2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
35 #define MGMT_VERSION 1
36 #define MGMT_REVISION 4
38 static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_LINK_SECURITY,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_UNBLOCK_DEVICE,
76 MGMT_OP_SET_DEVICE_ID,
77 MGMT_OP_SET_ADVERTISING,
79 MGMT_OP_SET_STATIC_ADDRESS,
82 static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
103 MGMT_EV_PASSKEY_NOTIFY,
106 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
108 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112 struct list_head list;
120 /* HCI to MGMT error code conversion table */
121 static u8 mgmt_status_table[] = {
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185 static u8 mgmt_status(u8 hci_status)
187 if (hci_status < ARRAY_SIZE(mgmt_status_table))
188 return mgmt_status_table[hci_status];
190 return MGMT_STATUS_FAILED;
193 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
196 struct mgmt_hdr *hdr;
197 struct mgmt_ev_cmd_status *ev;
200 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
202 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
206 hdr = (void *) skb_put(skb, sizeof(*hdr));
208 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
209 hdr->index = cpu_to_le16(index);
210 hdr->len = cpu_to_le16(sizeof(*ev));
212 ev = (void *) skb_put(skb, sizeof(*ev));
214 ev->opcode = cpu_to_le16(cmd);
216 err = sock_queue_rcv_skb(sk, skb);
223 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
224 void *rp, size_t rp_len)
227 struct mgmt_hdr *hdr;
228 struct mgmt_ev_cmd_complete *ev;
231 BT_DBG("sock %p", sk);
233 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
237 hdr = (void *) skb_put(skb, sizeof(*hdr));
239 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
240 hdr->index = cpu_to_le16(index);
241 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
243 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
244 ev->opcode = cpu_to_le16(cmd);
248 memcpy(ev->data, rp, rp_len);
250 err = sock_queue_rcv_skb(sk, skb);
257 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
260 struct mgmt_rp_read_version rp;
262 BT_DBG("sock %p", sk);
264 rp.version = MGMT_VERSION;
265 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
267 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
271 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
274 struct mgmt_rp_read_commands *rp;
275 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
276 const u16 num_events = ARRAY_SIZE(mgmt_events);
281 BT_DBG("sock %p", sk);
283 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
285 rp = kmalloc(rp_size, GFP_KERNEL);
289 rp->num_commands = __constant_cpu_to_le16(num_commands);
290 rp->num_events = __constant_cpu_to_le16(num_events);
292 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
293 put_unaligned_le16(mgmt_commands[i], opcode);
295 for (i = 0; i < num_events; i++, opcode++)
296 put_unaligned_le16(mgmt_events[i], opcode);
298 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
305 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
308 struct mgmt_rp_read_index_list *rp;
314 BT_DBG("sock %p", sk);
316 read_lock(&hci_dev_list_lock);
319 list_for_each_entry(d, &hci_dev_list, list) {
320 if (d->dev_type == HCI_BREDR)
324 rp_len = sizeof(*rp) + (2 * count);
325 rp = kmalloc(rp_len, GFP_ATOMIC);
327 read_unlock(&hci_dev_list_lock);
332 list_for_each_entry(d, &hci_dev_list, list) {
333 if (test_bit(HCI_SETUP, &d->dev_flags))
336 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
339 if (d->dev_type == HCI_BREDR) {
340 rp->index[count++] = cpu_to_le16(d->id);
341 BT_DBG("Added hci%u", d->id);
345 rp->num_controllers = cpu_to_le16(count);
346 rp_len = sizeof(*rp) + (2 * count);
348 read_unlock(&hci_dev_list_lock);
350 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
358 static u32 get_supported_settings(struct hci_dev *hdev)
362 settings |= MGMT_SETTING_POWERED;
363 settings |= MGMT_SETTING_PAIRABLE;
365 if (lmp_ssp_capable(hdev))
366 settings |= MGMT_SETTING_SSP;
368 if (lmp_bredr_capable(hdev)) {
369 settings |= MGMT_SETTING_CONNECTABLE;
370 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
371 settings |= MGMT_SETTING_FAST_CONNECTABLE;
372 settings |= MGMT_SETTING_DISCOVERABLE;
373 settings |= MGMT_SETTING_BREDR;
374 settings |= MGMT_SETTING_LINK_SECURITY;
375 settings |= MGMT_SETTING_HS;
378 if (lmp_le_capable(hdev)) {
379 settings |= MGMT_SETTING_LE;
380 settings |= MGMT_SETTING_ADVERTISING;
386 static u32 get_current_settings(struct hci_dev *hdev)
390 if (hdev_is_powered(hdev))
391 settings |= MGMT_SETTING_POWERED;
393 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
394 settings |= MGMT_SETTING_CONNECTABLE;
396 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
397 settings |= MGMT_SETTING_FAST_CONNECTABLE;
399 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_DISCOVERABLE;
402 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
403 settings |= MGMT_SETTING_PAIRABLE;
405 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
406 settings |= MGMT_SETTING_BREDR;
408 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
409 settings |= MGMT_SETTING_LE;
411 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
412 settings |= MGMT_SETTING_LINK_SECURITY;
414 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
415 settings |= MGMT_SETTING_SSP;
417 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
418 settings |= MGMT_SETTING_HS;
420 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
421 settings |= MGMT_SETTING_ADVERTISING;
426 #define PNP_INFO_SVCLASS_ID 0x1200
428 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
430 u8 *ptr = data, *uuids_start = NULL;
431 struct bt_uuid *uuid;
436 list_for_each_entry(uuid, &hdev->uuids, list) {
439 if (uuid->size != 16)
442 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
446 if (uuid16 == PNP_INFO_SVCLASS_ID)
452 uuids_start[1] = EIR_UUID16_ALL;
456 /* Stop if not enough space to put next UUID */
457 if ((ptr - data) + sizeof(u16) > len) {
458 uuids_start[1] = EIR_UUID16_SOME;
462 *ptr++ = (uuid16 & 0x00ff);
463 *ptr++ = (uuid16 & 0xff00) >> 8;
464 uuids_start[0] += sizeof(uuid16);
470 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
472 u8 *ptr = data, *uuids_start = NULL;
473 struct bt_uuid *uuid;
478 list_for_each_entry(uuid, &hdev->uuids, list) {
479 if (uuid->size != 32)
485 uuids_start[1] = EIR_UUID32_ALL;
489 /* Stop if not enough space to put next UUID */
