2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
35 #define MGMT_VERSION 1
36 #define MGMT_REVISION 4
38 static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_LINK_SECURITY,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_UNBLOCK_DEVICE,
76 MGMT_OP_SET_DEVICE_ID,
77 MGMT_OP_SET_ADVERTISING,
79 MGMT_OP_SET_STATIC_ADDRESS,
82 static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
103 MGMT_EV_PASSKEY_NOTIFY,
106 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
108 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112 struct list_head list;
120 /* HCI to MGMT error code conversion table */
121 static u8 mgmt_status_table[] = {
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185 bool mgmt_valid_hdev(struct hci_dev *hdev)
187 return hdev->dev_type == HCI_BREDR;
190 static u8 mgmt_status(u8 hci_status)
192 if (hci_status < ARRAY_SIZE(mgmt_status_table))
193 return mgmt_status_table[hci_status];
195 return MGMT_STATUS_FAILED;
198 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
201 struct mgmt_hdr *hdr;
202 struct mgmt_ev_cmd_status *ev;
205 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
207 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
211 hdr = (void *) skb_put(skb, sizeof(*hdr));
213 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
214 hdr->index = cpu_to_le16(index);
215 hdr->len = cpu_to_le16(sizeof(*ev));
217 ev = (void *) skb_put(skb, sizeof(*ev));
219 ev->opcode = cpu_to_le16(cmd);
221 err = sock_queue_rcv_skb(sk, skb);
228 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
229 void *rp, size_t rp_len)
232 struct mgmt_hdr *hdr;
233 struct mgmt_ev_cmd_complete *ev;
236 BT_DBG("sock %p", sk);
238 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
242 hdr = (void *) skb_put(skb, sizeof(*hdr));
244 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
245 hdr->index = cpu_to_le16(index);
246 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
248 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
249 ev->opcode = cpu_to_le16(cmd);
253 memcpy(ev->data, rp, rp_len);
255 err = sock_queue_rcv_skb(sk, skb);
262 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
265 struct mgmt_rp_read_version rp;
267 BT_DBG("sock %p", sk);
269 rp.version = MGMT_VERSION;
270 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
272 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
276 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
279 struct mgmt_rp_read_commands *rp;
280 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
281 const u16 num_events = ARRAY_SIZE(mgmt_events);
286 BT_DBG("sock %p", sk);
288 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
290 rp = kmalloc(rp_size, GFP_KERNEL);
294 rp->num_commands = __constant_cpu_to_le16(num_commands);
295 rp->num_events = __constant_cpu_to_le16(num_events);
297 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
298 put_unaligned_le16(mgmt_commands[i], opcode);
300 for (i = 0; i < num_events; i++, opcode++)
301 put_unaligned_le16(mgmt_events[i], opcode);
303 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
310 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
313 struct mgmt_rp_read_index_list *rp;
319 BT_DBG("sock %p", sk);
321 read_lock(&hci_dev_list_lock);
324 list_for_each_entry(d, &hci_dev_list, list) {
325 if (!mgmt_valid_hdev(d))
331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
334 read_unlock(&hci_dev_list_lock);
339 list_for_each_entry(d, &hci_dev_list, list) {
340 if (test_bit(HCI_SETUP, &d->dev_flags))
343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
346 if (!mgmt_valid_hdev(d))
349 rp->index[count++] = cpu_to_le16(d->id);
350 BT_DBG("Added hci%u", d->id);
353 rp->num_controllers = cpu_to_le16(count);
354 rp_len = sizeof(*rp) + (2 * count);
356 read_unlock(&hci_dev_list_lock);
358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
366 static u32 get_supported_settings(struct hci_dev *hdev)
370 settings |= MGMT_SETTING_POWERED;
371 settings |= MGMT_SETTING_PAIRABLE;
373 if (lmp_ssp_capable(hdev))
374 settings |= MGMT_SETTING_SSP;
376 if (lmp_bredr_capable(hdev)) {
377 settings |= MGMT_SETTING_CONNECTABLE;
378 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
379 settings |= MGMT_SETTING_FAST_CONNECTABLE;
380 settings |= MGMT_SETTING_DISCOVERABLE;
381 settings |= MGMT_SETTING_BREDR;
382 settings |= MGMT_SETTING_LINK_SECURITY;
383 settings |= MGMT_SETTING_HS;
386 if (lmp_le_capable(hdev)) {
387 settings |= MGMT_SETTING_LE;
388 settings |= MGMT_SETTING_ADVERTISING;
394 static u32 get_current_settings(struct hci_dev *hdev)
398 if (hdev_is_powered(hdev))
399 settings |= MGMT_SETTING_POWERED;
401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
402 settings |= MGMT_SETTING_CONNECTABLE;
404 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_FAST_CONNECTABLE;
407 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
408 settings |= MGMT_SETTING_DISCOVERABLE;
410 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
411 settings |= MGMT_SETTING_PAIRABLE;
413 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
414 settings |= MGMT_SETTING_BREDR;
416 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
417 settings |= MGMT_SETTING_LE;
419 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
420 settings |= MGMT_SETTING_LINK_SECURITY;
422 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
423 settings |= MGMT_SETTING_SSP;
425 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
426 settings |= MGMT_SETTING_HS;
428 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
429 settings |= MGMT_SETTING_ADVERTISING;
434 #define PNP_INFO_SVCLASS_ID 0x1200
436 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
438 u8 *ptr = data, *uuids_start = NULL;
439 struct bt_uuid *uuid;
444 list_for_each_entry(uuid, &hdev->uuids, list) {
447 if (uuid->size != 16)
450 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
454 if (uuid16 == PNP_INFO_SVCLASS_ID)
460 uuids_start[1] = EIR_UUID16_ALL;
464 /* Stop if not enough space to put next UUID */
465 if ((ptr - data) + sizeof(u16) > len) {
466 uuids_start[1] = EIR_UUID16_SOME;
470 *ptr++ = (uuid16 & 0x00ff);
471 *ptr++ = (uuid16 & 0xff00) >> 8;
472 uuids_start[0] += sizeof(uuid16);
478 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
480 u8 *ptr = data, *uuids_start = NULL;
481 struct bt_uuid *uuid;
486 list_for_each_entry(uuid, &hdev->uuids, list) {
487 if (uuid->size != 32)
493 uuids_start[1] = EIR_UUID32_ALL;
497 /* Stop if not enough space to put next UUID */
498 if ((ptr - data) + sizeof(u32) > len) {
499 uuids_start[1] = EIR_UUID32_SOME;
503 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
505 uuids_start[0] += sizeof(u32);
511 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
513 u8 *ptr = data, *uuids_start = NULL;
514 struct bt_uuid *uuid;
519 list_for_each_entry(uuid, &hdev->uuids, list) {
520 if (uuid->size != 128)
526 uuids_start[1] = EIR_UUID128_ALL;
530 /* Stop if not enough space to put next UUID */
531 if ((ptr - data) + 16 > len) {
532 uuids_start[1] = EIR_UUID128_SOME;
536 memcpy(ptr, uuid->uuid, 16);
538 uuids_start[0] += 16;
544 static void create_eir(struct hci_dev *hdev, u8 *data)
549 name_len = strlen(hdev->dev_name);
555 ptr[1] = EIR_NAME_SHORT;
557 ptr[1] = EIR_NAME_COMPLETE;
559 /* EIR Data length */
560 ptr[0] = name_len + 1;
562 memcpy(ptr + 2, hdev->dev_name, name_len);
564 ptr += (name_len + 2);
567 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
569 ptr[1] = EIR_TX_POWER;
570 ptr[2] = (u8) hdev->inq_tx_power;
575 if (hdev->devid_source > 0) {
577 ptr[1] = EIR_DEVICE_ID;
579 put_unaligned_le16(hdev->devid_source, ptr + 2);
580 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
581 put_unaligned_le16(hdev->devid_product, ptr + 6);
582 put_unaligned_le16(hdev->devid_version, ptr + 8);
587 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
588 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
589 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
592 static void update_eir(struct hci_request *req)
594 struct hci_dev *hdev = req->hdev;
595 struct hci_cp_write_eir cp;
597 if (!hdev_is_powered(hdev))
600 if (!lmp_ext_inq_capable(hdev))
603 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
606 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
609 memset(&cp, 0, sizeof(cp));
611 create_eir(hdev, cp.data);
613 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
616 memcpy(hdev->eir, cp.data, sizeof(cp.data));
618 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
621 static u8 get_service_classes(struct hci_dev *hdev)
623 struct bt_uuid *uuid;
626 list_for_each_entry(uuid, &hdev->uuids, list)
627 val |= uuid->svc_hint;
632 static void update_class(struct hci_request *req)
634 struct hci_dev *hdev = req->hdev;
637 BT_DBG("%s", hdev->name);
639 if (!hdev_is_powered(hdev))
642 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
645 cod[0] = hdev->minor_class;
646 cod[1] = hdev->major_class;
647 cod[2] = get_service_classes(hdev);
649 if (memcmp(cod, hdev->dev_class, 3) == 0)
652 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
655 static void service_cache_off(struct work_struct *work)
657 struct hci_dev *hdev = container_of(work, struct hci_dev,
659 struct hci_request req;
661 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
664 hci_req_init(&req, hdev);
671 hci_dev_unlock(hdev);
673 hci_req_run(&req, NULL);
676 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
678 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
681 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
683 /* Non-mgmt controlled devices get this bit set
684 * implicitly so that pairing works for them, however
685 * for mgmt we require user-space to explicitly enable
688 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
691 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
692 void *data, u16 data_len)
694 struct mgmt_rp_read_info rp;
696 BT_DBG("sock %p %s", sk, hdev->name);
700 memset(&rp, 0, sizeof(rp));
702 bacpy(&rp.bdaddr, &hdev->bdaddr);
704 rp.version = hdev->hci_ver;
705 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
707 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
708 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
710 memcpy(rp.dev_class, hdev->dev_class, 3);
712 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
713 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
715 hci_dev_unlock(hdev);
717 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
721 static void mgmt_pending_free(struct pending_cmd *cmd)
728 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
729 struct hci_dev *hdev, void *data,
732 struct pending_cmd *cmd;
734 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
738 cmd->opcode = opcode;
739 cmd->index = hdev->id;
741 cmd->param = kmalloc(len, GFP_KERNEL);
748 memcpy(cmd->param, data, len);
753 list_add(&cmd->list, &hdev->mgmt_pending);
758 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
759 void (*cb)(struct pending_cmd *cmd,
763 struct pending_cmd *cmd, *tmp;
765 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
766 if (opcode > 0 && cmd->opcode != opcode)
773 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
775 struct pending_cmd *cmd;
777 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
778 if (cmd->opcode == opcode)
785 static void mgmt_pending_remove(struct pending_cmd *cmd)
787 list_del(&cmd->list);
