2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
35 #define MGMT_VERSION 1
36 #define MGMT_REVISION 4
38 static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_LINK_SECURITY,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_UNBLOCK_DEVICE,
76 MGMT_OP_SET_DEVICE_ID,
77 MGMT_OP_SET_ADVERTISING,
79 MGMT_OP_SET_STATIC_ADDRESS,
82 static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
103 MGMT_EV_PASSKEY_NOTIFY,
106 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
108 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112 struct list_head list;
120 /* HCI to MGMT error code conversion table */
121 static u8 mgmt_status_table[] = {
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185 bool mgmt_valid_hdev(struct hci_dev *hdev)
187 return hdev->dev_type == HCI_BREDR;
190 static u8 mgmt_status(u8 hci_status)
192 if (hci_status < ARRAY_SIZE(mgmt_status_table))
193 return mgmt_status_table[hci_status];
195 return MGMT_STATUS_FAILED;
198 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
201 struct mgmt_hdr *hdr;
202 struct mgmt_ev_cmd_status *ev;
205 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
207 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
211 hdr = (void *) skb_put(skb, sizeof(*hdr));
213 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
214 hdr->index = cpu_to_le16(index);
215 hdr->len = cpu_to_le16(sizeof(*ev));
217 ev = (void *) skb_put(skb, sizeof(*ev));
219 ev->opcode = cpu_to_le16(cmd);
221 err = sock_queue_rcv_skb(sk, skb);
228 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
229 void *rp, size_t rp_len)
232 struct mgmt_hdr *hdr;
233 struct mgmt_ev_cmd_complete *ev;
236 BT_DBG("sock %p", sk);
238 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
242 hdr = (void *) skb_put(skb, sizeof(*hdr));
244 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
245 hdr->index = cpu_to_le16(index);
246 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
248 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
249 ev->opcode = cpu_to_le16(cmd);
253 memcpy(ev->data, rp, rp_len);
255 err = sock_queue_rcv_skb(sk, skb);
262 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
265 struct mgmt_rp_read_version rp;
267 BT_DBG("sock %p", sk);
269 rp.version = MGMT_VERSION;
270 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
272 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
276 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
279 struct mgmt_rp_read_commands *rp;
280 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
281 const u16 num_events = ARRAY_SIZE(mgmt_events);
286 BT_DBG("sock %p", sk);
288 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
290 rp = kmalloc(rp_size, GFP_KERNEL);
294 rp->num_commands = __constant_cpu_to_le16(num_commands);
295 rp->num_events = __constant_cpu_to_le16(num_events);
297 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
298 put_unaligned_le16(mgmt_commands[i], opcode);
300 for (i = 0; i < num_events; i++, opcode++)
301 put_unaligned_le16(mgmt_events[i], opcode);
303 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
310 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
313 struct mgmt_rp_read_index_list *rp;
319 BT_DBG("sock %p", sk);
321 read_lock(&hci_dev_list_lock);
324 list_for_each_entry(d, &hci_dev_list, list) {
325 if (!mgmt_valid_hdev(d))
331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
334 read_unlock(&hci_dev_list_lock);
339 list_for_each_entry(d, &hci_dev_list, list) {
340 if (test_bit(HCI_SETUP, &d->dev_flags))
343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
346 if (!mgmt_valid_hdev(d))
349 rp->index[count++] = cpu_to_le16(d->id);
350 BT_DBG("Added hci%u", d->id);
353 rp->num_controllers = cpu_to_le16(count);
354 rp_len = sizeof(*rp) + (2 * count);
356 read_unlock(&hci_dev_list_lock);
358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
366 static u32 get_supported_settings(struct hci_dev *hdev)
370 settings |= MGMT_SETTING_POWERED;
371 settings |= MGMT_SETTING_PAIRABLE;
373 if (lmp_ssp_capable(hdev))
374 settings |= MGMT_SETTING_SSP;
376 if (lmp_bredr_capable(hdev)) {
377 settings |= MGMT_SETTING_CONNECTABLE;
378 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
379 settings |= MGMT_SETTING_FAST_CONNECTABLE;
380 settings |= MGMT_SETTING_DISCOVERABLE;
381 settings |= MGMT_SETTING_BREDR;
382 settings |= MGMT_SETTING_LINK_SECURITY;
383 settings |= MGMT_SETTING_HS;
386 if (lmp_le_capable(hdev)) {
387 settings |= MGMT_SETTING_LE;
388 settings |= MGMT_SETTING_ADVERTISING;
394 static u32 get_current_settings(struct hci_dev *hdev)
398 if (hdev_is_powered(hdev))
399 settings |= MGMT_SETTING_POWERED;
401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
402 settings |= MGMT_SETTING_CONNECTABLE;
404 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_FAST_CONNECTABLE;
407 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
408 settings |= MGMT_SETTING_DISCOVERABLE;
410 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
411 settings |= MGMT_SETTING_PAIRABLE;
413 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
414 settings |= MGMT_SETTING_BREDR;
416 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
417 settings |= MGMT_SETTING_LE;
419 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
420 settings |= MGMT_SETTING_LINK_SECURITY;
422 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
423 settings |= MGMT_SETTING_SSP;
425 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
426 settings |= MGMT_SETTING_HS;
428 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
429 settings |= MGMT_SETTING_ADVERTISING;
434 #define PNP_INFO_SVCLASS_ID 0x1200
436 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
438 u8 *ptr = data, *uuids_start = NULL;
439 struct bt_uuid *uuid;
444 list_for_each_entry(uuid, &hdev->uuids, list) {
447 if (uuid->size != 16)
450 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
454 if (uuid16 == PNP_INFO_SVCLASS_ID)
460 uuids_start[1] = EIR_UUID16_ALL;
464 /* Stop if not enough space to put next UUID */
465 if ((ptr - data) + sizeof(u16) > len) {
466 uuids_start[1] = EIR_UUID16_SOME;
470 *ptr++ = (uuid16 & 0x00ff);
471 *ptr++ = (uuid16 & 0xff00) >> 8;
472 uuids_start[0] += sizeof(uuid16);
478 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
480 u8 *ptr = data, *uuids_start = NULL;
481 struct bt_uuid *uuid;
486 list_for_each_entry(uuid, &hdev->uuids, list) {
487 if (uuid->size != 32)
493 uuids_start[1] = EIR_UUID32_ALL;
497 /* Stop if not enough space to put next UUID */
498 if ((ptr - data) + sizeof(u32) > len) {
499 uuids_start[1] = EIR_UUID32_SOME;
503 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
505 uuids_start[0] += sizeof(u32);
511 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
513 u8 *ptr = data, *uuids_start = NULL;
514 struct bt_uuid *uuid;
519 list_for_each_entry(uuid, &hdev->uuids, list) {
520 if (uuid->size != 128)
526 uuids_start[1] = EIR_UUID128_ALL;
530 /* Stop if not enough space to put next UUID */
531 if ((ptr - data) + 16 > len) {
532 uuids_start[1] = EIR_UUID128_SOME;
536 memcpy(ptr, uuid->uuid, 16);
538 uuids_start[0] += 16;
544 static void create_eir(struct hci_dev *hdev, u8 *data)
549 name_len = strlen(hdev->dev_name);
555 ptr[1] = EIR_NAME_SHORT;
557 ptr[1] = EIR_NAME_COMPLETE;
559 /* EIR Data length */
560 ptr[0] = name_len + 1;
562 memcpy(ptr + 2, hdev->dev_name, name_len);
564 ptr += (name_len + 2);
567 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
569 ptr[1] = EIR_TX_POWER;
570 ptr[2] = (u8) hdev->inq_tx_power;
575 if (hdev->devid_source > 0) {
577 ptr[1] = EIR_DEVICE_ID;
579 put_unaligned_le16(hdev->devid_source, ptr + 2);
580 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
581 put_unaligned_le16(hdev->devid_product, ptr + 6);
582 put_unaligned_le16(hdev->devid_version, ptr + 8);
587 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
588 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
589 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
592 static void update_eir(struct hci_request *req)
594 struct hci_dev *hdev = req->hdev;
595 struct hci_cp_write_eir cp;
597 if (!hdev_is_powered(hdev))
600 if (!lmp_ext_inq_capable(hdev))
603 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
606 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
609 memset(&cp, 0, sizeof(cp));
611 create_eir(hdev, cp.data);
613 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
616 memcpy(hdev->eir, cp.data, sizeof(cp.data));
618 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
621 static u8 get_service_classes(struct hci_dev *hdev)
623 struct bt_uuid *uuid;
626 list_for_each_entry(uuid, &hdev->uuids, list)
627 val |= uuid->svc_hint;
632 static void update_class(struct hci_request *req)
634 struct hci_dev *hdev = req->hdev;
637 BT_DBG("%s", hdev->name);
639 if (!hdev_is_powered(hdev))
642 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
645 cod[0] = hdev->minor_class;
646 cod[1] = hdev->major_class;
647 cod[2] = get_service_classes(hdev);
649 if (memcmp(cod, hdev->dev_class, 3) == 0)
652 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
655 static void service_cache_off(struct work_struct *work)
657 struct hci_dev *hdev = container_of(work, struct hci_dev,
659 struct hci_request req;
661 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
664 hci_req_init(&req, hdev);
671 hci_dev_unlock(hdev);
673 hci_req_run(&req, NULL);
676 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
678 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
681 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
683 /* Non-mgmt controlled devices get this bit set
684 * implicitly so that pairing works for them, however
685 * for mgmt we require user-space to explicitly enable
688 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
691 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
692 void *data, u16 data_len)
694 struct mgmt_rp_read_info rp;
696 BT_DBG("sock %p %s", sk, hdev->name);
700 memset(&rp, 0, sizeof(rp));
702 bacpy(&rp.bdaddr, &hdev->bdaddr);
704 rp.version = hdev->hci_ver;
705 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
707 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
708 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
710 memcpy(rp.dev_class, hdev->dev_class, 3);
712 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
713 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
715 hci_dev_unlock(hdev);
717 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
721 static void mgmt_pending_free(struct pending_cmd *cmd)
728 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
729 struct hci_dev *hdev, void *data,
732 struct pending_cmd *cmd;
734 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
738 cmd->opcode = opcode;
739 cmd->index = hdev->id;
741 cmd->param = kmalloc(len, GFP_KERNEL);
748 memcpy(cmd->param, data, len);
753 list_add(&cmd->list, &hdev->mgmt_pending);
758 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
759 void (*cb)(struct pending_cmd *cmd,
763 struct pending_cmd *cmd, *tmp;
765 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
766 if (opcode > 0 && cmd->opcode != opcode)
773 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
775 struct pending_cmd *cmd;
777 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
778 if (cmd->opcode == opcode)
785 static void mgmt_pending_remove(struct pending_cmd *cmd)
787 list_del(&cmd->list);
788 mgmt_pending_free(cmd);
791 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
793 __le32 settings = cpu_to_le32(get_current_settings(hdev));
795 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
