2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
36 #define MGMT_VERSION 1
37 #define MGMT_REVISION 4
39 static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
76 MGMT_OP_UNBLOCK_DEVICE,
77 MGMT_OP_SET_DEVICE_ID,
78 MGMT_OP_SET_ADVERTISING,
80 MGMT_OP_SET_STATIC_ADDRESS,
81 MGMT_OP_SET_SCAN_PARAMS,
84 static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
87 MGMT_EV_INDEX_REMOVED,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
100 MGMT_EV_DEVICE_FOUND,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
105 MGMT_EV_PASSKEY_NOTIFY,
108 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
110 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
111 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
114 struct list_head list;
122 /* HCI to MGMT error code conversion table */
123 static u8 mgmt_status_table[] = {
125 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
126 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
127 MGMT_STATUS_FAILED, /* Hardware Failure */
128 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
129 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
130 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
131 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
132 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
133 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
135 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
136 MGMT_STATUS_BUSY, /* Command Disallowed */
137 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
138 MGMT_STATUS_REJECTED, /* Rejected Security */
139 MGMT_STATUS_REJECTED, /* Rejected Personal */
140 MGMT_STATUS_TIMEOUT, /* Host Timeout */
141 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
142 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
143 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
144 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
145 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
146 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
147 MGMT_STATUS_BUSY, /* Repeated Attempts */
148 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
149 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
151 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
152 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
153 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
155 MGMT_STATUS_FAILED, /* Unspecified Error */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
157 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
158 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
159 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
160 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
161 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
162 MGMT_STATUS_FAILED, /* Unit Link Key Used */
163 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
164 MGMT_STATUS_TIMEOUT, /* Instant Passed */
165 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
166 MGMT_STATUS_FAILED, /* Transaction Collision */
167 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
168 MGMT_STATUS_REJECTED, /* QoS Rejected */
169 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
170 MGMT_STATUS_REJECTED, /* Insufficient Security */
171 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
172 MGMT_STATUS_BUSY, /* Role Switch Pending */
173 MGMT_STATUS_FAILED, /* Slot Violation */
174 MGMT_STATUS_FAILED, /* Role Switch Failed */
175 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
176 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
177 MGMT_STATUS_BUSY, /* Host Busy Pairing */
178 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
179 MGMT_STATUS_BUSY, /* Controller Busy */
180 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
181 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
182 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
184 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
187 static u8 mgmt_status(u8 hci_status)
189 if (hci_status < ARRAY_SIZE(mgmt_status_table))
190 return mgmt_status_table[hci_status];
192 return MGMT_STATUS_FAILED;
195 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
198 struct mgmt_hdr *hdr;
199 struct mgmt_ev_cmd_status *ev;
202 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
204 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
208 hdr = (void *) skb_put(skb, sizeof(*hdr));
210 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
211 hdr->index = cpu_to_le16(index);
212 hdr->len = cpu_to_le16(sizeof(*ev));
214 ev = (void *) skb_put(skb, sizeof(*ev));
216 ev->opcode = cpu_to_le16(cmd);
218 err = sock_queue_rcv_skb(sk, skb);
225 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
226 void *rp, size_t rp_len)
229 struct mgmt_hdr *hdr;
230 struct mgmt_ev_cmd_complete *ev;
233 BT_DBG("sock %p", sk);
235 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
239 hdr = (void *) skb_put(skb, sizeof(*hdr));
241 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
242 hdr->index = cpu_to_le16(index);
243 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
245 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
246 ev->opcode = cpu_to_le16(cmd);
250 memcpy(ev->data, rp, rp_len);
252 err = sock_queue_rcv_skb(sk, skb);
259 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
262 struct mgmt_rp_read_version rp;
264 BT_DBG("sock %p", sk);
266 rp.version = MGMT_VERSION;
267 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
269 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
273 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
276 struct mgmt_rp_read_commands *rp;
277 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
278 const u16 num_events = ARRAY_SIZE(mgmt_events);
283 BT_DBG("sock %p", sk);
285 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
287 rp = kmalloc(rp_size, GFP_KERNEL);
291 rp->num_commands = __constant_cpu_to_le16(num_commands);
292 rp->num_events = __constant_cpu_to_le16(num_events);
294 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
295 put_unaligned_le16(mgmt_commands[i], opcode);
297 for (i = 0; i < num_events; i++, opcode++)
298 put_unaligned_le16(mgmt_events[i], opcode);
300 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
307 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
310 struct mgmt_rp_read_index_list *rp;
316 BT_DBG("sock %p", sk);
318 read_lock(&hci_dev_list_lock);
321 list_for_each_entry(d, &hci_dev_list, list) {
322 if (d->dev_type == HCI_BREDR)
326 rp_len = sizeof(*rp) + (2 * count);
327 rp = kmalloc(rp_len, GFP_ATOMIC);
329 read_unlock(&hci_dev_list_lock);
334 list_for_each_entry(d, &hci_dev_list, list) {
335 if (test_bit(HCI_SETUP, &d->dev_flags))
338 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
341 if (d->dev_type == HCI_BREDR) {
342 rp->index[count++] = cpu_to_le16(d->id);
343 BT_DBG("Added hci%u", d->id);
347 rp->num_controllers = cpu_to_le16(count);
348 rp_len = sizeof(*rp) + (2 * count);
350 read_unlock(&hci_dev_list_lock);
352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
360 static u32 get_supported_settings(struct hci_dev *hdev)
364 settings |= MGMT_SETTING_POWERED;
365 settings |= MGMT_SETTING_PAIRABLE;
367 if (lmp_bredr_capable(hdev)) {
368 settings |= MGMT_SETTING_CONNECTABLE;
369 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
370 settings |= MGMT_SETTING_FAST_CONNECTABLE;
371 settings |= MGMT_SETTING_DISCOVERABLE;
372 settings |= MGMT_SETTING_BREDR;
373 settings |= MGMT_SETTING_LINK_SECURITY;
375 if (lmp_ssp_capable(hdev)) {
376 settings |= MGMT_SETTING_SSP;
377 settings |= MGMT_SETTING_HS;
381 if (lmp_le_capable(hdev)) {
382 settings |= MGMT_SETTING_LE;
383 settings |= MGMT_SETTING_ADVERTISING;
389 static u32 get_current_settings(struct hci_dev *hdev)
393 if (hdev_is_powered(hdev))
394 settings |= MGMT_SETTING_POWERED;
396 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
397 settings |= MGMT_SETTING_CONNECTABLE;
399 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_FAST_CONNECTABLE;
402 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
403 settings |= MGMT_SETTING_DISCOVERABLE;
405 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
406 settings |= MGMT_SETTING_PAIRABLE;
408 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
409 settings |= MGMT_SETTING_BREDR;
411 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
412 settings |= MGMT_SETTING_LE;
414 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
415 settings |= MGMT_SETTING_LINK_SECURITY;
417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
418 settings |= MGMT_SETTING_SSP;
420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_HS;
423 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
424 settings |= MGMT_SETTING_ADVERTISING;
429 #define PNP_INFO_SVCLASS_ID 0x1200
431 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
433 u8 *ptr = data, *uuids_start = NULL;
434 struct bt_uuid *uuid;
439 list_for_each_entry(uuid, &hdev->uuids, list) {
442 if (uuid->size != 16)
445 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
449 if (uuid16 == PNP_INFO_SVCLASS_ID)
455 uuids_start[1] = EIR_UUID16_ALL;
459 /* Stop if not enough space to put next UUID */
460 if ((ptr - data) + sizeof(u16) > len) {
461 uuids_start[1] = EIR_UUID16_SOME;
465 *ptr++ = (uuid16 & 0x00ff);
466 *ptr++ = (uuid16 & 0xff00) >> 8;
467 uuids_start[0] += sizeof(uuid16);
473 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
475 u8 *ptr = data, *uuids_start = NULL;
476 struct bt_uuid *uuid;
481 list_for_each_entry(uuid, &hdev->uuids, list) {
482 if (uuid->size != 32)
488 uuids_start[1] = EIR_UUID32_ALL;
492 /* Stop if not enough space to put next UUID */
493 if ((ptr - data) + sizeof(u32) > len) {
494 uuids_start[1] = EIR_UUID32_SOME;
498 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
500 uuids_start[0] += sizeof(u32);
506 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
508 u8 *ptr = data, *uuids_start = NULL;
509 struct bt_uuid *uuid;
514 list_for_each_entry(uuid, &hdev->uuids, list) {
515 if (uuid->size != 128)
521 uuids_start[1] = EIR_UUID128_ALL;
525 /* Stop if not enough space to put next UUID */
526 if ((ptr - data) + 16 > len) {
527 uuids_start[1] = EIR_UUID128_SOME;
531 memcpy(ptr, uuid->uuid, 16);
533 uuids_start[0] += 16;
539 static void create_eir(struct hci_dev *hdev, u8 *data)
544 name_len = strlen(hdev->dev_name);
550 ptr[1] = EIR_NAME_SHORT;
552 ptr[1] = EIR_NAME_COMPLETE;
554 /* EIR Data length */
555 ptr[0] = name_len + 1;
557 memcpy(ptr + 2, hdev->dev_name, name_len);