788 mgmt_pending_free(cmd);
791 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
793 __le32 settings = cpu_to_le32(get_current_settings(hdev));
795 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
799 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
802 struct mgmt_mode *cp = data;
803 struct pending_cmd *cmd;
806 BT_DBG("request for %s", hdev->name);
808 if (cp->val != 0x00 && cp->val != 0x01)
809 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
810 MGMT_STATUS_INVALID_PARAMS);
814 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
815 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
820 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
821 cancel_delayed_work(&hdev->power_off);
824 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
826 err = mgmt_powered(hdev, 1);
831 if (!!cp->val == hdev_is_powered(hdev)) {
832 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
843 queue_work(hdev->req_workqueue, &hdev->power_on);
845 queue_work(hdev->req_workqueue, &hdev->power_off.work);
850 hci_dev_unlock(hdev);
854 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
855 struct sock *skip_sk)
858 struct mgmt_hdr *hdr;
860 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
864 hdr = (void *) skb_put(skb, sizeof(*hdr));
865 hdr->opcode = cpu_to_le16(event);
867 hdr->index = cpu_to_le16(hdev->id);
869 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
870 hdr->len = cpu_to_le16(data_len);
873 memcpy(skb_put(skb, data_len), data, data_len);
876 __net_timestamp(skb);
878 hci_send_to_control(skb, skip_sk);
884 static int new_settings(struct hci_dev *hdev, struct sock *skip)
888 ev = cpu_to_le32(get_current_settings(hdev));
890 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
895 struct hci_dev *hdev;
899 static void settings_rsp(struct pending_cmd *cmd, void *data)
901 struct cmd_lookup *match = data;
903 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
905 list_del(&cmd->list);
907 if (match->sk == NULL) {
909 sock_hold(match->sk);
912 mgmt_pending_free(cmd);
915 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
919 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
920 mgmt_pending_remove(cmd);
923 static u8 mgmt_bredr_support(struct hci_dev *hdev)
925 if (!lmp_bredr_capable(hdev))
926 return MGMT_STATUS_NOT_SUPPORTED;
927 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
928 return MGMT_STATUS_REJECTED;
930 return MGMT_STATUS_SUCCESS;
933 static u8 mgmt_le_support(struct hci_dev *hdev)
935 if (!lmp_le_capable(hdev))
936 return MGMT_STATUS_NOT_SUPPORTED;
937 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
938 return MGMT_STATUS_REJECTED;
940 return MGMT_STATUS_SUCCESS;
943 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
946 struct mgmt_cp_set_discoverable *cp = data;
947 struct pending_cmd *cmd;
952 BT_DBG("request for %s", hdev->name);
954 status = mgmt_bredr_support(hdev);
956 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
959 if (cp->val != 0x00 && cp->val != 0x01)
960 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
961 MGMT_STATUS_INVALID_PARAMS);
963 timeout = __le16_to_cpu(cp->timeout);
964 if (!cp->val && timeout > 0)
965 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
966 MGMT_STATUS_INVALID_PARAMS);
970 if (!hdev_is_powered(hdev) && timeout > 0) {
971 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
972 MGMT_STATUS_NOT_POWERED);
976 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
977 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
978 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
983 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
984 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
985 MGMT_STATUS_REJECTED);
989 if (!hdev_is_powered(hdev)) {
990 bool changed = false;
992 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
993 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
997 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1002 err = new_settings(hdev, sk);
1007 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1008 if (hdev->discov_timeout > 0) {
1009 cancel_delayed_work(&hdev->discov_off);
1010 hdev->discov_timeout = 0;
1013 if (cp->val && timeout > 0) {
1014 hdev->discov_timeout = timeout;
1015 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1016 msecs_to_jiffies(hdev->discov_timeout * 1000));
1019 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1023 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1032 scan |= SCAN_INQUIRY;
1034 cancel_delayed_work(&hdev->discov_off);
1036 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1038 mgmt_pending_remove(cmd);
1041 hdev->discov_timeout = timeout;
1044 hci_dev_unlock(hdev);
1048 static void write_fast_connectable(struct hci_request *req, bool enable)
1050 struct hci_dev *hdev = req->hdev;
1051 struct hci_cp_write_page_scan_activity acp;
1054 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1058 type = PAGE_SCAN_TYPE_INTERLACED;
1060 /* 160 msec page scan interval */
1061 acp.interval = __constant_cpu_to_le16(0x0100);
1063 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1065 /* default 1.28 sec page scan */
1066 acp.interval = __constant_cpu_to_le16(0x0800);
1069 acp.window = __constant_cpu_to_le16(0x0012);
1071 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1072 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1073 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1076 if (hdev->page_scan_type != type)
1077 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1080 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1082 struct pending_cmd *cmd;
1084 BT_DBG("status 0x%02x", status);
1088 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1092 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1094 mgmt_pending_remove(cmd);
1097 hci_dev_unlock(hdev);
1100 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1103 struct mgmt_mode *cp = data;
1104 struct pending_cmd *cmd;
1105 struct hci_request req;
1109 BT_DBG("request for %s", hdev->name);
1111 status = mgmt_bredr_support(hdev);
1113 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1116 if (cp->val != 0x00 && cp->val != 0x01)
1117 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1118 MGMT_STATUS_INVALID_PARAMS);
1122 if (!hdev_is_powered(hdev)) {
1123 bool changed = false;
1125 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1129 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1131 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1132 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1135 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1140 err = new_settings(hdev, sk);
1145 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1146 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1147 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1152 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1153 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1157 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1168 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1169 hdev->discov_timeout > 0)
1170 cancel_delayed_work(&hdev->discov_off);
1173 hci_req_init(&req, hdev);
1175 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1177 /* If we're going from non-connectable to connectable or
1178 * vice-versa when fast connectable is enabled ensure that fast
1179 * connectable gets disabled. write_fast_connectable won't do
1180 * anything if the page scan parameters are already what they
1183 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1184 write_fast_connectable(&req, false);
1186 err = hci_req_run(&req, set_connectable_complete);
1188 mgmt_pending_remove(cmd);
1191 hci_dev_unlock(hdev);
1195 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1198 struct mgmt_mode *cp = data;
1201 BT_DBG("request for %s", hdev->name);
1203 if (cp->val != 0x00 && cp->val != 0x01)
1204 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1205 MGMT_STATUS_INVALID_PARAMS);
1210 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1212 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1214 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1218 err = new_settings(hdev, sk);
1221 hci_dev_unlock(hdev);
1225 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1228 struct mgmt_mode *cp = data;
1229 struct pending_cmd *cmd;
1233 BT_DBG("request for %s", hdev->name);
1235 status = mgmt_bredr_support(hdev);
1237 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1240 if (cp->val != 0x00 && cp->val != 0x01)
1241 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1242 MGMT_STATUS_INVALID_PARAMS);
1246 if (!hdev_is_powered(hdev)) {
1247 bool changed = false;
1249 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1250 &hdev->dev_flags)) {
1251 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1255 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1260 err = new_settings(hdev, sk);
1265 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1266 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1273 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1274 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1278 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1284 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1286 mgmt_pending_remove(cmd);
1291 hci_dev_unlock(hdev);
1295 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1297 struct mgmt_mode *cp = data;
1298 struct pending_cmd *cmd;
1302 BT_DBG("request for %s", hdev->name);
1304 status = mgmt_bredr_support(hdev);
1306 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1308 if (!lmp_ssp_capable(hdev))
1309 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1310 MGMT_STATUS_NOT_SUPPORTED);
1312 if (cp->val != 0x00 && cp->val != 0x01)
1313 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1314 MGMT_STATUS_INVALID_PARAMS);
1320 if (!hdev_is_powered(hdev)) {
1321 bool changed = false;
1323 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1324 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1328 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1333 err = new_settings(hdev, sk);
1338 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1339 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1344 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1345 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1349 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1355 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1357 mgmt_pending_remove(cmd);
1362 hci_dev_unlock(hdev);
1366 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1368 struct mgmt_mode *cp = data;
1373 BT_DBG("request for %s", hdev->name);
1375 status = mgmt_bredr_support(hdev);
1377 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1379 if (cp->val != 0x00 && cp->val != 0x01)
1380 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1381 MGMT_STATUS_INVALID_PARAMS);
1386 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1388 if (hdev_is_powered(hdev)) {
1389 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1390 MGMT_STATUS_REJECTED);
1394 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1397 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1402 err = new_settings(hdev, sk);
1405 hci_dev_unlock(hdev);
1409 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1411 struct cmd_lookup match = { NULL, hdev };
1414 u8 mgmt_err = mgmt_status(status);
