STATUS_REJECTED);
3790 if (cp->val != 0x00 && cp->val != 0x01)
3791 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3792 MGMT_STATUS_INVALID_PARAMS);
3796 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3797 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3801 if (!hdev_is_powered(hdev)) {
3803 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3804 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3805 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3806 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3807 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3810 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3812 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3816 err = new_settings(hdev, sk);
3820 /* Reject disabling when powered on */
3822 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3823 MGMT_STATUS_REJECTED);
3827 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3828 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3833 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3839 /* We need to flip the bit already here so that update_ad
3840 * generates the correct flags.
3842 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3844 hci_req_init(&req, hdev);
3846 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3847 set_bredr_scan(&req);
3851 err = hci_req_run(&req, set_bredr_complete);
3853 mgmt_pending_remove(cmd);
3856 hci_dev_unlock(hdev);
3860 static bool ltk_is_valid(struct mgmt_ltk_info *key)
3862 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3864 if (key->master != 0x00 && key->master != 0x01)
3866 if (!bdaddr_type_is_le(key->addr.type))
3871 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
3872 void *cp_data, u16 len)
3874 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3875 u16 key_count, expected_len;
3878 BT_DBG("request for %s", hdev->name);
3880 if (!lmp_le_capable(hdev))
3881 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3882 MGMT_STATUS_NOT_SUPPORTED);
3884 key_count = __le16_to_cpu(cp->key_count);
3886 expected_len = sizeof(*cp) + key_count *
3887 sizeof(struct mgmt_ltk_info);
3888 if (expected_len != len) {
3889 BT_ERR("load_keys: expected %u bytes, got %u bytes",
3891 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3892 MGMT_STATUS_INVALID_PARAMS);
3895 BT_DBG("%s key_count %u", hdev->name, key_count);
3897 for (i = 0; i < key_count; i++) {
3898 struct mgmt_ltk_info *key = &cp->keys[i];
3900 if (!ltk_is_valid(key))
3901 return cmd_status(sk, hdev->id,
3902 MGMT_OP_LOAD_LONG_TERM_KEYS,
3903 MGMT_STATUS_INVALID_PARAMS);
3908 hci_smp_ltks_clear(hdev);
3910 for (i = 0; i < key_count; i++) {
3911 struct mgmt_ltk_info *key = &cp->keys[i];
3914 if (key->addr.type == BDADDR_LE_PUBLIC)
3915 addr_type = ADDR_LE_DEV_PUBLIC;
3917 addr_type = ADDR_LE_DEV_RANDOM;
3922 type = HCI_SMP_LTK_SLAVE;
3924 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
3925 type, 0, key->authenticated, key->val,
3926 key->enc_size, key->ediv, key->rand);
3929 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3932 hci_dev_unlock(hdev);
3937 static const struct mgmt_handler {
3938 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3942 } mgmt_handlers[] = {
3943 { NULL }, /* 0x0000 (no command) */
3944 { read_version, false, MGMT_READ_VERSION_SIZE },
3945 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3946 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3947 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3948 { set_powered, false, MGMT_SETTING_SIZE },
3949 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3950 { set_connectable, false, MGMT_SETTING_SIZE },
3951 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3952 { set_pairable, false, MGMT_SETTING_SIZE },
3953 { set_link_security, false, MGMT_SETTING_SIZE },
3954 { set_ssp, false, MGMT_SETTING_SIZE },
3955 { set_hs, false, MGMT_SETTING_SIZE },
3956 { set_le, false, MGMT_SETTING_SIZE },
3957 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3958 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3959 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3960 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3961 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3962 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3963 { disconnect, false, MGMT_DISCONNECT_SIZE },