490 if ((ptr - data) + sizeof(u32) > len) {
491 uuids_start[1] = EIR_UUID32_SOME;
495 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
497 uuids_start[0] += sizeof(u32);
503 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
505 u8 *ptr = data, *uuids_start = NULL;
506 struct bt_uuid *uuid;
511 list_for_each_entry(uuid, &hdev->uuids, list) {
512 if (uuid->size != 128)
518 uuids_start[1] = EIR_UUID128_ALL;
522 /* Stop if not enough space to put next UUID */
523 if ((ptr - data) + 16 > len) {
524 uuids_start[1] = EIR_UUID128_SOME;
528 memcpy(ptr, uuid->uuid, 16);
530 uuids_start[0] += 16;
536 static void create_eir(struct hci_dev *hdev, u8 *data)
541 name_len = strlen(hdev->dev_name);
547 ptr[1] = EIR_NAME_SHORT;
549 ptr[1] = EIR_NAME_COMPLETE;
551 /* EIR Data length */
552 ptr[0] = name_len + 1;
554 memcpy(ptr + 2, hdev->dev_name, name_len);
556 ptr += (name_len + 2);
559 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
561 ptr[1] = EIR_TX_POWER;
562 ptr[2] = (u8) hdev->inq_tx_power;
567 if (hdev->devid_source > 0) {
569 ptr[1] = EIR_DEVICE_ID;
571 put_unaligned_le16(hdev->devid_source, ptr + 2);
572 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
573 put_unaligned_le16(hdev->devid_product, ptr + 6);
574 put_unaligned_le16(hdev->devid_version, ptr + 8);
579 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
580 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
581 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
584 static void update_eir(struct hci_request *req)
586 struct hci_dev *hdev = req->hdev;
587 struct hci_cp_write_eir cp;
589 if (!hdev_is_powered(hdev))
592 if (!lmp_ext_inq_capable(hdev))
595 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
598 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
601 memset(&cp, 0, sizeof(cp));
603 create_eir(hdev, cp.data);
605 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
608 memcpy(hdev->eir, cp.data, sizeof(cp.data));
610 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
613 static u8 get_service_classes(struct hci_dev *hdev)
615 struct bt_uuid *uuid;
618 list_for_each_entry(uuid, &hdev->uuids, list)
619 val |= uuid->svc_hint;
624 static void update_class(struct hci_request *req)
626 struct hci_dev *hdev = req->hdev;
629 BT_DBG("%s", hdev->name);
631 if (!hdev_is_powered(hdev))
634 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
637 cod[0] = hdev->minor_class;
638 cod[1] = hdev->major_class;
639 cod[2] = get_service_classes(hdev);
641 if (memcmp(cod, hdev->dev_class, 3) == 0)
644 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
647 static void service_cache_off(struct work_struct *work)
649 struct hci_dev *hdev = container_of(work, struct hci_dev,
651 struct hci_request req;
653 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
656 hci_req_init(&req, hdev);
663 hci_dev_unlock(hdev);
665 hci_req_run(&req, NULL);
668 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
670 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
673 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
675 /* Non-mgmt controlled devices get this bit set
676 * implicitly so that pairing works for them, however
677 * for mgmt we require user-space to explicitly enable
680 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
683 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
684 void *data, u16 data_len)
686 struct mgmt_rp_read_info rp;
688 BT_DBG("sock %p %s", sk, hdev->name);
692 memset(&rp, 0, sizeof(rp));
694 bacpy(&rp.bdaddr, &hdev->bdaddr);
696 rp.version = hdev->hci_ver;
697 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
699 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
700 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
702 memcpy(rp.dev_class, hdev->dev_class, 3);
704 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
705 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
707 hci_dev_unlock(hdev);
709 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
713 static void mgmt_pending_free(struct pending_cmd *cmd)
720 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
721 struct hci_dev *hdev, void *data,
724 struct pending_cmd *cmd;
726 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
730 cmd->opcode = opcode;
731 cmd->index = hdev->id;
733 cmd->param = kmalloc(len, GFP_KERNEL);
740 memcpy(cmd->param, data, len);
745 list_add(&cmd->list, &hdev->mgmt_pending);
750 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
751 void (*cb)(struct pending_cmd *cmd,
755 struct pending_cmd *cmd, *tmp;
757 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
758 if (opcode > 0 && cmd->opcode != opcode)
765 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
767 struct pending_cmd *cmd;
769 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
770 if (cmd->opcode == opcode)
777 static void mgmt_pending_remove(struct pending_cmd *cmd)
779 list_del(&cmd->list);
780 mgmt_pending_free(cmd);
783 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
785 __le32 settings = cpu_to_le32(get_current_settings(hdev));
787 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
791 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
794 struct mgmt_mode *cp = data;
795 struct pending_cmd *cmd;
798 BT_DBG("request for %s", hdev->name);
800 if (cp->val != 0x00 && cp->val != 0x01)
801 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
802 MGMT_STATUS_INVALID_PARAMS);
806 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
807 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
812 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
813 cancel_delayed_work(&hdev->power_off);
816 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
818 err = mgmt_powered(hdev, 1);
823 if (!!cp->val == hdev_is_powered(hdev)) {
824 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
828 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
835 queue_work(hdev->req_workqueue, &hdev->power_on);
837 queue_work(hdev->req_workqueue, &hdev->power_off.work);
842 hci_dev_unlock(hdev);
846 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
847 struct sock *skip_sk)
850 struct mgmt_hdr *hdr;
852 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
856 hdr = (void *) skb_put(skb, sizeof(*hdr));
857 hdr->opcode = cpu_to_le16(event);
859 hdr->index = cpu_to_le16(hdev->id);
861 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
862 hdr->len = cpu_to_le16(data_len);
865 memcpy(skb_put(skb, data_len), data, data_len);