1416 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1421 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1423 new_settings(hdev, match.sk);
1429 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1431 struct mgmt_mode *cp = data;
1432 struct hci_cp_write_le_host_supported hci_cp;
1433 struct pending_cmd *cmd;
1434 struct hci_request req;
1438 BT_DBG("request for %s", hdev->name);
1440 if (!lmp_le_capable(hdev))
1441 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1442 MGMT_STATUS_NOT_SUPPORTED);
1444 if (cp->val != 0x00 && cp->val != 0x01)
1445 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1446 MGMT_STATUS_INVALID_PARAMS);
1448 /* LE-only devices do not allow toggling LE on/off */
1449 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1450 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1451 MGMT_STATUS_REJECTED);
1456 enabled = lmp_host_le_capable(hdev);
1458 if (!hdev_is_powered(hdev) || val == enabled) {
1459 bool changed = false;
1461 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1462 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1466 if (!val && test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
1467 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1471 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1476 err = new_settings(hdev, sk);
1481 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1482 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1483 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1488 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1494 memset(&hci_cp, 0, sizeof(hci_cp));
1498 hci_cp.simul = lmp_le_br_capable(hdev);
1501 hci_req_init(&req, hdev);
1503 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags) && !val)
1504 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
1506 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1509 err = hci_req_run(&req, le_enable_complete);
1511 mgmt_pending_remove(cmd);
1514 hci_dev_unlock(hdev);
1518 /* This is a helper function to test for pending mgmt commands that can
1519 * cause CoD or EIR HCI commands. We can only allow one such pending
1520 * mgmt command at a time since otherwise we cannot easily track what
1521 * the current values are, will be, and based on that calculate if a new
1522 * HCI command needs to be sent and if yes with what value.
1524 static bool pending_eir_or_class(struct hci_dev *hdev)
1526 struct pending_cmd *cmd;
1528 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1529 switch (cmd->opcode) {
1530 case MGMT_OP_ADD_UUID:
1531 case MGMT_OP_REMOVE_UUID:
1532 case MGMT_OP_SET_DEV_CLASS:
1533 case MGMT_OP_SET_POWERED:
1541 static const u8 bluetooth_base_uuid[] = {
1542 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1543 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1546 static u8 get_uuid_size(const u8 *uuid)
1550 if (memcmp(uuid, bluetooth_base_uuid, 12))
1553 val = get_unaligned_le32(&uuid[12]);
1560 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1562 struct pending_cmd *cmd;
1566 cmd = mgmt_pending_find(mgmt_op, hdev);
1570 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1571 hdev->dev_class, 3);
1573 mgmt_pending_remove(cmd);
1576 hci_dev_unlock(hdev);
1579 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1581 BT_DBG("status 0x%02x", status);
1583 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1586 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1588 struct mgmt_cp_add_uuid *cp = data;
1589 struct pending_cmd *cmd;
1590 struct hci_request req;
1591 struct bt_uuid *uuid;
1594 BT_DBG("request for %s", hdev->name);
1598 if (pending_eir_or_class(hdev)) {
1599 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1604 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1610 memcpy(uuid->uuid, cp->uuid, 16);
1611 uuid->svc_hint = cp->svc_hint;
1612 uuid->size = get_uuid_size(cp->uuid);
1614 list_add_tail(&uuid->list, &hdev->uuids);
1616 hci_req_init(&req, hdev);
1621 err = hci_req_run(&req, add_uuid_complete);
1623 if (err != -ENODATA)
1626 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1627 hdev->dev_class, 3);
1631 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1640 hci_dev_unlock(hdev);
1644 static bool enable_service_cache(struct hci_dev *hdev)
1646 if (!hdev_is_powered(hdev))
1649 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1650 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1658 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1660 BT_DBG("status 0x%02x", status);
1662 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1665 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1668 struct mgmt_cp_remove_uuid *cp = data;
1669 struct pending_cmd *cmd;
1670 struct bt_uuid *match, *tmp;
1671 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1672 struct hci_request req;
1675 BT_DBG("request for %s", hdev->name);
1679 if (pending_eir_or_class(hdev)) {
1680 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1685 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1686 err = hci_uuids_clear(hdev);
1688 if (enable_service_cache(hdev)) {
1689 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1690 0, hdev->dev_class, 3);
1699 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1700 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1703 list_del(&match->list);
1709 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1710 MGMT_STATUS_INVALID_PARAMS);
1715 hci_req_init(&req, hdev);
1720 err = hci_req_run(&req, remove_uuid_complete);
1722 if (err != -ENODATA)
1725 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1726 hdev->dev_class, 3);
1730 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1739 hci_dev_unlock(hdev);
1743 static void set_class_complete(struct hci_dev *hdev, u8 status)
1745 BT_DBG("status 0x%02x", status);
1747 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1750 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1753 struct mgmt_cp_set_dev_class *cp = data;
1754 struct pending_cmd *cmd;
1755 struct hci_request req;
1758 BT_DBG("request for %s", hdev->name);
1760 if (!lmp_bredr_capable(hdev))
1761 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1762 MGMT_STATUS_NOT_SUPPORTED);
1766 if (pending_eir_or_class(hdev)) {
1767 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1772 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1773 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1774 MGMT_STATUS_INVALID_PARAMS);
1778 hdev->major_class = cp->major;
1779 hdev->minor_class = cp->minor;
1781 if (!hdev_is_powered(hdev)) {
1782 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1783 hdev->dev_class, 3);
1787 hci_req_init(&req, hdev);
1789 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1790 hci_dev_unlock(hdev);
1791 cancel_delayed_work_sync(&hdev->service_cache);
1798 err = hci_req_run(&req, set_class_complete);
1800 if (err != -ENODATA)
1803 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1804 hdev->dev_class, 3);
1808 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1817 hci_dev_unlock(hdev);
1821 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1824 struct mgmt_cp_load_link_keys *cp = data;
1825 u16 key_count, expected_len;
1828 BT_DBG("request for %s", hdev->name);
1830 if (!lmp_bredr_capable(hdev))
1831 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1832 MGMT_STATUS_NOT_SUPPORTED);
1834 key_count = __le16_to_cpu(cp->key_count);
1836 expected_len = sizeof(*cp) + key_count *
1837 sizeof(struct mgmt_link_key_info);
1838 if (expected_len != len) {
1839 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1841 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1842 MGMT_STATUS_INVALID_PARAMS);
1845 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1846 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1847 MGMT_STATUS_INVALID_PARAMS);
1849 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1852 for (i = 0; i < key_count; i++) {
1853 struct mgmt_link_key_info *key = &cp->keys[i];
1855 if (key->addr.type != BDADDR_BREDR)
1856 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1857 MGMT_STATUS_INVALID_PARAMS);
1862 hci_link_keys_clear(hdev);
1865 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1867 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1869 for (i = 0; i < key_count; i++) {
1870 struct mgmt_link_key_info *key = &cp->keys[i];
1872 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1873 key->type, key->pin_len);
1876 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1878 hci_dev_unlock(hdev);
1883 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1884 u8 addr_type, struct sock *skip_sk)
1886 struct mgmt_ev_device_unpaired ev;
1888 bacpy(&ev.addr.bdaddr, bdaddr);
1889 ev.addr.type = addr_type;
1891 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1895 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1898 struct mgmt_cp_unpair_device *cp = data;
1899 struct mgmt_rp_unpair_device rp;
1900 struct hci_cp_disconnect dc;
1901 struct pending_cmd *cmd;
1902 struct hci_conn *conn;
1905 memset(&rp, 0, sizeof(rp));
1906 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1907 rp.addr.type = cp->addr.type;
1909 if (!bdaddr_type_is_valid(cp->addr.type))
1910 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1911 MGMT_STATUS_INVALID_PARAMS,
1914 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1915 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1916 MGMT_STATUS_INVALID_PARAMS,
1921 if (!hdev_is_powered(hdev)) {
1922 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1923 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1927 if (cp->addr.type == BDADDR_BREDR)
1928 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1930 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1933 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1934 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1938 if (cp->disconnect) {
1939 if (cp->addr.type == BDADDR_BREDR)
1940 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1943 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1950 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1952 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1956 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1963 dc.handle = cpu_to_le16(conn->handle);
1964 dc.reason = 0x13; /* Remote User Terminated Connection */
1965 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1967 mgmt_pending_remove(cmd);
1970 hci_dev_unlock(hdev);
1974 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1977 struct mgmt_cp_disconnect *cp = data;
1978 struct mgmt_rp_disconnect rp;
1979 struct hci_cp_disconnect dc;
1980 struct pending_cmd *cmd;
1981 struct hci_conn *conn;
1986 memset(&rp, 0, sizeof(rp));
1987 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1988 rp.addr.type = cp->addr.type;
1990 if (!bdaddr_type_is_valid(cp->addr.type))
1991 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1992 MGMT_STATUS_INVALID_PARAMS,
1997 if (!test_bit(HCI_UP, &hdev->flags)) {
1998 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1999 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2003 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2004 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2005 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2009 if (cp->addr.type == BDADDR_BREDR)