559 ptr += (name_len + 2);
562 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
564 ptr[1] = EIR_TX_POWER;
565 ptr[2] = (u8) hdev->inq_tx_power;
570 if (hdev->devid_source > 0) {
572 ptr[1] = EIR_DEVICE_ID;
574 put_unaligned_le16(hdev->devid_source, ptr + 2);
575 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
576 put_unaligned_le16(hdev->devid_product, ptr + 6);
577 put_unaligned_le16(hdev->devid_version, ptr + 8);
582 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
583 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
584 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
587 static void update_eir(struct hci_request *req)
589 struct hci_dev *hdev = req->hdev;
590 struct hci_cp_write_eir cp;
592 if (!hdev_is_powered(hdev))
595 if (!lmp_ext_inq_capable(hdev))
598 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
601 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
604 memset(&cp, 0, sizeof(cp));
606 create_eir(hdev, cp.data);
608 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
611 memcpy(hdev->eir, cp.data, sizeof(cp.data));
613 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
616 static u8 get_service_classes(struct hci_dev *hdev)
618 struct bt_uuid *uuid;
621 list_for_each_entry(uuid, &hdev->uuids, list)
622 val |= uuid->svc_hint;
627 static void update_class(struct hci_request *req)
629 struct hci_dev *hdev = req->hdev;
632 BT_DBG("%s", hdev->name);
634 if (!hdev_is_powered(hdev))
637 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
640 cod[0] = hdev->minor_class;
641 cod[1] = hdev->major_class;
642 cod[2] = get_service_classes(hdev);
644 if (memcmp(cod, hdev->dev_class, 3) == 0)
647 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
650 static void service_cache_off(struct work_struct *work)
652 struct hci_dev *hdev = container_of(work, struct hci_dev,
654 struct hci_request req;
656 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
659 hci_req_init(&req, hdev);
666 hci_dev_unlock(hdev);
668 hci_req_run(&req, NULL);
671 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
673 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
676 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
678 /* Non-mgmt controlled devices get this bit set
679 * implicitly so that pairing works for them, however
680 * for mgmt we require user-space to explicitly enable
683 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
686 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
687 void *data, u16 data_len)
689 struct mgmt_rp_read_info rp;
691 BT_DBG("sock %p %s", sk, hdev->name);
695 memset(&rp, 0, sizeof(rp));
697 bacpy(&rp.bdaddr, &hdev->bdaddr);
699 rp.version = hdev->hci_ver;
700 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
702 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
703 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
705 memcpy(rp.dev_class, hdev->dev_class, 3);
707 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
708 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
710 hci_dev_unlock(hdev);
712 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
716 static void mgmt_pending_free(struct pending_cmd *cmd)
723 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
724 struct hci_dev *hdev, void *data,
727 struct pending_cmd *cmd;
729 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
733 cmd->opcode = opcode;
734 cmd->index = hdev->id;
736 cmd->param = kmalloc(len, GFP_KERNEL);
743 memcpy(cmd->param, data, len);
748 list_add(&cmd->list, &hdev->mgmt_pending);
753 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
754 void (*cb)(struct pending_cmd *cmd,
758 struct pending_cmd *cmd, *tmp;
760 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
761 if (opcode > 0 && cmd->opcode != opcode)
768 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
770 struct pending_cmd *cmd;
772 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
773 if (cmd->opcode == opcode)
780 static void mgmt_pending_remove(struct pending_cmd *cmd)
782 list_del(&cmd->list);
783 mgmt_pending_free(cmd);
786 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
788 __le32 settings = cpu_to_le32(get_current_settings(hdev));
790 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
794 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
797 struct mgmt_mode *cp = data;
798 struct pending_cmd *cmd;
801 BT_DBG("request for %s", hdev->name);
803 if (cp->val != 0x00 && cp->val != 0x01)
804 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
805 MGMT_STATUS_INVALID_PARAMS);
809 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
810 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
815 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
816 cancel_delayed_work(&hdev->power_off);
819 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
821 err = mgmt_powered(hdev, 1);
826 if (!!cp->val == hdev_is_powered(hdev)) {
827 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
831 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
838 queue_work(hdev->req_workqueue, &hdev->power_on);
840 queue_work(hdev->req_workqueue, &hdev->power_off.work);
845 hci_dev_unlock(hdev);
849 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
850 struct sock *skip_sk)
853 struct mgmt_hdr *hdr;
855 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
859 hdr = (void *) skb_put(skb, sizeof(*hdr));
860 hdr->opcode = cpu_to_le16(event);
862 hdr->index = cpu_to_le16(hdev->id);
864 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
865 hdr->len = cpu_to_le16(data_len);
868 memcpy(skb_put(skb, data_len), data, data_len);
871 __net_timestamp(skb);
873 hci_send_to_control(skb, skip_sk);
879 static int new_settings(struct hci_dev *hdev, struct sock *skip)
883 ev = cpu_to_le32(get_current_settings(hdev));
885 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
890 struct hci_dev *hdev;
894 static void settings_rsp(struct pending_cmd *cmd, void *data)
896 struct cmd_lookup *match = data;
898 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
900 list_del(&cmd->list);
902 if (match->sk == NULL) {
904 sock_hold(match->sk);
907 mgmt_pending_free(cmd);
910 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
914 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
915 mgmt_pending_remove(cmd);
918 static u8 mgmt_bredr_support(struct hci_dev *hdev)
920 if (!lmp_bredr_capable(hdev))
921 return MGMT_STATUS_NOT_SUPPORTED;
922 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
923 return MGMT_STATUS_REJECTED;
925 return MGMT_STATUS_SUCCESS;
928 static u8 mgmt_le_support(struct hci_dev *hdev)
930 if (!lmp_le_capable(hdev))
931 return MGMT_STATUS_NOT_SUPPORTED;
932 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
933 return MGMT_STATUS_REJECTED;
935 return MGMT_STATUS_SUCCESS;
938 static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
940 struct pending_cmd *cmd;
941 struct mgmt_mode *cp;
944 BT_DBG("status 0x%02x", status);
948 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
953 u8 mgmt_err = mgmt_status(status);
954 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
960 changed = !test_and_set_bit(HCI_DISCOVERABLE,
963 changed = test_and_clear_bit(HCI_DISCOVERABLE,
966 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
969 new_settings(hdev, cmd->sk);
972 mgmt_pending_remove(cmd);
975 hci_dev_unlock(hdev);
978 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
981 struct mgmt_cp_set_discoverable *cp = data;
982 struct pending_cmd *cmd;
983 struct hci_request req;
988 BT_DBG("request for %s", hdev->name);
990 status = mgmt_bredr_support(hdev);
992 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
995 if (cp->val != 0x00 && cp->val != 0x01)
996 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
997 MGMT_STATUS_INVALID_PARAMS);
999 timeout = __le16_to_cpu(cp->timeout);
1000 if (!cp->val && timeout > 0)
1001 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1002 MGMT_STATUS_INVALID_PARAMS);
1006 if (!hdev_is_powered(hdev) && timeout > 0) {
1007 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1008 MGMT_STATUS_NOT_POWERED);
1012 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1013 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1014 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1019 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1020 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1021 MGMT_STATUS_REJECTED);
1025 if (!hdev_is_powered(hdev)) {
1026 bool changed = false;
1028 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1029 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1033 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1038 err = new_settings(hdev, sk);
1043 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1044 if (hdev->discov_timeout > 0) {
1045 cancel_delayed_work(&hdev->discov_off);
1046 hdev->discov_timeout = 0;
1049 if (cp->val && timeout > 0) {
1050 hdev->discov_timeout = timeout;
1051 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1052 msecs_to_jiffies(hdev->discov_timeout * 1000));
1055 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1059 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1065 hci_req_init(&req, hdev);
1070 scan |= SCAN_INQUIRY;
1072 cancel_delayed_work(&hdev->discov_off);
1074 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1076 err = hci_req_run(&req, set_discoverable_complete);
1078 mgmt_pending_remove(cmd);
1081 hdev->discov_timeout = timeout;
1084 hci_dev_unlock(hdev);
1088 static void write_fast_connectable(struct hci_request *req, bool enable)
1090 struct hci_dev *hdev = req->hdev;
1091 struct hci_cp_write_page_scan_activity acp;
1094 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1098 type = PAGE_SCAN_TYPE_INTERLACED;
1100 /* 160 msec page scan interval */
1101 acp.interval = __constant_cpu_to_le16(0x0100);
1103 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1105 /* default 1.28 sec page scan */
1106 acp.interval = __constant_cpu_to_le16(0x0800);
1109 acp.window = __constant_cpu_to_le16(0x0012);
1111 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1112 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1113 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1116 if (hdev->page_scan_type != type)
1117 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1120 static u8 get_adv_type(struct hci_dev *hdev)
1122 struct pending_cmd *cmd;
1125 /* If there's a pending mgmt command the flag will not yet have
1126 * it's final value, so check for this first.