799 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
802 struct mgmt_mode *cp = data;
803 struct pending_cmd *cmd;
806 BT_DBG("request for %s", hdev->name);
808 if (cp->val != 0x00 && cp->val != 0x01)
809 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
810 MGMT_STATUS_INVALID_PARAMS);
814 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
815 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
820 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
821 cancel_delayed_work(&hdev->power_off);
824 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
826 err = mgmt_powered(hdev, 1);
831 if (!!cp->val == hdev_is_powered(hdev)) {
832 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
843 queue_work(hdev->req_workqueue, &hdev->power_on);
845 queue_work(hdev->req_workqueue, &hdev->power_off.work);
850 hci_dev_unlock(hdev);
854 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
855 struct sock *skip_sk)
858 struct mgmt_hdr *hdr;
860 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
864 hdr = (void *) skb_put(skb, sizeof(*hdr));
865 hdr->opcode = cpu_to_le16(event);
867 hdr->index = cpu_to_le16(hdev->id);
869 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
870 hdr->len = cpu_to_le16(data_len);
873 memcpy(skb_put(skb, data_len), data, data_len);
876 __net_timestamp(skb);
878 hci_send_to_control(skb, skip_sk);
884 static int new_settings(struct hci_dev *hdev, struct sock *skip)
888 ev = cpu_to_le32(get_current_settings(hdev));
890 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
895 struct hci_dev *hdev;
899 static void settings_rsp(struct pending_cmd *cmd, void *data)
901 struct cmd_lookup *match = data;
903 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
905 list_del(&cmd->list);
907 if (match->sk == NULL) {
909 sock_hold(match->sk);
912 mgmt_pending_free(cmd);
915 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
919 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
920 mgmt_pending_remove(cmd);
923 static u8 mgmt_bredr_support(struct hci_dev *hdev)
925 if (!lmp_bredr_capable(hdev))
926 return MGMT_STATUS_NOT_SUPPORTED;
927 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
928 return MGMT_STATUS_REJECTED;
930 return MGMT_STATUS_SUCCESS;
933 static u8 mgmt_le_support(struct hci_dev *hdev)
935 if (!lmp_le_capable(hdev))
936 return MGMT_STATUS_NOT_SUPPORTED;
937 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
938 return MGMT_STATUS_REJECTED;
940 return MGMT_STATUS_SUCCESS;
943 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
946 struct mgmt_cp_set_discoverable *cp = data;
947 struct pending_cmd *cmd;
952 BT_DBG("request for %s", hdev->name);
954 status = mgmt_bredr_support(hdev);
956 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
959 if (cp->val != 0x00 && cp->val != 0x01)
960 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
961 MGMT_STATUS_INVALID_PARAMS);
963 timeout = __le16_to_cpu(cp->timeout);
964 if (!cp->val && timeout > 0)
965 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
966 MGMT_STATUS_INVALID_PARAMS);
970 if (!hdev_is_powered(hdev) && timeout > 0) {
971 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
972 MGMT_STATUS_NOT_POWERED);
976 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
977 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
978 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
983 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
984 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
985 MGMT_STATUS_REJECTED);
989 if (!hdev_is_powered(hdev)) {
990 bool changed = false;
992 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
993 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
997 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1002 err = new_settings(hdev, sk);
1007 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1008 if (hdev->discov_timeout > 0) {
1009 cancel_delayed_work(&hdev->discov_off);
1010 hdev->discov_timeout = 0;
1013 if (cp->val && timeout > 0) {
1014 hdev->discov_timeout = timeout;
1015 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1016 msecs_to_jiffies(hdev->discov_timeout * 1000));
1019 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1023 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1032 scan |= SCAN_INQUIRY;
1034 cancel_delayed_work(&hdev->discov_off);
1036 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1038 mgmt_pending_remove(cmd);
1041 hdev->discov_timeout = timeout;
1044 hci_dev_unlock(hdev);
1048 static void write_fast_connectable(struct hci_request *req, bool enable)
1050 struct hci_dev *hdev = req->hdev;
1051 struct hci_cp_write_page_scan_activity acp;
1054 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1058 type = PAGE_SCAN_TYPE_INTERLACED;
1060 /* 160 msec page scan interval */
1061 acp.interval = __constant_cpu_to_le16(0x0100);
1063 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1065 /* default 1.28 sec page scan */
1066 acp.interval = __constant_cpu_to_le16(0x0800);
1069 acp.window = __constant_cpu_to_le16(0x0012);
1071 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1072 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1073 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1076 if (hdev->page_scan_type != type)
1077 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1080 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1082 struct pending_cmd *cmd;
1084 BT_DBG("status 0x%02x", status);
1088 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1092 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1094 mgmt_pending_remove(cmd);
1097 hci_dev_unlock(hdev);
1100 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1103 struct mgmt_mode *cp = data;
1104 struct pending_cmd *cmd;
1105 struct hci_request req;
1109 BT_DBG("request for %s", hdev->name);
1111 status = mgmt_bredr_support(hdev);
1113 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1116 if (cp->val != 0x00 && cp->val != 0x01)
1117 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1118 MGMT_STATUS_INVALID_PARAMS);
1122 if (!hdev_is_powered(hdev)) {
1123 bool changed = false;
1125 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1129 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1131 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1132 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1135 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1140 err = new_settings(hdev, sk);
1145 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1146 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1147 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1152 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1153 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1157 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1168 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1169 hdev->discov_timeout > 0)
1170 cancel_delayed_work(&hdev->discov_off);
1173 hci_req_init(&req, hdev);
1175 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1177 /* If we're going from non-connectable to connectable or
1178 * vice-versa when fast connectable is enabled ensure that fast
1179 * connectable gets disabled. write_fast_connectable won't do
1180 * anything if the page scan parameters are already what they
1183 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1184 write_fast_connectable(&req, false);
1186 err = hci_req_run(&req, set_connectable_complete);
1188 mgmt_pending_remove(cmd);
1191 hci_dev_unlock(hdev);
1195 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1198 struct mgmt_mode *cp = data;
1201 BT_DBG("request for %s", hdev->name);
1203 if (cp->val != 0x00 && cp->val != 0x01)
1204 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1205 MGMT_STATUS_INVALID_PARAMS);
1210 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1212 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1214 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1218 err = new_settings(hdev, sk);
1221 hci_dev_unlock(hdev);
1225 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1228 struct mgmt_mode *cp = data;
1229 struct pending_cmd *cmd;
1233 BT_DBG("request for %s", hdev->name);
1235 status = mgmt_bredr_support(hdev);
1237 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1240 if (cp->val != 0x00 && cp->val != 0x01)
1241 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1242 MGMT_STATUS_INVALID_PARAMS);
1246 if (!hdev_is_powered(hdev)) {
1247 bool changed = false;
1249 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1250 &hdev->dev_flags)) {
1251 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1255 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1260 err = new_settings(hdev, sk);
1265 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1266 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1273 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1274 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1278 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1284 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1286 mgmt_pending_remove(cmd);
1291 hci_dev_unlock(hdev);
1295 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1297 struct mgmt_mode *cp = data;
1298 struct pending_cmd *cmd;
1302 BT_DBG("request for %s", hdev->name);
1304 status = mgmt_bredr_support(hdev);
1306 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1308 if (!lmp_ssp_capable(hdev))
1309 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1310 MGMT_STATUS_NOT_SUPPORTED);
1312 if (cp->val != 0x00 && cp->val != 0x01)
1313 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1314 MGMT_STATUS_INVALID_PARAMS);
1320 if (!hdev_is_powered(hdev)) {
1321 bool changed = false;
1323 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1324 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1328 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1333 err = new_settings(hdev, sk);
1338 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1339 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1344 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1345 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1349 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1355 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1357 mgmt_pending_remove(cmd);
1362 hci_dev_unlock(hdev);
1366 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1368 struct mgmt_mode *cp = data;
1373 BT_DBG("request for %s", hdev->name);
1375 status = mgmt_bredr_support(hdev);
1377 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1379 if (cp->val != 0x00 && cp->val != 0x01)
1380 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1381 MGMT_STATUS_INVALID_PARAMS);
1386 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1388 if (hdev_is_powered(hdev)) {
1389 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1390 MGMT_STATUS_REJECTED);
1394 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1397 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1402 err = new_settings(hdev, sk);
1405 hci_dev_unlock(hdev);
1409 static void enable_advertising(struct hci_request *req)
1411 struct hci_dev *hdev = req->hdev;
1412 struct hci_cp_le_set_adv_param cp;
1415 memset(&cp, 0, sizeof(cp));
1416 cp.min_interval = __constant_cpu_to_le16(0x0800);
1417 cp.max_interval = __constant_cpu_to_le16(0x0800);
1418 cp.type = LE_ADV_IND;
1419 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1420 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1422 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1423 cp.channel_map = 0x07;
