2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
35 #define MGMT_VERSION 1
36 #define MGMT_REVISION 4
38 static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_LINK_SECURITY,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_UNBLOCK_DEVICE,
76 MGMT_OP_SET_DEVICE_ID,
77 MGMT_OP_SET_ADVERTISING,
79 MGMT_OP_SET_STATIC_ADDRESS,
82 static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
103 MGMT_EV_PASSKEY_NOTIFY,
106 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
108 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112 struct list_head list;
120 /* HCI to MGMT error code conversion table */
121 static u8 mgmt_status_table[] = {
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185 bool mgmt_valid_hdev(struct hci_dev *hdev)
187 return hdev->dev_type == HCI_BREDR;
190 static u8 mgmt_status(u8 hci_status)
192 if (hci_status < ARRAY_SIZE(mgmt_status_table))
193 return mgmt_status_table[hci_status];
195 return MGMT_STATUS_FAILED;
198 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
201 struct mgmt_hdr *hdr;
202 struct mgmt_ev_cmd_status *ev;
205 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
207 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
211 hdr = (void *) skb_put(skb, sizeof(*hdr));
213 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
214 hdr->index = cpu_to_le16(index);
215 hdr->len = cpu_to_le16(sizeof(*ev));
217 ev = (void *) skb_put(skb, sizeof(*ev));
219 ev->opcode = cpu_to_le16(cmd);
221 err = sock_queue_rcv_skb(sk, skb);
228 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
229 void *rp, size_t rp_len)
232 struct mgmt_hdr *hdr;
233 struct mgmt_ev_cmd_complete *ev;
236 BT_DBG("sock %p", sk);
238 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
242 hdr = (void *) skb_put(skb, sizeof(*hdr));
244 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
245 hdr->index = cpu_to_le16(index);
246 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
248 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
249 ev->opcode = cpu_to_le16(cmd);
253 memcpy(ev->data, rp, rp_len);
255 err = sock_queue_rcv_skb(sk, skb);
262 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
265 struct mgmt_rp_read_version rp;
267 BT_DBG("sock %p", sk);
269 rp.version = MGMT_VERSION;
270 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
272 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
276 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
279 struct mgmt_rp_read_commands *rp;
280 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
281 const u16 num_events = ARRAY_SIZE(mgmt_events);
286 BT_DBG("sock %p", sk);
288 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
290 rp = kmalloc(rp_size, GFP_KERNEL);
294 rp->num_commands = __constant_cpu_to_le16(num_commands);
295 rp->num_events = __constant_cpu_to_le16(num_events);
297 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
298 put_unaligned_le16(mgmt_commands[i], opcode);
300 for (i = 0; i < num_events; i++, opcode++)
301 put_unaligned_le16(mgmt_events[i], opcode);
303 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
310 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
313 struct mgmt_rp_read_index_list *rp;
319 BT_DBG("sock %p", sk);
321 read_lock(&hci_dev_list_lock);
324 list_for_each_entry(d, &hci_dev_list, list) {
325 if (!mgmt_valid_hdev(d))
331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
334 read_unlock(&hci_dev_list_lock);
339 list_for_each_entry(d, &hci_dev_list, list) {
340 if (test_bit(HCI_SETUP, &d->dev_flags))
343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
346 if (!mgmt_valid_hdev(d))
349 rp->index[count++] = cpu_to_le16(d->id);
350 BT_DBG("Added hci%u", d->id);
353 rp->num_controllers = cpu_to_le16(count);
354 rp_len = sizeof(*rp) + (2 * count);
356 read_unlock(&hci_dev_list_lock);
358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
366 static u32 get_supported_settings(struct hci_dev *hdev)
370 settings |= MGMT_SETTING_POWERED;
371 settings |= MGMT_SETTING_PAIRABLE;
373 if (lmp_ssp_capable(hdev))
374 settings |= MGMT_SETTING_SSP;
376 if (lmp_bredr_capable(hdev)) {
377 settings |= MGMT_SETTING_CONNECTABLE;
378 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
379 settings |= MGMT_SETTING_FAST_CONNECTABLE;
380 settings |= MGMT_SETTING_DISCOVERABLE;
381 settings |= MGMT_SETTING_BREDR;
382 settings |= MGMT_SETTING_LINK_SECURITY;
383 settings |= MGMT_SETTING_HS;
386 if (lmp_le_capable(hdev)) {
387 settings |= MGMT_SETTING_LE;
388 settings |= MGMT_SETTING_ADVERTISING;
394 static u32 get_current_settings(struct hci_dev *hdev)
398 if (hdev_is_powered(hdev))
399 settings |= MGMT_SETTING_POWERED;
401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
402 settings |= MGMT_SETTING_CONNECTABLE;
404 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_FAST_CONNECTABLE;
407 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
408 settings |= MGMT_SETTING_DISCOVERABLE;
410 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
411 settings |= MGMT_SETTING_PAIRABLE;
413 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
414 settings |= MGMT_SETTING_BREDR;
416 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
417 settings |= MGMT_SETTING_LE;
419 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
420 settings |= MGMT_SETTING_LINK_SECURITY;
422 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
423 settings |= MGMT_SETTING_SSP;
425 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
426 settings |= MGMT_SETTING_HS;
428 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
429 settings |= MGMT_SETTING_ADVERTISING;
434 #define PNP_INFO_SVCLASS_ID 0x1200
436 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
438 u8 *ptr = data, *uuids_start = NULL;
439 struct bt_uuid *uuid;
444 list_for_each_entry(uuid, &hdev->uuids, list) {
447 if (uuid->size != 16)
450 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
454 if (uuid16 == PNP_INFO_SVCLASS_ID)
460 uuids_start[1] = EIR_UUID16_ALL;
464 /* Stop if not enough space to put next UUID */
465 if ((ptr - data) + sizeof(u16) > len) {
466 uuids_start[1] = EIR_UUID16_SOME;
470 *ptr++ = (uuid16 & 0x00ff);
471 *ptr++ = (uuid16 & 0xff00) >> 8;
472 uuids_start[0] += sizeof(uuid16);
478 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
480 u8 *ptr = data, *uuids_start = NULL;
481 struct bt_uuid *uuid;
486 list_for_each_entry(uuid, &hdev->uuids, list) {
487 if (uuid->size != 32)
493 uuids_start[1] = EIR_UUID32_ALL;
497 /* Stop if not enough space to put next UUID */
498 if ((ptr - data) + sizeof(u32) > len) {
499 uuids_start[1] = EIR_UUID32_SOME;
503 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
505 uuids_start[0] += sizeof(u32);
511 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
513 u8 *ptr = data, *uuids_start = NULL;
514 struct bt_uuid *uuid;
519 list_for_each_entry(uuid, &hdev->uuids, list) {
520 if (uuid->size != 128)
526 uuids_start[1] = EIR_UUID128_ALL;
530 /* Stop if not enough space to put next UUID */
531 if ((ptr - data) + 16 > len) {
532 uuids_start[1] = EIR_UUID128_SOME;
536 memcpy(ptr, uuid->uuid, 16);
538 uuids_start[0] += 16;
544 static void create_eir(struct hci_dev *hdev, u8 *data)
549 name_len = strlen(hdev->dev_name);
555 ptr[1] = EIR_NAME_SHORT;
557 ptr[1] = EIR_NAME_COMPLETE;
559 /* EIR Data length */
560 ptr[0] = name_len + 1;
562 memcpy(ptr + 2, hdev->dev_name, name_len);
564 ptr += (name_len + 2);
567 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
569 ptr[1] = EIR_TX_POWER;
570 ptr[2] = (u8) hdev->inq_tx_power;
575 if (hdev->devid_source > 0) {
577 ptr[1] = EIR_DEVICE_ID;
579 put_unaligned_le16(hdev->devid_source, ptr + 2);
580 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
581 put_unaligned_le16(hdev->devid_product, ptr + 6);
582 put_unaligned_le16(hdev->devid_version, ptr + 8);
587 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
588 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
589 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
592 static void update_eir(struct hci_request *req)
594 struct hci_dev *hdev = req->hdev;
595 struct hci_cp_write_eir cp;
597 if (!hdev_is_powered(hdev))
600 if (!lmp_ext_inq_capable(hdev))
603 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
606 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
609 memset(&cp, 0, sizeof(cp));
611 create_eir(hdev, cp.data);
613 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
616 memcpy(hdev->eir, cp.data, sizeof(cp.data));
618 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
621 static u8 get_service_classes(struct hci_dev *hdev)
623 struct bt_uuid *uuid;
626 list_for_each_entry(uuid, &hdev->uuids, list)
627 val |= uuid->svc_hint;
632 static void update_class(struct hci_request *req)
634 struct hci_dev *hdev = req->hdev;
637 BT_DBG("%s", hdev->name);
639 if (!hdev_is_powered(hdev))
642 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
645 cod[0] = hdev->minor_class;
646 cod[1] = hdev->major_class;
647 cod[2] = get_service_classes(hdev);
649 if (memcmp(cod, hdev->dev_class, 3) == 0)
652 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
655 static void service_cache_off(struct work_struct *work)
657 struct hci_dev *hdev = container_of(work, struct hci_dev,
659 struct hci_request req;
661 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
664 hci_req_init(&req, hdev);
671 hci_dev_unlock(hdev);
673 hci_req_run(&req, NULL);
676 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
678 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
681 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
683 /* Non-mgmt controlled devices get this bit set
684 * implicitly so that pairing works for them, however
685 * for mgmt we require user-space to explicitly enable
688 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
691 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
692 void *data, u16 data_len)
694 struct mgmt_rp_read_info rp;
696 BT_DBG("sock %p %s", sk, hdev->name);
700 memset(&rp, 0, sizeof(rp));
702 bacpy(&rp.bdaddr, &hdev->bdaddr);
704 rp.version = hdev->hci_ver;
705 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
707 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
708 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
710 memcpy(rp.dev_class, hdev->dev_class, 3);
712 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
713 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
715 hci_dev_unlock(hdev);
717 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
721 static void mgmt_pending_free(struct pending_cmd *cmd)
728 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
729 struct hci_dev *hdev, void *data,
732 struct pending_cmd *cmd;
734 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
738 cmd->opcode = opcode;
739 cmd->index = hdev->id;