3964 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3965 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3966 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3967 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3968 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3969 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3970 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3971 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3972 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3973 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3974 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3975 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3976 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3977 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3978 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3979 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3980 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3981 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3982 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
3983 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
3984 { set_advertising, false, MGMT_SETTING_SIZE },
3985 { set_bredr, false, MGMT_SETTING_SIZE },
3986 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
3987 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
3991 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3995 struct mgmt_hdr *hdr;
3996 u16 opcode, index, len;
3997 struct hci_dev *hdev = NULL;
3998 const struct mgmt_handler *handler;
4001 BT_DBG("got %zu bytes", msglen);
4003 if (msglen < sizeof(*hdr))
4006 buf = kmalloc(msglen, GFP_KERNEL);
4010 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4016 opcode = __le16_to_cpu(hdr->opcode);
4017 index = __le16_to_cpu(hdr->index);
4018 len = __le16_to_cpu(hdr->len);
4020 if (len != msglen - sizeof(*hdr)) {
4025 if (index != MGMT_INDEX_NONE) {
4026 hdev = hci_dev_get(index);
4028 err = cmd_status(sk, index, opcode,
4029 MGMT_STATUS_INVALID_INDEX);
4033 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4034 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
4035 err = cmd_status(sk, index, opcode,
4036 MGMT_STATUS_INVALID_INDEX);
4041 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
4042 mgmt_handlers[opcode].func == NULL) {
4043 BT_DBG("Unknown op %u", opcode);
4044 err = cmd_status(sk, index, opcode,
4045 MGMT_STATUS_UNKNOWN_COMMAND);
4049 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
4050 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
4051 err = cmd_status(sk, index, opcode,
4052 MGMT_STATUS_INVALID_INDEX);
4056 handler = &mgmt_handlers[opcode];
4058 if ((handler->var_len && len < handler->data_len) ||
4059 (!handler->var_len && len != handler->data_len)) {
4060 err = cmd_status(sk, index, opcode,
4061 MGMT_STATUS_INVALID_PARAMS);
4066 mgmt_init_hdev(sk, hdev);
4068 cp = buf + sizeof(*hdr);
4070 err = handler->func(sk, hdev, cp, len);
4084 void mgmt_index_added(struct hci_dev *hdev)
4086 if (hdev->dev_type != HCI_BREDR)
4089 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
4092 void mgmt_index_removed(struct hci_dev *hdev)
4094 u8 status = MGMT_STATUS_INVALID_INDEX;
4096 if (hdev->dev_type != HCI_BREDR)
4099 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
4101 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
4104 static void powered_complete(struct hci_dev *hdev, u8 status)
4106 struct cmd_lookup match = { NULL, hdev };
4108 BT_DBG("status 0x%02x", status);
4112 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4114 new_settings(hdev, match.sk);
4116 hci_dev_unlock(hdev);
4122 static int powered_update_hci(struct hci_dev *hdev)
4124 struct hci_request req;
4127 hci_req_init(&req, hdev);
4129 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4130 !lmp_host_ssp_capable(hdev)) {
4133 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
4136 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4137 lmp_bredr_capable(hdev)) {
4138 struct hci_cp_write_le_host_supported cp;
4141 cp.simul = lmp_le_br_capable(hdev);
4143 /* Check first if we already have the right
4144 * host state (host features set)
4146 if (cp.le != lmp_host_le_capable(hdev) ||
4147 cp.simul != lmp_host_le_br_capable(hdev))
4148 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4152 if (lmp_le_capable(hdev)) {
4153 /* Set random address to static address if configured */
4154 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4155 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4156 &hdev->static_addr);
4158 /* Make sure the controller has a good default for
4159 * advertising data. This also applies to the case
4160 * where BR/EDR was toggled during the AUTO_OFF phase.