2010 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2013 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2015 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2016 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2017 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2021 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2027 dc.handle = cpu_to_le16(conn->handle);
2028 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2030 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2032 mgmt_pending_remove(cmd);
2035 hci_dev_unlock(hdev);
2039 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2041 switch (link_type) {
2043 switch (addr_type) {
2044 case ADDR_LE_DEV_PUBLIC:
2045 return BDADDR_LE_PUBLIC;
2048 /* Fallback to LE Random address type */
2049 return BDADDR_LE_RANDOM;
2053 /* Fallback to BR/EDR type */
2054 return BDADDR_BREDR;
2058 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2061 struct mgmt_rp_get_connections *rp;
2071 if (!hdev_is_powered(hdev)) {
2072 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2073 MGMT_STATUS_NOT_POWERED);
2078 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2079 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2083 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2084 rp = kmalloc(rp_len, GFP_KERNEL);
2091 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2092 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2094 bacpy(&rp->addr[i].bdaddr, &c->dst);
2095 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2096 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2101 rp->conn_count = cpu_to_le16(i);
2103 /* Recalculate length in case of filtered SCO connections, etc */
2104 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2106 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2112 hci_dev_unlock(hdev);
2116 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2117 struct mgmt_cp_pin_code_neg_reply *cp)
2119 struct pending_cmd *cmd;
2122 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2127 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2128 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2130 mgmt_pending_remove(cmd);
2135 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2138 struct hci_conn *conn;
2139 struct mgmt_cp_pin_code_reply *cp = data;
2140 struct hci_cp_pin_code_reply reply;
2141 struct pending_cmd *cmd;
2148 if (!hdev_is_powered(hdev)) {
2149 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2150 MGMT_STATUS_NOT_POWERED);
2154 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2156 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2157 MGMT_STATUS_NOT_CONNECTED);
2161 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2162 struct mgmt_cp_pin_code_neg_reply ncp;
2164 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2166 BT_ERR("PIN code is not 16 bytes long");
2168 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2170 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2171 MGMT_STATUS_INVALID_PARAMS);
2176 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2182 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2183 reply.pin_len = cp->pin_len;
2184 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2186 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2188 mgmt_pending_remove(cmd);
2191 hci_dev_unlock(hdev);
2195 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2198 struct mgmt_cp_set_io_capability *cp = data;
2204 hdev->io_capability = cp->io_capability;
2206 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2207 hdev->io_capability);
2209 hci_dev_unlock(hdev);
2211 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2215 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2217 struct hci_dev *hdev = conn->hdev;
2218 struct pending_cmd *cmd;
2220 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2221 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2224 if (cmd->user_data != conn)
2233 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2235 struct mgmt_rp_pair_device rp;
2236 struct hci_conn *conn = cmd->user_data;
2238 bacpy(&rp.addr.bdaddr, &conn->dst);
2239 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2241 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2244 /* So we don't get further callbacks for this connection */
2245 conn->connect_cfm_cb = NULL;
2246 conn->security_cfm_cb = NULL;
2247 conn->disconn_cfm_cb = NULL;
2249 hci_conn_drop(conn);
2251 mgmt_pending_remove(cmd);
2254 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2256 struct pending_cmd *cmd;
2258 BT_DBG("status %u", status);
2260 cmd = find_pairing(conn);
2262 BT_DBG("Unable to find a pending command");
2264 pairing_complete(cmd, mgmt_status(status));
2267 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2269 struct pending_cmd *cmd;
2271 BT_DBG("status %u", status);
2276 cmd = find_pairing(conn);
2278 BT_DBG("Unable to find a pending command");
2280 pairing_complete(cmd, mgmt_status(status));
2283 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2286 struct mgmt_cp_pair_device *cp = data;
2287 struct mgmt_rp_pair_device rp;
2288 struct pending_cmd *cmd;
2289 u8 sec_level, auth_type;
2290 struct hci_conn *conn;
2295 memset(&rp, 0, sizeof(rp));
2296 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2297 rp.addr.type = cp->addr.type;
2299 if (!bdaddr_type_is_valid(cp->addr.type))
2300 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2301 MGMT_STATUS_INVALID_PARAMS,
2306 if (!hdev_is_powered(hdev)) {
2307 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2308 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2312 sec_level = BT_SECURITY_MEDIUM;
2313 if (cp->io_cap == 0x03)
2314 auth_type = HCI_AT_DEDICATED_BONDING;
2316 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2318 if (cp->addr.type == BDADDR_BREDR)
2319 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2320 cp->addr.type, sec_level, auth_type);
2322 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2323 cp->addr.type, sec_level, auth_type);
2328 if (PTR_ERR(conn) == -EBUSY)
2329 status = MGMT_STATUS_BUSY;
2331 status = MGMT_STATUS_CONNECT_FAILED;
2333 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2339 if (conn->connect_cfm_cb) {
2340 hci_conn_drop(conn);
2341 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2342 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2346 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2349 hci_conn_drop(conn);
2353 /* For LE, just connecting isn't a proof that the pairing finished */
2354 if (cp->addr.type == BDADDR_BREDR)
2355 conn->connect_cfm_cb = pairing_complete_cb;
2357 conn->connect_cfm_cb = le_connect_complete_cb;
2359 conn->security_cfm_cb = pairing_complete_cb;
2360 conn->disconn_cfm_cb = pairing_complete_cb;
2361 conn->io_capability = cp->io_cap;
2362 cmd->user_data = conn;
2364 if (conn->state == BT_CONNECTED &&
2365 hci_conn_security(conn, sec_level, auth_type))
2366 pairing_complete(cmd, 0);
2371 hci_dev_unlock(hdev);
2375 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2378 struct mgmt_addr_info *addr = data;
2379 struct pending_cmd *cmd;
2380 struct hci_conn *conn;
2387 if (!hdev_is_powered(hdev)) {
2388 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2389 MGMT_STATUS_NOT_POWERED);
2393 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2395 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2396 MGMT_STATUS_INVALID_PARAMS);
2400 conn = cmd->user_data;
2402 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2403 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2404 MGMT_STATUS_INVALID_PARAMS);
2408 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2410 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2411 addr, sizeof(*addr));
2413 hci_dev_unlock(hdev);
2417 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2418 struct mgmt_addr_info *addr, u16 mgmt_op,
2419 u16 hci_op, __le32 passkey)
2421 struct pending_cmd *cmd;
2422 struct hci_conn *conn;
2427 if (!hdev_is_powered(hdev)) {
2428 err = cmd_complete(sk, hdev->id, mgmt_op,
2429 MGMT_STATUS_NOT_POWERED, addr,
2434 if (addr->type == BDADDR_BREDR)
2435 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2437 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2440 err = cmd_complete(sk, hdev->id, mgmt_op,
2441 MGMT_STATUS_NOT_CONNECTED, addr,
2446 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2447 /* Continue with pairing via SMP */
2448 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2451 err = cmd_complete(sk, hdev->id, mgmt_op,
2452 MGMT_STATUS_SUCCESS, addr,
2455 err = cmd_complete(sk, hdev->id, mgmt_op,
2456 MGMT_STATUS_FAILED, addr,
2462 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2468 /* Continue with pairing via HCI */
2469 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2470 struct hci_cp_user_passkey_reply cp;
2472 bacpy(&cp.bdaddr, &addr->bdaddr);
2473 cp.passkey = passkey;
2474 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2476 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2480 mgmt_pending_remove(cmd);
2483 hci_dev_unlock(hdev);
2487 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2488 void *data, u16 len)
2490 struct mgmt_cp_pin_code_neg_reply *cp = data;
2494 return user_pairing_resp(sk, hdev, &cp->addr,
2495 MGMT_OP_PIN_CODE_NEG_REPLY,
2496 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2499 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2502 struct mgmt_cp_user_confirm_reply *cp = data;
2506 if (len != sizeof(*cp))
2507 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2508 MGMT_STATUS_INVALID_PARAMS);
2510 return user_pairing_resp(sk, hdev, &cp->addr,
2511 MGMT_OP_USER_CONFIRM_REPLY,
2512 HCI_OP_USER_CONFIRM_REPLY, 0);
2515 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2516 void *data, u16 len)
2518 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2522 return user_pairing_resp(sk, hdev, &cp->addr,
2523 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2524 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2527 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2530 struct mgmt_cp_user_passkey_reply *cp = data;
2534 return user_pairing_resp(sk, hdev, &cp->addr,
2535 MGMT_OP_USER_PASSKEY_REPLY,
2536 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2539 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2540 void *data, u16 len)
2542 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2546 return user_pairing_resp(sk, hdev, &cp->addr,
2547 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2548 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2551 static void update_name(struct hci_request *req)
2553 struct hci_dev *hdev = req->hdev;
2554 struct hci_cp_write_local_name cp;
2556 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2558 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2561 static void set_name_complete(struct hci_dev *hdev, u8 status)
2563 struct mgmt_cp_set_local_name *cp;
2564 struct pending_cmd *cmd;
2566 BT_DBG("status 0x%02x", status);
2570 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2577 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2578 mgmt_status(status));
2580 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2583 mgmt_pending_remove(cmd);
2586 hci_dev_unlock(hdev);
2589 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2592 struct mgmt_cp_set_local_name *cp = data;
2593 struct pending_cmd *cmd;
2594 struct hci_request req;
2601 /* If the old values are the same as the new ones just return a
2602 * direct command complete event.