1425 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1427 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1430 static void disable_advertising(struct hci_request *req)
1434 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1437 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1439 struct cmd_lookup match = { NULL, hdev };
1442 u8 mgmt_err = mgmt_status(status);
1444 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1449 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1451 new_settings(hdev, match.sk);
1457 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1459 struct mgmt_mode *cp = data;
1460 struct hci_cp_write_le_host_supported hci_cp;
1461 struct pending_cmd *cmd;
1462 struct hci_request req;
1466 BT_DBG("request for %s", hdev->name);
1468 if (!lmp_le_capable(hdev))
1469 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1470 MGMT_STATUS_NOT_SUPPORTED);
1472 if (cp->val != 0x00 && cp->val != 0x01)
1473 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1474 MGMT_STATUS_INVALID_PARAMS);
1476 /* LE-only devices do not allow toggling LE on/off */
1477 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1478 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1479 MGMT_STATUS_REJECTED);
1484 enabled = lmp_host_le_capable(hdev);
1486 if (!hdev_is_powered(hdev) || val == enabled) {
1487 bool changed = false;
1489 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1490 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1494 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1495 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1499 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1504 err = new_settings(hdev, sk);
1509 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1510 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1511 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1516 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1522 memset(&hci_cp, 0, sizeof(hci_cp));
1526 hci_cp.simul = lmp_le_br_capable(hdev);
1529 hci_req_init(&req, hdev);
1531 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && !val)
1532 disable_advertising(&req);
1534 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1537 err = hci_req_run(&req, le_enable_complete);
1539 mgmt_pending_remove(cmd);
1542 hci_dev_unlock(hdev);
1546 /* This is a helper function to test for pending mgmt commands that can
1547 * cause CoD or EIR HCI commands. We can only allow one such pending
1548 * mgmt command at a time since otherwise we cannot easily track what
1549 * the current values are, will be, and based on that calculate if a new
1550 * HCI command needs to be sent and if yes with what value.
1552 static bool pending_eir_or_class(struct hci_dev *hdev)
1554 struct pending_cmd *cmd;
1556 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1557 switch (cmd->opcode) {
1558 case MGMT_OP_ADD_UUID:
1559 case MGMT_OP_REMOVE_UUID:
1560 case MGMT_OP_SET_DEV_CLASS:
1561 case MGMT_OP_SET_POWERED:
1569 static const u8 bluetooth_base_uuid[] = {
1570 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1571 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1574 static u8 get_uuid_size(const u8 *uuid)
1578 if (memcmp(uuid, bluetooth_base_uuid, 12))
1581 val = get_unaligned_le32(&uuid[12]);
1588 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1590 struct pending_cmd *cmd;
1594 cmd = mgmt_pending_find(mgmt_op, hdev);
1598 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1599 hdev->dev_class, 3);
1601 mgmt_pending_remove(cmd);
1604 hci_dev_unlock(hdev);
1607 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1609 BT_DBG("status 0x%02x", status);
1611 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1614 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1616 struct mgmt_cp_add_uuid *cp = data;
1617 struct pending_cmd *cmd;
1618 struct hci_request req;
1619 struct bt_uuid *uuid;
1622 BT_DBG("request for %s", hdev->name);
1626 if (pending_eir_or_class(hdev)) {
1627 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1632 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1638 memcpy(uuid->uuid, cp->uuid, 16);
1639 uuid->svc_hint = cp->svc_hint;
1640 uuid->size = get_uuid_size(cp->uuid);
1642 list_add_tail(&uuid->list, &hdev->uuids);
1644 hci_req_init(&req, hdev);
1649 err = hci_req_run(&req, add_uuid_complete);
1651 if (err != -ENODATA)
1654 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1655 hdev->dev_class, 3);
1659 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1668 hci_dev_unlock(hdev);
1672 static bool enable_service_cache(struct hci_dev *hdev)
1674 if (!hdev_is_powered(hdev))
1677 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1678 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1686 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1688 BT_DBG("status 0x%02x", status);
1690 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1693 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1696 struct mgmt_cp_remove_uuid *cp = data;
1697 struct pending_cmd *cmd;
1698 struct bt_uuid *match, *tmp;
1699 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1700 struct hci_request req;
1703 BT_DBG("request for %s", hdev->name);
1707 if (pending_eir_or_class(hdev)) {
1708 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1713 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1714 err = hci_uuids_clear(hdev);
1716 if (enable_service_cache(hdev)) {
1717 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1718 0, hdev->dev_class, 3);
1727 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1728 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1731 list_del(&match->list);
1737 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1738 MGMT_STATUS_INVALID_PARAMS);
1743 hci_req_init(&req, hdev);
1748 err = hci_req_run(&req, remove_uuid_complete);
1750 if (err != -ENODATA)
1753 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1754 hdev->dev_class, 3);
1758 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1767 hci_dev_unlock(hdev);
1771 static void set_class_complete(struct hci_dev *hdev, u8 status)
1773 BT_DBG("status 0x%02x", status);
1775 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1778 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1781 struct mgmt_cp_set_dev_class *cp = data;
1782 struct pending_cmd *cmd;
1783 struct hci_request req;
1786 BT_DBG("request for %s", hdev->name);
1788 if (!lmp_bredr_capable(hdev))
1789 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1790 MGMT_STATUS_NOT_SUPPORTED);
1794 if (pending_eir_or_class(hdev)) {
1795 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1800 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1801 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1802 MGMT_STATUS_INVALID_PARAMS);
1806 hdev->major_class = cp->major;
1807 hdev->minor_class = cp->minor;
1809 if (!hdev_is_powered(hdev)) {
1810 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1811 hdev->dev_class, 3);
1815 hci_req_init(&req, hdev);
1817 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1818 hci_dev_unlock(hdev);
1819 cancel_delayed_work_sync(&hdev->service_cache);
1826 err = hci_req_run(&req, set_class_complete);
1828 if (err != -ENODATA)
1831 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1832 hdev->dev_class, 3);
1836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1845 hci_dev_unlock(hdev);
1849 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1852 struct mgmt_cp_load_link_keys *cp = data;
1853 u16 key_count, expected_len;
1856 BT_DBG("request for %s", hdev->name);
1858 if (!lmp_bredr_capable(hdev))
1859 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1860 MGMT_STATUS_NOT_SUPPORTED);
1862 key_count = __le16_to_cpu(cp->key_count);
1864 expected_len = sizeof(*cp) + key_count *
1865 sizeof(struct mgmt_link_key_info);
1866 if (expected_len != len) {
1867 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1869 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1870 MGMT_STATUS_INVALID_PARAMS);
1873 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1874 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1875 MGMT_STATUS_INVALID_PARAMS);
1877 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1880 for (i = 0; i < key_count; i++) {
1881 struct mgmt_link_key_info *key = &cp->keys[i];
1883 if (key->addr.type != BDADDR_BREDR)
1884 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1885 MGMT_STATUS_INVALID_PARAMS);
1890 hci_link_keys_clear(hdev);
1893 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1895 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1897 for (i = 0; i < key_count; i++) {
1898 struct mgmt_link_key_info *key = &cp->keys[i];
1900 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1901 key->type, key->pin_len);
1904 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1906 hci_dev_unlock(hdev);
1911 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1912 u8 addr_type, struct sock *skip_sk)
1914 struct mgmt_ev_device_unpaired ev;
1916 bacpy(&ev.addr.bdaddr, bdaddr);
1917 ev.addr.type = addr_type;
1919 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1923 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1926 struct mgmt_cp_unpair_device *cp = data;
1927 struct mgmt_rp_unpair_device rp;
1928 struct hci_cp_disconnect dc;
1929 struct pending_cmd *cmd;
1930 struct hci_conn *conn;
1933 memset(&rp, 0, sizeof(rp));
1934 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1935 rp.addr.type = cp->addr.type;
1937 if (!bdaddr_type_is_valid(cp->addr.type))
1938 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1939 MGMT_STATUS_INVALID_PARAMS,
1942 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1943 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1944 MGMT_STATUS_INVALID_PARAMS,
1949 if (!hdev_is_powered(hdev)) {
1950 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1951 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1955 if (cp->addr.type == BDADDR_BREDR)
1956 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1958 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1961 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1962 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1966 if (cp->disconnect) {
1967 if (cp->addr.type == BDADDR_BREDR)
1968 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1971 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1978 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1980 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1984 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1991 dc.handle = cpu_to_le16(conn->handle);
1992 dc.reason = 0x13; /* Remote User Terminated Connection */
1993 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1995 mgmt_pending_remove(cmd);
1998 hci_dev_unlock(hdev);
2002 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2005 struct mgmt_cp_disconnect *cp = data;
2006 struct mgmt_rp_disconnect rp;
2007 struct hci_cp_disconnect dc;
2008 struct pending_cmd *cmd;
2009 struct hci_conn *conn;
2014 memset(&rp, 0, sizeof(rp));
2015 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2016 rp.addr.type = cp->addr.type;
2018 if (!bdaddr_type_is_valid(cp->addr.type))
2019 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2020 MGMT_STATUS_INVALID_PARAMS,
2025 if (!test_bit(HCI_UP, &hdev->flags)) {
2026 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2027 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2031 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2032 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2033 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2037 if (cp->addr.type == BDADDR_BREDR)