4162 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4165 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4166 enable_advertising(&req);
4169 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4170 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
4171 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4172 sizeof(link_sec), &link_sec);
4174 if (lmp_bredr_capable(hdev)) {
4175 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4176 set_bredr_scan(&req);
4182 return hci_req_run(&req, powered_complete);
4185 int mgmt_powered(struct hci_dev *hdev, u8 powered)
4187 struct cmd_lookup match = { NULL, hdev };
4188 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4189 u8 zero_cod[] = { 0, 0, 0 };
4192 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4196 if (powered_update_hci(hdev) == 0)
4199 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4204 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4205 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4207 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4208 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4209 zero_cod, sizeof(zero_cod), NULL);
4212 err = new_settings(hdev, match.sk);
4220 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
4222 struct pending_cmd *cmd;
4225 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4229 if (err == -ERFKILL)
4230 status = MGMT_STATUS_RFKILLED;
4232 status = MGMT_STATUS_FAILED;
4234 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
4236 mgmt_pending_remove(cmd);
4239 void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
4243 /* Nothing needed here if there's a pending command since that
4244 * commands request completion callback takes care of everything
4247 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
4251 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4253 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4256 new_settings(hdev, NULL);
4259 void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
4263 /* Nothing needed here if there's a pending command since that
4264 * commands request completion callback takes care of everything
4267 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
4271 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4273 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4276 new_settings(hdev, NULL);
4279 void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
4281 u8 mgmt_err = mgmt_status(status);
4283 if (scan & SCAN_PAGE)
4284 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
4285 cmd_status_rsp, &mgmt_err);
4287 if (scan & SCAN_INQUIRY)
4288 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
4289 cmd_status_rsp, &mgmt_err);
4292 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4295 struct mgmt_ev_new_link_key ev;
4297 memset(&ev, 0, sizeof(ev));
4299 ev.store_hint = persistent;
4300 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4301 ev.key.addr.type = BDADDR_BREDR;
4302 ev.key.type = key->type;
4303 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
4304 ev.key.pin_len = key->pin_len;
4306 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4309 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4311 struct mgmt_ev_new_long_term_key ev;
4313 memset(&ev, 0, sizeof(ev));
4315 ev.store_hint = persistent;
4316 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4317 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4318 ev.key.authenticated = key->authenticated;
4319 ev.key.enc_size = key->enc_size;
4320 ev.key.ediv = key->ediv;
4322 if (key->type == HCI_SMP_LTK)
4325 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4326 memcpy(ev.key.val, key->val, sizeof(key->val));
4328 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4332 void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4333 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4337 struct mgmt_ev_device_connected *ev = (void *) buf;
4340 bacpy(&ev->addr.bdaddr, bdaddr);
4341 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4343 ev->flags = __cpu_to_le32(flags);
4346 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4349 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4350 eir_len = eir_append_data(ev->eir, eir_len,
4351 EIR_CLASS_OF_DEV, dev_class, 3);
4353 ev->eir_len = cpu_to_le16(eir_len);
4355 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4356 sizeof(*ev) + eir_len, NULL);
4359 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4361 struct mgmt_cp_disconnect *cp = cmd->param;
4362 struct sock **sk = data;
4363 struct mgmt_rp_disconnect rp;
4365 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4366 rp.addr.type = cp->addr.type;
4368 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4374 mgmt_pending_remove(cmd);
4377 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4379 struct hci_dev *hdev = data;
4380 struct mgmt_cp_unpair_device *cp = cmd->param;
4381 struct mgmt_rp_unpair_device rp;
4383 memset(&rp, 0, sizeof(rp));
4384 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4385 rp.addr.type = cp->addr.type;
4387 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4389 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4391 mgmt_pending_remove(cmd);
4394 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4395 u8 link_type, u8 addr_type, u8 reason)
4397 struct mgmt_ev_device_disconnected ev;
4398 struct sock *sk = NULL;
4400 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4402 bacpy(&ev.addr.bdaddr, bdaddr);
4403 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4406 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
4411 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4415 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4416 u8 link_type, u8 addr_type, u8 status)
4418 struct mgmt_rp_disconnect rp;
4419 struct pending_cmd *cmd;
4421 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4424 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4428 bacpy(&rp.addr.bdaddr, bdaddr);
4429 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4431 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4432 mgmt_status(status), &rp, sizeof(rp));
4434 mgmt_pending_remove(cmd);
4437 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4438 u8 addr_type, u8 status)
4440 struct mgmt_ev_connect_failed ev;
4442 bacpy(&ev.addr.bdaddr, bdaddr);
4443 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4444 ev.status = mgmt_status(status);