2604 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2605 !memcmp(hdev->short_name, cp->short_name,
2606 sizeof(hdev->short_name))) {
2607 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2612 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2614 if (!hdev_is_powered(hdev)) {
2615 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2617 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2622 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2628 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2634 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2636 hci_req_init(&req, hdev);
2638 if (lmp_bredr_capable(hdev)) {
2643 if (lmp_le_capable(hdev))
2644 hci_update_ad(&req);
2646 err = hci_req_run(&req, set_name_complete);
2648 mgmt_pending_remove(cmd);
2651 hci_dev_unlock(hdev);
2655 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2656 void *data, u16 data_len)
2658 struct pending_cmd *cmd;
2661 BT_DBG("%s", hdev->name);
2665 if (!hdev_is_powered(hdev)) {
2666 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2667 MGMT_STATUS_NOT_POWERED);
2671 if (!lmp_ssp_capable(hdev)) {
2672 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2673 MGMT_STATUS_NOT_SUPPORTED);
2677 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2678 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2683 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2689 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2691 mgmt_pending_remove(cmd);
2694 hci_dev_unlock(hdev);
2698 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2699 void *data, u16 len)
2701 struct mgmt_cp_add_remote_oob_data *cp = data;
2705 BT_DBG("%s ", hdev->name);
2709 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2712 status = MGMT_STATUS_FAILED;
2714 status = MGMT_STATUS_SUCCESS;
2716 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2717 &cp->addr, sizeof(cp->addr));
2719 hci_dev_unlock(hdev);
2723 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2724 void *data, u16 len)
2726 struct mgmt_cp_remove_remote_oob_data *cp = data;
2730 BT_DBG("%s", hdev->name);
2734 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2736 status = MGMT_STATUS_INVALID_PARAMS;
2738 status = MGMT_STATUS_SUCCESS;
2740 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2741 status, &cp->addr, sizeof(cp->addr));
2743 hci_dev_unlock(hdev);
2747 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2749 struct pending_cmd *cmd;
2753 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2755 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2759 type = hdev->discovery.type;
2761 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2762 &type, sizeof(type));
2763 mgmt_pending_remove(cmd);
2768 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2770 BT_DBG("status %d", status);
2774 mgmt_start_discovery_failed(hdev, status);
2775 hci_dev_unlock(hdev);
2780 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2781 hci_dev_unlock(hdev);
2783 switch (hdev->discovery.type) {
2784 case DISCOV_TYPE_LE:
2785 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2789 case DISCOV_TYPE_INTERLEAVED:
2790 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2791 DISCOV_INTERLEAVED_TIMEOUT);
2794 case DISCOV_TYPE_BREDR:
2798 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2802 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2803 void *data, u16 len)
2805 struct mgmt_cp_start_discovery *cp = data;
2806 struct pending_cmd *cmd;
2807 struct hci_cp_le_set_scan_param param_cp;
2808 struct hci_cp_le_set_scan_enable enable_cp;
2809 struct hci_cp_inquiry inq_cp;
2810 struct hci_request req;
2811 /* General inquiry access code (GIAC) */
2812 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2816 BT_DBG("%s", hdev->name);
2820 if (!hdev_is_powered(hdev)) {
2821 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2822 MGMT_STATUS_NOT_POWERED);
2826 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2827 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2832 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2833 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2838 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2844 hdev->discovery.type = cp->type;
2846 hci_req_init(&req, hdev);
2848 switch (hdev->discovery.type) {
2849 case DISCOV_TYPE_BREDR:
2850 status = mgmt_bredr_support(hdev);
2852 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2854 mgmt_pending_remove(cmd);
2858 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2859 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2861 mgmt_pending_remove(cmd);
2865 hci_inquiry_cache_flush(hdev);
2867 memset(&inq_cp, 0, sizeof(inq_cp));
2868 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
2869 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
2870 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
2873 case DISCOV_TYPE_LE:
2874 case DISCOV_TYPE_INTERLEAVED:
2875 status = mgmt_le_support(hdev);
2877 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2879 mgmt_pending_remove(cmd);
2883 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
2884 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2885 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2886 MGMT_STATUS_NOT_SUPPORTED);
2887 mgmt_pending_remove(cmd);
2891 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
2892 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2893 MGMT_STATUS_REJECTED);
2894 mgmt_pending_remove(cmd);
2898 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2899 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2901 mgmt_pending_remove(cmd);
2905 memset(¶m_cp, 0, sizeof(param_cp));
2906 param_cp.type = LE_SCAN_ACTIVE;
2907 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2908 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
2909 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2912 memset(&enable_cp, 0, sizeof(enable_cp));
2913 enable_cp.enable = LE_SCAN_ENABLE;
2914 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2915 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2920 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2921 MGMT_STATUS_INVALID_PARAMS);
2922 mgmt_pending_remove(cmd);
2926 err = hci_req_run(&req, start_discovery_complete);
2928 mgmt_pending_remove(cmd);
2930 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2933 hci_dev_unlock(hdev);
2937 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2939 struct pending_cmd *cmd;
2942 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2946 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2947 &hdev->discovery.type, sizeof(hdev->discovery.type));
2948 mgmt_pending_remove(cmd);
2953 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2955 BT_DBG("status %d", status);
2960 mgmt_stop_discovery_failed(hdev, status);
2964 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2967 hci_dev_unlock(hdev);
2970 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2973 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2974 struct pending_cmd *cmd;
2975 struct hci_cp_remote_name_req_cancel cp;
2976 struct inquiry_entry *e;
2977 struct hci_request req;
2978 struct hci_cp_le_set_scan_enable enable_cp;
2981 BT_DBG("%s", hdev->name);
2985 if (!hci_discovery_active(hdev)) {
2986 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2987 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2988 sizeof(mgmt_cp->type));
2992 if (hdev->discovery.type != mgmt_cp->type) {
2993 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2994 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2995 sizeof(mgmt_cp->type));
2999 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3005 hci_req_init(&req, hdev);
3007 switch (hdev->discovery.state) {
3008 case DISCOVERY_FINDING:
3009 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3010 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3012 cancel_delayed_work(&hdev->le_scan_disable);
3014 memset(&enable_cp, 0, sizeof(enable_cp));
3015 enable_cp.enable = LE_SCAN_DISABLE;
3016 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3017 sizeof(enable_cp), &enable_cp);
3022 case DISCOVERY_RESOLVING:
3023 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3026 mgmt_pending_remove(cmd);
3027 err = cmd_complete(sk, hdev->id,
3028 MGMT_OP_STOP_DISCOVERY, 0,
3030 sizeof(mgmt_cp->type));
3031 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3035 bacpy(&cp.bdaddr, &e->data.bdaddr);
3036 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3042 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3044 mgmt_pending_remove(cmd);
3045 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3046 MGMT_STATUS_FAILED, &mgmt_cp->type,
3047 sizeof(mgmt_cp->type));
3051 err = hci_req_run(&req, stop_discovery_complete);
3053 mgmt_pending_remove(cmd);
3055 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3058 hci_dev_unlock(hdev);
3062 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3065 struct mgmt_cp_confirm_name *cp = data;
3066 struct inquiry_entry *e;
3069 BT_DBG("%s", hdev->name);
3073 if (!hci_discovery_active(hdev)) {