741 cmd->param = kmalloc(len, GFP_KERNEL);
748 memcpy(cmd->param, data, len);
753 list_add(&cmd->list, &hdev->mgmt_pending);
758 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
759 void (*cb)(struct pending_cmd *cmd,
763 struct pending_cmd *cmd, *tmp;
765 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
766 if (opcode > 0 && cmd->opcode != opcode)
773 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
775 struct pending_cmd *cmd;
777 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
778 if (cmd->opcode == opcode)
785 static void mgmt_pending_remove(struct pending_cmd *cmd)
787 list_del(&cmd->list);
788 mgmt_pending_free(cmd);
791 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
793 __le32 settings = cpu_to_le32(get_current_settings(hdev));
795 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
799 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
802 struct mgmt_mode *cp = data;
803 struct pending_cmd *cmd;
806 BT_DBG("request for %s", hdev->name);
808 if (cp->val != 0x00 && cp->val != 0x01)
809 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
810 MGMT_STATUS_INVALID_PARAMS);
814 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
815 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
820 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
821 cancel_delayed_work(&hdev->power_off);
824 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
826 err = mgmt_powered(hdev, 1);
831 if (!!cp->val == hdev_is_powered(hdev)) {
832 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
843 queue_work(hdev->req_workqueue, &hdev->power_on);
845 queue_work(hdev->req_workqueue, &hdev->power_off.work);
850 hci_dev_unlock(hdev);
854 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
855 struct sock *skip_sk)
858 struct mgmt_hdr *hdr;
860 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
864 hdr = (void *) skb_put(skb, sizeof(*hdr));
865 hdr->opcode = cpu_to_le16(event);
867 hdr->index = cpu_to_le16(hdev->id);
869 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
870 hdr->len = cpu_to_le16(data_len);
873 memcpy(skb_put(skb, data_len), data, data_len);
876 __net_timestamp(skb);
878 hci_send_to_control(skb, skip_sk);
884 static int new_settings(struct hci_dev *hdev, struct sock *skip)
888 ev = cpu_to_le32(get_current_settings(hdev));
890 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
893 int mgmt_new_settings(struct hci_dev *hdev)
895 return new_settings(hdev, NULL);
900 struct hci_dev *hdev;
904 static void settings_rsp(struct pending_cmd *cmd, void *data)
906 struct cmd_lookup *match = data;
908 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
910 list_del(&cmd->list);
912 if (match->sk == NULL) {
914 sock_hold(match->sk);
917 mgmt_pending_free(cmd);
920 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
924 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
925 mgmt_pending_remove(cmd);
928 static u8 mgmt_bredr_support(struct hci_dev *hdev)
930 if (!lmp_bredr_capable(hdev))
931 return MGMT_STATUS_NOT_SUPPORTED;
932 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
933 return MGMT_STATUS_REJECTED;
935 return MGMT_STATUS_SUCCESS;
938 static u8 mgmt_le_support(struct hci_dev *hdev)
940 if (!lmp_le_capable(hdev))
941 return MGMT_STATUS_NOT_SUPPORTED;
942 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
943 return MGMT_STATUS_REJECTED;
945 return MGMT_STATUS_SUCCESS;
948 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
951 struct mgmt_cp_set_discoverable *cp = data;
952 struct pending_cmd *cmd;
957 BT_DBG("request for %s", hdev->name);
959 status = mgmt_bredr_support(hdev);
961 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
964 if (cp->val != 0x00 && cp->val != 0x01)
965 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
966 MGMT_STATUS_INVALID_PARAMS);
968 timeout = __le16_to_cpu(cp->timeout);
969 if (!cp->val && timeout > 0)
970 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
971 MGMT_STATUS_INVALID_PARAMS);
975 if (!hdev_is_powered(hdev) && timeout > 0) {
976 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
977 MGMT_STATUS_NOT_POWERED);
981 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
982 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
983 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
988 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
989 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
990 MGMT_STATUS_REJECTED);
994 if (!hdev_is_powered(hdev)) {
995 bool changed = false;
997 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
998 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1002 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1007 err = new_settings(hdev, sk);
1012 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1013 if (hdev->discov_timeout > 0) {
1014 cancel_delayed_work(&hdev->discov_off);
1015 hdev->discov_timeout = 0;
1018 if (cp->val && timeout > 0) {
1019 hdev->discov_timeout = timeout;
1020 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1021 msecs_to_jiffies(hdev->discov_timeout * 1000));
1024 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1028 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1037 scan |= SCAN_INQUIRY;
1039 cancel_delayed_work(&hdev->discov_off);
1041 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1043 mgmt_pending_remove(cmd);
1046 hdev->discov_timeout = timeout;
1049 hci_dev_unlock(hdev);
1053 static void write_fast_connectable(struct hci_request *req, bool enable)
1055 struct hci_dev *hdev = req->hdev;
1056 struct hci_cp_write_page_scan_activity acp;
1059 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1063 type = PAGE_SCAN_TYPE_INTERLACED;
1065 /* 160 msec page scan interval */
1066 acp.interval = __constant_cpu_to_le16(0x0100);
1068 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1070 /* default 1.28 sec page scan */
1071 acp.interval = __constant_cpu_to_le16(0x0800);
1074 acp.window = __constant_cpu_to_le16(0x0012);
1076 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1077 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1078 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1081 if (hdev->page_scan_type != type)
1082 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1085 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1087 struct pending_cmd *cmd;
1089 BT_DBG("status 0x%02x", status);
1093 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1097 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1099 mgmt_pending_remove(cmd);
1102 hci_dev_unlock(hdev);
1105 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1108 struct mgmt_mode *cp = data;
1109 struct pending_cmd *cmd;
1110 struct hci_request req;
1114 BT_DBG("request for %s", hdev->name);
1116 status = mgmt_bredr_support(hdev);
1118 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1121 if (cp->val != 0x00 && cp->val != 0x01)
1122 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1123 MGMT_STATUS_INVALID_PARAMS);
1127 if (!hdev_is_powered(hdev)) {
1128 bool changed = false;
1130 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1134 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1136 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1137 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1140 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1145 err = new_settings(hdev, sk);
1150 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1151 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1152 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1157 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1158 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1162 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1173 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1174 hdev->discov_timeout > 0)
1175 cancel_delayed_work(&hdev->discov_off);
1178 hci_req_init(&req, hdev);
1180 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1182 /* If we're going from non-connectable to connectable or
1183 * vice-versa when fast connectable is enabled ensure that fast
1184 * connectable gets disabled. write_fast_connectable won't do
1185 * anything if the page scan parameters are already what they
1188 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1189 write_fast_connectable(&req, false);
1191 err = hci_req_run(&req, set_connectable_complete);
1193 mgmt_pending_remove(cmd);
1196 hci_dev_unlock(hdev);
1200 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1203 struct mgmt_mode *cp = data;
1206 BT_DBG("request for %s", hdev->name);
1208 if (cp->val != 0x00 && cp->val != 0x01)
1209 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1210 MGMT_STATUS_INVALID_PARAMS);
1215 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1217 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1219 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1223 err = new_settings(hdev, sk);
1226 hci_dev_unlock(hdev);
1230 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1233 struct mgmt_mode *cp = data;
1234 struct pending_cmd *cmd;
1238 BT_DBG("request for %s", hdev->name);
1240 status = mgmt_bredr_support(hdev);
1242 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1245 if (cp->val != 0x00 && cp->val != 0x01)
1246 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1247 MGMT_STATUS_INVALID_PARAMS);
1251 if (!hdev_is_powered(hdev)) {
1252 bool changed = false;
1254 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1255 &hdev->dev_flags)) {
1256 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1260 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1265 err = new_settings(hdev, sk);
1270 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1271 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1278 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1279 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1283 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1289 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1291 mgmt_pending_remove(cmd);
1296 hci_dev_unlock(hdev);
1300 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1302 struct mgmt_mode *cp = data;
1303 struct pending_cmd *cmd;
1307 BT_DBG("request for %s", hdev->name);
1309 status = mgmt_bredr_support(hdev);
1311 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1313 if (!lmp_ssp_capable(hdev))
1314 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1315 MGMT_STATUS_NOT_SUPPORTED);
1317 if (cp->val != 0x00 && cp->val != 0x01)
1318 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1319 MGMT_STATUS_INVALID_PARAMS);
1325 if (!hdev_is_powered(hdev)) {
1326 bool changed = false;
1328 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1329 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1333 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1338 err = new_settings(hdev, sk);