1128 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1130 struct mgmt_mode *cp = cmd->param;
1131 connectable = !!cp->val;
1133 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1136 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1139 static void enable_advertising(struct hci_request *req)
1141 struct hci_dev *hdev = req->hdev;
1142 struct hci_cp_le_set_adv_param cp;
1145 memset(&cp, 0, sizeof(cp));
1146 cp.min_interval = __constant_cpu_to_le16(0x0800);
1147 cp.max_interval = __constant_cpu_to_le16(0x0800);
1148 cp.type = get_adv_type(hdev);
1149 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1150 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1152 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1153 cp.channel_map = 0x07;
1155 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1157 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1160 static void disable_advertising(struct hci_request *req)
1164 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1167 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1169 struct pending_cmd *cmd;
1170 struct mgmt_mode *cp;
1173 BT_DBG("status 0x%02x", status);
1177 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1182 u8 mgmt_err = mgmt_status(status);
1183 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1189 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1191 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1193 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1196 new_settings(hdev, cmd->sk);
1199 mgmt_pending_remove(cmd);
1202 hci_dev_unlock(hdev);
1205 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1208 struct mgmt_mode *cp = data;
1209 struct pending_cmd *cmd;
1210 struct hci_request req;
1214 BT_DBG("request for %s", hdev->name);
1216 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1217 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1218 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1219 MGMT_STATUS_REJECTED);
1221 if (cp->val != 0x00 && cp->val != 0x01)
1222 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1223 MGMT_STATUS_INVALID_PARAMS);
1227 if (!hdev_is_powered(hdev)) {
1228 bool changed = false;
1230 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1234 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1236 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1237 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1240 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1245 err = new_settings(hdev, sk);
1250 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1251 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1252 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1257 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1263 hci_req_init(&req, hdev);
1265 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
1266 cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1273 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1274 hdev->discov_timeout > 0)
1275 cancel_delayed_work(&hdev->discov_off);
1278 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1281 /* If we're going from non-connectable to connectable or
1282 * vice-versa when fast connectable is enabled ensure that fast
1283 * connectable gets disabled. write_fast_connectable won't do
1284 * anything if the page scan parameters are already what they
1287 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1288 write_fast_connectable(&req, false);
1290 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1291 hci_conn_num(hdev, LE_LINK) == 0) {
1292 disable_advertising(&req);
1293 enable_advertising(&req);
1296 err = hci_req_run(&req, set_connectable_complete);
1298 mgmt_pending_remove(cmd);
1299 if (err == -ENODATA)
1300 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE,
1306 hci_dev_unlock(hdev);
1310 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1313 struct mgmt_mode *cp = data;
1317 BT_DBG("request for %s", hdev->name);
1319 if (cp->val != 0x00 && cp->val != 0x01)
1320 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1321 MGMT_STATUS_INVALID_PARAMS);
1326 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1328 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1330 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1335 err = new_settings(hdev, sk);
1338 hci_dev_unlock(hdev);
1342 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1345 struct mgmt_mode *cp = data;
1346 struct pending_cmd *cmd;
1350 BT_DBG("request for %s", hdev->name);
1352 status = mgmt_bredr_support(hdev);
1354 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1357 if (cp->val != 0x00 && cp->val != 0x01)
1358 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1359 MGMT_STATUS_INVALID_PARAMS);
1363 if (!hdev_is_powered(hdev)) {
1364 bool changed = false;
1366 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1367 &hdev->dev_flags)) {
1368 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1372 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1377 err = new_settings(hdev, sk);
1382 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1383 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1390 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1391 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1395 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1401 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1403 mgmt_pending_remove(cmd);
1408 hci_dev_unlock(hdev);
1412 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1414 struct mgmt_mode *cp = data;
1415 struct pending_cmd *cmd;
1419 BT_DBG("request for %s", hdev->name);
1421 status = mgmt_bredr_support(hdev);
1423 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1425 if (!lmp_ssp_capable(hdev))
1426 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1427 MGMT_STATUS_NOT_SUPPORTED);
1429 if (cp->val != 0x00 && cp->val != 0x01)
1430 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1431 MGMT_STATUS_INVALID_PARAMS);
1435 if (!hdev_is_powered(hdev)) {
1439 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1442 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1445 changed = test_and_clear_bit(HCI_HS_ENABLED,
1448 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1451 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1456 err = new_settings(hdev, sk);
1461 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1462 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
1463 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1468 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1469 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1473 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1479 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1481 mgmt_pending_remove(cmd);
1486 hci_dev_unlock(hdev);
1490 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1492 struct mgmt_mode *cp = data;
1497 BT_DBG("request for %s", hdev->name);
1499 status = mgmt_bredr_support(hdev);
1501 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1503 if (!lmp_ssp_capable(hdev))
1504 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1505 MGMT_STATUS_NOT_SUPPORTED);
1507 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1508 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1509 MGMT_STATUS_REJECTED);
1511 if (cp->val != 0x00 && cp->val != 0x01)
1512 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1513 MGMT_STATUS_INVALID_PARAMS);
1518 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1520 if (hdev_is_powered(hdev)) {
1521 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1522 MGMT_STATUS_REJECTED);
1526 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1529 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1534 err = new_settings(hdev, sk);
1537 hci_dev_unlock(hdev);
1541 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1543 struct cmd_lookup match = { NULL, hdev };
1546 u8 mgmt_err = mgmt_status(status);
1548 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1553 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1555 new_settings(hdev, match.sk);
1561 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1563 struct mgmt_mode *cp = data;
1564 struct hci_cp_write_le_host_supported hci_cp;
1565 struct pending_cmd *cmd;
1566 struct hci_request req;
1570 BT_DBG("request for %s", hdev->name);
1572 if (!lmp_le_capable(hdev))
1573 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1574 MGMT_STATUS_NOT_SUPPORTED);
1576 if (cp->val != 0x00 && cp->val != 0x01)
1577 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1578 MGMT_STATUS_INVALID_PARAMS);
1580 /* LE-only devices do not allow toggling LE on/off */
1581 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1582 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1583 MGMT_STATUS_REJECTED);
1588 enabled = lmp_host_le_capable(hdev);
1590 if (!hdev_is_powered(hdev) || val == enabled) {
1591 bool changed = false;
1593 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1594 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1598 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1599 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1603 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1608 err = new_settings(hdev, sk);
1613 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1614 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1615 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1620 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1626 memset(&hci_cp, 0, sizeof(hci_cp));
1630 hci_cp.simul = lmp_le_br_capable(hdev);
1633 hci_req_init(&req, hdev);
1635 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && !val)
1636 disable_advertising(&req);
1638 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1641 err = hci_req_run(&req, le_enable_complete);
1643 mgmt_pending_remove(cmd);
1646 hci_dev_unlock(hdev);
1650 /* This is a helper function to test for pending mgmt commands that can
1651 * cause CoD or EIR HCI commands. We can only allow one such pending
1652 * mgmt command at a time since otherwise we cannot easily track what
1653 * the current values are, will be, and based on that calculate if a new
1654 * HCI command needs to be sent and if yes with what value.
1656 static bool pending_eir_or_class(struct hci_dev *hdev)
1658 struct pending_cmd *cmd;
1660 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1661 switch (cmd->opcode) {
1662 case MGMT_OP_ADD_UUID:
1663 case MGMT_OP_REMOVE_UUID:
1664 case MGMT_OP_SET_DEV_CLASS:
1665 case MGMT_OP_SET_POWERED:
1673 static const u8 bluetooth_base_uuid[] = {
1674 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1675 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1678 static u8 get_uuid_size(const u8 *uuid)
1682 if (memcmp(uuid, bluetooth_base_uuid, 12))
1685 val = get_unaligned_le32(&uuid[12]);
1692 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1694 struct pending_cmd *cmd;
1698 cmd = mgmt_pending_find(mgmt_op, hdev);
1702 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1703 hdev->dev_class, 3);
1705 mgmt_pending_remove(cmd);
1708 hci_dev_unlock(hdev);
1711 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1713 BT_DBG("status 0x%02x", status);
1715 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1718 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1720 struct mgmt_cp_add_uuid *cp = data;
1721 struct pending_cmd *cmd;
1722 struct hci_request req;
1723 struct bt_uuid *uuid;
1726 BT_DBG("request for %s", hdev->name);
1730 if (pending_eir_or_class(hdev)) {
1731 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1736 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1742 memcpy(uuid->uuid, cp->uuid, 16);
1743 uuid->svc_hint = cp->svc_hint;
1744 uuid->size = get_uuid_size(cp->uuid);
1746 list_add_tail(&uuid->list, &hdev->uuids);
1748 hci_req_init(&req, hdev);
1753 err = hci_req_run(&req, add_uuid_complete);
1755 if (err != -ENODATA)
1758 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1759 hdev->dev_class, 3);
1763 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1772 hci_dev_unlock(hdev);
1776 static bool enable_service_cache(struct hci_dev *hdev)
1778 if (!hdev_is_powered(hdev))
1781 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1782 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1790 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1792 BT_DBG("status 0x%02x", status);
1794 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1797 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1800 struct mgmt_cp_remove_uuid *cp = data;
1801 struct pending_cmd *cmd;
1802 struct bt_uuid *match, *tmp;