868 __net_timestamp(skb);
870 hci_send_to_control(skb, skip_sk);
876 static int new_settings(struct hci_dev *hdev, struct sock *skip)
880 ev = cpu_to_le32(get_current_settings(hdev));
882 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
887 struct hci_dev *hdev;
891 static void settings_rsp(struct pending_cmd *cmd, void *data)
893 struct cmd_lookup *match = data;
895 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
897 list_del(&cmd->list);
899 if (match->sk == NULL) {
901 sock_hold(match->sk);
904 mgmt_pending_free(cmd);
907 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
911 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
912 mgmt_pending_remove(cmd);
915 static u8 mgmt_bredr_support(struct hci_dev *hdev)
917 if (!lmp_bredr_capable(hdev))
918 return MGMT_STATUS_NOT_SUPPORTED;
919 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
920 return MGMT_STATUS_REJECTED;
922 return MGMT_STATUS_SUCCESS;
925 static u8 mgmt_le_support(struct hci_dev *hdev)
927 if (!lmp_le_capable(hdev))
928 return MGMT_STATUS_NOT_SUPPORTED;
929 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
930 return MGMT_STATUS_REJECTED;
932 return MGMT_STATUS_SUCCESS;
935 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
938 struct mgmt_cp_set_discoverable *cp = data;
939 struct pending_cmd *cmd;
944 BT_DBG("request for %s", hdev->name);
946 status = mgmt_bredr_support(hdev);
948 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
951 if (cp->val != 0x00 && cp->val != 0x01)
952 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
953 MGMT_STATUS_INVALID_PARAMS);
955 timeout = __le16_to_cpu(cp->timeout);
956 if (!cp->val && timeout > 0)
957 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
958 MGMT_STATUS_INVALID_PARAMS);
962 if (!hdev_is_powered(hdev) && timeout > 0) {
963 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
964 MGMT_STATUS_NOT_POWERED);
968 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
969 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
970 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
975 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
976 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
977 MGMT_STATUS_REJECTED);
981 if (!hdev_is_powered(hdev)) {
982 bool changed = false;
984 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
985 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
989 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
994 err = new_settings(hdev, sk);
999 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1000 if (hdev->discov_timeout > 0) {
1001 cancel_delayed_work(&hdev->discov_off);
1002 hdev->discov_timeout = 0;
1005 if (cp->val && timeout > 0) {
1006 hdev->discov_timeout = timeout;
1007 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1008 msecs_to_jiffies(hdev->discov_timeout * 1000));
1011 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1015 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1024 scan |= SCAN_INQUIRY;
1026 cancel_delayed_work(&hdev->discov_off);
1028 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1030 mgmt_pending_remove(cmd);
1033 hdev->discov_timeout = timeout;
1036 hci_dev_unlock(hdev);
1040 static void write_fast_connectable(struct hci_request *req, bool enable)
1042 struct hci_dev *hdev = req->hdev;
1043 struct hci_cp_write_page_scan_activity acp;
1046 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1050 type = PAGE_SCAN_TYPE_INTERLACED;
1052 /* 160 msec page scan interval */
1053 acp.interval = __constant_cpu_to_le16(0x0100);
1055 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1057 /* default 1.28 sec page scan */
1058 acp.interval = __constant_cpu_to_le16(0x0800);
1061 acp.window = __constant_cpu_to_le16(0x0012);
1063 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1064 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1065 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1068 if (hdev->page_scan_type != type)
1069 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1072 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1074 struct pending_cmd *cmd;
1076 BT_DBG("status 0x%02x", status);
1080 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1084 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1086 mgmt_pending_remove(cmd);
1089 hci_dev_unlock(hdev);
1092 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1095 struct mgmt_mode *cp = data;
1096 struct pending_cmd *cmd;
1097 struct hci_request req;
1101 BT_DBG("request for %s", hdev->name);
1103 status = mgmt_bredr_support(hdev);
1105 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1108 if (cp->val != 0x00 && cp->val != 0x01)
1109 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1110 MGMT_STATUS_INVALID_PARAMS);
1114 if (!hdev_is_powered(hdev)) {
1115 bool changed = false;
1117 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1121 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1123 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1124 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1127 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1132 err = new_settings(hdev, sk);
1137 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1138 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1139 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1144 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1145 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1149 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1160 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1161 hdev->discov_timeout > 0)
1162 cancel_delayed_work(&hdev->discov_off);
1165 hci_req_init(&req, hdev);
1167 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1169 /* If we're going from non-connectable to connectable or
1170 * vice-versa when fast connectable is enabled ensure that fast
1171 * connectable gets disabled. write_fast_connectable won't do
1172 * anything if the page scan parameters are already what they
1175 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1176 write_fast_connectable(&req, false);
1178 err = hci_req_run(&req, set_connectable_complete);
1180 mgmt_pending_remove(cmd);
1183 hci_dev_unlock(hdev);
1187 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1190 struct mgmt_mode *cp = data;
1194 BT_DBG("request for %s", hdev->name);
1196 if (cp->val != 0x00 && cp->val != 0x01)
1197 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1198 MGMT_STATUS_INVALID_PARAMS);