1343 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1344 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1349 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1350 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1354 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1360 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1362 mgmt_pending_remove(cmd);
1367 hci_dev_unlock(hdev);
1371 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1373 struct mgmt_mode *cp = data;
1378 BT_DBG("request for %s", hdev->name);
1380 status = mgmt_bredr_support(hdev);
1382 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1384 if (cp->val != 0x00 && cp->val != 0x01)
1385 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1386 MGMT_STATUS_INVALID_PARAMS);
1391 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1393 if (hdev_is_powered(hdev)) {
1394 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1395 MGMT_STATUS_REJECTED);
1399 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1402 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1407 err = new_settings(hdev, sk);
1410 hci_dev_unlock(hdev);
1414 static void enable_advertising(struct hci_request *req)
1416 struct hci_dev *hdev = req->hdev;
1417 struct hci_cp_le_set_adv_param cp;
1420 memset(&cp, 0, sizeof(cp));
1421 cp.min_interval = __constant_cpu_to_le16(0x0800);
1422 cp.max_interval = __constant_cpu_to_le16(0x0800);
1423 cp.type = LE_ADV_IND;
1424 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1425 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1427 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1428 cp.channel_map = 0x07;
1430 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1432 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1435 static void disable_advertising(struct hci_request *req)
1439 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1442 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1444 struct cmd_lookup match = { NULL, hdev };
1447 u8 mgmt_err = mgmt_status(status);
1449 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1454 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1456 new_settings(hdev, match.sk);
1462 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1464 struct mgmt_mode *cp = data;
1465 struct hci_cp_write_le_host_supported hci_cp;
1466 struct pending_cmd *cmd;
1467 struct hci_request req;
1471 BT_DBG("request for %s", hdev->name);
1473 if (!lmp_le_capable(hdev))
1474 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1475 MGMT_STATUS_NOT_SUPPORTED);
1477 if (cp->val != 0x00 && cp->val != 0x01)
1478 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1479 MGMT_STATUS_INVALID_PARAMS);
1481 /* LE-only devices do not allow toggling LE on/off */
1482 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1483 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1484 MGMT_STATUS_REJECTED);
1489 enabled = lmp_host_le_capable(hdev);
1491 if (!hdev_is_powered(hdev) || val == enabled) {
1492 bool changed = false;
1494 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1495 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1499 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1500 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1504 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1509 err = new_settings(hdev, sk);
1514 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1515 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1516 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1521 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1527 memset(&hci_cp, 0, sizeof(hci_cp));
1531 hci_cp.simul = lmp_le_br_capable(hdev);
1534 hci_req_init(&req, hdev);
1536 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && !val)
1537 disable_advertising(&req);
1539 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1542 err = hci_req_run(&req, le_enable_complete);
1544 mgmt_pending_remove(cmd);
1547 hci_dev_unlock(hdev);
1551 /* This is a helper function to test for pending mgmt commands that can
1552 * cause CoD or EIR HCI commands. We can only allow one such pending
1553 * mgmt command at a time since otherwise we cannot easily track what
1554 * the current values are, will be, and based on that calculate if a new
1555 * HCI command needs to be sent and if yes with what value.
1557 static bool pending_eir_or_class(struct hci_dev *hdev)
1559 struct pending_cmd *cmd;
1561 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1562 switch (cmd->opcode) {
1563 case MGMT_OP_ADD_UUID:
1564 case MGMT_OP_REMOVE_UUID:
1565 case MGMT_OP_SET_DEV_CLASS:
1566 case MGMT_OP_SET_POWERED:
1574 static const u8 bluetooth_base_uuid[] = {
1575 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1576 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1579 static u8 get_uuid_size(const u8 *uuid)
1583 if (memcmp(uuid, bluetooth_base_uuid, 12))
1586 val = get_unaligned_le32(&uuid[12]);
1593 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1595 struct pending_cmd *cmd;
1599 cmd = mgmt_pending_find(mgmt_op, hdev);
1603 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1604 hdev->dev_class, 3);
1606 mgmt_pending_remove(cmd);
1609 hci_dev_unlock(hdev);
1612 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1614 BT_DBG("status 0x%02x", status);
1616 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1619 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1621 struct mgmt_cp_add_uuid *cp = data;
1622 struct pending_cmd *cmd;
1623 struct hci_request req;
1624 struct bt_uuid *uuid;
1627 BT_DBG("request for %s", hdev->name);
1631 if (pending_eir_or_class(hdev)) {
1632 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1637 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1643 memcpy(uuid->uuid, cp->uuid, 16);
1644 uuid->svc_hint = cp->svc_hint;
1645 uuid->size = get_uuid_size(cp->uuid);
1647 list_add_tail(&uuid->list, &hdev->uuids);
1649 hci_req_init(&req, hdev);
1654 err = hci_req_run(&req, add_uuid_complete);
1656 if (err != -ENODATA)
1659 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1660 hdev->dev_class, 3);
1664 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1673 hci_dev_unlock(hdev);
1677 static bool enable_service_cache(struct hci_dev *hdev)
1679 if (!hdev_is_powered(hdev))
1682 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1683 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1691 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1693 BT_DBG("status 0x%02x", status);
1695 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1698 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1701 struct mgmt_cp_remove_uuid *cp = data;
1702 struct pending_cmd *cmd;
1703 struct bt_uuid *match, *tmp;
1704 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1705 struct hci_request req;
1708 BT_DBG("request for %s", hdev->name);
1712 if (pending_eir_or_class(hdev)) {
1713 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1718 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1719 err = hci_uuids_clear(hdev);
1721 if (enable_service_cache(hdev)) {
1722 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1723 0, hdev->dev_class, 3);
1732 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1733 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1736 list_del(&match->list);
1742 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1743 MGMT_STATUS_INVALID_PARAMS);
1748 hci_req_init(&req, hdev);
1753 err = hci_req_run(&req, remove_uuid_complete);
1755 if (err != -ENODATA)
1758 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1759 hdev->dev_class, 3);
1763 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1772 hci_dev_unlock(hdev);
1776 static void set_class_complete(struct hci_dev *hdev, u8 status)
1778 BT_DBG("status 0x%02x", status);
1780 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1783 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1786 struct mgmt_cp_set_dev_class *cp = data;
1787 struct pending_cmd *cmd;
1788 struct hci_request req;
1791 BT_DBG("request for %s", hdev->name);
1793 if (!lmp_bredr_capable(hdev))
1794 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1795 MGMT_STATUS_NOT_SUPPORTED);
1799 if (pending_eir_or_class(hdev)) {
1800 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1805 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1806 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1807 MGMT_STATUS_INVALID_PARAMS);
1811 hdev->major_class = cp->major;
1812 hdev->minor_class = cp->minor;
1814 if (!hdev_is_powered(hdev)) {
1815 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1816 hdev->dev_class, 3);
1820 hci_req_init(&req, hdev);
1822 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1823 hci_dev_unlock(hdev);
1824 cancel_delayed_work_sync(&hdev->service_cache);
1831 err = hci_req_run(&req, set_class_complete);
1833 if (err != -ENODATA)
1836 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1837 hdev->dev_class, 3);
1841 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1850 hci_dev_unlock(hdev);
1854 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1857 struct mgmt_cp_load_link_keys *cp = data;
1858 u16 key_count, expected_len;
1861 BT_DBG("request for %s", hdev->name);
1863 if (!lmp_bredr_capable(hdev))
1864 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1865 MGMT_STATUS_NOT_SUPPORTED);
1867 key_count = __le16_to_cpu(cp->key_count);
1869 expected_len = sizeof(*cp) + key_count *
1870 sizeof(struct mgmt_link_key_info);
1871 if (expected_len != len) {
1872 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1874 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1875 MGMT_STATUS_INVALID_PARAMS);
1878 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1879 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1880 MGMT_STATUS_INVALID_PARAMS);
1882 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1885 for (i = 0; i < key_count; i++) {
1886 struct mgmt_link_key_info *key = &cp->keys[i];
1888 if (key->addr.type != BDADDR_BREDR)
1889 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1890 MGMT_STATUS_INVALID_PARAMS);
1895 hci_link_keys_clear(hdev);
1898 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1900 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1902 for (i = 0; i < key_count; i++) {
1903 struct mgmt_link_key_info *key = &cp->keys[i];
1905 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1906 key->type, key->pin_len);
1909 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1911 hci_dev_unlock(hdev);
1916 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1917 u8 addr_type, struct sock *skip_sk)
1919 struct mgmt_ev_device_unpaired ev;
1921 bacpy(&ev.addr.bdaddr, bdaddr);
1922 ev.addr.type = addr_type;