2038 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2041 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2043 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2044 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2045 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2049 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2055 dc.handle = cpu_to_le16(conn->handle);
2056 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2058 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2060 mgmt_pending_remove(cmd);
2063 hci_dev_unlock(hdev);
2067 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2069 switch (link_type) {
2071 switch (addr_type) {
2072 case ADDR_LE_DEV_PUBLIC:
2073 return BDADDR_LE_PUBLIC;
2076 /* Fallback to LE Random address type */
2077 return BDADDR_LE_RANDOM;
2081 /* Fallback to BR/EDR type */
2082 return BDADDR_BREDR;
2086 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2089 struct mgmt_rp_get_connections *rp;
2099 if (!hdev_is_powered(hdev)) {
2100 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2101 MGMT_STATUS_NOT_POWERED);
2106 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2107 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2111 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2112 rp = kmalloc(rp_len, GFP_KERNEL);
2119 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2120 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2122 bacpy(&rp->addr[i].bdaddr, &c->dst);
2123 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2124 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2129 rp->conn_count = cpu_to_le16(i);
2131 /* Recalculate length in case of filtered SCO connections, etc */
2132 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2134 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2140 hci_dev_unlock(hdev);
2144 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2145 struct mgmt_cp_pin_code_neg_reply *cp)
2147 struct pending_cmd *cmd;
2150 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2155 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2156 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2158 mgmt_pending_remove(cmd);
2163 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2166 struct hci_conn *conn;
2167 struct mgmt_cp_pin_code_reply *cp = data;
2168 struct hci_cp_pin_code_reply reply;
2169 struct pending_cmd *cmd;
2176 if (!hdev_is_powered(hdev)) {
2177 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2178 MGMT_STATUS_NOT_POWERED);
2182 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2184 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2185 MGMT_STATUS_NOT_CONNECTED);
2189 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2190 struct mgmt_cp_pin_code_neg_reply ncp;
2192 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2194 BT_ERR("PIN code is not 16 bytes long");
2196 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2198 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2199 MGMT_STATUS_INVALID_PARAMS);
2204 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2210 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2211 reply.pin_len = cp->pin_len;
2212 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2214 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2216 mgmt_pending_remove(cmd);
2219 hci_dev_unlock(hdev);
2223 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2226 struct mgmt_cp_set_io_capability *cp = data;
2232 hdev->io_capability = cp->io_capability;
2234 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2235 hdev->io_capability);
2237 hci_dev_unlock(hdev);
2239 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2243 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2245 struct hci_dev *hdev = conn->hdev;
2246 struct pending_cmd *cmd;
2248 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2249 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2252 if (cmd->user_data != conn)
2261 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2263 struct mgmt_rp_pair_device rp;
2264 struct hci_conn *conn = cmd->user_data;
2266 bacpy(&rp.addr.bdaddr, &conn->dst);
2267 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2269 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2272 /* So we don't get further callbacks for this connection */
2273 conn->connect_cfm_cb = NULL;
2274 conn->security_cfm_cb = NULL;
2275 conn->disconn_cfm_cb = NULL;
2277 hci_conn_drop(conn);
2279 mgmt_pending_remove(cmd);
2282 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2284 struct pending_cmd *cmd;
2286 BT_DBG("status %u", status);
2288 cmd = find_pairing(conn);
2290 BT_DBG("Unable to find a pending command");
2292 pairing_complete(cmd, mgmt_status(status));
2295 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2297 struct pending_cmd *cmd;
2299 BT_DBG("status %u", status);
2304 cmd = find_pairing(conn);
2306 BT_DBG("Unable to find a pending command");
2308 pairing_complete(cmd, mgmt_status(status));
2311 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2314 struct mgmt_cp_pair_device *cp = data;
2315 struct mgmt_rp_pair_device rp;
2316 struct pending_cmd *cmd;
2317 u8 sec_level, auth_type;
2318 struct hci_conn *conn;
2323 memset(&rp, 0, sizeof(rp));
2324 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2325 rp.addr.type = cp->addr.type;
2327 if (!bdaddr_type_is_valid(cp->addr.type))
2328 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2329 MGMT_STATUS_INVALID_PARAMS,
2334 if (!hdev_is_powered(hdev)) {
2335 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2336 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2340 sec_level = BT_SECURITY_MEDIUM;
2341 if (cp->io_cap == 0x03)
2342 auth_type = HCI_AT_DEDICATED_BONDING;
2344 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2346 if (cp->addr.type == BDADDR_BREDR)
2347 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2348 cp->addr.type, sec_level, auth_type);
2350 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2351 cp->addr.type, sec_level, auth_type);
2356 if (PTR_ERR(conn) == -EBUSY)
2357 status = MGMT_STATUS_BUSY;
2359 status = MGMT_STATUS_CONNECT_FAILED;
2361 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2367 if (conn->connect_cfm_cb) {
2368 hci_conn_drop(conn);
2369 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2370 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2374 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2377 hci_conn_drop(conn);
2381 /* For LE, just connecting isn't a proof that the pairing finished */
2382 if (cp->addr.type == BDADDR_BREDR)
2383 conn->connect_cfm_cb = pairing_complete_cb;
2385 conn->connect_cfm_cb = le_connect_complete_cb;
2387 conn->security_cfm_cb = pairing_complete_cb;
2388 conn->disconn_cfm_cb = pairing_complete_cb;
2389 conn->io_capability = cp->io_cap;
2390 cmd->user_data = conn;
2392 if (conn->state == BT_CONNECTED &&
2393 hci_conn_security(conn, sec_level, auth_type))
2394 pairing_complete(cmd, 0);
2399 hci_dev_unlock(hdev);
2403 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2406 struct mgmt_addr_info *addr = data;
2407 struct pending_cmd *cmd;
2408 struct hci_conn *conn;
2415 if (!hdev_is_powered(hdev)) {
2416 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2417 MGMT_STATUS_NOT_POWERED);
2421 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2423 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2424 MGMT_STATUS_INVALID_PARAMS);
2428 conn = cmd->user_data;
2430 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2431 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2432 MGMT_STATUS_INVALID_PARAMS);
2436 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2438 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2439 addr, sizeof(*addr));
2441 hci_dev_unlock(hdev);
2445 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2446 struct mgmt_addr_info *addr, u16 mgmt_op,
2447 u16 hci_op, __le32 passkey)
2449 struct pending_cmd *cmd;
2450 struct hci_conn *conn;
2455 if (!hdev_is_powered(hdev)) {
2456 err = cmd_complete(sk, hdev->id, mgmt_op,
2457 MGMT_STATUS_NOT_POWERED, addr,
2462 if (addr->type == BDADDR_BREDR)
2463 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2465 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2468 err = cmd_complete(sk, hdev->id, mgmt_op,
2469 MGMT_STATUS_NOT_CONNECTED, addr,
2474 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2475 /* Continue with pairing via SMP */
2476 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2479 err = cmd_complete(sk, hdev->id, mgmt_op,
2480 MGMT_STATUS_SUCCESS, addr,
2483 err = cmd_complete(sk, hdev->id, mgmt_op,
2484 MGMT_STATUS_FAILED, addr,
2490 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2496 /* Continue with pairing via HCI */
2497 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2498 struct hci_cp_user_passkey_reply cp;
2500 bacpy(&cp.bdaddr, &addr->bdaddr);
2501 cp.passkey = passkey;
2502 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2504 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2508 mgmt_pending_remove(cmd);
2511 hci_dev_unlock(hdev);
2515 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2516 void *data, u16 len)
2518 struct mgmt_cp_pin_code_neg_reply *cp = data;
2522 return user_pairing_resp(sk, hdev, &cp->addr,
2523 MGMT_OP_PIN_CODE_NEG_REPLY,
2524 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2527 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2530 struct mgmt_cp_user_confirm_reply *cp = data;
2534 if (len != sizeof(*cp))
2535 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2536 MGMT_STATUS_INVALID_PARAMS);
2538 return user_pairing_resp(sk, hdev, &cp->addr,
2539 MGMT_OP_USER_CONFIRM_REPLY,
2540 HCI_OP_USER_CONFIRM_REPLY, 0);
2543 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2544 void *data, u16 len)
2546 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2550 return user_pairing_resp(sk, hdev, &cp->addr,
2551 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2552 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2555 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2558 struct mgmt_cp_user_passkey_reply *cp = data;
2562 return user_pairing_resp(sk, hdev, &cp->addr,
2563 MGMT_OP_USER_PASSKEY_REPLY,
2564 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2567 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2568 void *data, u16 len)
2570 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2574 return user_pairing_resp(sk, hdev, &cp->addr,
2575 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2576 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2579 static void update_name(struct hci_request *req)
2581 struct hci_dev *hdev = req->hdev;
2582 struct hci_cp_write_local_name cp;
2584 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2586 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2589 static void set_name_complete(struct hci_dev *hdev, u8 status)
2591 struct mgmt_cp_set_local_name *cp;
2592 struct pending_cmd *cmd;
2594 BT_DBG("status 0x%02x", status);
2598 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2605 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2606 mgmt_status(status));
2608 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2611 mgmt_pending_remove(cmd);
2614 hci_dev_unlock(hdev);
2617 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2620 struct mgmt_cp_set_local_name *cp = data;
2621 struct pending_cmd *cmd;
2622 struct hci_request req;
2629 /* If the old values are the same as the new ones just return a
2630 * direct command complete event.