1803 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1804 struct hci_request req;
1807 BT_DBG("request for %s", hdev->name);
1811 if (pending_eir_or_class(hdev)) {
1812 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1817 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1818 err = hci_uuids_clear(hdev);
1820 if (enable_service_cache(hdev)) {
1821 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1822 0, hdev->dev_class, 3);
1831 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1832 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1835 list_del(&match->list);
1841 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1842 MGMT_STATUS_INVALID_PARAMS);
1847 hci_req_init(&req, hdev);
1852 err = hci_req_run(&req, remove_uuid_complete);
1854 if (err != -ENODATA)
1857 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1858 hdev->dev_class, 3);
1862 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1871 hci_dev_unlock(hdev);
1875 static void set_class_complete(struct hci_dev *hdev, u8 status)
1877 BT_DBG("status 0x%02x", status);
1879 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1882 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1885 struct mgmt_cp_set_dev_class *cp = data;
1886 struct pending_cmd *cmd;
1887 struct hci_request req;
1890 BT_DBG("request for %s", hdev->name);
1892 if (!lmp_bredr_capable(hdev))
1893 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1894 MGMT_STATUS_NOT_SUPPORTED);
1898 if (pending_eir_or_class(hdev)) {
1899 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1904 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1905 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1906 MGMT_STATUS_INVALID_PARAMS);
1910 hdev->major_class = cp->major;
1911 hdev->minor_class = cp->minor;
1913 if (!hdev_is_powered(hdev)) {
1914 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1915 hdev->dev_class, 3);
1919 hci_req_init(&req, hdev);
1921 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1922 hci_dev_unlock(hdev);
1923 cancel_delayed_work_sync(&hdev->service_cache);
1930 err = hci_req_run(&req, set_class_complete);
1932 if (err != -ENODATA)
1935 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1936 hdev->dev_class, 3);
1940 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1949 hci_dev_unlock(hdev);
1953 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1956 struct mgmt_cp_load_link_keys *cp = data;
1957 u16 key_count, expected_len;
1960 BT_DBG("request for %s", hdev->name);
1962 if (!lmp_bredr_capable(hdev))
1963 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1964 MGMT_STATUS_NOT_SUPPORTED);
1966 key_count = __le16_to_cpu(cp->key_count);
1968 expected_len = sizeof(*cp) + key_count *
1969 sizeof(struct mgmt_link_key_info);
1970 if (expected_len != len) {
1971 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1973 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1974 MGMT_STATUS_INVALID_PARAMS);
1977 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1978 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1979 MGMT_STATUS_INVALID_PARAMS);
1981 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1984 for (i = 0; i < key_count; i++) {
1985 struct mgmt_link_key_info *key = &cp->keys[i];
1987 if (key->addr.type != BDADDR_BREDR)
1988 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1989 MGMT_STATUS_INVALID_PARAMS);
1994 hci_link_keys_clear(hdev);
1997 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1999 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2001 for (i = 0; i < key_count; i++) {
2002 struct mgmt_link_key_info *key = &cp->keys[i];
2004 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
2005 key->type, key->pin_len);
2008 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2010 hci_dev_unlock(hdev);
2015 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2016 u8 addr_type, struct sock *skip_sk)
2018 struct mgmt_ev_device_unpaired ev;
2020 bacpy(&ev.addr.bdaddr, bdaddr);
2021 ev.addr.type = addr_type;
2023 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2027 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2030 struct mgmt_cp_unpair_device *cp = data;
2031 struct mgmt_rp_unpair_device rp;
2032 struct hci_cp_disconnect dc;
2033 struct pending_cmd *cmd;
2034 struct hci_conn *conn;
2037 memset(&rp, 0, sizeof(rp));
2038 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2039 rp.addr.type = cp->addr.type;
2041 if (!bdaddr_type_is_valid(cp->addr.type))
2042 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2043 MGMT_STATUS_INVALID_PARAMS,
2046 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2047 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2048 MGMT_STATUS_INVALID_PARAMS,
2053 if (!hdev_is_powered(hdev)) {
2054 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2055 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2059 if (cp->addr.type == BDADDR_BREDR)
2060 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2062 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
2065 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2066 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2070 if (cp->disconnect) {
2071 if (cp->addr.type == BDADDR_BREDR)
2072 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2075 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2082 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2084 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2088 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2095 dc.handle = cpu_to_le16(conn->handle);
2096 dc.reason = 0x13; /* Remote User Terminated Connection */
2097 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2099 mgmt_pending_remove(cmd);
2102 hci_dev_unlock(hdev);
2106 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2109 struct mgmt_cp_disconnect *cp = data;
2110 struct mgmt_rp_disconnect rp;
2111 struct hci_cp_disconnect dc;
2112 struct pending_cmd *cmd;
2113 struct hci_conn *conn;
2118 memset(&rp, 0, sizeof(rp));
2119 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2120 rp.addr.type = cp->addr.type;
2122 if (!bdaddr_type_is_valid(cp->addr.type))
2123 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2124 MGMT_STATUS_INVALID_PARAMS,
2129 if (!test_bit(HCI_UP, &hdev->flags)) {
2130 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2131 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2135 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2136 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2137 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2141 if (cp->addr.type == BDADDR_BREDR)
2142 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2145 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2147 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2148 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2149 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2153 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2159 dc.handle = cpu_to_le16(conn->handle);
2160 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2162 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2164 mgmt_pending_remove(cmd);
2167 hci_dev_unlock(hdev);
2171 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2173 switch (link_type) {
2175 switch (addr_type) {
2176 case ADDR_LE_DEV_PUBLIC:
2177 return BDADDR_LE_PUBLIC;
2180 /* Fallback to LE Random address type */
2181 return BDADDR_LE_RANDOM;
2185 /* Fallback to BR/EDR type */
2186 return BDADDR_BREDR;
2190 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2193 struct mgmt_rp_get_connections *rp;
2203 if (!hdev_is_powered(hdev)) {
2204 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2205 MGMT_STATUS_NOT_POWERED);
2210 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2211 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2215 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2216 rp = kmalloc(rp_len, GFP_KERNEL);
2223 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2224 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2226 bacpy(&rp->addr[i].bdaddr, &c->dst);
2227 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2228 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2233 rp->conn_count = cpu_to_le16(i);
2235 /* Recalculate length in case of filtered SCO connections, etc */
2236 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2238 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2244 hci_dev_unlock(hdev);
2248 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2249 struct mgmt_cp_pin_code_neg_reply *cp)
2251 struct pending_cmd *cmd;
2254 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2259 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2260 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2262 mgmt_pending_remove(cmd);
2267 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2270 struct hci_conn *conn;
2271 struct mgmt_cp_pin_code_reply *cp = data;
2272 struct hci_cp_pin_code_reply reply;
2273 struct pending_cmd *cmd;
2280 if (!hdev_is_powered(hdev)) {
2281 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2282 MGMT_STATUS_NOT_POWERED);
2286 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2288 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2289 MGMT_STATUS_NOT_CONNECTED);
2293 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2294 struct mgmt_cp_pin_code_neg_reply ncp;
2296 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2298 BT_ERR("PIN code is not 16 bytes long");
2300 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2302 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2303 MGMT_STATUS_INVALID_PARAMS);
2308 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2314 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2315 reply.pin_len = cp->pin_len;
2316 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2318 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2320 mgmt_pending_remove(cmd);
2323 hci_dev_unlock(hdev);
2327 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2330 struct mgmt_cp_set_io_capability *cp = data;
2336 hdev->io_capability = cp->io_capability;
2338 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2339 hdev->io_capability);
2341 hci_dev_unlock(hdev);
2343 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2347 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2349 struct hci_dev *hdev = conn->hdev;
2350 struct pending_cmd *cmd;
2352 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2353 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2356 if (cmd->user_data != conn)
2365 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2367 struct mgmt_rp_pair_device rp;
2368 struct hci_conn *conn = cmd->user_data;
2370 bacpy(&rp.addr.bdaddr, &conn->dst);
2371 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2373 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2376 /* So we don't get further callbacks for this connection */
2377 conn->connect_cfm_cb = NULL;
2378 conn->security_cfm_cb = NULL;
2379 conn->disconn_cfm_cb = NULL;
2381 hci_conn_drop(conn);
2383 mgmt_pending_remove(cmd);
2386 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2388 struct pending_cmd *cmd;
2390 BT_DBG("status %u", status);
2392 cmd = find_pairing(conn);
2394 BT_DBG("Unable to find a pending command");
2396 pairing_complete(cmd, mgmt_status(status));
2399 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2401 struct pending_cmd *cmd;
2403 BT_DBG("status %u", status);
2408 cmd = find_pairing(conn);
2410 BT_DBG("Unable to find a pending command");
2412 pairing_complete(cmd, mgmt_status(status));
2415 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2418 struct mgmt_cp_pair_device *cp = data;
2419 struct mgmt_rp_pair_device rp;
2420 struct pending_cmd *cmd;
2421 u8 sec_level, auth_type;
2422 struct hci_conn *conn;
2427 memset(&rp, 0, sizeof(rp));
2428 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2429 rp.addr.type = cp->addr.type;
2431 if (!bdaddr_type_is_valid(cp->addr.type))
2432 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2433 MGMT_STATUS_INVALID_PARAMS,
2438 if (!hdev_is_powered(hdev)) {
2439 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2440 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2444 sec_level = BT_SECURITY_MEDIUM;
2445 if (cp->io_cap == 0x03)
2446 auth_type = HCI_AT_DEDICATED_BONDING;
2448 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2450 if (cp->addr.type == BDADDR_BREDR)
2451 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2452 cp->addr.type, sec_level, auth_type);
2454 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2455 cp->addr.type, sec_level, auth_type);