3074 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3075 MGMT_STATUS_FAILED);
3079 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3081 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3082 MGMT_STATUS_INVALID_PARAMS);
3086 if (cp->name_known) {
3087 e->name_state = NAME_KNOWN;
3090 e->name_state = NAME_NEEDED;
3091 hci_inquiry_cache_update_resolve(hdev, e);
3094 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3098 hci_dev_unlock(hdev);
3102 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3105 struct mgmt_cp_block_device *cp = data;
3109 BT_DBG("%s", hdev->name);
3111 if (!bdaddr_type_is_valid(cp->addr.type))
3112 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3113 MGMT_STATUS_INVALID_PARAMS,
3114 &cp->addr, sizeof(cp->addr));
3118 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3120 status = MGMT_STATUS_FAILED;
3122 status = MGMT_STATUS_SUCCESS;
3124 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3125 &cp->addr, sizeof(cp->addr));
3127 hci_dev_unlock(hdev);
3132 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3135 struct mgmt_cp_unblock_device *cp = data;
3139 BT_DBG("%s", hdev->name);
3141 if (!bdaddr_type_is_valid(cp->addr.type))
3142 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3143 MGMT_STATUS_INVALID_PARAMS,
3144 &cp->addr, sizeof(cp->addr));
3148 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3150 status = MGMT_STATUS_INVALID_PARAMS;
3152 status = MGMT_STATUS_SUCCESS;
3154 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3155 &cp->addr, sizeof(cp->addr));
3157 hci_dev_unlock(hdev);
3162 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3165 struct mgmt_cp_set_device_id *cp = data;
3166 struct hci_request req;
3170 BT_DBG("%s", hdev->name);
3172 source = __le16_to_cpu(cp->source);
3174 if (source > 0x0002)
3175 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3176 MGMT_STATUS_INVALID_PARAMS);
3180 hdev->devid_source = source;
3181 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3182 hdev->devid_product = __le16_to_cpu(cp->product);
3183 hdev->devid_version = __le16_to_cpu(cp->version);
3185 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3187 hci_req_init(&req, hdev);
3189 hci_req_run(&req, NULL);
3191 hci_dev_unlock(hdev);
3196 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3198 struct cmd_lookup match = { NULL, hdev };
3201 u8 mgmt_err = mgmt_status(status);
3203 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3204 cmd_status_rsp, &mgmt_err);
3208 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3211 new_settings(hdev, match.sk);
3217 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3219 struct mgmt_mode *cp = data;
3220 struct pending_cmd *cmd;
3221 struct hci_request req;
3222 u8 val, enabled, status;
3225 BT_DBG("request for %s", hdev->name);
3227 status = mgmt_le_support(hdev);
3229 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3232 if (cp->val != 0x00 && cp->val != 0x01)
3233 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3234 MGMT_STATUS_INVALID_PARAMS);
3239 enabled = test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3241 if (!hdev_is_powered(hdev) || val == enabled) {
3242 bool changed = false;
3244 if (val != test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3245 change_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3249 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3254 err = new_settings(hdev, sk);
3259 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3260 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3261 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3266 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3272 hci_req_init(&req, hdev);
3274 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
3276 err = hci_req_run(&req, set_advertising_complete);
3278 mgmt_pending_remove(cmd);
3281 hci_dev_unlock(hdev);
3285 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3286 void *data, u16 len)
3288 struct mgmt_cp_set_static_address *cp = data;
3291 BT_DBG("%s", hdev->name);
3293 if (!lmp_le_capable(hdev))
3294 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3295 MGMT_STATUS_NOT_SUPPORTED);
3297 if (hdev_is_powered(hdev))
3298 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3299 MGMT_STATUS_REJECTED);
3301 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3302 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3303 return cmd_status(sk, hdev->id,
3304 MGMT_OP_SET_STATIC_ADDRESS,
3305 MGMT_STATUS_INVALID_PARAMS);
3307 /* Two most significant bits shall be set */
3308 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3309 return cmd_status(sk, hdev->id,
3310 MGMT_OP_SET_STATIC_ADDRESS,
3311 MGMT_STATUS_INVALID_PARAMS);
3316 bacpy(&hdev->static_addr, &cp->bdaddr);
3318 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3320 hci_dev_unlock(hdev);
3325 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3327 struct pending_cmd *cmd;
3329 BT_DBG("status 0x%02x", status);
3333 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3338 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3339 mgmt_status(status));
3341 struct mgmt_mode *cp = cmd->param;
3344 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3346 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3348 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3349 new_settings(hdev, cmd->sk);
3352 mgmt_pending_remove(cmd);
3355 hci_dev_unlock(hdev);
3358 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3359 void *data, u16 len)
3361 struct mgmt_mode *cp = data;
3362 struct pending_cmd *cmd;
3363 struct hci_request req;
3366 BT_DBG("%s", hdev->name);
3368 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3369 hdev->hci_ver < BLUETOOTH_VER_1_2)
3370 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3371 MGMT_STATUS_NOT_SUPPORTED);
3373 if (cp->val != 0x00 && cp->val != 0x01)
3374 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3375 MGMT_STATUS_INVALID_PARAMS);
3377 if (!hdev_is_powered(hdev))
3378 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3379 MGMT_STATUS_NOT_POWERED);
3381 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3382 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3383 MGMT_STATUS_REJECTED);
3387 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3388 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3393 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3394 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3399 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3406 hci_req_init(&req, hdev);
3408 write_fast_connectable(&req, cp->val);
3410 err = hci_req_run(&req, fast_connectable_complete);
3412 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3413 MGMT_STATUS_FAILED);
3414 mgmt_pending_remove(cmd);
3418 hci_dev_unlock(hdev);
3423 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3425 struct pending_cmd *cmd;
3427 BT_DBG("status 0x%02x", status);
3431 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3436 u8 mgmt_err = mgmt_status(status);
3438 /* We need to restore the flag if related HCI commands
3441 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3443 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3445 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3446 new_settings(hdev, cmd->sk);
3449 mgmt_pending_remove(cmd);
3452 hci_dev_unlock(hdev);
3455 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3457 struct mgmt_mode *cp = data;
3458 struct pending_cmd *cmd;
3459 struct hci_request req;
3462 BT_DBG("request for %s", hdev->name);
3464 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3465 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3466 MGMT_STATUS_NOT_SUPPORTED);
3468 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3469 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3470 MGMT_STATUS_REJECTED);
3472 if (cp->val != 0x00 && cp->val != 0x01)
3473 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3474 MGMT_STATUS_INVALID_PARAMS);
3478 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3479 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3483 if (!hdev_is_powered(hdev)) {
3485 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3486 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3487 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3488 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3489 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3490 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3493 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3495 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3499 err = new_settings(hdev, sk);
3503 /* Reject disabling when powered on */
3505 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3506 MGMT_STATUS_REJECTED);
3510 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3511 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3516 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3522 /* We need to flip the bit already here so that hci_update_ad
3523 * generates the correct flags.