2632 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2633 !memcmp(hdev->short_name, cp->short_name,
2634 sizeof(hdev->short_name))) {
2635 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2640 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2642 if (!hdev_is_powered(hdev)) {
2643 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2645 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2650 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2656 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2662 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2664 hci_req_init(&req, hdev);
2666 if (lmp_bredr_capable(hdev)) {
2671 if (lmp_le_capable(hdev))
2672 hci_update_ad(&req);
2674 err = hci_req_run(&req, set_name_complete);
2676 mgmt_pending_remove(cmd);
2679 hci_dev_unlock(hdev);
2683 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2684 void *data, u16 data_len)
2686 struct pending_cmd *cmd;
2689 BT_DBG("%s", hdev->name);
2693 if (!hdev_is_powered(hdev)) {
2694 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2695 MGMT_STATUS_NOT_POWERED);
2699 if (!lmp_ssp_capable(hdev)) {
2700 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2701 MGMT_STATUS_NOT_SUPPORTED);
2705 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2706 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2711 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2717 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2719 mgmt_pending_remove(cmd);
2722 hci_dev_unlock(hdev);
2726 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2727 void *data, u16 len)
2729 struct mgmt_cp_add_remote_oob_data *cp = data;
2733 BT_DBG("%s ", hdev->name);
2737 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2740 status = MGMT_STATUS_FAILED;
2742 status = MGMT_STATUS_SUCCESS;
2744 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2745 &cp->addr, sizeof(cp->addr));
2747 hci_dev_unlock(hdev);
2751 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2752 void *data, u16 len)
2754 struct mgmt_cp_remove_remote_oob_data *cp = data;
2758 BT_DBG("%s", hdev->name);
2762 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2764 status = MGMT_STATUS_INVALID_PARAMS;
2766 status = MGMT_STATUS_SUCCESS;
2768 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2769 status, &cp->addr, sizeof(cp->addr));
2771 hci_dev_unlock(hdev);
2775 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2777 struct pending_cmd *cmd;
2781 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2783 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2787 type = hdev->discovery.type;
2789 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2790 &type, sizeof(type));
2791 mgmt_pending_remove(cmd);
2796 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2798 BT_DBG("status %d", status);
2802 mgmt_start_discovery_failed(hdev, status);
2803 hci_dev_unlock(hdev);
2808 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2809 hci_dev_unlock(hdev);
2811 switch (hdev->discovery.type) {
2812 case DISCOV_TYPE_LE:
2813 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2817 case DISCOV_TYPE_INTERLEAVED:
2818 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2819 DISCOV_INTERLEAVED_TIMEOUT);
2822 case DISCOV_TYPE_BREDR:
2826 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2830 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2831 void *data, u16 len)
2833 struct mgmt_cp_start_discovery *cp = data;
2834 struct pending_cmd *cmd;
2835 struct hci_cp_le_set_scan_param param_cp;
2836 struct hci_cp_le_set_scan_enable enable_cp;
2837 struct hci_cp_inquiry inq_cp;
2838 struct hci_request req;
2839 /* General inquiry access code (GIAC) */
2840 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2844 BT_DBG("%s", hdev->name);
2848 if (!hdev_is_powered(hdev)) {
2849 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2850 MGMT_STATUS_NOT_POWERED);
2854 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2855 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2860 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2861 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2866 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2872 hdev->discovery.type = cp->type;
2874 hci_req_init(&req, hdev);
2876 switch (hdev->discovery.type) {
2877 case DISCOV_TYPE_BREDR:
2878 status = mgmt_bredr_support(hdev);
2880 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2882 mgmt_pending_remove(cmd);
2886 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2887 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2889 mgmt_pending_remove(cmd);
2893 hci_inquiry_cache_flush(hdev);
2895 memset(&inq_cp, 0, sizeof(inq_cp));
2896 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
2897 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
2898 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
2901 case DISCOV_TYPE_LE:
2902 case DISCOV_TYPE_INTERLEAVED:
2903 status = mgmt_le_support(hdev);
2905 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2907 mgmt_pending_remove(cmd);
2911 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
2912 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2913 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2914 MGMT_STATUS_NOT_SUPPORTED);
2915 mgmt_pending_remove(cmd);
2919 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2920 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2921 MGMT_STATUS_REJECTED);
2922 mgmt_pending_remove(cmd);
2926 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2927 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2929 mgmt_pending_remove(cmd);
2933 memset(¶m_cp, 0, sizeof(param_cp));
2934 param_cp.type = LE_SCAN_ACTIVE;
2935 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2936 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
2937 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
2938 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
2940 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
2941 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2944 memset(&enable_cp, 0, sizeof(enable_cp));
2945 enable_cp.enable = LE_SCAN_ENABLE;
2946 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2947 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2952 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2953 MGMT_STATUS_INVALID_PARAMS);
2954 mgmt_pending_remove(cmd);
2958 err = hci_req_run(&req, start_discovery_complete);
2960 mgmt_pending_remove(cmd);
2962 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2965 hci_dev_unlock(hdev);
2969 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2971 struct pending_cmd *cmd;
2974 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2978 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2979 &hdev->discovery.type, sizeof(hdev->discovery.type));
2980 mgmt_pending_remove(cmd);
2985 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2987 BT_DBG("status %d", status);
2992 mgmt_stop_discovery_failed(hdev, status);
2996 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2999 hci_dev_unlock(hdev);
3002 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3005 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3006 struct pending_cmd *cmd;
3007 struct hci_cp_remote_name_req_cancel cp;
3008 struct inquiry_entry *e;
3009 struct hci_request req;
3010 struct hci_cp_le_set_scan_enable enable_cp;
3013 BT_DBG("%s", hdev->name);
3017 if (!hci_discovery_active(hdev)) {
3018 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3019 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3020 sizeof(mgmt_cp->type));
3024 if (hdev->discovery.type != mgmt_cp->type) {
3025 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3026 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3027 sizeof(mgmt_cp->type));
3031 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3037 hci_req_init(&req, hdev);
3039 switch (hdev->discovery.state) {
3040 case DISCOVERY_FINDING:
3041 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3042 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3044 cancel_delayed_work(&hdev->le_scan_disable);
3046 memset(&enable_cp, 0, sizeof(enable_cp));
3047 enable_cp.enable = LE_SCAN_DISABLE;
3048 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3049 sizeof(enable_cp), &enable_cp);
3054 case DISCOVERY_RESOLVING:
3055 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3058 mgmt_pending_remove(cmd);
3059 err = cmd_complete(sk, hdev->id,
3060 MGMT_OP_STOP_DISCOVERY, 0,
3062 sizeof(mgmt_cp->type));
3063 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3067 bacpy(&cp.bdaddr, &e->data.bdaddr);
3068 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3074 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3076 mgmt_pending_remove(cmd);
3077 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3078 MGMT_STATUS_FAILED, &mgmt_cp->type,
3079 sizeof(mgmt_cp->type));
3083 err = hci_req_run(&req, stop_discovery_complete);
3085 mgmt_pending_remove(cmd);
3087 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3090 hci_dev_unlock(hdev);
3094 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3097 struct mgmt_cp_confirm_name *cp = data;