2460 if (PTR_ERR(conn) == -EBUSY)
2461 status = MGMT_STATUS_BUSY;
2463 status = MGMT_STATUS_CONNECT_FAILED;
2465 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2471 if (conn->connect_cfm_cb) {
2472 hci_conn_drop(conn);
2473 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2474 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2478 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2481 hci_conn_drop(conn);
2485 /* For LE, just connecting isn't a proof that the pairing finished */
2486 if (cp->addr.type == BDADDR_BREDR)
2487 conn->connect_cfm_cb = pairing_complete_cb;
2489 conn->connect_cfm_cb = le_connect_complete_cb;
2491 conn->security_cfm_cb = pairing_complete_cb;
2492 conn->disconn_cfm_cb = pairing_complete_cb;
2493 conn->io_capability = cp->io_cap;
2494 cmd->user_data = conn;
2496 if (conn->state == BT_CONNECTED &&
2497 hci_conn_security(conn, sec_level, auth_type))
2498 pairing_complete(cmd, 0);
2503 hci_dev_unlock(hdev);
2507 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2510 struct mgmt_addr_info *addr = data;
2511 struct pending_cmd *cmd;
2512 struct hci_conn *conn;
2519 if (!hdev_is_powered(hdev)) {
2520 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2521 MGMT_STATUS_NOT_POWERED);
2525 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2527 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2528 MGMT_STATUS_INVALID_PARAMS);
2532 conn = cmd->user_data;
2534 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2535 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2536 MGMT_STATUS_INVALID_PARAMS);
2540 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2542 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2543 addr, sizeof(*addr));
2545 hci_dev_unlock(hdev);
2549 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2550 struct mgmt_addr_info *addr, u16 mgmt_op,
2551 u16 hci_op, __le32 passkey)
2553 struct pending_cmd *cmd;
2554 struct hci_conn *conn;
2559 if (!hdev_is_powered(hdev)) {
2560 err = cmd_complete(sk, hdev->id, mgmt_op,
2561 MGMT_STATUS_NOT_POWERED, addr,
2566 if (addr->type == BDADDR_BREDR)
2567 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2569 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2572 err = cmd_complete(sk, hdev->id, mgmt_op,
2573 MGMT_STATUS_NOT_CONNECTED, addr,
2578 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2579 /* Continue with pairing via SMP */
2580 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2583 err = cmd_complete(sk, hdev->id, mgmt_op,
2584 MGMT_STATUS_SUCCESS, addr,
2587 err = cmd_complete(sk, hdev->id, mgmt_op,
2588 MGMT_STATUS_FAILED, addr,
2594 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2600 /* Continue with pairing via HCI */
2601 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2602 struct hci_cp_user_passkey_reply cp;
2604 bacpy(&cp.bdaddr, &addr->bdaddr);
2605 cp.passkey = passkey;
2606 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2608 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2612 mgmt_pending_remove(cmd);
2615 hci_dev_unlock(hdev);
2619 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2620 void *data, u16 len)
2622 struct mgmt_cp_pin_code_neg_reply *cp = data;
2626 return user_pairing_resp(sk, hdev, &cp->addr,
2627 MGMT_OP_PIN_CODE_NEG_REPLY,
2628 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2631 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2634 struct mgmt_cp_user_confirm_reply *cp = data;
2638 if (len != sizeof(*cp))
2639 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2640 MGMT_STATUS_INVALID_PARAMS);
2642 return user_pairing_resp(sk, hdev, &cp->addr,
2643 MGMT_OP_USER_CONFIRM_REPLY,
2644 HCI_OP_USER_CONFIRM_REPLY, 0);
2647 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2648 void *data, u16 len)
2650 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2654 return user_pairing_resp(sk, hdev, &cp->addr,
2655 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2656 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2659 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2662 struct mgmt_cp_user_passkey_reply *cp = data;
2666 return user_pairing_resp(sk, hdev, &cp->addr,
2667 MGMT_OP_USER_PASSKEY_REPLY,
2668 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2671 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2672 void *data, u16 len)
2674 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2678 return user_pairing_resp(sk, hdev, &cp->addr,
2679 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2680 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2683 static void update_name(struct hci_request *req)
2685 struct hci_dev *hdev = req->hdev;
2686 struct hci_cp_write_local_name cp;
2688 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2690 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2693 static void set_name_complete(struct hci_dev *hdev, u8 status)
2695 struct mgmt_cp_set_local_name *cp;
2696 struct pending_cmd *cmd;
2698 BT_DBG("status 0x%02x", status);
2702 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2709 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2710 mgmt_status(status));
2712 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2715 mgmt_pending_remove(cmd);
2718 hci_dev_unlock(hdev);
2721 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2724 struct mgmt_cp_set_local_name *cp = data;
2725 struct pending_cmd *cmd;
2726 struct hci_request req;
2733 /* If the old values are the same as the new ones just return a
2734 * direct command complete event.
2736 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2737 !memcmp(hdev->short_name, cp->short_name,
2738 sizeof(hdev->short_name))) {
2739 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2744 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2746 if (!hdev_is_powered(hdev)) {
2747 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2749 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2754 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2760 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2766 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2768 hci_req_init(&req, hdev);
2770 if (lmp_bredr_capable(hdev)) {
2775 if (lmp_le_capable(hdev))
2776 hci_update_ad(&req);
2778 err = hci_req_run(&req, set_name_complete);
2780 mgmt_pending_remove(cmd);
2783 hci_dev_unlock(hdev);
2787 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2788 void *data, u16 data_len)
2790 struct pending_cmd *cmd;
2793 BT_DBG("%s", hdev->name);
2797 if (!hdev_is_powered(hdev)) {
2798 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2799 MGMT_STATUS_NOT_POWERED);
2803 if (!lmp_ssp_capable(hdev)) {
2804 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2805 MGMT_STATUS_NOT_SUPPORTED);
2809 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2810 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2815 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2821 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2823 mgmt_pending_remove(cmd);
2826 hci_dev_unlock(hdev);
2830 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2831 void *data, u16 len)
2833 struct mgmt_cp_add_remote_oob_data *cp = data;
2837 BT_DBG("%s ", hdev->name);
2841 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2844 status = MGMT_STATUS_FAILED;
2846 status = MGMT_STATUS_SUCCESS;
2848 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2849 &cp->addr, sizeof(cp->addr));
2851 hci_dev_unlock(hdev);
2855 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2856 void *data, u16 len)
2858 struct mgmt_cp_remove_remote_oob_data *cp = data;
2862 BT_DBG("%s", hdev->name);
2866 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2868 status = MGMT_STATUS_INVALID_PARAMS;
2870 status = MGMT_STATUS_SUCCESS;
2872 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2873 status, &cp->addr, sizeof(cp->addr));
2875 hci_dev_unlock(hdev);
2879 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2881 struct pending_cmd *cmd;
2885 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2887 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2891 type = hdev->discovery.type;
2893 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2894 &type, sizeof(type));
2895 mgmt_pending_remove(cmd);
2900 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2902 BT_DBG("status %d", status);
2906 mgmt_start_discovery_failed(hdev, status);
2907 hci_dev_unlock(hdev);
2912 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2913 hci_dev_unlock(hdev);
2915 switch (hdev->discovery.type) {
2916 case DISCOV_TYPE_LE:
2917 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2921 case DISCOV_TYPE_INTERLEAVED:
2922 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2923 DISCOV_INTERLEAVED_TIMEOUT);
2926 case DISCOV_TYPE_BREDR:
2930 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2934 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2935 void *data, u16 len)
2937 struct mgmt_cp_start_discovery *cp = data;
2938 struct pending_cmd *cmd;
2939 struct hci_cp_le_set_scan_param param_cp;
2940 struct hci_cp_le_set_scan_enable enable_cp;
2941 struct hci_cp_inquiry inq_cp;
2942 struct hci_request req;
2943 /* General inquiry access code (GIAC) */
2944 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2948 BT_DBG("%s", hdev->name);
2952 if (!hdev_is_powered(hdev)) {
2953 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2954 MGMT_STATUS_NOT_POWERED);
2958 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2959 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2964 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2965 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2970 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2976 hdev->discovery.type = cp->type;
2978 hci_req_init(&req, hdev);
2980 switch (hdev->discovery.type) {
2981 case DISCOV_TYPE_BREDR:
2982 status = mgmt_bredr_support(hdev);
2984 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2986 mgmt_pending_remove(cmd);
2990 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2991 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2993 mgmt_pending_remove(cmd);
2997 hci_inquiry_cache_flush(hdev);
2999 memset(&inq_cp, 0, sizeof(inq_cp));
3000 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3001 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3002 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3005 case DISCOV_TYPE_LE:
3006 case DISCOV_TYPE_INTERLEAVED:
3007 status = mgmt_le_support(hdev);
3009 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3011 mgmt_pending_remove(cmd);
3015 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3016 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3017 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3018 MGMT_STATUS_NOT_SUPPORTED);
3019 mgmt_pending_remove(cmd);
3023 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3024 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3025 MGMT_STATUS_REJECTED);
3026 mgmt_pending_remove(cmd);
3030 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3031 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3033 mgmt_pending_remove(cmd);
3037 memset(¶m_cp, 0, sizeof(param_cp));
3038 param_cp.type = LE_SCAN_ACTIVE;
3039 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3040 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3041 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
3042 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
3044 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
3045 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3048 memset(&enable_cp, 0, sizeof(enable_cp));
3049 enable_cp.enable = LE_SCAN_ENABLE;
3050 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3051 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3056 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3057 MGMT_STATUS_INVALID_PARAMS);
3058 mgmt_pending_remove(cmd);
3062 err = hci_req_run(&req, start_discovery_complete);
3064 mgmt_pending_remove(cmd);
3066 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3069 hci_dev_unlock(hdev);
3073 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3075 struct pending_cmd *cmd;
3078 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3082 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3083 &hdev->discovery.type, sizeof(hdev->discovery.type));
3084 mgmt_pending_remove(cmd);
3089 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3091 BT_DBG("status %d", status);
3096 mgmt_stop_discovery_failed(hdev, status);
3100 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3103 hci_dev_unlock(hdev);