1203 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1205 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1207 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1212 err = new_settings(hdev, sk);
1215 hci_dev_unlock(hdev);
1219 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1222 struct mgmt_mode *cp = data;
1223 struct pending_cmd *cmd;
1227 BT_DBG("request for %s", hdev->name);
1229 status = mgmt_bredr_support(hdev);
1231 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1234 if (cp->val != 0x00 && cp->val != 0x01)
1235 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1236 MGMT_STATUS_INVALID_PARAMS);
1240 if (!hdev_is_powered(hdev)) {
1241 bool changed = false;
1243 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1244 &hdev->dev_flags)) {
1245 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1249 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1254 err = new_settings(hdev, sk);
1259 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1260 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1267 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1268 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1272 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1278 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1280 mgmt_pending_remove(cmd);
1285 hci_dev_unlock(hdev);
1289 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1291 struct mgmt_mode *cp = data;
1292 struct pending_cmd *cmd;
1296 BT_DBG("request for %s", hdev->name);
1298 status = mgmt_bredr_support(hdev);
1300 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1302 if (!lmp_ssp_capable(hdev))
1303 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1304 MGMT_STATUS_NOT_SUPPORTED);
1306 if (cp->val != 0x00 && cp->val != 0x01)
1307 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1308 MGMT_STATUS_INVALID_PARAMS);
1314 if (!hdev_is_powered(hdev)) {
1315 bool changed = false;
1317 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1318 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1322 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1327 err = new_settings(hdev, sk);
1332 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1333 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1338 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1339 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1343 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1349 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1351 mgmt_pending_remove(cmd);
1356 hci_dev_unlock(hdev);
1360 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1362 struct mgmt_mode *cp = data;
1367 BT_DBG("request for %s", hdev->name);
1369 status = mgmt_bredr_support(hdev);
1371 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1373 if (cp->val != 0x00 && cp->val != 0x01)
1374 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1375 MGMT_STATUS_INVALID_PARAMS);
1380 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1382 if (hdev_is_powered(hdev)) {
1383 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1384 MGMT_STATUS_REJECTED);
1388 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1391 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1396 err = new_settings(hdev, sk);
1399 hci_dev_unlock(hdev);
1403 static void enable_advertising(struct hci_request *req)
1405 struct hci_dev *hdev = req->hdev;
1406 struct hci_cp_le_set_adv_param cp;
1409 memset(&cp, 0, sizeof(cp));
1410 cp.min_interval = __constant_cpu_to_le16(0x0800);
1411 cp.max_interval = __constant_cpu_to_le16(0x0800);
1412 cp.type = LE_ADV_IND;
1413 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1414 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1416 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1417 cp.channel_map = 0x07;
1419 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1421 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1424 static void disable_advertising(struct hci_request *req)
1428 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1431 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1433 struct cmd_lookup match = { NULL, hdev };
1436 u8 mgmt_err = mgmt_status(status);
1438 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1443 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1445 new_settings(hdev, match.sk);
1451 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1453 struct mgmt_mode *cp = data;
1454 struct hci_cp_write_le_host_supported hci_cp;
1455 struct pending_cmd *cmd;
1456 struct hci_request req;
1460 BT_DBG("request for %s", hdev->name);
1462 if (!lmp_le_capable(hdev))
1463 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1464 MGMT_STATUS_NOT_SUPPORTED);
1466 if (cp->val != 0x00 && cp->val != 0x01)
1467 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1468 MGMT_STATUS_INVALID_PARAMS);
1470 /* LE-only devices do not allow toggling LE on/off */
1471 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1472 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1473 MGMT_STATUS_REJECTED);
1478 enabled = lmp_host_le_capable(hdev);
1480 if (!hdev_is_powered(hdev) || val == enabled) {
1481 bool changed = false;
1483 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1484 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1488 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1489 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1493 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1498 err = new_settings(hdev, sk);
1503 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1504 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1505 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1510 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1516 memset(&hci_cp, 0, sizeof(hci_cp));
1520 hci_cp.simul = lmp_le_br_capable(hdev);
1523 hci_req_init(&req, hdev);
1525 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && !val)
1526 disable_advertising(&req);
1528 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1531 err = hci_req_run(&req, le_enable_complete);
1533 mgmt_pending_remove(cmd);
1536 hci_dev_unlock(hdev);
1540 /* This is a helper function to test for pending mgmt commands that can
1541 * cause CoD or EIR HCI commands. We can only allow one such pending
1542 * mgmt command at a time since otherwise we cannot easily track what
1543 * the current values are, will be, and based on that calculate if a new
1544 * HCI command needs to be sent and if yes with what value.