3098 struct inquiry_entry *e;
3101 BT_DBG("%s", hdev->name);
3105 if (!hci_discovery_active(hdev)) {
3106 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3107 MGMT_STATUS_FAILED);
3111 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3113 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3114 MGMT_STATUS_INVALID_PARAMS);
3118 if (cp->name_known) {
3119 e->name_state = NAME_KNOWN;
3122 e->name_state = NAME_NEEDED;
3123 hci_inquiry_cache_update_resolve(hdev, e);
3126 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3130 hci_dev_unlock(hdev);
3134 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3137 struct mgmt_cp_block_device *cp = data;
3141 BT_DBG("%s", hdev->name);
3143 if (!bdaddr_type_is_valid(cp->addr.type))
3144 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3145 MGMT_STATUS_INVALID_PARAMS,
3146 &cp->addr, sizeof(cp->addr));
3150 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3152 status = MGMT_STATUS_FAILED;
3154 status = MGMT_STATUS_SUCCESS;
3156 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3157 &cp->addr, sizeof(cp->addr));
3159 hci_dev_unlock(hdev);
3164 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3167 struct mgmt_cp_unblock_device *cp = data;
3171 BT_DBG("%s", hdev->name);
3173 if (!bdaddr_type_is_valid(cp->addr.type))
3174 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3175 MGMT_STATUS_INVALID_PARAMS,
3176 &cp->addr, sizeof(cp->addr));
3180 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3182 status = MGMT_STATUS_INVALID_PARAMS;
3184 status = MGMT_STATUS_SUCCESS;
3186 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3187 &cp->addr, sizeof(cp->addr));
3189 hci_dev_unlock(hdev);
3194 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3197 struct mgmt_cp_set_device_id *cp = data;
3198 struct hci_request req;
3202 BT_DBG("%s", hdev->name);
3204 source = __le16_to_cpu(cp->source);
3206 if (source > 0x0002)
3207 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3208 MGMT_STATUS_INVALID_PARAMS);
3212 hdev->devid_source = source;
3213 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3214 hdev->devid_product = __le16_to_cpu(cp->product);
3215 hdev->devid_version = __le16_to_cpu(cp->version);
3217 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3219 hci_req_init(&req, hdev);
3221 hci_req_run(&req, NULL);
3223 hci_dev_unlock(hdev);
3228 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3230 struct cmd_lookup match = { NULL, hdev };
3233 u8 mgmt_err = mgmt_status(status);
3235 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3236 cmd_status_rsp, &mgmt_err);
3240 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3243 new_settings(hdev, match.sk);
3249 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3251 struct mgmt_mode *cp = data;
3252 struct pending_cmd *cmd;
3253 struct hci_request req;
3254 u8 val, enabled, status;
3257 BT_DBG("request for %s", hdev->name);
3259 status = mgmt_le_support(hdev);
3261 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3264 if (cp->val != 0x00 && cp->val != 0x01)
3265 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3266 MGMT_STATUS_INVALID_PARAMS);
3271 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3273 if (!hdev_is_powered(hdev) || val == enabled) {
3274 bool changed = false;
3276 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3277 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3281 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3286 err = new_settings(hdev, sk);
3291 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3292 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3293 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3298 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3304 hci_req_init(&req, hdev);
3307 enable_advertising(&req);
3309 disable_advertising(&req);
3311 err = hci_req_run(&req, set_advertising_complete);
3313 mgmt_pending_remove(cmd);
3316 hci_dev_unlock(hdev);
3320 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3321 void *data, u16 len)
3323 struct mgmt_cp_set_static_address *cp = data;
3326 BT_DBG("%s", hdev->name);
3328 if (!lmp_le_capable(hdev))
3329 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3330 MGMT_STATUS_NOT_SUPPORTED);
3332 if (hdev_is_powered(hdev))
3333 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3334 MGMT_STATUS_REJECTED);
3336 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3337 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3338 return cmd_status(sk, hdev->id,
3339 MGMT_OP_SET_STATIC_ADDRESS,
3340 MGMT_STATUS_INVALID_PARAMS);
3342 /* Two most significant bits shall be set */
3343 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3344 return cmd_status(sk, hdev->id,
3345 MGMT_OP_SET_STATIC_ADDRESS,
3346 MGMT_STATUS_INVALID_PARAMS);
3351 bacpy(&hdev->static_addr, &cp->bdaddr);
3353 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3355 hci_dev_unlock(hdev);
3360 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3362 struct pending_cmd *cmd;
3364 BT_DBG("status 0x%02x", status);
3368 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3373 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3374 mgmt_status(status));
3376 struct mgmt_mode *cp = cmd->param;
3379 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3381 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3383 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3384 new_settings(hdev, cmd->sk);
3387 mgmt_pending_remove(cmd);
3390 hci_dev_unlock(hdev);
3393 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3394 void *data, u16 len)
3396 struct mgmt_mode *cp = data;
3397 struct pending_cmd *cmd;
3398 struct hci_request req;
3401 BT_DBG("%s", hdev->name);
3403 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3404 hdev->hci_ver < BLUETOOTH_VER_1_2)
3405 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3406 MGMT_STATUS_NOT_SUPPORTED);
3408 if (cp->val != 0x00 && cp->val != 0x01)
3409 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3410 MGMT_STATUS_INVALID_PARAMS);
3412 if (!hdev_is_powered(hdev))
3413 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3414 MGMT_STATUS_NOT_POWERED);
3416 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3417 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3418 MGMT_STATUS_REJECTED);
3422 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3423 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3428 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3429 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3434 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3441 hci_req_init(&req, hdev);
3443 write_fast_connectable(&req, cp->val);
3445 err = hci_req_run(&req, fast_connectable_complete);
3447 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3448 MGMT_STATUS_FAILED);
3449 mgmt_pending_remove(cmd);
3453 hci_dev_unlock(hdev);
3458 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3460 struct pending_cmd *cmd;
3462 BT_DBG("status 0x%02x", status);
3466 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3471 u8 mgmt_err = mgmt_status(status);
3473 /* We need to restore the flag if related HCI commands
3476 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3478 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3480 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3481 new_settings(hdev, cmd->sk);
3484 mgmt_pending_remove(cmd);
3487 hci_dev_unlock(hdev);
3490 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3492 struct mgmt_mode *cp = data;
3493 struct pending_cmd *cmd;
3494 struct hci_request req;
3497 BT_DBG("request for %s", hdev->name);
3499 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3500 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3501 MGMT_STATUS_NOT_SUPPORTED);
3503 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3504 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3505 MGMT_STATUS_REJECTED);
3507 if (cp->val != 0x00 && cp->val != 0x01)
3508 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3509 MGMT_STATUS_INVALID_PARAMS);
3513 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3514 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3518 if (!hdev_is_powered(hdev)) {
3520 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3521 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3522 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3523 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3524 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3525 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3528 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3530 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3534 err = new_settings(hdev, sk);
3538 /* Reject disabling when powered on */
3540 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3541 MGMT_STATUS_REJECTED);
3545 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3546 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3551 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3557 /* We need to flip the bit already here so that hci_update_ad
3558 * generates the correct flags.