1924 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1928 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1931 struct mgmt_cp_unpair_device *cp = data;
1932 struct mgmt_rp_unpair_device rp;
1933 struct hci_cp_disconnect dc;
1934 struct pending_cmd *cmd;
1935 struct hci_conn *conn;
1938 memset(&rp, 0, sizeof(rp));
1939 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1940 rp.addr.type = cp->addr.type;
1942 if (!bdaddr_type_is_valid(cp->addr.type))
1943 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1944 MGMT_STATUS_INVALID_PARAMS,
1947 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1948 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1949 MGMT_STATUS_INVALID_PARAMS,
1954 if (!hdev_is_powered(hdev)) {
1955 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1956 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1960 if (cp->addr.type == BDADDR_BREDR)
1961 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1963 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1966 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1967 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1971 if (cp->disconnect) {
1972 if (cp->addr.type == BDADDR_BREDR)
1973 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1976 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1983 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1985 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1989 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1996 dc.handle = cpu_to_le16(conn->handle);
1997 dc.reason = 0x13; /* Remote User Terminated Connection */
1998 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2000 mgmt_pending_remove(cmd);
2003 hci_dev_unlock(hdev);
2007 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2010 struct mgmt_cp_disconnect *cp = data;
2011 struct mgmt_rp_disconnect rp;
2012 struct hci_cp_disconnect dc;
2013 struct pending_cmd *cmd;
2014 struct hci_conn *conn;
2019 memset(&rp, 0, sizeof(rp));
2020 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2021 rp.addr.type = cp->addr.type;
2023 if (!bdaddr_type_is_valid(cp->addr.type))
2024 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2025 MGMT_STATUS_INVALID_PARAMS,
2030 if (!test_bit(HCI_UP, &hdev->flags)) {
2031 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2032 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2036 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2037 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2038 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2042 if (cp->addr.type == BDADDR_BREDR)
2043 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2046 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2048 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2049 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2050 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2054 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2060 dc.handle = cpu_to_le16(conn->handle);
2061 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2063 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2065 mgmt_pending_remove(cmd);
2068 hci_dev_unlock(hdev);
2072 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2074 switch (link_type) {
2076 switch (addr_type) {
2077 case ADDR_LE_DEV_PUBLIC:
2078 return BDADDR_LE_PUBLIC;
2081 /* Fallback to LE Random address type */
2082 return BDADDR_LE_RANDOM;
2086 /* Fallback to BR/EDR type */
2087 return BDADDR_BREDR;
2091 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2094 struct mgmt_rp_get_connections *rp;
2104 if (!hdev_is_powered(hdev)) {
2105 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2106 MGMT_STATUS_NOT_POWERED);
2111 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2112 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2116 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2117 rp = kmalloc(rp_len, GFP_KERNEL);
2124 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2125 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2127 bacpy(&rp->addr[i].bdaddr, &c->dst);
2128 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2129 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2134 rp->conn_count = cpu_to_le16(i);
2136 /* Recalculate length in case of filtered SCO connections, etc */
2137 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2139 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2145 hci_dev_unlock(hdev);
2149 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2150 struct mgmt_cp_pin_code_neg_reply *cp)
2152 struct pending_cmd *cmd;
2155 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2160 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2161 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2163 mgmt_pending_remove(cmd);
2168 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2171 struct hci_conn *conn;
2172 struct mgmt_cp_pin_code_reply *cp = data;
2173 struct hci_cp_pin_code_reply reply;
2174 struct pending_cmd *cmd;
2181 if (!hdev_is_powered(hdev)) {
2182 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2183 MGMT_STATUS_NOT_POWERED);
2187 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2189 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2190 MGMT_STATUS_NOT_CONNECTED);
2194 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2195 struct mgmt_cp_pin_code_neg_reply ncp;
2197 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2199 BT_ERR("PIN code is not 16 bytes long");
2201 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2203 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2204 MGMT_STATUS_INVALID_PARAMS);
2209 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2215 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2216 reply.pin_len = cp->pin_len;
2217 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2219 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2221 mgmt_pending_remove(cmd);
2224 hci_dev_unlock(hdev);
2228 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2231 struct mgmt_cp_set_io_capability *cp = data;
2237 hdev->io_capability = cp->io_capability;
2239 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2240 hdev->io_capability);
2242 hci_dev_unlock(hdev);
2244 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2248 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2250 struct hci_dev *hdev = conn->hdev;
2251 struct pending_cmd *cmd;
2253 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2254 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2257 if (cmd->user_data != conn)
2266 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2268 struct mgmt_rp_pair_device rp;
2269 struct hci_conn *conn = cmd->user_data;
2271 bacpy(&rp.addr.bdaddr, &conn->dst);
2272 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2274 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2277 /* So we don't get further callbacks for this connection */
2278 conn->connect_cfm_cb = NULL;
2279 conn->security_cfm_cb = NULL;
2280 conn->disconn_cfm_cb = NULL;
2282 hci_conn_drop(conn);
2284 mgmt_pending_remove(cmd);
2287 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2289 struct pending_cmd *cmd;
2291 BT_DBG("status %u", status);
2293 cmd = find_pairing(conn);
2295 BT_DBG("Unable to find a pending command");
2297 pairing_complete(cmd, mgmt_status(status));
2300 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2302 struct pending_cmd *cmd;
2304 BT_DBG("status %u", status);
2309 cmd = find_pairing(conn);
2311 BT_DBG("Unable to find a pending command");
2313 pairing_complete(cmd, mgmt_status(status));
2316 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2319 struct mgmt_cp_pair_device *cp = data;
2320 struct mgmt_rp_pair_device rp;
2321 struct pending_cmd *cmd;
2322 u8 sec_level, auth_type;
2323 struct hci_conn *conn;
2328 memset(&rp, 0, sizeof(rp));
2329 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2330 rp.addr.type = cp->addr.type;
2332 if (!bdaddr_type_is_valid(cp->addr.type))
2333 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2334 MGMT_STATUS_INVALID_PARAMS,
2339 if (!hdev_is_powered(hdev)) {
2340 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2341 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2345 sec_level = BT_SECURITY_MEDIUM;
2346 if (cp->io_cap == 0x03)
2347 auth_type = HCI_AT_DEDICATED_BONDING;
2349 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2351 if (cp->addr.type == BDADDR_BREDR)
2352 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2353 cp->addr.type, sec_level, auth_type);
2355 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2356 cp->addr.type, sec_level, auth_type);
2361 if (PTR_ERR(conn) == -EBUSY)
2362 status = MGMT_STATUS_BUSY;
2364 status = MGMT_STATUS_CONNECT_FAILED;
2366 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2372 if (conn->connect_cfm_cb) {
2373 hci_conn_drop(conn);
2374 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2375 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2379 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2382 hci_conn_drop(conn);
2386 /* For LE, just connecting isn't a proof that the pairing finished */
2387 if (cp->addr.type == BDADDR_BREDR)
2388 conn->connect_cfm_cb = pairing_complete_cb;
2390 conn->connect_cfm_cb = le_connect_complete_cb;
2392 conn->security_cfm_cb = pairing_complete_cb;
2393 conn->disconn_cfm_cb = pairing_complete_cb;
2394 conn->io_capability = cp->io_cap;
2395 cmd->user_data = conn;
2397 if (conn->state == BT_CONNECTED &&
2398 hci_conn_security(conn, sec_level, auth_type))
2399 pairing_complete(cmd, 0);
2404 hci_dev_unlock(hdev);
2408 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2411 struct mgmt_addr_info *addr = data;
2412 struct pending_cmd *cmd;
2413 struct hci_conn *conn;
2420 if (!hdev_is_powered(hdev)) {
2421 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2422 MGMT_STATUS_NOT_POWERED);
2426 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2428 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2429 MGMT_STATUS_INVALID_PARAMS);
2433 conn = cmd->user_data;
2435 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2436 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2437 MGMT_STATUS_INVALID_PARAMS);
2441 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2443 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2444 addr, sizeof(*addr));
2446 hci_dev_unlock(hdev);
2450 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2451 struct mgmt_addr_info *addr, u16 mgmt_op,
2452 u16 hci_op, __le32 passkey)
2454 struct pending_cmd *cmd;
2455 struct hci_conn *conn;
2460 if (!hdev_is_powered(hdev)) {
2461 err = cmd_complete(sk, hdev->id, mgmt_op,
2462 MGMT_STATUS_NOT_POWERED, addr,
2467 if (addr->type == BDADDR_BREDR)
2468 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2470 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2473 err = cmd_complete(sk, hdev->id, mgmt_op,