1546 static bool pending_eir_or_class(struct hci_dev *hdev)
1548 struct pending_cmd *cmd;
1550 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1551 switch (cmd->opcode) {
1552 case MGMT_OP_ADD_UUID:
1553 case MGMT_OP_REMOVE_UUID:
1554 case MGMT_OP_SET_DEV_CLASS:
1555 case MGMT_OP_SET_POWERED:
1563 static const u8 bluetooth_base_uuid[] = {
1564 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1565 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1568 static u8 get_uuid_size(const u8 *uuid)
1572 if (memcmp(uuid, bluetooth_base_uuid, 12))
1575 val = get_unaligned_le32(&uuid[12]);
1582 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1584 struct pending_cmd *cmd;
1588 cmd = mgmt_pending_find(mgmt_op, hdev);
1592 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1593 hdev->dev_class, 3);
1595 mgmt_pending_remove(cmd);
1598 hci_dev_unlock(hdev);
1601 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1603 BT_DBG("status 0x%02x", status);
1605 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1608 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1610 struct mgmt_cp_add_uuid *cp = data;
1611 struct pending_cmd *cmd;
1612 struct hci_request req;
1613 struct bt_uuid *uuid;
1616 BT_DBG("request for %s", hdev->name);
1620 if (pending_eir_or_class(hdev)) {
1621 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1626 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1632 memcpy(uuid->uuid, cp->uuid, 16);
1633 uuid->svc_hint = cp->svc_hint;
1634 uuid->size = get_uuid_size(cp->uuid);
1636 list_add_tail(&uuid->list, &hdev->uuids);
1638 hci_req_init(&req, hdev);
1643 err = hci_req_run(&req, add_uuid_complete);
1645 if (err != -ENODATA)
1648 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1649 hdev->dev_class, 3);
1653 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1662 hci_dev_unlock(hdev);
1666 static bool enable_service_cache(struct hci_dev *hdev)
1668 if (!hdev_is_powered(hdev))
1671 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1672 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1680 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1682 BT_DBG("status 0x%02x", status);
1684 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1687 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1690 struct mgmt_cp_remove_uuid *cp = data;
1691 struct pending_cmd *cmd;
1692 struct bt_uuid *match, *tmp;
1693 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1694 struct hci_request req;
1697 BT_DBG("request for %s", hdev->name);
1701 if (pending_eir_or_class(hdev)) {
1702 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1707 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1708 err = hci_uuids_clear(hdev);
1710 if (enable_service_cache(hdev)) {
1711 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1712 0, hdev->dev_class, 3);
1721 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1722 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1725 list_del(&match->list);
1731 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1732 MGMT_STATUS_INVALID_PARAMS);
1737 hci_req_init(&req, hdev);
1742 err = hci_req_run(&req, remove_uuid_complete);
1744 if (err != -ENODATA)
1747 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1748 hdev->dev_class, 3);
1752 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1761 hci_dev_unlock(hdev);
1765 static void set_class_complete(struct hci_dev *hdev, u8 status)
1767 BT_DBG("status 0x%02x", status);
1769 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1772 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1775 struct mgmt_cp_set_dev_class *cp = data;
1776 struct pending_cmd *cmd;
1777 struct hci_request req;
1780 BT_DBG("request for %s", hdev->name);
1782 if (!lmp_bredr_capable(hdev))
1783 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1784 MGMT_STATUS_NOT_SUPPORTED);
1788 if (pending_eir_or_class(hdev)) {
1789 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1794 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1795 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1796 MGMT_STATUS_INVALID_PARAMS);
1800 hdev->major_class = cp->major;
1801 hdev->minor_class = cp->minor;
1803 if (!hdev_is_powered(hdev)) {
1804 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1805 hdev->dev_class, 3);
1809 hci_req_init(&req, hdev);
1811 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1812 hci_dev_unlock(hdev);
1813 cancel_delayed_work_sync(&hdev->service_cache);
1820 err = hci_req_run(&req, set_class_complete);
1822 if (err != -ENODATA)
1825 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1826 hdev->dev_class, 3);
1830 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1839 hci_dev_unlock(hdev);
1843 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1846 struct mgmt_cp_load_link_keys *cp = data;
1847 u16 key_count, expected_len;
1850 BT_DBG("request for %s", hdev->name);
1852 if (!lmp_bredr_capable(hdev))
1853 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1854 MGMT_STATUS_NOT_SUPPORTED);
1856 key_count = __le16_to_cpu(cp->key_count);
1858 expected_len = sizeof(*cp) + key_count *
1859 sizeof(struct mgmt_link_key_info);
1860 if (expected_len != len) {
1861 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1863 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1864 MGMT_STATUS_INVALID_PARAMS);
1867 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1868 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1869 MGMT_STATUS_INVALID_PARAMS);
1871 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1874 for (i = 0; i < key_count; i++) {
1875 struct mgmt_link_key_info *key = &cp->keys[i];
1877 if (key->addr.type != BDADDR_BREDR)
1878 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1879 MGMT_STATUS_INVALID_PARAMS);
1884 hci_link_keys_clear(hdev);
1887 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1889 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1891 for (i = 0; i < key_count; i++) {
1892 struct mgmt_link_key_info *key = &cp->keys[i];
1894 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1895 key->type, key->pin_len);
1898 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1900 hci_dev_unlock(hdev);
1905 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1906 u8 addr_type, struct sock *skip_sk)
1908 struct mgmt_ev_device_unpaired ev;
1910 bacpy(&ev.addr.bdaddr, bdaddr);
1911 ev.addr.type = addr_type;
1913 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1917 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1920 struct mgmt_cp_unpair_device *cp = data;
1921 struct mgmt_rp_unpair_device rp;
1922 struct hci_cp_disconnect dc;
1923 struct pending_cmd *cmd;
1924 struct hci_conn *conn;
1927 memset(&rp, 0, sizeof(rp));
1928 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1929 rp.addr.type = cp->addr.type;
1931 if (!bdaddr_type_is_valid(cp->addr.type))