3525 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3527 hci_req_init(&req, hdev);
3528 hci_update_ad(&req);
3529 err = hci_req_run(&req, set_bredr_complete);
3531 mgmt_pending_remove(cmd);
3534 hci_dev_unlock(hdev);
3538 static bool ltk_is_valid(struct mgmt_ltk_info *key)
3540 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3542 if (key->master != 0x00 && key->master != 0x01)
3544 if (!bdaddr_type_is_le(key->addr.type))
3549 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
3550 void *cp_data, u16 len)
3552 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3553 u16 key_count, expected_len;
3556 BT_DBG("request for %s", hdev->name);
3558 if (!lmp_le_capable(hdev))
3559 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3560 MGMT_STATUS_NOT_SUPPORTED);
3562 key_count = __le16_to_cpu(cp->key_count);
3564 expected_len = sizeof(*cp) + key_count *
3565 sizeof(struct mgmt_ltk_info);
3566 if (expected_len != len) {
3567 BT_ERR("load_keys: expected %u bytes, got %u bytes",
3569 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3570 MGMT_STATUS_INVALID_PARAMS);
3573 BT_DBG("%s key_count %u", hdev->name, key_count);
3575 for (i = 0; i < key_count; i++) {
3576 struct mgmt_ltk_info *key = &cp->keys[i];
3578 if (!ltk_is_valid(key))
3579 return cmd_status(sk, hdev->id,
3580 MGMT_OP_LOAD_LONG_TERM_KEYS,
3581 MGMT_STATUS_INVALID_PARAMS);
3586 hci_smp_ltks_clear(hdev);
3588 for (i = 0; i < key_count; i++) {
3589 struct mgmt_ltk_info *key = &cp->keys[i];
3595 type = HCI_SMP_LTK_SLAVE;
3597 hci_add_ltk(hdev, &key->addr.bdaddr,
3598 bdaddr_to_le(key->addr.type),
3599 type, 0, key->authenticated, key->val,
3600 key->enc_size, key->ediv, key->rand);
3603 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3606 hci_dev_unlock(hdev);
3611 static const struct mgmt_handler {
3612 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3616 } mgmt_handlers[] = {
3617 { NULL }, /* 0x0000 (no command) */
3618 { read_version, false, MGMT_READ_VERSION_SIZE },
3619 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3620 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3621 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3622 { set_powered, false, MGMT_SETTING_SIZE },
3623 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3624 { set_connectable, false, MGMT_SETTING_SIZE },
3625 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3626 { set_pairable, false, MGMT_SETTING_SIZE },
3627 { set_link_security, false, MGMT_SETTING_SIZE },
3628 { set_ssp, false, MGMT_SETTING_SIZE },
3629 { set_hs, false, MGMT_SETTING_SIZE },
3630 { set_le, false, MGMT_SETTING_SIZE },
3631 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3632 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3633 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3634 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3635 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3636 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3637 { disconnect, false, MGMT_DISCONNECT_SIZE },
3638 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3639 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3640 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3641 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3642 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3643 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3644 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3645 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3646 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3647 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3648 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3649 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3650 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3651 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3652 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3653 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3654 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3655 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3656 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
3657 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
3658 { set_advertising, false, MGMT_SETTING_SIZE },
3659 { set_bredr, false, MGMT_SETTING_SIZE },
3660 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
3664 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3668 struct mgmt_hdr *hdr;
3669 u16 opcode, index, len;
3670 struct hci_dev *hdev = NULL;
3671 const struct mgmt_handler *handler;
3674 BT_DBG("got %zu bytes", msglen);
3676 if (msglen < sizeof(*hdr))
3679 buf = kmalloc(msglen, GFP_KERNEL);
3683 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3689 opcode = __le16_to_cpu(hdr->opcode);
3690 index = __le16_to_cpu(hdr->index);
3691 len = __le16_to_cpu(hdr->len);
3693 if (len != msglen - sizeof(*hdr)) {
3698 if (index != MGMT_INDEX_NONE) {
3699 hdev = hci_dev_get(index);
3701 err = cmd_status(sk, index, opcode,
3702 MGMT_STATUS_INVALID_INDEX);
3706 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3707 err = cmd_status(sk, index, opcode,
3708 MGMT_STATUS_INVALID_INDEX);
3713 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
3714 mgmt_handlers[opcode].func == NULL) {
3715 BT_DBG("Unknown op %u", opcode);
3716 err = cmd_status(sk, index, opcode,
3717 MGMT_STATUS_UNKNOWN_COMMAND);
3721 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
3722 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
3723 err = cmd_status(sk, index, opcode,
3724 MGMT_STATUS_INVALID_INDEX);
3728 handler = &mgmt_handlers[opcode];
3730 if ((handler->var_len && len < handler->data_len) ||
3731 (!handler->var_len && len != handler->data_len)) {
3732 err = cmd_status(sk, index, opcode,
3733 MGMT_STATUS_INVALID_PARAMS);
3738 mgmt_init_hdev(sk, hdev);
3740 cp = buf + sizeof(*hdr);
3742 err = handler->func(sk, hdev, cp, len);
3756 int mgmt_index_added(struct hci_dev *hdev)
3758 if (!mgmt_valid_hdev(hdev))
3761 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
3764 int mgmt_index_removed(struct hci_dev *hdev)
3766 u8 status = MGMT_STATUS_INVALID_INDEX;
3768 if (!mgmt_valid_hdev(hdev))
3771 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3773 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
3776 static void set_bredr_scan(struct hci_request *req)
3778 struct hci_dev *hdev = req->hdev;
3781 /* Ensure that fast connectable is disabled. This function will
3782 * not do anything if the page scan parameters are already what
3785 write_fast_connectable(req, false);
3787 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3789 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3790 scan |= SCAN_INQUIRY;
3793 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3796 static void powered_complete(struct hci_dev *hdev, u8 status)
3798 struct cmd_lookup match = { NULL, hdev };
3800 BT_DBG("status 0x%02x", status);
3804 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3806 new_settings(hdev, match.sk);
3808 hci_dev_unlock(hdev);
3814 static int powered_update_hci(struct hci_dev *hdev)
3816 struct hci_request req;
3819 hci_req_init(&req, hdev);
3821 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3822 !lmp_host_ssp_capable(hdev)) {
3825 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
3828 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3829 lmp_bredr_capable(hdev)) {
3830 struct hci_cp_write_le_host_supported cp;
3833 cp.simul = lmp_le_br_capable(hdev);
3835 /* Check first if we already have the right
3836 * host state (host features set)
3838 if (cp.le != lmp_host_le_capable(hdev) ||
3839 cp.simul != lmp_host_le_br_capable(hdev))
3840 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3843 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3844 hci_update_ad(&req);
3847 if (lmp_le_capable(hdev)) {
3848 /* Set random address to static address if configured */
3849 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3850 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3851 &hdev->static_addr);
3854 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3857 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(adv), &adv);
3860 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3861 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
3862 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3863 sizeof(link_sec), &link_sec);
3865 if (lmp_bredr_capable(hdev)) {
3866 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3867 set_bredr_scan(&req);
3873 return hci_req_run(&req, powered_complete);
3876 int mgmt_powered(struct hci_dev *hdev, u8 powered)
3878 struct cmd_lookup match = { NULL, hdev };
3879 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3880 u8 zero_cod[] = { 0, 0, 0 };
3883 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3887 if (powered_update_hci(hdev) == 0)
3890 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3895 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3896 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3898 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3899 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3900 zero_cod, sizeof(zero_cod), NULL);
3903 err = new_settings(hdev, match.sk);
3911 int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3913 struct pending_cmd *cmd;
3916 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3920 if (err == -ERFKILL)
3921 status = MGMT_STATUS_RFKILLED;
3923 status = MGMT_STATUS_FAILED;
3925 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3927 mgmt_pending_remove(cmd);
3932 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3934 struct cmd_lookup match = { NULL, hdev };
3935 bool changed = false;
3939 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3942 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3946 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3950 err = new_settings(hdev, match.sk);
3958 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3960 struct pending_cmd *cmd;
3961 bool changed = false;
3965 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3968 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3972 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
3975 err = new_settings(hdev, cmd ? cmd->sk : NULL);
3980 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3982 u8 mgmt_err = mgmt_status(status);
3984 if (scan & SCAN_PAGE)
3985 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3986 cmd_status_rsp, &mgmt_err);
3988 if (scan & SCAN_INQUIRY)
3989 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3990 cmd_status_rsp, &mgmt_err);
3995 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3998 struct mgmt_ev_new_link_key ev;
4000 memset(&ev, 0, sizeof(ev));
4002 ev.store_hint = persistent;
4003 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4004 ev.key.addr.type = BDADDR_BREDR;
4005 ev.key.type = key->type;
4006 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
4007 ev.key.pin_len = key->pin_len;
4009 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4012 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4014 struct mgmt_ev_new_long_term_key ev;
4016 memset(&ev, 0, sizeof(ev));
4018 ev.store_hint = persistent;
4019 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4020 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4021 ev.key.authenticated = key->authenticated;
4022 ev.key.enc_size = key->enc_size;
4023 ev.key.ediv = key->ediv;
4025 if (key->type == HCI_SMP_LTK)
4028 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4029 memcpy(ev.key.val, key->val, sizeof(key->val));
4031 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4035 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4036 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4040 struct mgmt_ev_device_connected *ev = (void *) buf;
4043 bacpy(&ev->addr.bdaddr, bdaddr);
4044 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4046 ev->flags = __cpu_to_le32(flags);
4049 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4052 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4053 eir_len = eir_append_data(ev->eir, eir_len,