2474 MGMT_STATUS_NOT_CONNECTED, addr,
2479 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2480 /* Continue with pairing via SMP */
2481 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2484 err = cmd_complete(sk, hdev->id, mgmt_op,
2485 MGMT_STATUS_SUCCESS, addr,
2488 err = cmd_complete(sk, hdev->id, mgmt_op,
2489 MGMT_STATUS_FAILED, addr,
2495 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2501 /* Continue with pairing via HCI */
2502 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2503 struct hci_cp_user_passkey_reply cp;
2505 bacpy(&cp.bdaddr, &addr->bdaddr);
2506 cp.passkey = passkey;
2507 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2509 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2513 mgmt_pending_remove(cmd);
2516 hci_dev_unlock(hdev);
2520 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2521 void *data, u16 len)
2523 struct mgmt_cp_pin_code_neg_reply *cp = data;
2527 return user_pairing_resp(sk, hdev, &cp->addr,
2528 MGMT_OP_PIN_CODE_NEG_REPLY,
2529 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2532 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2535 struct mgmt_cp_user_confirm_reply *cp = data;
2539 if (len != sizeof(*cp))
2540 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2541 MGMT_STATUS_INVALID_PARAMS);
2543 return user_pairing_resp(sk, hdev, &cp->addr,
2544 MGMT_OP_USER_CONFIRM_REPLY,
2545 HCI_OP_USER_CONFIRM_REPLY, 0);
2548 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2549 void *data, u16 len)
2551 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2555 return user_pairing_resp(sk, hdev, &cp->addr,
2556 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2557 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2560 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2563 struct mgmt_cp_user_passkey_reply *cp = data;
2567 return user_pairing_resp(sk, hdev, &cp->addr,
2568 MGMT_OP_USER_PASSKEY_REPLY,
2569 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2572 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2573 void *data, u16 len)
2575 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2579 return user_pairing_resp(sk, hdev, &cp->addr,
2580 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2581 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2584 static void update_name(struct hci_request *req)
2586 struct hci_dev *hdev = req->hdev;
2587 struct hci_cp_write_local_name cp;
2589 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2591 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2594 static void set_name_complete(struct hci_dev *hdev, u8 status)
2596 struct mgmt_cp_set_local_name *cp;
2597 struct pending_cmd *cmd;
2599 BT_DBG("status 0x%02x", status);
2603 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2610 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2611 mgmt_status(status));
2613 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2616 mgmt_pending_remove(cmd);
2619 hci_dev_unlock(hdev);
2622 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2625 struct mgmt_cp_set_local_name *cp = data;
2626 struct pending_cmd *cmd;
2627 struct hci_request req;
2634 /* If the old values are the same as the new ones just return a
2635 * direct command complete event.
2637 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2638 !memcmp(hdev->short_name, cp->short_name,
2639 sizeof(hdev->short_name))) {
2640 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2645 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2647 if (!hdev_is_powered(hdev)) {
2648 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2650 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2655 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2661 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2667 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2669 hci_req_init(&req, hdev);
2671 if (lmp_bredr_capable(hdev)) {
2676 if (lmp_le_capable(hdev))
2677 hci_update_ad(&req);
2679 err = hci_req_run(&req, set_name_complete);
2681 mgmt_pending_remove(cmd);
2684 hci_dev_unlock(hdev);
2688 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2689 void *data, u16 data_len)
2691 struct pending_cmd *cmd;
2694 BT_DBG("%s", hdev->name);
2698 if (!hdev_is_powered(hdev)) {
2699 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2700 MGMT_STATUS_NOT_POWERED);
2704 if (!lmp_ssp_capable(hdev)) {
2705 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2706 MGMT_STATUS_NOT_SUPPORTED);
2710 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2711 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2716 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2722 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2724 mgmt_pending_remove(cmd);
2727 hci_dev_unlock(hdev);
2731 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2732 void *data, u16 len)
2734 struct mgmt_cp_add_remote_oob_data *cp = data;
2738 BT_DBG("%s ", hdev->name);
2742 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2745 status = MGMT_STATUS_FAILED;
2747 status = MGMT_STATUS_SUCCESS;
2749 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2750 &cp->addr, sizeof(cp->addr));
2752 hci_dev_unlock(hdev);
2756 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2757 void *data, u16 len)
2759 struct mgmt_cp_remove_remote_oob_data *cp = data;
2763 BT_DBG("%s", hdev->name);
2767 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2769 status = MGMT_STATUS_INVALID_PARAMS;
2771 status = MGMT_STATUS_SUCCESS;
2773 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2774 status, &cp->addr, sizeof(cp->addr));
2776 hci_dev_unlock(hdev);
2780 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2782 struct pending_cmd *cmd;
2786 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2788 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2792 type = hdev->discovery.type;
2794 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2795 &type, sizeof(type));
2796 mgmt_pending_remove(cmd);
2801 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2803 BT_DBG("status %d", status);
2807 mgmt_start_discovery_failed(hdev, status);
2808 hci_dev_unlock(hdev);
2813 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2814 hci_dev_unlock(hdev);
2816 switch (hdev->discovery.type) {
2817 case DISCOV_TYPE_LE:
2818 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2822 case DISCOV_TYPE_INTERLEAVED:
2823 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2824 DISCOV_INTERLEAVED_TIMEOUT);
2827 case DISCOV_TYPE_BREDR:
2831 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2835 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2836 void *data, u16 len)
2838 struct mgmt_cp_start_discovery *cp = data;
2839 struct pending_cmd *cmd;
2840 struct hci_cp_le_set_scan_param param_cp;
2841 struct hci_cp_le_set_scan_enable enable_cp;
2842 struct hci_cp_inquiry inq_cp;
2843 struct hci_request req;
2844 /* General inquiry access code (GIAC) */
2845 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2849 BT_DBG("%s", hdev->name);
2853 if (!hdev_is_powered(hdev)) {
2854 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2855 MGMT_STATUS_NOT_POWERED);
2859 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2860 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2865 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2866 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2871 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2877 hdev->discovery.type = cp->type;
2879 hci_req_init(&req, hdev);
2881 switch (hdev->discovery.type) {
2882 case DISCOV_TYPE_BREDR:
2883 status = mgmt_bredr_support(hdev);
2885 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2887 mgmt_pending_remove(cmd);
2891 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2892 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2894 mgmt_pending_remove(cmd);
2898 hci_inquiry_cache_flush(hdev);
2900 memset(&inq_cp, 0, sizeof(inq_cp));
2901 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
2902 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
2903 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
2906 case DISCOV_TYPE_LE:
2907 case DISCOV_TYPE_INTERLEAVED:
2908 status = mgmt_le_support(hdev);
2910 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2912 mgmt_pending_remove(cmd);
2916 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
2917 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2918 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2919 MGMT_STATUS_NOT_SUPPORTED);
2920 mgmt_pending_remove(cmd);
2924 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2925 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2926 MGMT_STATUS_REJECTED);
2927 mgmt_pending_remove(cmd);
2931 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2932 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2934 mgmt_pending_remove(cmd);
2938 memset(¶m_cp, 0, sizeof(param_cp));
2939 param_cp.type = LE_SCAN_ACTIVE;
2940 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2941 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
2942 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
2943 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
2945 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
2946 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2949 memset(&enable_cp, 0, sizeof(enable_cp));
2950 enable_cp.enable = LE_SCAN_ENABLE;
2951 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2952 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2957 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2958 MGMT_STATUS_INVALID_PARAMS);
2959 mgmt_pending_remove(cmd);
2963 err = hci_req_run(&req, start_discovery_complete);
2965 mgmt_pending_remove(cmd);
2967 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2970 hci_dev_unlock(hdev);
2974 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2976 struct pending_cmd *cmd;
2979 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2983 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2984 &hdev->discovery.type, sizeof(hdev->discovery.type));
2985 mgmt_pending_remove(cmd);
2990 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2992 BT_DBG("status %d", status);
2997 mgmt_stop_discovery_failed(hdev, status);
3001 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3004 hci_dev_unlock(hdev);
3007 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3010 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3011 struct pending_cmd *cmd;
3012 struct hci_cp_remote_name_req_cancel cp;
3013 struct inquiry_entry *e;
3014 struct hci_request req;
3015 struct hci_cp_le_set_scan_enable enable_cp;
3018 BT_DBG("%s", hdev->name);
3022 if (!hci_discovery_active(hdev)) {