1932 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1933 MGMT_STATUS_INVALID_PARAMS,
1936 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1937 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1938 MGMT_STATUS_INVALID_PARAMS,
1943 if (!hdev_is_powered(hdev)) {
1944 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1945 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1949 if (cp->addr.type == BDADDR_BREDR)
1950 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1952 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1955 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1956 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1960 if (cp->disconnect) {
1961 if (cp->addr.type == BDADDR_BREDR)
1962 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1965 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1972 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1974 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1978 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1985 dc.handle = cpu_to_le16(conn->handle);
1986 dc.reason = 0x13; /* Remote User Terminated Connection */
1987 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1989 mgmt_pending_remove(cmd);
1992 hci_dev_unlock(hdev);
1996 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1999 struct mgmt_cp_disconnect *cp = data;
2000 struct mgmt_rp_disconnect rp;
2001 struct hci_cp_disconnect dc;
2002 struct pending_cmd *cmd;
2003 struct hci_conn *conn;
2008 memset(&rp, 0, sizeof(rp));
2009 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2010 rp.addr.type = cp->addr.type;
2012 if (!bdaddr_type_is_valid(cp->addr.type))
2013 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2014 MGMT_STATUS_INVALID_PARAMS,
2019 if (!test_bit(HCI_UP, &hdev->flags)) {
2020 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2021 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2025 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2026 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2027 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2031 if (cp->addr.type == BDADDR_BREDR)
2032 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2035 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2037 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2038 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2039 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2043 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2049 dc.handle = cpu_to_le16(conn->handle);
2050 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2052 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2054 mgmt_pending_remove(cmd);
2057 hci_dev_unlock(hdev);
2061 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2063 switch (link_type) {
2065 switch (addr_type) {
2066 case ADDR_LE_DEV_PUBLIC:
2067 return BDADDR_LE_PUBLIC;
2070 /* Fallback to LE Random address type */
2071 return BDADDR_LE_RANDOM;
2075 /* Fallback to BR/EDR type */
2076 return BDADDR_BREDR;
2080 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2083 struct mgmt_rp_get_connections *rp;
2093 if (!hdev_is_powered(hdev)) {
2094 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2095 MGMT_STATUS_NOT_POWERED);
2100 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2101 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2105 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2106 rp = kmalloc(rp_len, GFP_KERNEL);
2113 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2114 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2116 bacpy(&rp->addr[i].bdaddr, &c->dst);
2117 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2118 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2123 rp->conn_count = cpu_to_le16(i);
2125 /* Recalculate length in case of filtered SCO connections, etc */
2126 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2128 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2134 hci_dev_unlock(hdev);
2138 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2139 struct mgmt_cp_pin_code_neg_reply *cp)
2141 struct pending_cmd *cmd;
2144 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2149 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2150 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2152 mgmt_pending_remove(cmd);
2157 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2160 struct hci_conn *conn;
2161 struct mgmt_cp_pin_code_reply *cp = data;
2162 struct hci_cp_pin_code_reply reply;
2163 struct pending_cmd *cmd;
2170 if (!hdev_is_powered(hdev)) {
2171 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2172 MGMT_STATUS_NOT_POWERED);
2176 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2178 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2179 MGMT_STATUS_NOT_CONNECTED);
2183 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2184 struct mgmt_cp_pin_code_neg_reply ncp;
2186 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2188 BT_ERR("PIN code is not 16 bytes long");
2190 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2192 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2193 MGMT_STATUS_INVALID_PARAMS);
2198 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2204 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2205 reply.pin_len = cp->pin_len;
2206 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2208 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2210 mgmt_pending_remove(cmd);
2213 hci_dev_unlock(hdev);
2217 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2220 struct mgmt_cp_set_io_capability *cp = data;
2226 hdev->io_capability = cp->io_capability;
2228 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2229 hdev->io_capability);
2231 hci_dev_unlock(hdev);
2233 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2237 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2239 struct hci_dev *hdev = conn->hdev;
2240 struct pending_cmd *cmd;
2242 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2243 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2246 if (cmd->user_data != conn)
2255 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2257 struct mgmt_rp_pair_device rp;
2258 struct hci_conn *conn = cmd->user_data;
2260 bacpy(&rp.addr.bdaddr, &conn->dst);
2261 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2263 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2266 /* So we don't get further callbacks for this connection */
2267 conn->connect_cfm_cb = NULL;
2268 conn->security_cfm_cb = NULL;
2269 conn->disconn_cfm_cb = NULL;
2271 hci_conn_drop(conn);
2273 mgmt_pending_remove(cmd);
2276 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2278 struct pending_cmd *cmd;
2280 BT_DBG("status %u", status);
2282 cmd = find_pairing(conn);
2284 BT_DBG("Unable to find a pending command");
2286 pairing_complete(cmd, mgmt_status(status));