4446 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4449 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
4451 struct mgmt_ev_pin_code_request ev;
4453 bacpy(&ev.addr.bdaddr, bdaddr);
4454 ev.addr.type = BDADDR_BREDR;
4457 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4461 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4464 struct pending_cmd *cmd;
4465 struct mgmt_rp_pin_code_reply rp;
4468 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
4472 bacpy(&rp.addr.bdaddr, bdaddr);
4473 rp.addr.type = BDADDR_BREDR;
4475 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4476 mgmt_status(status), &rp, sizeof(rp));
4478 mgmt_pending_remove(cmd);
4483 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4486 struct pending_cmd *cmd;
4487 struct mgmt_rp_pin_code_reply rp;
4490 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
4494 bacpy(&rp.addr.bdaddr, bdaddr);
4495 rp.addr.type = BDADDR_BREDR;
4497 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4498 mgmt_status(status), &rp, sizeof(rp));
4500 mgmt_pending_remove(cmd);
4505 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4506 u8 link_type, u8 addr_type, __le32 value,
4509 struct mgmt_ev_user_confirm_request ev;
4511 BT_DBG("%s", hdev->name);
4513 bacpy(&ev.addr.bdaddr, bdaddr);
4514 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4515 ev.confirm_hint = confirm_hint;
4518 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4522 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4523 u8 link_type, u8 addr_type)
4525 struct mgmt_ev_user_passkey_request ev;
4527 BT_DBG("%s", hdev->name);
4529 bacpy(&ev.addr.bdaddr, bdaddr);
4530 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4532 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
4536 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4537 u8 link_type, u8 addr_type, u8 status,
4540 struct pending_cmd *cmd;
4541 struct mgmt_rp_user_confirm_reply rp;
4544 cmd = mgmt_pending_find(opcode, hdev);
4548 bacpy(&rp.addr.bdaddr, bdaddr);
4549 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4550 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
4553 mgmt_pending_remove(cmd);
4558 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4559 u8 link_type, u8 addr_type, u8 status)
4561 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4562 status, MGMT_OP_USER_CONFIRM_REPLY);
4565 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4566 u8 link_type, u8 addr_type, u8 status)
4568 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4570 MGMT_OP_USER_CONFIRM_NEG_REPLY);
4573 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4574 u8 link_type, u8 addr_type, u8 status)
4576 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4577 status, MGMT_OP_USER_PASSKEY_REPLY);
4580 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4581 u8 link_type, u8 addr_type, u8 status)
4583 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4585 MGMT_OP_USER_PASSKEY_NEG_REPLY);
4588 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4589 u8 link_type, u8 addr_type, u32 passkey,
4592 struct mgmt_ev_passkey_notify ev;
4594 BT_DBG("%s", hdev->name);
4596 bacpy(&ev.addr.bdaddr, bdaddr);
4597 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4598 ev.passkey = __cpu_to_le32(passkey);
4599 ev.entered = entered;
4601 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4604 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4605 u8 addr_type, u8 status)
4607 struct mgmt_ev_auth_failed ev;
4609 bacpy(&ev.addr.bdaddr, bdaddr);
4610 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4611 ev.status = mgmt_status(status);
4613 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
4616 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4618 struct cmd_lookup match = { NULL, hdev };
4619 bool changed = false;
4623 u8 mgmt_err = mgmt_status(status);
4624 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
4625 cmd_status_rsp, &mgmt_err);
4629 if (test_bit(HCI_AUTH, &hdev->flags)) {
4630 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4633 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4637 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
4641 err = new_settings(hdev, match.sk);
4649 static void clear_eir(struct hci_request *req)
4651 struct hci_dev *hdev = req->hdev;
4652 struct hci_cp_write_eir cp;
4654 if (!lmp_ext_inq_capable(hdev))
4657 memset(hdev->eir, 0, sizeof(hdev->eir));
4659 memset(&cp, 0, sizeof(cp));
4661 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
4664 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4666 struct cmd_lookup match = { NULL, hdev };
4667 struct hci_request req;
4668 bool changed = false;
4672 u8 mgmt_err = mgmt_status(status);
4674 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
4675 &hdev->dev_flags)) {
4676 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4677 err = new_settings(hdev, NULL);
4680 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4687 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4689 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4691 changed = test_and_clear_bit(HCI_HS_ENABLED,
4694 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4697 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4700 err = new_settings(hdev, match.sk);
4705 hci_req_init(&req, hdev);
4707 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4712 hci_req_run(&req, NULL);
4717 static void sk_lookup(struct pending_cmd *cmd, void *data)
4719 struct cmd_lookup *match = data;
4721 if (match->sk == NULL) {
4722 match->sk = cmd->sk;
4723 sock_hold(match->sk);
4727 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4730 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4733 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4734 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4735 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
4738 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4747 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
4749 struct mgmt_cp_set_local_name ev;
4750 struct pending_cmd *cmd;
4755 memset(&ev, 0, sizeof(ev));
4756 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
4757 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
4759 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
4761 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
4763 /* If this is a HCI command related to powering on the
4764 * HCI dev don't send any mgmt signals.