3023 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3024 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3025 sizeof(mgmt_cp->type));
3029 if (hdev->discovery.type != mgmt_cp->type) {
3030 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3031 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3032 sizeof(mgmt_cp->type));
3036 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3042 hci_req_init(&req, hdev);
3044 switch (hdev->discovery.state) {
3045 case DISCOVERY_FINDING:
3046 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3047 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3049 cancel_delayed_work(&hdev->le_scan_disable);
3051 memset(&enable_cp, 0, sizeof(enable_cp));
3052 enable_cp.enable = LE_SCAN_DISABLE;
3053 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3054 sizeof(enable_cp), &enable_cp);
3059 case DISCOVERY_RESOLVING:
3060 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3063 mgmt_pending_remove(cmd);
3064 err = cmd_complete(sk, hdev->id,
3065 MGMT_OP_STOP_DISCOVERY, 0,
3067 sizeof(mgmt_cp->type));
3068 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3072 bacpy(&cp.bdaddr, &e->data.bdaddr);
3073 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3079 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3081 mgmt_pending_remove(cmd);
3082 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3083 MGMT_STATUS_FAILED, &mgmt_cp->type,
3084 sizeof(mgmt_cp->type));
3088 err = hci_req_run(&req, stop_discovery_complete);
3090 mgmt_pending_remove(cmd);
3092 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3095 hci_dev_unlock(hdev);
3099 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3102 struct mgmt_cp_confirm_name *cp = data;
3103 struct inquiry_entry *e;
3106 BT_DBG("%s", hdev->name);
3110 if (!hci_discovery_active(hdev)) {
3111 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3112 MGMT_STATUS_FAILED);
3116 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3118 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3119 MGMT_STATUS_INVALID_PARAMS);
3123 if (cp->name_known) {
3124 e->name_state = NAME_KNOWN;
3127 e->name_state = NAME_NEEDED;
3128 hci_inquiry_cache_update_resolve(hdev, e);
3131 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3135 hci_dev_unlock(hdev);
3139 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3142 struct mgmt_cp_block_device *cp = data;
3146 BT_DBG("%s", hdev->name);
3148 if (!bdaddr_type_is_valid(cp->addr.type))
3149 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3150 MGMT_STATUS_INVALID_PARAMS,
3151 &cp->addr, sizeof(cp->addr));
3155 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3157 status = MGMT_STATUS_FAILED;
3159 status = MGMT_STATUS_SUCCESS;
3161 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3162 &cp->addr, sizeof(cp->addr));
3164 hci_dev_unlock(hdev);
3169 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3172 struct mgmt_cp_unblock_device *cp = data;
3176 BT_DBG("%s", hdev->name);
3178 if (!bdaddr_type_is_valid(cp->addr.type))
3179 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3180 MGMT_STATUS_INVALID_PARAMS,
3181 &cp->addr, sizeof(cp->addr));
3185 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3187 status = MGMT_STATUS_INVALID_PARAMS;
3189 status = MGMT_STATUS_SUCCESS;
3191 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3192 &cp->addr, sizeof(cp->addr));
3194 hci_dev_unlock(hdev);
3199 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3202 struct mgmt_cp_set_device_id *cp = data;
3203 struct hci_request req;
3207 BT_DBG("%s", hdev->name);
3209 source = __le16_to_cpu(cp->source);
3211 if (source > 0x0002)
3212 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3213 MGMT_STATUS_INVALID_PARAMS);
3217 hdev->devid_source = source;
3218 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3219 hdev->devid_product = __le16_to_cpu(cp->product);
3220 hdev->devid_version = __le16_to_cpu(cp->version);
3222 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3224 hci_req_init(&req, hdev);
3226 hci_req_run(&req, NULL);
3228 hci_dev_unlock(hdev);
3233 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3235 struct cmd_lookup match = { NULL, hdev };
3238 u8 mgmt_err = mgmt_status(status);
3240 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3241 cmd_status_rsp, &mgmt_err);
3245 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3248 new_settings(hdev, match.sk);
3254 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3256 struct mgmt_mode *cp = data;
3257 struct pending_cmd *cmd;
3258 struct hci_request req;
3259 u8 val, enabled, status;
3262 BT_DBG("request for %s", hdev->name);
3264 status = mgmt_le_support(hdev);
3266 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3269 if (cp->val != 0x00 && cp->val != 0x01)
3270 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3271 MGMT_STATUS_INVALID_PARAMS);
3276 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3278 if (!hdev_is_powered(hdev) || val == enabled) {
3279 bool changed = false;
3281 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3282 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3286 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3291 err = new_settings(hdev, sk);
3296 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3297 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3298 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3303 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3309 hci_req_init(&req, hdev);
3312 enable_advertising(&req);
3314 disable_advertising(&req);
3316 err = hci_req_run(&req, set_advertising_complete);
3318 mgmt_pending_remove(cmd);
3321 hci_dev_unlock(hdev);
3325 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3326 void *data, u16 len)
3328 struct mgmt_cp_set_static_address *cp = data;
3331 BT_DBG("%s", hdev->name);
3333 if (!lmp_le_capable(hdev))
3334 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3335 MGMT_STATUS_NOT_SUPPORTED);
3337 if (hdev_is_powered(hdev))
3338 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3339 MGMT_STATUS_REJECTED);
3341 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3342 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3343 return cmd_status(sk, hdev->id,
3344 MGMT_OP_SET_STATIC_ADDRESS,
3345 MGMT_STATUS_INVALID_PARAMS);
3347 /* Two most significant bits shall be set */
3348 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3349 return cmd_status(sk, hdev->id,
3350 MGMT_OP_SET_STATIC_ADDRESS,
3351 MGMT_STATUS_INVALID_PARAMS);
3356 bacpy(&hdev->static_addr, &cp->bdaddr);
3358 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3360 hci_dev_unlock(hdev);
3365 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3367 struct pending_cmd *cmd;
3369 BT_DBG("status 0x%02x", status);
3373 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3378 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3379 mgmt_status(status));
3381 struct mgmt_mode *cp = cmd->param;
3384 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3386 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3388 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3389 new_settings(hdev, cmd->sk);
3392 mgmt_pending_remove(cmd);
3395 hci_dev_unlock(hdev);
3398 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3399 void *data, u16 len)
3401 struct mgmt_mode *cp = data;
3402 struct pending_cmd *cmd;
3403 struct hci_request req;
3406 BT_DBG("%s", hdev->name);
3408 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3409 hdev->hci_ver < BLUETOOTH_VER_1_2)
3410 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3411 MGMT_STATUS_NOT_SUPPORTED);
3413 if (cp->val != 0x00 && cp->val != 0x01)
3414 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3415 MGMT_STATUS_INVALID_PARAMS);
3417 if (!hdev_is_powered(hdev))
3418 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3419 MGMT_STATUS_NOT_POWERED);
3421 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3422 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3423 MGMT_STATUS_REJECTED);
3427 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3428 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3433 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3434 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3439 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3446 hci_req_init(&req, hdev);
3448 write_fast_connectable(&req, cp->val);
3450 err = hci_req_run(&req, fast_connectable_complete);
3452 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3453 MGMT_STATUS_FAILED);
3454 mgmt_pending_remove(cmd);
3458 hci_dev_unlock(hdev);
3463 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3465 struct pending_cmd *cmd;
3467 BT_DBG("status 0x%02x", status);
3471 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3476 u8 mgmt_err = mgmt_status(status);
3478 /* We need to restore the flag if related HCI commands
3481 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3483 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3485 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3486 new_settings(hdev, cmd->sk);
3489 mgmt_pending_remove(cmd);
3492 hci_dev_unlock(hdev);
3495 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3497 struct mgmt_mode *cp = data;
3498 struct pending_cmd *cmd;
3499 struct hci_request req;
3502 BT_DBG("request for %s", hdev->name);
3504 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3505 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3506 MGMT_STATUS_NOT_SUPPORTED);
3508 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3509 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3510 MGMT_STATUS_REJECTED);
3512 if (cp->val != 0x00 && cp->val != 0x01)
3513 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3514 MGMT_STATUS_INVALID_PARAMS);
3518 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3519 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3523 if (!hdev_is_powered(hdev)) {
3525 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3526 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3527 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3528 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3529 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3530 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3533 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3535 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3539 err = new_settings(hdev, sk);
3543 /* Reject disabling when powered on */
3545 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3546 MGMT_STATUS_REJECTED);
3550 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3551 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3556 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3562 /* We need to flip the bit already here so that hci_update_ad
3563 * generates the correct flags.