3560 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3562 hci_req_init(&req, hdev);
3563 hci_update_ad(&req);
3564 err = hci_req_run(&req, set_bredr_complete);
3566 mgmt_pending_remove(cmd);
3569 hci_dev_unlock(hdev);
3573 static bool ltk_is_valid(struct mgmt_ltk_info *key)
3575 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3577 if (key->master != 0x00 && key->master != 0x01)
3579 if (!bdaddr_type_is_le(key->addr.type))
3584 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
3585 void *cp_data, u16 len)
3587 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3588 u16 key_count, expected_len;
3591 BT_DBG("request for %s", hdev->name);
3593 if (!lmp_le_capable(hdev))
3594 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3595 MGMT_STATUS_NOT_SUPPORTED);
3597 key_count = __le16_to_cpu(cp->key_count);
3599 expected_len = sizeof(*cp) + key_count *
3600 sizeof(struct mgmt_ltk_info);
3601 if (expected_len != len) {
3602 BT_ERR("load_keys: expected %u bytes, got %u bytes",
3604 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3605 MGMT_STATUS_INVALID_PARAMS);
3608 BT_DBG("%s key_count %u", hdev->name, key_count);
3610 for (i = 0; i < key_count; i++) {
3611 struct mgmt_ltk_info *key = &cp->keys[i];
3613 if (!ltk_is_valid(key))
3614 return cmd_status(sk, hdev->id,
3615 MGMT_OP_LOAD_LONG_TERM_KEYS,
3616 MGMT_STATUS_INVALID_PARAMS);
3621 hci_smp_ltks_clear(hdev);
3623 for (i = 0; i < key_count; i++) {
3624 struct mgmt_ltk_info *key = &cp->keys[i];
3630 type = HCI_SMP_LTK_SLAVE;
3632 hci_add_ltk(hdev, &key->addr.bdaddr,
3633 bdaddr_to_le(key->addr.type),
3634 type, 0, key->authenticated, key->val,
3635 key->enc_size, key->ediv, key->rand);
3638 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3641 hci_dev_unlock(hdev);
3646 static const struct mgmt_handler {
3647 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3651 } mgmt_handlers[] = {
3652 { NULL }, /* 0x0000 (no command) */
3653 { read_version, false, MGMT_READ_VERSION_SIZE },
3654 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3655 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3656 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3657 { set_powered, false, MGMT_SETTING_SIZE },
3658 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3659 { set_connectable, false, MGMT_SETTING_SIZE },
3660 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3661 { set_pairable, false, MGMT_SETTING_SIZE },
3662 { set_link_security, false, MGMT_SETTING_SIZE },
3663 { set_ssp, false, MGMT_SETTING_SIZE },
3664 { set_hs, false, MGMT_SETTING_SIZE },
3665 { set_le, false, MGMT_SETTING_SIZE },
3666 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3667 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3668 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3669 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3670 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3671 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3672 { disconnect, false, MGMT_DISCONNECT_SIZE },
3673 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3674 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3675 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3676 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3677 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3678 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3679 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3680 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3681 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3682 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3683 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3684 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3685 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3686 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3687 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3688 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3689 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3690 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3691 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
3692 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
3693 { set_advertising, false, MGMT_SETTING_SIZE },
3694 { set_bredr, false, MGMT_SETTING_SIZE },
3695 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
3699 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3703 struct mgmt_hdr *hdr;
3704 u16 opcode, index, len;
3705 struct hci_dev *hdev = NULL;
3706 const struct mgmt_handler *handler;
3709 BT_DBG("got %zu bytes", msglen);
3711 if (msglen < sizeof(*hdr))
3714 buf = kmalloc(msglen, GFP_KERNEL);
3718 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3724 opcode = __le16_to_cpu(hdr->opcode);
3725 index = __le16_to_cpu(hdr->index);
3726 len = __le16_to_cpu(hdr->len);
3728 if (len != msglen - sizeof(*hdr)) {
3733 if (index != MGMT_INDEX_NONE) {
3734 hdev = hci_dev_get(index);
3736 err = cmd_status(sk, index, opcode,
3737 MGMT_STATUS_INVALID_INDEX);
3741 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3742 err = cmd_status(sk, index, opcode,
3743 MGMT_STATUS_INVALID_INDEX);
3748 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
3749 mgmt_handlers[opcode].func == NULL) {
3750 BT_DBG("Unknown op %u", opcode);
3751 err = cmd_status(sk, index, opcode,
3752 MGMT_STATUS_UNKNOWN_COMMAND);
3756 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
3757 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
3758 err = cmd_status(sk, index, opcode,
3759 MGMT_STATUS_INVALID_INDEX);
3763 handler = &mgmt_handlers[opcode];
3765 if ((handler->var_len && len < handler->data_len) ||
3766 (!handler->var_len && len != handler->data_len)) {
3767 err = cmd_status(sk, index, opcode,
3768 MGMT_STATUS_INVALID_PARAMS);
3773 mgmt_init_hdev(sk, hdev);
3775 cp = buf + sizeof(*hdr);
3777 err = handler->func(sk, hdev, cp, len);
3791 int mgmt_index_added(struct hci_dev *hdev)
3793 if (!mgmt_valid_hdev(hdev))
3796 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
3799 int mgmt_index_removed(struct hci_dev *hdev)
3801 u8 status = MGMT_STATUS_INVALID_INDEX;
3803 if (!mgmt_valid_hdev(hdev))
3806 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3808 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
3811 static void set_bredr_scan(struct hci_request *req)
3813 struct hci_dev *hdev = req->hdev;
3816 /* Ensure that fast connectable is disabled. This function will
3817 * not do anything if the page scan parameters are already what
3820 write_fast_connectable(req, false);
3822 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3824 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3825 scan |= SCAN_INQUIRY;
3828 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3831 static void powered_complete(struct hci_dev *hdev, u8 status)
3833 struct cmd_lookup match = { NULL, hdev };
3835 BT_DBG("status 0x%02x", status);
3839 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3841 new_settings(hdev, match.sk);
3843 hci_dev_unlock(hdev);
3849 static int powered_update_hci(struct hci_dev *hdev)
3851 struct hci_request req;
3854 hci_req_init(&req, hdev);
3856 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3857 !lmp_host_ssp_capable(hdev)) {
3860 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
3863 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3864 lmp_bredr_capable(hdev)) {
3865 struct hci_cp_write_le_host_supported cp;
3868 cp.simul = lmp_le_br_capable(hdev);
3870 /* Check first if we already have the right
3871 * host state (host features set)
3873 if (cp.le != lmp_host_le_capable(hdev) ||
3874 cp.simul != lmp_host_le_br_capable(hdev))
3875 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3878 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3879 hci_update_ad(&req);
3882 if (lmp_le_capable(hdev)) {
3883 /* Set random address to static address if configured */
3884 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3885 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3886 &hdev->static_addr);
3888 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
3889 enable_advertising(&req);
3892 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3893 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
3894 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3895 sizeof(link_sec), &link_sec);
3897 if (lmp_bredr_capable(hdev)) {
3898 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3899 set_bredr_scan(&req);
3905 return hci_req_run(&req, powered_complete);
3908 int mgmt_powered(struct hci_dev *hdev, u8 powered)
3910 struct cmd_lookup match = { NULL, hdev };
3911 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3912 u8 zero_cod[] = { 0, 0, 0 };
3915 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3919 if (powered_update_hci(hdev) == 0)
3922 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3927 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3928 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3930 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3931 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3932 zero_cod, sizeof(zero_cod), NULL);
3935 err = new_settings(hdev, match.sk);
3943 int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3945 struct pending_cmd *cmd;
3948 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3952 if (err == -ERFKILL)
3953 status = MGMT_STATUS_RFKILLED;
3955 status = MGMT_STATUS_FAILED;
3957 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3959 mgmt_pending_remove(cmd);
3964 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3966 struct cmd_lookup match = { NULL, hdev };
3967 bool changed = false;
3971 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3974 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3978 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3982 err = new_settings(hdev, match.sk);
3990 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3992 struct pending_cmd *cmd;
3993 bool changed = false;
3997 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4000 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4004 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
4007 err = new_settings(hdev, cmd ? cmd->sk : NULL);
4012 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
4014 u8 mgmt_err = mgmt_status(status);
4016 if (scan & SCAN_PAGE)
4017 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
4018 cmd_status_rsp, &mgmt_err);
4020 if (scan & SCAN_INQUIRY)
4021 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
4022 cmd_status_rsp, &mgmt_err);
4027 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4030 struct mgmt_ev_new_link_key ev;
4032 memset(&ev, 0, sizeof(ev));
4034 ev.store_hint = persistent;
4035 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4036 ev.key.addr.type = BDADDR_BREDR;
4037 ev.key.type = key->type;
4038 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
4039 ev.key.pin_len = key->pin_len;
4041 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4044 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4046 struct mgmt_ev_new_long_term_key ev;
4048 memset(&ev, 0, sizeof(ev));
4050 ev.store_hint = persistent;
4051 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4052 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4053 ev.key.authenticated = key->authenticated;
4054 ev.key.enc_size = key->enc_size;
4055 ev.key.ediv = key->ediv;
4057 if (key->type == HCI_SMP_LTK)
4060 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4061 memcpy(ev.key.val, key->val, sizeof(key->val));
4063 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4067 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4068 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4072 struct mgmt_ev_device_connected *ev = (void *) buf;
4075 bacpy(&ev->addr.bdaddr, bdaddr);
4076 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4078 ev->flags = __cpu_to_le32(flags);
4081 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4084 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4085 eir_len = eir_append_data(ev->eir, eir_len,
4086 EIR_CLASS_OF_DEV, dev_class, 3);
4088 ev->eir_len = cpu_to_le16(eir_len);
4090 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4091 sizeof(*ev) + eir_len, NULL);
4094 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4096 struct mgmt_cp_disconnect *cp = cmd->param;
4097 struct sock **sk = data;
4098 struct mgmt_rp_disconnect rp;