4766 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4770 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4771 cmd ? cmd->sk : NULL);
4774 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4775 u8 *randomizer, u8 status)
4777 struct pending_cmd *cmd;
4780 BT_DBG("%s status %u", hdev->name, status);
4782 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4787 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4788 mgmt_status(status));
4790 struct mgmt_rp_read_local_oob_data rp;
4792 memcpy(rp.hash, hash, sizeof(rp.hash));
4793 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4795 err = cmd_complete(cmd->sk, hdev->id,
4796 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4800 mgmt_pending_remove(cmd);
4805 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4806 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4807 ssp, u8 *eir, u16 eir_len)
4810 struct mgmt_ev_device_found *ev = (void *) buf;
4813 if (!hci_discovery_active(hdev))
4816 /* Leave 5 bytes for a potential CoD field */
4817 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
4820 memset(buf, 0, sizeof(buf));
4822 bacpy(&ev->addr.bdaddr, bdaddr);
4823 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4826 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
4828 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
4831 memcpy(ev->eir, eir, eir_len);
4833 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4834 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
4837 ev->eir_len = cpu_to_le16(eir_len);
4838 ev_size = sizeof(*ev) + eir_len;
4840 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
4843 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4844 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
4846 struct mgmt_ev_device_found *ev;
4847 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4850 ev = (struct mgmt_ev_device_found *) buf;
4852 memset(buf, 0, sizeof(buf));
4854 bacpy(&ev->addr.bdaddr, bdaddr);
4855 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4858 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
4861 ev->eir_len = cpu_to_le16(eir_len);
4863 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
4866 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
4868 struct mgmt_ev_discovering ev;
4869 struct pending_cmd *cmd;
4871 BT_DBG("%s discovering %u", hdev->name, discovering);
4874 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
4876 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4879 u8 type = hdev->discovery.type;
4881 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4883 mgmt_pending_remove(cmd);
4886 memset(&ev, 0, sizeof(ev));
4887 ev.type = hdev->discovery.type;
4888 ev.discovering = discovering;
4890 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
4893 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4895 struct pending_cmd *cmd;
4896 struct mgmt_ev_device_blocked ev;
4898 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
4900 bacpy(&ev.addr.bdaddr, bdaddr);
4901 ev.addr.type = type;
4903 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
4904 cmd ? cmd->sk : NULL);
4907 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4909 struct pending_cmd *cmd;
4910 struct mgmt_ev_device_unblocked ev;
4912 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
4914 bacpy(&ev.addr.bdaddr, bdaddr);
4915 ev.addr.type = type;
4917 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
4918 cmd ? cmd->sk : NULL);
4921 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4923 BT_DBG("%s status %u", hdev->name, status);
4925 /* Clear the advertising mgmt setting if we failed to re-enable it */
4927 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4928 new_settings(hdev, NULL);
4932 void mgmt_reenable_advertising(struct hci_dev *hdev)
4934 struct hci_request req;
4936 if (hci_conn_num(hdev, LE_LINK) > 0)
4939 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4942 hci_req_init(&req, hdev);
4943 enable_advertising(&req);
4945 /* If this fails we have no option but to let user space know
4946 * that we've disabled advertising.
4948 if (hci_req_run(&req, adv_enable_complete) < 0) {
4949 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4950 new_settings(hdev, NULL);