3565 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3567 hci_req_init(&req, hdev);
3568 hci_update_ad(&req);
3569 err = hci_req_run(&req, set_bredr_complete);
3571 mgmt_pending_remove(cmd);
3574 hci_dev_unlock(hdev);
3578 static bool ltk_is_valid(struct mgmt_ltk_info *key)
3580 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3582 if (key->master != 0x00 && key->master != 0x01)
3584 if (!bdaddr_type_is_le(key->addr.type))
3589 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
3590 void *cp_data, u16 len)
3592 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3593 u16 key_count, expected_len;
3596 BT_DBG("request for %s", hdev->name);
3598 if (!lmp_le_capable(hdev))
3599 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3600 MGMT_STATUS_NOT_SUPPORTED);
3602 key_count = __le16_to_cpu(cp->key_count);
3604 expected_len = sizeof(*cp) + key_count *
3605 sizeof(struct mgmt_ltk_info);
3606 if (expected_len != len) {
3607 BT_ERR("load_keys: expected %u bytes, got %u bytes",
3609 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3610 MGMT_STATUS_INVALID_PARAMS);
3613 BT_DBG("%s key_count %u", hdev->name, key_count);
3615 for (i = 0; i < key_count; i++) {
3616 struct mgmt_ltk_info *key = &cp->keys[i];
3618 if (!ltk_is_valid(key))
3619 return cmd_status(sk, hdev->id,
3620 MGMT_OP_LOAD_LONG_TERM_KEYS,
3621 MGMT_STATUS_INVALID_PARAMS);
3626 hci_smp_ltks_clear(hdev);
3628 for (i = 0; i < key_count; i++) {
3629 struct mgmt_ltk_info *key = &cp->keys[i];
3635 type = HCI_SMP_LTK_SLAVE;
3637 hci_add_ltk(hdev, &key->addr.bdaddr,
3638 bdaddr_to_le(key->addr.type),
3639 type, 0, key->authenticated, key->val,
3640 key->enc_size, key->ediv, key->rand);
3643 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3646 hci_dev_unlock(hdev);
3651 static const struct mgmt_handler {
3652 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3656 } mgmt_handlers[] = {
3657 { NULL }, /* 0x0000 (no command) */
3658 { read_version, false, MGMT_READ_VERSION_SIZE },
3659 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3660 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3661 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3662 { set_powered, false, MGMT_SETTING_SIZE },
3663 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3664 { set_connectable, false, MGMT_SETTING_SIZE },
3665 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3666 { set_pairable, false, MGMT_SETTING_SIZE },
3667 { set_link_security, false, MGMT_SETTING_SIZE },
3668 { set_ssp, false, MGMT_SETTING_SIZE },
3669 { set_hs, false, MGMT_SETTING_SIZE },
3670 { set_le, false, MGMT_SETTING_SIZE },
3671 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3672 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3673 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3674 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3675 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3676 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3677 { disconnect, false, MGMT_DISCONNECT_SIZE },
3678 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3679 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3680 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3681 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3682 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3683 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3684 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3685 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3686 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3687 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3688 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3689 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3690 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3691 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3692 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3693 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3694 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3695 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3696 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
3697 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
3698 { set_advertising, false, MGMT_SETTING_SIZE },
3699 { set_bredr, false, MGMT_SETTING_SIZE },
3700 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
3704 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3708 struct mgmt_hdr *hdr;
3709 u16 opcode, index, len;
3710 struct hci_dev *hdev = NULL;
3711 const struct mgmt_handler *handler;
3714 BT_DBG("got %zu bytes", msglen);
3716 if (msglen < sizeof(*hdr))
3719 buf = kmalloc(msglen, GFP_KERNEL);
3723 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3729 opcode = __le16_to_cpu(hdr->opcode);
3730 index = __le16_to_cpu(hdr->index);
3731 len = __le16_to_cpu(hdr->len);
3733 if (len != msglen - sizeof(*hdr)) {
3738 if (index != MGMT_INDEX_NONE) {
3739 hdev = hci_dev_get(index);
3741 err = cmd_status(sk, index, opcode,
3742 MGMT_STATUS_INVALID_INDEX);
3746 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3747 err = cmd_status(sk, index, opcode,
3748 MGMT_STATUS_INVALID_INDEX);
3753 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
3754 mgmt_handlers[opcode].func == NULL) {
3755 BT_DBG("Unknown op %u", opcode);
3756 err = cmd_status(sk, index, opcode,
3757 MGMT_STATUS_UNKNOWN_COMMAND);
3761 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
3762 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
3763 err = cmd_status(sk, index, opcode,
3764 MGMT_STATUS_INVALID_INDEX);
3768 handler = &mgmt_handlers[opcode];
3770 if ((handler->var_len && len < handler->data_len) ||
3771 (!handler->var_len && len != handler->data_len)) {
3772 err = cmd_status(sk, index, opcode,
3773 MGMT_STATUS_INVALID_PARAMS);
3778 mgmt_init_hdev(sk, hdev);
3780 cp = buf + sizeof(*hdr);
3782 err = handler->func(sk, hdev, cp, len);
3796 int mgmt_index_added(struct hci_dev *hdev)
3798 if (!mgmt_valid_hdev(hdev))
3801 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
3804 int mgmt_index_removed(struct hci_dev *hdev)
3806 u8 status = MGMT_STATUS_INVALID_INDEX;
3808 if (!mgmt_valid_hdev(hdev))
3811 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3813 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
3816 static void set_bredr_scan(struct hci_request *req)
3818 struct hci_dev *hdev = req->hdev;
3821 /* Ensure that fast connectable is disabled. This function will
3822 * not do anything if the page scan parameters are already what
3825 write_fast_connectable(req, false);
3827 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3829 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3830 scan |= SCAN_INQUIRY;
3833 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3836 static void powered_complete(struct hci_dev *hdev, u8 status)
3838 struct cmd_lookup match = { NULL, hdev };
3840 BT_DBG("status 0x%02x", status);
3844 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3846 new_settings(hdev, match.sk);
3848 hci_dev_unlock(hdev);
3854 static int powered_update_hci(struct hci_dev *hdev)
3856 struct hci_request req;
3859 hci_req_init(&req, hdev);
3861 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3862 !lmp_host_ssp_capable(hdev)) {
3865 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
3868 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3869 lmp_bredr_capable(hdev)) {
3870 struct hci_cp_write_le_host_supported cp;
3873 cp.simul = lmp_le_br_capable(hdev);
3875 /* Check first if we already have the right
3876 * host state (host features set)
3878 if (cp.le != lmp_host_le_capable(hdev) ||
3879 cp.simul != lmp_host_le_br_capable(hdev))
3880 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3883 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3884 hci_update_ad(&req);
3887 if (lmp_le_capable(hdev)) {
3888 /* Set random address to static address if configured */
3889 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3890 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3891 &hdev->static_addr);
3893 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
3894 enable_advertising(&req);
3897 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3898 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
3899 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3900 sizeof(link_sec), &link_sec);
3902 if (lmp_bredr_capable(hdev)) {
3903 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3904 set_bredr_scan(&req);
3910 return hci_req_run(&req, powered_complete);
3913 int mgmt_powered(struct hci_dev *hdev, u8 powered)
3915 struct cmd_lookup match = { NULL, hdev };
3916 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3917 u8 zero_cod[] = { 0, 0, 0 };
3920 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3924 if (powered_update_hci(hdev) == 0)
3927 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3932 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3933 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3935 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3936 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3937 zero_cod, sizeof(zero_cod), NULL);
3940 err = new_settings(hdev, match.sk);
3948 int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3950 struct pending_cmd *cmd;
3953 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3957 if (err == -ERFKILL)
3958 status = MGMT_STATUS_RFKILLED;
3960 status = MGMT_STATUS_FAILED;
3962 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3964 mgmt_pending_remove(cmd);
3969 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3971 struct cmd_lookup match = { NULL, hdev };
3972 bool changed = false;
3976 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3979 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3983 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3987 err = new_settings(hdev, match.sk);
3995 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3997 struct pending_cmd *cmd;
3998 bool changed = false;
4002 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4005 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4009 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
4012 err = new_settings(hdev, cmd ? cmd->sk : NULL);
4017 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
4019 u8 mgmt_err = mgmt_status(status);
4021 if (scan & SCAN_PAGE)
4022 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
4023 cmd_status_rsp, &mgmt_err);
4025 if (scan & SCAN_INQUIRY)
4026 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
4027 cmd_status_rsp, &mgmt_err);
4032 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4035 struct mgmt_ev_new_link_key ev;
4037 memset(&ev, 0, sizeof(ev));
4039 ev.store_hint = persistent;
4040 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4041 ev.key.addr.type = BDADDR_BREDR;
4042 ev.key.type = key->type;
4043 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
4044 ev.key.pin_len = key->pin_len;
4046 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4049 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4051 struct mgmt_ev_new_long_term_key ev;
4053 memset(&ev, 0, sizeof(ev));
4055 ev.store_hint = persistent;
4056 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4057 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4058 ev.key.authenticated = key->authenticated;
4059 ev.key.enc_size = key->enc_size;
4060 ev.key.ediv = key->ediv;
4062 if (key->type == HCI_SMP_LTK)
4065 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4066 memcpy(ev.key.val, key->val, sizeof(key->val));
4068 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4072 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4073 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4077 struct mgmt_ev_device_connected *ev = (void *) buf;
4080 bacpy(&ev->addr.bdaddr, bdaddr);
4081 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4083 ev->flags = __cpu_to_le32(flags);
4086 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4089 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4090 eir_len = eir_append_data(ev->eir, eir_len,