3106 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3109 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3110 struct pending_cmd *cmd;
3111 struct hci_cp_remote_name_req_cancel cp;
3112 struct inquiry_entry *e;
3113 struct hci_request req;
3114 struct hci_cp_le_set_scan_enable enable_cp;
3117 BT_DBG("%s", hdev->name);
3121 if (!hci_discovery_active(hdev)) {
3122 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3123 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3124 sizeof(mgmt_cp->type));
3128 if (hdev->discovery.type != mgmt_cp->type) {
3129 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3130 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3131 sizeof(mgmt_cp->type));
3135 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3141 hci_req_init(&req, hdev);
3143 switch (hdev->discovery.state) {
3144 case DISCOVERY_FINDING:
3145 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3146 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3148 cancel_delayed_work(&hdev->le_scan_disable);
3150 memset(&enable_cp, 0, sizeof(enable_cp));
3151 enable_cp.enable = LE_SCAN_DISABLE;
3152 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3153 sizeof(enable_cp), &enable_cp);
3158 case DISCOVERY_RESOLVING:
3159 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3162 mgmt_pending_remove(cmd);
3163 err = cmd_complete(sk, hdev->id,
3164 MGMT_OP_STOP_DISCOVERY, 0,
3166 sizeof(mgmt_cp->type));
3167 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3171 bacpy(&cp.bdaddr, &e->data.bdaddr);
3172 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3178 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3180 mgmt_pending_remove(cmd);
3181 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3182 MGMT_STATUS_FAILED, &mgmt_cp->type,
3183 sizeof(mgmt_cp->type));
3187 err = hci_req_run(&req, stop_discovery_complete);
3189 mgmt_pending_remove(cmd);
3191 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3194 hci_dev_unlock(hdev);
3198 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3201 struct mgmt_cp_confirm_name *cp = data;
3202 struct inquiry_entry *e;
3205 BT_DBG("%s", hdev->name);
3209 if (!hci_discovery_active(hdev)) {
3210 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3211 MGMT_STATUS_FAILED);
3215 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3217 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3218 MGMT_STATUS_INVALID_PARAMS);
3222 if (cp->name_known) {
3223 e->name_state = NAME_KNOWN;
3226 e->name_state = NAME_NEEDED;
3227 hci_inquiry_cache_update_resolve(hdev, e);
3230 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3234 hci_dev_unlock(hdev);
3238 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3241 struct mgmt_cp_block_device *cp = data;
3245 BT_DBG("%s", hdev->name);
3247 if (!bdaddr_type_is_valid(cp->addr.type))
3248 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3249 MGMT_STATUS_INVALID_PARAMS,
3250 &cp->addr, sizeof(cp->addr));
3254 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3256 status = MGMT_STATUS_FAILED;
3258 status = MGMT_STATUS_SUCCESS;
3260 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3261 &cp->addr, sizeof(cp->addr));
3263 hci_dev_unlock(hdev);
3268 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3271 struct mgmt_cp_unblock_device *cp = data;
3275 BT_DBG("%s", hdev->name);
3277 if (!bdaddr_type_is_valid(cp->addr.type))
3278 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3279 MGMT_STATUS_INVALID_PARAMS,
3280 &cp->addr, sizeof(cp->addr));
3284 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3286 status = MGMT_STATUS_INVALID_PARAMS;
3288 status = MGMT_STATUS_SUCCESS;
3290 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3291 &cp->addr, sizeof(cp->addr));
3293 hci_dev_unlock(hdev);
3298 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3301 struct mgmt_cp_set_device_id *cp = data;
3302 struct hci_request req;
3306 BT_DBG("%s", hdev->name);
3308 source = __le16_to_cpu(cp->source);
3310 if (source > 0x0002)
3311 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3312 MGMT_STATUS_INVALID_PARAMS);
3316 hdev->devid_source = source;
3317 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3318 hdev->devid_product = __le16_to_cpu(cp->product);
3319 hdev->devid_version = __le16_to_cpu(cp->version);
3321 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3323 hci_req_init(&req, hdev);
3325 hci_req_run(&req, NULL);
3327 hci_dev_unlock(hdev);
3332 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3334 struct cmd_lookup match = { NULL, hdev };
3337 u8 mgmt_err = mgmt_status(status);
3339 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3340 cmd_status_rsp, &mgmt_err);
3344 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3347 new_settings(hdev, match.sk);
3353 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3356 struct mgmt_mode *cp = data;
3357 struct pending_cmd *cmd;
3358 struct hci_request req;
3359 u8 val, enabled, status;
3362 BT_DBG("request for %s", hdev->name);
3364 status = mgmt_le_support(hdev);
3366 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3369 if (cp->val != 0x00 && cp->val != 0x01)
3370 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3371 MGMT_STATUS_INVALID_PARAMS);
3376 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3378 /* The following conditions are ones which mean that we should
3379 * not do any HCI communication but directly send a mgmt
3380 * response to user space (after toggling the flag if
3383 if (!hdev_is_powered(hdev) || val == enabled ||
3384 hci_conn_num(hdev, LE_LINK) > 0) {
3385 bool changed = false;
3387 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3388 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3392 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3397 err = new_settings(hdev, sk);
3402 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3403 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3404 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3409 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3415 hci_req_init(&req, hdev);
3418 enable_advertising(&req);
3420 disable_advertising(&req);
3422 err = hci_req_run(&req, set_advertising_complete);
3424 mgmt_pending_remove(cmd);
3427 hci_dev_unlock(hdev);
3431 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3432 void *data, u16 len)
3434 struct mgmt_cp_set_static_address *cp = data;
3437 BT_DBG("%s", hdev->name);
3439 if (!lmp_le_capable(hdev))
3440 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3441 MGMT_STATUS_NOT_SUPPORTED);
3443 if (hdev_is_powered(hdev))
3444 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3445 MGMT_STATUS_REJECTED);
3447 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3448 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3449 return cmd_status(sk, hdev->id,
3450 MGMT_OP_SET_STATIC_ADDRESS,
3451 MGMT_STATUS_INVALID_PARAMS);
3453 /* Two most significant bits shall be set */
3454 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3455 return cmd_status(sk, hdev->id,
3456 MGMT_OP_SET_STATIC_ADDRESS,
3457 MGMT_STATUS_INVALID_PARAMS);
3462 bacpy(&hdev->static_addr, &cp->bdaddr);
3464 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3466 hci_dev_unlock(hdev);
3471 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3472 void *data, u16 len)
3474 struct mgmt_cp_set_scan_params *cp = data;
3475 __u16 interval, window;
3478 BT_DBG("%s", hdev->name);
3480 if (!lmp_le_capable(hdev))
3481 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3482 MGMT_STATUS_NOT_SUPPORTED);
3484 interval = __le16_to_cpu(cp->interval);
3486 if (interval < 0x0004 || interval > 0x4000)
3487 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3488 MGMT_STATUS_INVALID_PARAMS);
3490 window = __le16_to_cpu(cp->window);
3492 if (window < 0x0004 || window > 0x4000)
3493 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3494 MGMT_STATUS_INVALID_PARAMS);
3498 hdev->le_scan_interval = interval;
3499 hdev->le_scan_window = window;
3501 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3503 hci_dev_unlock(hdev);
3508 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3510 struct pending_cmd *cmd;
3512 BT_DBG("status 0x%02x", status);
3516 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3521 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3522 mgmt_status(status));
3524 struct mgmt_mode *cp = cmd->param;
3527 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3529 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3531 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3532 new_settings(hdev, cmd->sk);
3535 mgmt_pending_remove(cmd);
3538 hci_dev_unlock(hdev);
3541 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3542 void *data, u16 len)
3544 struct mgmt_mode *cp = data;
3545 struct pending_cmd *cmd;
3546 struct hci_request req;
3549 BT_DBG("%s", hdev->name);
3551 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3552 hdev->hci_ver < BLUETOOTH_VER_1_2)
3553 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3554 MGMT_STATUS_NOT_SUPPORTED);
3556 if (cp->val != 0x00 && cp->val != 0x01)
3557 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3558 MGMT_STATUS_INVALID_PARAMS);
3560 if (!hdev_is_powered(hdev))
3561 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3562 MGMT_STATUS_NOT_POWERED);
3564 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3565 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3566 MGMT_STATUS_REJECTED);
3570 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3571 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3576 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3577 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3582 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3589 hci_req_init(&req, hdev);
3591 write_fast_connectable(&req, cp->val);
3593 err = hci_req_run(&req, fast_connectable_complete);
3595 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3596 MGMT_STATUS_FAILED);
3597 mgmt_pending_remove(cmd);
3601 hci_dev_unlock(hdev);
3606 static void set_bredr_scan(struct hci_request *req)
3608 struct hci_dev *hdev = req->hdev;
3611 /* Ensure that fast connectable is disabled. This function will
3612 * not do anything if the page scan parameters are already what
3615 write_fast_connectable(req, false);
3617 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3619 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3620 scan |= SCAN_INQUIRY;
3623 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3626 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3628 struct pending_cmd *cmd;
3630 BT_DBG("status 0x%02x", status);
3634 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3639 u8 mgmt_err = mgmt_status(status);
3641 /* We need to restore the flag if related HCI commands
3644 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3646 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3648 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3649 new_settings(hdev, cmd->sk);
3652 mgmt_pending_remove(cmd);
3655 hci_dev_unlock(hdev);
3658 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3660 struct mgmt_mode *cp = data;
3661 struct pending_cmd *cmd;
3662 struct hci_request req;
3665 BT_DBG("request for %s", hdev->name);
3667 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3668 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3669 MGMT_STATUS_NOT_SUPPORTED);
3671 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3672 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3673 MGMT_STATUS_REJECTED);
3675 if (cp->val != 0x00 && cp->val != 0x01)
3676 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3677 MGMT_STATUS_INVALID_PARAMS);
3681 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3682 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3686 if (!hdev_is_powered(hdev)) {
3688 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3689 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3690 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3691 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3692 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3695 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3697 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3701 err = new_settings(hdev, sk);
3705 /* Reject disabling when powered on */
3707 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3708 MGMT_STATUS_REJECTED);
3712 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3713 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3718 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3724 /* We need to flip the bit already here so that hci_update_ad
3725 * generates the correct flags.