2289 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2291 struct pending_cmd *cmd;
2293 BT_DBG("status %u", status);
2298 cmd = find_pairing(conn);
2300 BT_DBG("Unable to find a pending command");
2302 pairing_complete(cmd, mgmt_status(status));
2305 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2308 struct mgmt_cp_pair_device *cp = data;
2309 struct mgmt_rp_pair_device rp;
2310 struct pending_cmd *cmd;
2311 u8 sec_level, auth_type;
2312 struct hci_conn *conn;
2317 memset(&rp, 0, sizeof(rp));
2318 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2319 rp.addr.type = cp->addr.type;
2321 if (!bdaddr_type_is_valid(cp->addr.type))
2322 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2323 MGMT_STATUS_INVALID_PARAMS,
2328 if (!hdev_is_powered(hdev)) {
2329 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2330 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2334 sec_level = BT_SECURITY_MEDIUM;
2335 if (cp->io_cap == 0x03)
2336 auth_type = HCI_AT_DEDICATED_BONDING;
2338 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2340 if (cp->addr.type == BDADDR_BREDR)
2341 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2342 cp->addr.type, sec_level, auth_type);
2344 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2345 cp->addr.type, sec_level, auth_type);
2350 if (PTR_ERR(conn) == -EBUSY)
2351 status = MGMT_STATUS_BUSY;
2353 status = MGMT_STATUS_CONNECT_FAILED;
2355 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2361 if (conn->connect_cfm_cb) {
2362 hci_conn_drop(conn);
2363 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2364 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2368 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2371 hci_conn_drop(conn);
2375 /* For LE, just connecting isn't a proof that the pairing finished */
2376 if (cp->addr.type == BDADDR_BREDR)
2377 conn->connect_cfm_cb = pairing_complete_cb;
2379 conn->connect_cfm_cb = le_connect_complete_cb;
2381 conn->security_cfm_cb = pairing_complete_cb;
2382 conn->disconn_cfm_cb = pairing_complete_cb;
2383 conn->io_capability = cp->io_cap;
2384 cmd->user_data = conn;
2386 if (conn->state == BT_CONNECTED &&
2387 hci_conn_security(conn, sec_level, auth_type))
2388 pairing_complete(cmd, 0);
2393 hci_dev_unlock(hdev);
2397 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2400 struct mgmt_addr_info *addr = data;
2401 struct pending_cmd *cmd;
2402 struct hci_conn *conn;
2409 if (!hdev_is_powered(hdev)) {
2410 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2411 MGMT_STATUS_NOT_POWERED);
2415 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2417 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2418 MGMT_STATUS_INVALID_PARAMS);
2422 conn = cmd->user_data;
2424 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2425 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2426 MGMT_STATUS_INVALID_PARAMS);
2430 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2432 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2433 addr, sizeof(*addr));
2435 hci_dev_unlock(hdev);
2439 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2440 struct mgmt_addr_info *addr, u16 mgmt_op,
2441 u16 hci_op, __le32 passkey)
2443 struct pending_cmd *cmd;
2444 struct hci_conn *conn;
2449 if (!hdev_is_powered(hdev)) {
2450 err = cmd_complete(sk, hdev->id, mgmt_op,
2451 MGMT_STATUS_NOT_POWERED, addr,
2456 if (addr->type == BDADDR_BREDR)
2457 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2459 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2462 err = cmd_complete(sk, hdev->id, mgmt_op,
2463 MGMT_STATUS_NOT_CONNECTED, addr,
2468 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2469 /* Continue with pairing via SMP */
2470 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2473 err = cmd_complete(sk, hdev->id, mgmt_op,
2474 MGMT_STATUS_SUCCESS, addr,
2477 err = cmd_complete(sk, hdev->id, mgmt_op,
2478 MGMT_STATUS_FAILED, addr,
2484 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2490 /* Continue with pairing via HCI */
2491 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2492 struct hci_cp_user_passkey_reply cp;
2494 bacpy(&cp.bdaddr, &addr->bdaddr);
2495 cp.passkey = passkey;
2496 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2498 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2502 mgmt_pending_remove(cmd);
2505 hci_dev_unlock(hdev);
2509 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2510 void *data, u16 len)
2512 struct mgmt_cp_pin_code_neg_reply *cp = data;
2516 return user_pairing_resp(sk, hdev, &cp->addr,
2517 MGMT_OP_PIN_CODE_NEG_REPLY,
2518 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2521 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2524 struct mgmt_cp_user_confirm_reply *cp = data;
2528 if (len != sizeof(*cp))
2529 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2530 MGMT_STATUS_INVALID_PARAMS);
2532 return user_pairing_resp(sk, hdev, &cp->addr,
2533 MGMT_OP_USER_CONFIRM_REPLY,
2534 HCI_OP_USER_CONFIRM_REPLY, 0);
2537 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2538 void *data, u16 len)
2540 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2544 return user_pairing_resp(sk, hdev, &cp->addr,
2545 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2546 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2549 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2552 struct mgmt_cp_user_passkey_reply *cp = data;
2556 return user_pairing_resp(sk, hdev, &cp->addr,
2557 MGMT_OP_USER_PASSKEY_REPLY,
2558 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2561 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2562 void *data, u16 len)
2564 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2568 return user_pairing_resp(sk, hdev, &cp->addr,
2569 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2570 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2573 static void update_name(struct hci_request *req)
2575 struct hci_dev *hdev = req->hdev;
2576 struct hci_cp_write_local_name cp;
2578 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2580 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2583 static void set_name_complete(struct hci_dev *hdev, u8 status)
2585 struct mgmt_cp_set_local_name *cp;
2586 struct pending_cmd *cmd;
2588 BT_DBG("status 0x%02x", status);
2592 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2599 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2600 mgmt_status(status));
2602 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2605 mgmt_pending_remove(cmd);
2608 hci_dev_unlock(hdev);
2611 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2614 struct mgmt_cp_set_local_name *cp = data;
2615 struct pending_cmd *cmd;
2616 struct hci_request req;
2623 /* If the old values are the same as the new ones just return a
2624 * direct command complete event.