4091 EIR_CLASS_OF_DEV, dev_class, 3);
4093 ev->eir_len = cpu_to_le16(eir_len);
4095 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4096 sizeof(*ev) + eir_len, NULL);
4099 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4101 struct mgmt_cp_disconnect *cp = cmd->param;
4102 struct sock **sk = data;
4103 struct mgmt_rp_disconnect rp;
4105 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4106 rp.addr.type = cp->addr.type;
4108 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4114 mgmt_pending_remove(cmd);
4117 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4119 struct hci_dev *hdev = data;
4120 struct mgmt_cp_unpair_device *cp = cmd->param;
4121 struct mgmt_rp_unpair_device rp;
4123 memset(&rp, 0, sizeof(rp));
4124 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4125 rp.addr.type = cp->addr.type;
4127 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4129 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4131 mgmt_pending_remove(cmd);
4134 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4135 u8 link_type, u8 addr_type, u8 reason)
4137 struct mgmt_ev_device_disconnected ev;
4138 struct sock *sk = NULL;
4141 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4143 bacpy(&ev.addr.bdaddr, bdaddr);
4144 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4147 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
4153 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4159 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4160 u8 link_type, u8 addr_type, u8 status)
4162 struct mgmt_rp_disconnect rp;
4163 struct pending_cmd *cmd;
4166 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4169 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4173 bacpy(&rp.addr.bdaddr, bdaddr);
4174 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4176 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4177 mgmt_status(status), &rp, sizeof(rp));
4179 mgmt_pending_remove(cmd);
4184 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4185 u8 addr_type, u8 status)
4187 struct mgmt_ev_connect_failed ev;
4189 bacpy(&ev.addr.bdaddr, bdaddr);
4190 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4191 ev.status = mgmt_status(status);
4193 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4196 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
4198 struct mgmt_ev_pin_code_request ev;
4200 bacpy(&ev.addr.bdaddr, bdaddr);
4201 ev.addr.type = BDADDR_BREDR;
4204 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4208 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4211 struct pending_cmd *cmd;
4212 struct mgmt_rp_pin_code_reply rp;
4215 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
4219 bacpy(&rp.addr.bdaddr, bdaddr);
4220 rp.addr.type = BDADDR_BREDR;
4222 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4223 mgmt_status(status), &rp, sizeof(rp));
4225 mgmt_pending_remove(cmd);
4230 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4233 struct pending_cmd *cmd;
4234 struct mgmt_rp_pin_code_reply rp;
4237 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
4241 bacpy(&rp.addr.bdaddr, bdaddr);
4242 rp.addr.type = BDADDR_BREDR;
4244 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4245 mgmt_status(status), &rp, sizeof(rp));
4247 mgmt_pending_remove(cmd);
4252 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4253 u8 link_type, u8 addr_type, __le32 value,
4256 struct mgmt_ev_user_confirm_request ev;
4258 BT_DBG("%s", hdev->name);
4260 bacpy(&ev.addr.bdaddr, bdaddr);
4261 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4262 ev.confirm_hint = confirm_hint;
4265 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4269 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4270 u8 link_type, u8 addr_type)
4272 struct mgmt_ev_user_passkey_request ev;
4274 BT_DBG("%s", hdev->name);
4276 bacpy(&ev.addr.bdaddr, bdaddr);
4277 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4279 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
4283 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4284 u8 link_type, u8 addr_type, u8 status,
4287 struct pending_cmd *cmd;
4288 struct mgmt_rp_user_confirm_reply rp;
4291 cmd = mgmt_pending_find(opcode, hdev);
4295 bacpy(&rp.addr.bdaddr, bdaddr);
4296 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4297 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
4300 mgmt_pending_remove(cmd);
4305 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4306 u8 link_type, u8 addr_type, u8 status)
4308 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4309 status, MGMT_OP_USER_CONFIRM_REPLY);
4312 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4313 u8 link_type, u8 addr_type, u8 status)
4315 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4317 MGMT_OP_USER_CONFIRM_NEG_REPLY);
4320 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4321 u8 link_type, u8 addr_type, u8 status)
4323 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4324 status, MGMT_OP_USER_PASSKEY_REPLY);
4327 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4328 u8 link_type, u8 addr_type, u8 status)
4330 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4332 MGMT_OP_USER_PASSKEY_NEG_REPLY);
4335 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4336 u8 link_type, u8 addr_type, u32 passkey,
4339 struct mgmt_ev_passkey_notify ev;
4341 BT_DBG("%s", hdev->name);
4343 bacpy(&ev.addr.bdaddr, bdaddr);
4344 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4345 ev.passkey = __cpu_to_le32(passkey);
4346 ev.entered = entered;
4348 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4351 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4352 u8 addr_type, u8 status)
4354 struct mgmt_ev_auth_failed ev;
4356 bacpy(&ev.addr.bdaddr, bdaddr);
4357 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4358 ev.status = mgmt_status(status);
4360 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
4363 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4365 struct cmd_lookup match = { NULL, hdev };
4366 bool changed = false;
4370 u8 mgmt_err = mgmt_status(status);
4371 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
4372 cmd_status_rsp, &mgmt_err);
4376 if (test_bit(HCI_AUTH, &hdev->flags)) {
4377 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4380 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4384 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
4388 err = new_settings(hdev, match.sk);
4396 static void clear_eir(struct hci_request *req)
4398 struct hci_dev *hdev = req->hdev;
4399 struct hci_cp_write_eir cp;
4401 if (!lmp_ext_inq_capable(hdev))
4404 memset(hdev->eir, 0, sizeof(hdev->eir));
4406 memset(&cp, 0, sizeof(cp));
4408 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
4411 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4413 struct cmd_lookup match = { NULL, hdev };
4414 struct hci_request req;
4415 bool changed = false;
4419 u8 mgmt_err = mgmt_status(status);
4421 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
4423 err = new_settings(hdev, NULL);
4425 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4432 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4435 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4439 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4442 err = new_settings(hdev, match.sk);
4447 hci_req_init(&req, hdev);
4449 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4454 hci_req_run(&req, NULL);
4459 static void sk_lookup(struct pending_cmd *cmd, void *data)
4461 struct cmd_lookup *match = data;
4463 if (match->sk == NULL) {
4464 match->sk = cmd->sk;
4465 sock_hold(match->sk);
4469 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4472 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4475 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4476 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4477 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
4480 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4489 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
4491 struct mgmt_cp_set_local_name ev;
4492 struct pending_cmd *cmd;
4497 memset(&ev, 0, sizeof(ev));
4498 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
4499 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
4501 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
4503 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
4505 /* If this is a HCI command related to powering on the
4506 * HCI dev don't send any mgmt signals.
4508 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4512 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4513 cmd ? cmd->sk : NULL);
4516 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4517 u8 *randomizer, u8 status)
4519 struct pending_cmd *cmd;
4522 BT_DBG("%s status %u", hdev->name, status);
4524 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4529 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4530 mgmt_status(status));
4532 struct mgmt_rp_read_local_oob_data rp;
4534 memcpy(rp.hash, hash, sizeof(rp.hash));
4535 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4537 err = cmd_complete(cmd->sk, hdev->id,
4538 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4542 mgmt_pending_remove(cmd);
4547 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4548 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4549 ssp, u8 *eir, u16 eir_len)
4552 struct mgmt_ev_device_found *ev = (void *) buf;
4555 if (!hci_discovery_active(hdev))
4558 /* Leave 5 bytes for a potential CoD field */
4559 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
4562 memset(buf, 0, sizeof(buf));
4564 bacpy(&ev->addr.bdaddr, bdaddr);
4565 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4568 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
4570 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
4573 memcpy(ev->eir, eir, eir_len);
4575 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4576 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
4579 ev->eir_len = cpu_to_le16(eir_len);
4580 ev_size = sizeof(*ev) + eir_len;
4582 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
4585 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4586 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
4588 struct mgmt_ev_device_found *ev;
4589 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4592 ev = (struct mgmt_ev_device_found *) buf;
4594 memset(buf, 0, sizeof(buf));
4596 bacpy(&ev->addr.bdaddr, bdaddr);
4597 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4600 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
4603 ev->eir_len = cpu_to_le16(eir_len);
4605 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
4606 sizeof(*ev) + eir_len, NULL);
4609 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
4611 struct mgmt_ev_discovering ev;
4612 struct pending_cmd *cmd;
4614 BT_DBG("%s discovering %u", hdev->name, discovering);
4617 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
4619 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4622 u8 type = hdev->discovery.type;
4624 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4626 mgmt_pending_remove(cmd);
4629 memset(&ev, 0, sizeof(ev));
4630 ev.type = hdev->discovery.type;
4631 ev.discovering = discovering;
4633 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
4636 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4638 struct pending_cmd *cmd;
4639 struct mgmt_ev_device_blocked ev;
4641 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
4643 bacpy(&ev.addr.bdaddr, bdaddr);
4644 ev.addr.type = type;
4646 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
4647 cmd ? cmd->sk : NULL);
4650 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4652 struct pending_cmd *cmd;
4653 struct mgmt_ev_device_unblocked ev;
4655 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
4657 bacpy(&ev.addr.bdaddr, bdaddr);
4658 ev.addr.type = type;
4660 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
4661 cmd ? cmd->sk : NULL);
projects / karo-tx-linux.git / blob