3727 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3729 hci_req_init(&req, hdev);
3731 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3732 set_bredr_scan(&req);
3734 hci_update_ad(&req);
3736 err = hci_req_run(&req, set_bredr_complete);
3738 mgmt_pending_remove(cmd);
3741 hci_dev_unlock(hdev);
3745 static bool ltk_is_valid(struct mgmt_ltk_info *key)
3747 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3749 if (key->master != 0x00 && key->master != 0x01)
3751 if (!bdaddr_type_is_le(key->addr.type))
3756 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
3757 void *cp_data, u16 len)
3759 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3760 u16 key_count, expected_len;
3763 BT_DBG("request for %s", hdev->name);
3765 if (!lmp_le_capable(hdev))
3766 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3767 MGMT_STATUS_NOT_SUPPORTED);
3769 key_count = __le16_to_cpu(cp->key_count);
3771 expected_len = sizeof(*cp) + key_count *
3772 sizeof(struct mgmt_ltk_info);
3773 if (expected_len != len) {
3774 BT_ERR("load_keys: expected %u bytes, got %u bytes",
3776 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3777 MGMT_STATUS_INVALID_PARAMS);
3780 BT_DBG("%s key_count %u", hdev->name, key_count);
3782 for (i = 0; i < key_count; i++) {
3783 struct mgmt_ltk_info *key = &cp->keys[i];
3785 if (!ltk_is_valid(key))
3786 return cmd_status(sk, hdev->id,
3787 MGMT_OP_LOAD_LONG_TERM_KEYS,
3788 MGMT_STATUS_INVALID_PARAMS);
3793 hci_smp_ltks_clear(hdev);
3795 for (i = 0; i < key_count; i++) {
3796 struct mgmt_ltk_info *key = &cp->keys[i];
3799 if (key->addr.type == BDADDR_LE_PUBLIC)
3800 addr_type = ADDR_LE_DEV_PUBLIC;
3802 addr_type = ADDR_LE_DEV_RANDOM;
3807 type = HCI_SMP_LTK_SLAVE;
3809 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
3810 type, 0, key->authenticated, key->val,
3811 key->enc_size, key->ediv, key->rand);
3814 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3817 hci_dev_unlock(hdev);
3822 static const struct mgmt_handler {
3823 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3827 } mgmt_handlers[] = {
3828 { NULL }, /* 0x0000 (no command) */
3829 { read_version, false, MGMT_READ_VERSION_SIZE },
3830 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3831 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3832 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3833 { set_powered, false, MGMT_SETTING_SIZE },
3834 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3835 { set_connectable, false, MGMT_SETTING_SIZE },
3836 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3837 { set_pairable, false, MGMT_SETTING_SIZE },
3838 { set_link_security, false, MGMT_SETTING_SIZE },
3839 { set_ssp, false, MGMT_SETTING_SIZE },
3840 { set_hs, false, MGMT_SETTING_SIZE },
3841 { set_le, false, MGMT_SETTING_SIZE },
3842 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3843 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3844 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3845 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3846 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3847 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3848 { disconnect, false, MGMT_DISCONNECT_SIZE },
3849 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3850 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3851 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3852 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3853 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3854 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3855 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3856 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3857 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3858 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3859 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3860 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3861 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3862 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3863 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3864 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3865 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3866 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3867 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
3868 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
3869 { set_advertising, false, MGMT_SETTING_SIZE },
3870 { set_bredr, false, MGMT_SETTING_SIZE },
3871 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
3872 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
3876 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3880 struct mgmt_hdr *hdr;
3881 u16 opcode, index, len;
3882 struct hci_dev *hdev = NULL;
3883 const struct mgmt_handler *handler;
3886 BT_DBG("got %zu bytes", msglen);
3888 if (msglen < sizeof(*hdr))
3891 buf = kmalloc(msglen, GFP_KERNEL);
3895 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3901 opcode = __le16_to_cpu(hdr->opcode);
3902 index = __le16_to_cpu(hdr->index);
3903 len = __le16_to_cpu(hdr->len);
3905 if (len != msglen - sizeof(*hdr)) {
3910 if (index != MGMT_INDEX_NONE) {
3911 hdev = hci_dev_get(index);
3913 err = cmd_status(sk, index, opcode,
3914 MGMT_STATUS_INVALID_INDEX);
3918 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
3919 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3920 err = cmd_status(sk, index, opcode,
3921 MGMT_STATUS_INVALID_INDEX);
3926 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
3927 mgmt_handlers[opcode].func == NULL) {
3928 BT_DBG("Unknown op %u", opcode);
3929 err = cmd_status(sk, index, opcode,
3930 MGMT_STATUS_UNKNOWN_COMMAND);
3934 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
3935 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
3936 err = cmd_status(sk, index, opcode,
3937 MGMT_STATUS_INVALID_INDEX);
3941 handler = &mgmt_handlers[opcode];
3943 if ((handler->var_len && len < handler->data_len) ||
3944 (!handler->var_len && len != handler->data_len)) {
3945 err = cmd_status(sk, index, opcode,
3946 MGMT_STATUS_INVALID_PARAMS);
3951 mgmt_init_hdev(sk, hdev);
3953 cp = buf + sizeof(*hdr);
3955 err = handler->func(sk, hdev, cp, len);
3969 void mgmt_index_added(struct hci_dev *hdev)
3971 if (hdev->dev_type != HCI_BREDR)
3974 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
3977 void mgmt_index_removed(struct hci_dev *hdev)
3979 u8 status = MGMT_STATUS_INVALID_INDEX;
3981 if (hdev->dev_type != HCI_BREDR)
3984 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3986 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
3989 static void powered_complete(struct hci_dev *hdev, u8 status)
3991 struct cmd_lookup match = { NULL, hdev };
3993 BT_DBG("status 0x%02x", status);
3997 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3999 new_settings(hdev, match.sk);
4001 hci_dev_unlock(hdev);
4007 static int powered_update_hci(struct hci_dev *hdev)
4009 struct hci_request req;
4012 hci_req_init(&req, hdev);
4014 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4015 !lmp_host_ssp_capable(hdev)) {
4018 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
4021 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4022 lmp_bredr_capable(hdev)) {
4023 struct hci_cp_write_le_host_supported cp;
4026 cp.simul = lmp_le_br_capable(hdev);
4028 /* Check first if we already have the right
4029 * host state (host features set)
4031 if (cp.le != lmp_host_le_capable(hdev) ||
4032 cp.simul != lmp_host_le_br_capable(hdev))
4033 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4036 /* In case BR/EDR was toggled during the AUTO_OFF phase */
4037 hci_update_ad(&req);
4040 if (lmp_le_capable(hdev)) {
4041 /* Set random address to static address if configured */
4042 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4043 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4044 &hdev->static_addr);
4046 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4047 enable_advertising(&req);
4050 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4051 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
4052 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4053 sizeof(link_sec), &link_sec);
4055 if (lmp_bredr_capable(hdev)) {
4056 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4057 set_bredr_scan(&req);
4063 return hci_req_run(&req, powered_complete);
4066 int mgmt_powered(struct hci_dev *hdev, u8 powered)
4068 struct cmd_lookup match = { NULL, hdev };
4069 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4070 u8 zero_cod[] = { 0, 0, 0 };
4073 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4077 if (powered_update_hci(hdev) == 0)
4080 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4085 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4086 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4088 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4089 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4090 zero_cod, sizeof(zero_cod), NULL);
4093 err = new_settings(hdev, match.sk);
4101 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
4103 struct pending_cmd *cmd;
4106 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4110 if (err == -ERFKILL)
4111 status = MGMT_STATUS_RFKILLED;
4113 status = MGMT_STATUS_FAILED;
4115 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
4117 mgmt_pending_remove(cmd);
4120 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
4122 bool changed = false;
4125 /* Nothing needed here if there's a pending command since that
4126 * commands request completion callback takes care of everything
4129 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
4133 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4136 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4141 err = new_settings(hdev, NULL);
4146 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
4148 bool changed = false;
4151 /* Nothing needed here if there's a pending command since that
4152 * commands request completion callback takes care of everything
4155 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
4159 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4162 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4167 err = new_settings(hdev, NULL);
4172 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
4174 u8 mgmt_err = mgmt_status(status);
4176 if (scan & SCAN_PAGE)
4177 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
4178 cmd_status_rsp, &mgmt_err);
4180 if (scan & SCAN_INQUIRY)
4181 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
4182 cmd_status_rsp, &mgmt_err);
4187 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4190 struct mgmt_ev_new_link_key ev;
4192 memset(&ev, 0, sizeof(ev));
4194 ev.store_hint = persistent;
4195 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4196 ev.key.addr.type = BDADDR_BREDR;
4197 ev.key.type = key->type;
4198 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
4199 ev.key.pin_len = key->pin_len;
4201 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4204 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4206 struct mgmt_ev_new_long_term_key ev;
4208 memset(&ev, 0, sizeof(ev));
4210 ev.store_hint = persistent;
4211 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4212 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4213 ev.key.authenticated = key->authenticated;
4214 ev.key.enc_size = key->enc_size;
4215 ev.key.ediv = key->ediv;
4217 if (key->type == HCI_SMP_LTK)
4220 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4221 memcpy(ev.key.val, key->val, sizeof(key->val));
4223 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4227 void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4228 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4232 struct mgmt_ev_device_connected *ev = (void *) buf;
4235 bacpy(&ev->addr.bdaddr, bdaddr);
4236 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4238 ev->flags = __cpu_to_le32(flags);
4241 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4244 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4245 eir_len = eir_append_data(ev->eir, eir_len,
4246 EIR_CLASS_OF_DEV, dev_class, 3);
4248 ev->eir_len = cpu_to_le16(eir_len);
4250 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4251 sizeof(*ev) + eir_len, NULL);
4254 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4256 struct mgmt_cp_disconnect *cp = cmd->param;
4257 struct sock **sk = data;
4258 struct mgmt_rp_disconnect rp;
4260 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4261 rp.addr.type = cp->addr.type;