4100 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4101 rp.addr.type = cp->addr.type;
4103 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4109 mgmt_pending_remove(cmd);
4112 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4114 struct hci_dev *hdev = data;
4115 struct mgmt_cp_unpair_device *cp = cmd->param;
4116 struct mgmt_rp_unpair_device rp;
4118 memset(&rp, 0, sizeof(rp));
4119 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4120 rp.addr.type = cp->addr.type;
4122 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4124 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4126 mgmt_pending_remove(cmd);
4129 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4130 u8 link_type, u8 addr_type, u8 reason)
4132 struct mgmt_ev_device_disconnected ev;
4133 struct sock *sk = NULL;
4136 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4138 bacpy(&ev.addr.bdaddr, bdaddr);
4139 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4142 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
4148 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4154 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4155 u8 link_type, u8 addr_type, u8 status)
4157 struct mgmt_rp_disconnect rp;
4158 struct pending_cmd *cmd;
4161 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4164 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4168 bacpy(&rp.addr.bdaddr, bdaddr);
4169 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4171 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4172 mgmt_status(status), &rp, sizeof(rp));
4174 mgmt_pending_remove(cmd);
4179 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4180 u8 addr_type, u8 status)
4182 struct mgmt_ev_connect_failed ev;
4184 bacpy(&ev.addr.bdaddr, bdaddr);
4185 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4186 ev.status = mgmt_status(status);
4188 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4191 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
4193 struct mgmt_ev_pin_code_request ev;
4195 bacpy(&ev.addr.bdaddr, bdaddr);
4196 ev.addr.type = BDADDR_BREDR;
4199 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4203 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4206 struct pending_cmd *cmd;
4207 struct mgmt_rp_pin_code_reply rp;
4210 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
4214 bacpy(&rp.addr.bdaddr, bdaddr);
4215 rp.addr.type = BDADDR_BREDR;
4217 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4218 mgmt_status(status), &rp, sizeof(rp));
4220 mgmt_pending_remove(cmd);
4225 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4228 struct pending_cmd *cmd;
4229 struct mgmt_rp_pin_code_reply rp;
4232 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
4236 bacpy(&rp.addr.bdaddr, bdaddr);
4237 rp.addr.type = BDADDR_BREDR;
4239 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4240 mgmt_status(status), &rp, sizeof(rp));
4242 mgmt_pending_remove(cmd);
4247 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4248 u8 link_type, u8 addr_type, __le32 value,
4251 struct mgmt_ev_user_confirm_request ev;
4253 BT_DBG("%s", hdev->name);
4255 bacpy(&ev.addr.bdaddr, bdaddr);
4256 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4257 ev.confirm_hint = confirm_hint;
4260 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4264 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4265 u8 link_type, u8 addr_type)
4267 struct mgmt_ev_user_passkey_request ev;
4269 BT_DBG("%s", hdev->name);
4271 bacpy(&ev.addr.bdaddr, bdaddr);
4272 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4274 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
4278 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4279 u8 link_type, u8 addr_type, u8 status,
4282 struct pending_cmd *cmd;
4283 struct mgmt_rp_user_confirm_reply rp;
4286 cmd = mgmt_pending_find(opcode, hdev);
4290 bacpy(&rp.addr.bdaddr, bdaddr);
4291 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4292 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
4295 mgmt_pending_remove(cmd);
4300 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4301 u8 link_type, u8 addr_type, u8 status)
4303 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4304 status, MGMT_OP_USER_CONFIRM_REPLY);
4307 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4308 u8 link_type, u8 addr_type, u8 status)
4310 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4312 MGMT_OP_USER_CONFIRM_NEG_REPLY);
4315 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4316 u8 link_type, u8 addr_type, u8 status)
4318 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4319 status, MGMT_OP_USER_PASSKEY_REPLY);
4322 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4323 u8 link_type, u8 addr_type, u8 status)
4325 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4327 MGMT_OP_USER_PASSKEY_NEG_REPLY);
4330 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4331 u8 link_type, u8 addr_type, u32 passkey,
4334 struct mgmt_ev_passkey_notify ev;
4336 BT_DBG("%s", hdev->name);
4338 bacpy(&ev.addr.bdaddr, bdaddr);
4339 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4340 ev.passkey = __cpu_to_le32(passkey);
4341 ev.entered = entered;
4343 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4346 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4347 u8 addr_type, u8 status)
4349 struct mgmt_ev_auth_failed ev;
4351 bacpy(&ev.addr.bdaddr, bdaddr);
4352 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4353 ev.status = mgmt_status(status);
4355 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
4358 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4360 struct cmd_lookup match = { NULL, hdev };
4361 bool changed = false;
4365 u8 mgmt_err = mgmt_status(status);
4366 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
4367 cmd_status_rsp, &mgmt_err);
4371 if (test_bit(HCI_AUTH, &hdev->flags)) {
4372 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4375 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4379 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
4383 err = new_settings(hdev, match.sk);
4391 static void clear_eir(struct hci_request *req)
4393 struct hci_dev *hdev = req->hdev;
4394 struct hci_cp_write_eir cp;
4396 if (!lmp_ext_inq_capable(hdev))
4399 memset(hdev->eir, 0, sizeof(hdev->eir));
4401 memset(&cp, 0, sizeof(cp));
4403 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
4406 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4408 struct cmd_lookup match = { NULL, hdev };
4409 struct hci_request req;
4410 bool changed = false;
4414 u8 mgmt_err = mgmt_status(status);
4416 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
4418 err = new_settings(hdev, NULL);
4420 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4427 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4430 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4434 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4437 err = new_settings(hdev, match.sk);
4442 hci_req_init(&req, hdev);
4444 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4449 hci_req_run(&req, NULL);
4454 static void sk_lookup(struct pending_cmd *cmd, void *data)
4456 struct cmd_lookup *match = data;
4458 if (match->sk == NULL) {
4459 match->sk = cmd->sk;
4460 sock_hold(match->sk);
4464 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4467 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4470 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4471 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4472 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
4475 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4484 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
4486 struct mgmt_cp_set_local_name ev;
4487 struct pending_cmd *cmd;
4492 memset(&ev, 0, sizeof(ev));
4493 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
4494 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
4496 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
4498 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
4500 /* If this is a HCI command related to powering on the
4501 * HCI dev don't send any mgmt signals.
4503 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4507 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4508 cmd ? cmd->sk : NULL);
4511 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4512 u8 *randomizer, u8 status)
4514 struct pending_cmd *cmd;
4517 BT_DBG("%s status %u", hdev->name, status);
4519 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4524 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4525 mgmt_status(status));
4527 struct mgmt_rp_read_local_oob_data rp;
4529 memcpy(rp.hash, hash, sizeof(rp.hash));
4530 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4532 err = cmd_complete(cmd->sk, hdev->id,
4533 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4537 mgmt_pending_remove(cmd);
4542 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4543 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4544 ssp, u8 *eir, u16 eir_len)
4547 struct mgmt_ev_device_found *ev = (void *) buf;
4550 if (!hci_discovery_active(hdev))
4553 /* Leave 5 bytes for a potential CoD field */
4554 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
4557 memset(buf, 0, sizeof(buf));
4559 bacpy(&ev->addr.bdaddr, bdaddr);
4560 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4563 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
4565 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
4568 memcpy(ev->eir, eir, eir_len);
4570 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4571 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
4574 ev->eir_len = cpu_to_le16(eir_len);
4575 ev_size = sizeof(*ev) + eir_len;
4577 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
4580 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4581 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
4583 struct mgmt_ev_device_found *ev;
4584 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4587 ev = (struct mgmt_ev_device_found *) buf;
4589 memset(buf, 0, sizeof(buf));
4591 bacpy(&ev->addr.bdaddr, bdaddr);
4592 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4595 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
4598 ev->eir_len = cpu_to_le16(eir_len);
4600 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
4601 sizeof(*ev) + eir_len, NULL);
4604 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
4606 struct mgmt_ev_discovering ev;
4607 struct pending_cmd *cmd;
4609 BT_DBG("%s discovering %u", hdev->name, discovering);
4612 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
4614 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4617 u8 type = hdev->discovery.type;
4619 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4621 mgmt_pending_remove(cmd);
4624 memset(&ev, 0, sizeof(ev));
4625 ev.type = hdev->discovery.type;
4626 ev.discovering = discovering;
4628 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
4631 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4633 struct pending_cmd *cmd;
4634 struct mgmt_ev_device_blocked ev;
4636 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
4638 bacpy(&ev.addr.bdaddr, bdaddr);
4639 ev.addr.type = type;
4641 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
4642 cmd ? cmd->sk : NULL);
4645 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4647 struct pending_cmd *cmd;
4648 struct mgmt_ev_device_unblocked ev;
4650 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
4652 bacpy(&ev.addr.bdaddr, bdaddr);
4653 ev.addr.type = type;
4655 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
4656 cmd ? cmd->sk : NULL);
4659 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4661 BT_DBG("%s status %u", hdev->name, status);
4663 /* Clear the advertising mgmt setting if we failed to re-enable it */
4665 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4666 new_settings(hdev, NULL);
4670 void mgmt_reenable_advertising(struct hci_dev *hdev)
4672 struct hci_request req;
4674 if (hdev->conn_hash.le_num)
4677 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4680 hci_req_init(&req, hdev);
4681 enable_advertising(&req);
4683 /* If this fails we have no option but to let user space know
4684 * that we've disabled advertising.
4686 if (hci_req_run(&req, adv_enable_complete) < 0) {
4687 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4688 new_settings(hdev, NULL);
projects / karo-tx-linux.git / blob