4054 EIR_CLASS_OF_DEV, dev_class, 3);
4056 ev->eir_len = cpu_to_le16(eir_len);
4058 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4059 sizeof(*ev) + eir_len, NULL);
4062 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4064 struct mgmt_cp_disconnect *cp = cmd->param;
4065 struct sock **sk = data;
4066 struct mgmt_rp_disconnect rp;
4068 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4069 rp.addr.type = cp->addr.type;
4071 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4077 mgmt_pending_remove(cmd);
4080 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4082 struct hci_dev *hdev = data;
4083 struct mgmt_cp_unpair_device *cp = cmd->param;
4084 struct mgmt_rp_unpair_device rp;
4086 memset(&rp, 0, sizeof(rp));
4087 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4088 rp.addr.type = cp->addr.type;
4090 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4092 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4094 mgmt_pending_remove(cmd);
4097 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4098 u8 link_type, u8 addr_type, u8 reason)
4100 struct mgmt_ev_device_disconnected ev;
4101 struct sock *sk = NULL;
4104 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4106 bacpy(&ev.addr.bdaddr, bdaddr);
4107 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4110 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
4116 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4122 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4123 u8 link_type, u8 addr_type, u8 status)
4125 struct mgmt_rp_disconnect rp;
4126 struct pending_cmd *cmd;
4129 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4132 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4136 bacpy(&rp.addr.bdaddr, bdaddr);
4137 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4139 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4140 mgmt_status(status), &rp, sizeof(rp));
4142 mgmt_pending_remove(cmd);
4147 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4148 u8 addr_type, u8 status)
4150 struct mgmt_ev_connect_failed ev;
4152 bacpy(&ev.addr.bdaddr, bdaddr);
4153 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4154 ev.status = mgmt_status(status);
4156 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4159 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
4161 struct mgmt_ev_pin_code_request ev;
4163 bacpy(&ev.addr.bdaddr, bdaddr);
4164 ev.addr.type = BDADDR_BREDR;
4167 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4171 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4174 struct pending_cmd *cmd;
4175 struct mgmt_rp_pin_code_reply rp;
4178 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
4182 bacpy(&rp.addr.bdaddr, bdaddr);
4183 rp.addr.type = BDADDR_BREDR;
4185 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4186 mgmt_status(status), &rp, sizeof(rp));
4188 mgmt_pending_remove(cmd);
4193 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4196 struct pending_cmd *cmd;
4197 struct mgmt_rp_pin_code_reply rp;
4200 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
4204 bacpy(&rp.addr.bdaddr, bdaddr);
4205 rp.addr.type = BDADDR_BREDR;
4207 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4208 mgmt_status(status), &rp, sizeof(rp));
4210 mgmt_pending_remove(cmd);
4215 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4216 u8 link_type, u8 addr_type, __le32 value,
4219 struct mgmt_ev_user_confirm_request ev;
4221 BT_DBG("%s", hdev->name);
4223 bacpy(&ev.addr.bdaddr, bdaddr);
4224 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4225 ev.confirm_hint = confirm_hint;
4228 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4232 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4233 u8 link_type, u8 addr_type)
4235 struct mgmt_ev_user_passkey_request ev;
4237 BT_DBG("%s", hdev->name);
4239 bacpy(&ev.addr.bdaddr, bdaddr);
4240 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4242 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
4246 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4247 u8 link_type, u8 addr_type, u8 status,
4250 struct pending_cmd *cmd;
4251 struct mgmt_rp_user_confirm_reply rp;
4254 cmd = mgmt_pending_find(opcode, hdev);
4258 bacpy(&rp.addr.bdaddr, bdaddr);
4259 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4260 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
4263 mgmt_pending_remove(cmd);
4268 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4269 u8 link_type, u8 addr_type, u8 status)
4271 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4272 status, MGMT_OP_USER_CONFIRM_REPLY);
4275 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4276 u8 link_type, u8 addr_type, u8 status)
4278 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4280 MGMT_OP_USER_CONFIRM_NEG_REPLY);
4283 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4284 u8 link_type, u8 addr_type, u8 status)
4286 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4287 status, MGMT_OP_USER_PASSKEY_REPLY);
4290 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4291 u8 link_type, u8 addr_type, u8 status)
4293 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4295 MGMT_OP_USER_PASSKEY_NEG_REPLY);
4298 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4299 u8 link_type, u8 addr_type, u32 passkey,
4302 struct mgmt_ev_passkey_notify ev;
4304 BT_DBG("%s", hdev->name);
4306 bacpy(&ev.addr.bdaddr, bdaddr);
4307 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4308 ev.passkey = __cpu_to_le32(passkey);
4309 ev.entered = entered;
4311 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4314 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4315 u8 addr_type, u8 status)
4317 struct mgmt_ev_auth_failed ev;
4319 bacpy(&ev.addr.bdaddr, bdaddr);
4320 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4321 ev.status = mgmt_status(status);
4323 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
4326 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4328 struct cmd_lookup match = { NULL, hdev };
4329 bool changed = false;
4333 u8 mgmt_err = mgmt_status(status);
4334 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
4335 cmd_status_rsp, &mgmt_err);
4339 if (test_bit(HCI_AUTH, &hdev->flags)) {
4340 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4343 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4347 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
4351 err = new_settings(hdev, match.sk);
4359 static void clear_eir(struct hci_request *req)
4361 struct hci_dev *hdev = req->hdev;
4362 struct hci_cp_write_eir cp;
4364 if (!lmp_ext_inq_capable(hdev))
4367 memset(hdev->eir, 0, sizeof(hdev->eir));
4369 memset(&cp, 0, sizeof(cp));
4371 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
4374 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4376 struct cmd_lookup match = { NULL, hdev };
4377 struct hci_request req;
4378 bool changed = false;
4382 u8 mgmt_err = mgmt_status(status);
4384 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
4386 err = new_settings(hdev, NULL);
4388 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4395 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4398 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4402 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4405 err = new_settings(hdev, match.sk);
4410 hci_req_init(&req, hdev);
4412 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4417 hci_req_run(&req, NULL);
4422 static void sk_lookup(struct pending_cmd *cmd, void *data)
4424 struct cmd_lookup *match = data;
4426 if (match->sk == NULL) {
4427 match->sk = cmd->sk;
4428 sock_hold(match->sk);
4432 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4435 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4438 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4439 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4440 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
4443 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4452 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
4454 struct mgmt_cp_set_local_name ev;
4455 struct pending_cmd *cmd;
4460 memset(&ev, 0, sizeof(ev));
4461 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
4462 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
4464 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
4466 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
4468 /* If this is a HCI command related to powering on the
4469 * HCI dev don't send any mgmt signals.
4471 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4475 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4476 cmd ? cmd->sk : NULL);
4479 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4480 u8 *randomizer, u8 status)
4482 struct pending_cmd *cmd;
4485 BT_DBG("%s status %u", hdev->name, status);
4487 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4492 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4493 mgmt_status(status));
4495 struct mgmt_rp_read_local_oob_data rp;
4497 memcpy(rp.hash, hash, sizeof(rp.hash));
4498 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4500 err = cmd_complete(cmd->sk, hdev->id,
4501 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4505 mgmt_pending_remove(cmd);
4510 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4511 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4512 ssp, u8 *eir, u16 eir_len)
4515 struct mgmt_ev_device_found *ev = (void *) buf;
4518 if (!hci_discovery_active(hdev))
4521 /* Leave 5 bytes for a potential CoD field */
4522 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
4525 memset(buf, 0, sizeof(buf));
4527 bacpy(&ev->addr.bdaddr, bdaddr);
4528 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4531 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
4533 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
4536 memcpy(ev->eir, eir, eir_len);
4538 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4539 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
4542 ev->eir_len = cpu_to_le16(eir_len);
4543 ev_size = sizeof(*ev) + eir_len;
4545 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
4548 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4549 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
4551 struct mgmt_ev_device_found *ev;
4552 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4555 ev = (struct mgmt_ev_device_found *) buf;
4557 memset(buf, 0, sizeof(buf));
4559 bacpy(&ev->addr.bdaddr, bdaddr);
4560 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4563 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
4566 ev->eir_len = cpu_to_le16(eir_len);
4568 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
4569 sizeof(*ev) + eir_len, NULL);
4572 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
4574 struct mgmt_ev_discovering ev;
4575 struct pending_cmd *cmd;
4577 BT_DBG("%s discovering %u", hdev->name, discovering);
4580 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
4582 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4585 u8 type = hdev->discovery.type;
4587 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4589 mgmt_pending_remove(cmd);
4592 memset(&ev, 0, sizeof(ev));
4593 ev.type = hdev->discovery.type;
4594 ev.discovering = discovering;
4596 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
4599 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4601 struct pending_cmd *cmd;
4602 struct mgmt_ev_device_blocked ev;
4604 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
4606 bacpy(&ev.addr.bdaddr, bdaddr);
4607 ev.addr.type = type;
4609 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
4610 cmd ? cmd->sk : NULL);
4613 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4615 struct pending_cmd *cmd;
4616 struct mgmt_ev_device_unblocked ev;
4618 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
4620 bacpy(&ev.addr.bdaddr, bdaddr);
4621 ev.addr.type = type;
4623 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
4624 cmd ? cmd->sk : NULL);