4263 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4269 mgmt_pending_remove(cmd);
4272 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4274 struct hci_dev *hdev = data;
4275 struct mgmt_cp_unpair_device *cp = cmd->param;
4276 struct mgmt_rp_unpair_device rp;
4278 memset(&rp, 0, sizeof(rp));
4279 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4280 rp.addr.type = cp->addr.type;
4282 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4284 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4286 mgmt_pending_remove(cmd);
4289 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4290 u8 link_type, u8 addr_type, u8 reason)
4292 struct mgmt_ev_device_disconnected ev;
4293 struct sock *sk = NULL;
4295 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4297 bacpy(&ev.addr.bdaddr, bdaddr);
4298 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4301 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
4306 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4310 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4311 u8 link_type, u8 addr_type, u8 status)
4313 struct mgmt_rp_disconnect rp;
4314 struct pending_cmd *cmd;
4316 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4319 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4323 bacpy(&rp.addr.bdaddr, bdaddr);
4324 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4326 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4327 mgmt_status(status), &rp, sizeof(rp));
4329 mgmt_pending_remove(cmd);
4332 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4333 u8 addr_type, u8 status)
4335 struct mgmt_ev_connect_failed ev;
4337 bacpy(&ev.addr.bdaddr, bdaddr);
4338 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4339 ev.status = mgmt_status(status);
4341 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4344 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
4346 struct mgmt_ev_pin_code_request ev;
4348 bacpy(&ev.addr.bdaddr, bdaddr);
4349 ev.addr.type = BDADDR_BREDR;
4352 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4356 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4359 struct pending_cmd *cmd;
4360 struct mgmt_rp_pin_code_reply rp;
4363 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
4367 bacpy(&rp.addr.bdaddr, bdaddr);
4368 rp.addr.type = BDADDR_BREDR;
4370 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4371 mgmt_status(status), &rp, sizeof(rp));
4373 mgmt_pending_remove(cmd);
4378 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4381 struct pending_cmd *cmd;
4382 struct mgmt_rp_pin_code_reply rp;
4385 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
4389 bacpy(&rp.addr.bdaddr, bdaddr);
4390 rp.addr.type = BDADDR_BREDR;
4392 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4393 mgmt_status(status), &rp, sizeof(rp));
4395 mgmt_pending_remove(cmd);
4400 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4401 u8 link_type, u8 addr_type, __le32 value,
4404 struct mgmt_ev_user_confirm_request ev;
4406 BT_DBG("%s", hdev->name);
4408 bacpy(&ev.addr.bdaddr, bdaddr);
4409 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4410 ev.confirm_hint = confirm_hint;
4413 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4417 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4418 u8 link_type, u8 addr_type)
4420 struct mgmt_ev_user_passkey_request ev;
4422 BT_DBG("%s", hdev->name);
4424 bacpy(&ev.addr.bdaddr, bdaddr);
4425 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4427 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
4431 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4432 u8 link_type, u8 addr_type, u8 status,
4435 struct pending_cmd *cmd;
4436 struct mgmt_rp_user_confirm_reply rp;
4439 cmd = mgmt_pending_find(opcode, hdev);
4443 bacpy(&rp.addr.bdaddr, bdaddr);
4444 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4445 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
4448 mgmt_pending_remove(cmd);
4453 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4454 u8 link_type, u8 addr_type, u8 status)
4456 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4457 status, MGMT_OP_USER_CONFIRM_REPLY);
4460 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4461 u8 link_type, u8 addr_type, u8 status)
4463 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4465 MGMT_OP_USER_CONFIRM_NEG_REPLY);
4468 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4469 u8 link_type, u8 addr_type, u8 status)
4471 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4472 status, MGMT_OP_USER_PASSKEY_REPLY);
4475 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4476 u8 link_type, u8 addr_type, u8 status)
4478 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4480 MGMT_OP_USER_PASSKEY_NEG_REPLY);
4483 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4484 u8 link_type, u8 addr_type, u32 passkey,
4487 struct mgmt_ev_passkey_notify ev;
4489 BT_DBG("%s", hdev->name);
4491 bacpy(&ev.addr.bdaddr, bdaddr);
4492 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4493 ev.passkey = __cpu_to_le32(passkey);
4494 ev.entered = entered;
4496 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4499 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4500 u8 addr_type, u8 status)
4502 struct mgmt_ev_auth_failed ev;
4504 bacpy(&ev.addr.bdaddr, bdaddr);
4505 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4506 ev.status = mgmt_status(status);
4508 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
4511 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4513 struct cmd_lookup match = { NULL, hdev };
4514 bool changed = false;
4518 u8 mgmt_err = mgmt_status(status);
4519 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
4520 cmd_status_rsp, &mgmt_err);
4524 if (test_bit(HCI_AUTH, &hdev->flags)) {
4525 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4528 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4532 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
4536 err = new_settings(hdev, match.sk);
4544 static void clear_eir(struct hci_request *req)
4546 struct hci_dev *hdev = req->hdev;
4547 struct hci_cp_write_eir cp;
4549 if (!lmp_ext_inq_capable(hdev))
4552 memset(hdev->eir, 0, sizeof(hdev->eir));
4554 memset(&cp, 0, sizeof(cp));
4556 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
4559 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4561 struct cmd_lookup match = { NULL, hdev };
4562 struct hci_request req;
4563 bool changed = false;
4567 u8 mgmt_err = mgmt_status(status);
4569 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
4570 &hdev->dev_flags)) {
4571 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4572 err = new_settings(hdev, NULL);
4575 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4582 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4584 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4586 changed = test_and_clear_bit(HCI_HS_ENABLED,
4589 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4592 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4595 err = new_settings(hdev, match.sk);
4600 hci_req_init(&req, hdev);
4602 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4607 hci_req_run(&req, NULL);
4612 static void sk_lookup(struct pending_cmd *cmd, void *data)
4614 struct cmd_lookup *match = data;
4616 if (match->sk == NULL) {
4617 match->sk = cmd->sk;
4618 sock_hold(match->sk);
4622 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4625 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4628 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4629 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4630 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
4633 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4642 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
4644 struct mgmt_cp_set_local_name ev;
4645 struct pending_cmd *cmd;
4650 memset(&ev, 0, sizeof(ev));
4651 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
4652 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
4654 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
4656 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
4658 /* If this is a HCI command related to powering on the
4659 * HCI dev don't send any mgmt signals.
4661 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4665 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4666 cmd ? cmd->sk : NULL);
4669 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4670 u8 *randomizer, u8 status)
4672 struct pending_cmd *cmd;
4675 BT_DBG("%s status %u", hdev->name, status);
4677 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4682 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4683 mgmt_status(status));
4685 struct mgmt_rp_read_local_oob_data rp;
4687 memcpy(rp.hash, hash, sizeof(rp.hash));
4688 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4690 err = cmd_complete(cmd->sk, hdev->id,
4691 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4695 mgmt_pending_remove(cmd);
4700 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4701 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4702 ssp, u8 *eir, u16 eir_len)
4705 struct mgmt_ev_device_found *ev = (void *) buf;
4708 if (!hci_discovery_active(hdev))
4711 /* Leave 5 bytes for a potential CoD field */
4712 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
4715 memset(buf, 0, sizeof(buf));
4717 bacpy(&ev->addr.bdaddr, bdaddr);
4718 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4721 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
4723 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
4726 memcpy(ev->eir, eir, eir_len);
4728 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4729 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
4732 ev->eir_len = cpu_to_le16(eir_len);
4733 ev_size = sizeof(*ev) + eir_len;
4735 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
4738 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4739 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
4741 struct mgmt_ev_device_found *ev;
4742 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4745 ev = (struct mgmt_ev_device_found *) buf;
4747 memset(buf, 0, sizeof(buf));
4749 bacpy(&ev->addr.bdaddr, bdaddr);
4750 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4753 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
4756 ev->eir_len = cpu_to_le16(eir_len);
4758 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
4761 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
4763 struct mgmt_ev_discovering ev;
4764 struct pending_cmd *cmd;
4766 BT_DBG("%s discovering %u", hdev->name, discovering);
4769 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
4771 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4774 u8 type = hdev->discovery.type;
4776 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4778 mgmt_pending_remove(cmd);
4781 memset(&ev, 0, sizeof(ev));
4782 ev.type = hdev->discovery.type;
4783 ev.discovering = discovering;
4785 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
4788 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4790 struct pending_cmd *cmd;
4791 struct mgmt_ev_device_blocked ev;
4793 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
4795 bacpy(&ev.addr.bdaddr, bdaddr);
4796 ev.addr.type = type;
4798 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
4799 cmd ? cmd->sk : NULL);
4802 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4804 struct pending_cmd *cmd;
4805 struct mgmt_ev_device_unblocked ev;
4807 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
4809 bacpy(&ev.addr.bdaddr, bdaddr);
4810 ev.addr.type = type;
4812 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
4813 cmd ? cmd->sk : NULL);
4816 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4818 BT_DBG("%s status %u", hdev->name, status);
4820 /* Clear the advertising mgmt setting if we failed to re-enable it */
4822 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4823 new_settings(hdev, NULL);
4827 void mgmt_reenable_advertising(struct hci_dev *hdev)
4829 struct hci_request req;
4831 if (hci_conn_num(hdev, LE_LINK) > 0)
4834 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4837 hci_req_init(&req, hdev);
4838 enable_advertising(&req);
4840 /* If this fails we have no option but to let user space know
4841 * that we've disabled advertising.
4843 if (hci_req_run(&req, adv_enable_complete) < 0) {
4844 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4845 new_settings(hdev, NULL);
projects / karo-tx-linux.git / blob