2626 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2627 !memcmp(hdev->short_name, cp->short_name,
2628 sizeof(hdev->short_name))) {
2629 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2634 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2636 if (!hdev_is_powered(hdev)) {
2637 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2639 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2644 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2650 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2656 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2658 hci_req_init(&req, hdev);
2660 if (lmp_bredr_capable(hdev)) {
2665 if (lmp_le_capable(hdev))
2666 hci_update_ad(&req);
2668 err = hci_req_run(&req, set_name_complete);
2670 mgmt_pending_remove(cmd);
2673 hci_dev_unlock(hdev);
2677 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2678 void *data, u16 data_len)
2680 struct pending_cmd *cmd;
2683 BT_DBG("%s", hdev->name);
2687 if (!hdev_is_powered(hdev)) {
2688 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2689 MGMT_STATUS_NOT_POWERED);
2693 if (!lmp_ssp_capable(hdev)) {
2694 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2695 MGMT_STATUS_NOT_SUPPORTED);
2699 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2700 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2705 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2711 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2713 mgmt_pending_remove(cmd);
2716 hci_dev_unlock(hdev);
2720 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2721 void *data, u16 len)
2723 struct mgmt_cp_add_remote_oob_data *cp = data;
2727 BT_DBG("%s ", hdev->name);
2731 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2734 status = MGMT_STATUS_FAILED;
2736 status = MGMT_STATUS_SUCCESS;
2738 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2739 &cp->addr, sizeof(cp->addr));
2741 hci_dev_unlock(hdev);
2745 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2746 void *data, u16 len)
2748 struct mgmt_cp_remove_remote_oob_data *cp = data;
2752 BT_DBG("%s", hdev->name);
2756 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2758 status = MGMT_STATUS_INVALID_PARAMS;
2760 status = MGMT_STATUS_SUCCESS;
2762 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2763 status, &cp->addr, sizeof(cp->addr));
2765 hci_dev_unlock(hdev);
2769 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2771 struct pending_cmd *cmd;
2775 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2777 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2781 type = hdev->discovery.type;
2783 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2784 &type, sizeof(type));
2785 mgmt_pending_remove(cmd);
2790 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2792 BT_DBG("status %d", status);
2796 mgmt_start_discovery_failed(hdev, status);
2797 hci_dev_unlock(hdev);
2802 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2803 hci_dev_unlock(hdev);
2805 switch (hdev->discovery.type) {
2806 case DISCOV_TYPE_LE:
2807 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2811 case DISCOV_TYPE_INTERLEAVED:
2812 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2813 DISCOV_INTERLEAVED_TIMEOUT);
2816 case DISCOV_TYPE_BREDR:
2820 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2824 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2825 void *data, u16 len)
2827 struct mgmt_cp_start_discovery *cp = data;
2828 struct pending_cmd *cmd;
2829 struct hci_cp_le_set_scan_param param_cp;
2830 struct hci_cp_le_set_scan_enable enable_cp;
2831 struct hci_cp_inquiry inq_cp;
2832 struct hci_request req;
2833 /* General inquiry access code (GIAC) */
2834 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2838 BT_DBG("%s", hdev->name);
2842 if (!hdev_is_powered(hdev)) {
2843 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2844 MGMT_STATUS_NOT_POWERED);
2848 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2849 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2854 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2855 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2860 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2866 hdev->discovery.type = cp->type;
2868 hci_req_init(&req, hdev);
2870 switch (hdev->discovery.type) {
2871 case DISCOV_TYPE_BREDR:
2872 status = mgmt_bredr_support(hdev);
2874 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2876 mgmt_pending_remove(cmd);
2880 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2881 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2883 mgmt_pending_remove(cmd);
2887 hci_inquiry_cache_flush(hdev);
2889 memset(&inq_cp, 0, sizeof(inq_cp));
2890 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
2891 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
2892 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
2895 case DISCOV_TYPE_LE:
2896 case DISCOV_TYPE_INTERLEAVED:
2897 status = mgmt_le_support(hdev);
2899 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2901 mgmt_pending_remove(cmd);
2905 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
2906 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2907 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2908 MGMT_STATUS_NOT_SUPPORTED);
2909 mgmt_pending_remove(cmd);
2913 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2914 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2915 MGMT_STATUS_REJECTED);
2916 mgmt_pending_remove(cmd);
2920 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2921 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2923 mgmt_pending_remove(cmd);
2927 memset(¶m_cp, 0, sizeof(param_cp));
2928 param_cp.type = LE_SCAN_ACTIVE;
2929 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2930 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
2931 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
2932 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
2934 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
2935 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2938 memset(&enable_cp, 0, sizeof(enable_cp));
2939 enable_cp.enable = LE_SCAN_ENABLE;
2940 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2941 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2946 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2947 MGMT_STATUS_INVALID_PARAMS);
2948 mgmt_pending_remove(cmd);
2952 err = hci_req_run(&req, start_discovery_complete);
2954 mgmt_pending_remove(cmd);
2956 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2959 hci_dev_unlock(hdev);
2963 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2965 struct pending_cmd *cmd;
2968 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2972 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2973 &hdev->discovery.type, sizeof(hdev->discovery.type));
2974 mgmt_pending_remove(cmd);
2979 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2981 BT_DBG("status %d", status);
2986 mgmt_stop_discovery_failed(hdev, status);
2990 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2993 hci_dev_unlock(hdev);
2996 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2999 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3000 struct pending_cmd *cmd;
3001 struct hci_cp_remote_name_req_cancel cp;
3002 struct inquiry_entry *e;
3003 struct hci_request req;
3004 struct hci_cp_le_set_scan_enable enable_cp;
3007 BT_DBG("%s", hdev->name);
3011 if (!hci_discovery_active(hdev)) {
3012 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3013 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3014 sizeof(mgmt_cp->type));
3018 if (hdev->discovery.type != mgmt_cp->type) {
3019 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3020 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3021 sizeof(mgmt_cp->type));
3025 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3031 hci_req_init(&req, hdev);
3033 switch (hdev->discovery.state) {
3034 case DISCOVERY_FINDING:
3035 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3036 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3038 cancel_delayed_work(&hdev->le_scan_disable);
3040 memset(&enable_cp, 0, sizeof(enable_cp));
3041 enable_cp.enable = LE_SCAN_DISABLE;
3042 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3043 sizeof(enable_cp), &enable_cp);
3048 case DISCOVERY_RESOLVING:
3049 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3052 mgmt_pending_remove(cmd);
3053 err = cmd_complete(sk, hdev->id,
3054 MGMT_OP_STOP_DISCOVERY, 0,
3056 sizeof(mgmt_cp->type));
3057 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3061 bacpy(&cp.bdaddr, &e->data.bdaddr);
3062 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3068 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3070 mgmt_pending_remove(cmd);
3071 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3072 MGMT_STATUS_FAILED, &mgmt_cp->type,
3073 sizeof(mgmt_cp->type));
3077 err = hci_req_run(&req, stop_discovery_complete);
3079 mgmt_pending_remove(cmd);
3081 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3084 hci_dev_unlock(hdev);
3088 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3091 struct mgmt_cp_confirm_name *cp = data;
3092 struct inquiry_entry *e;
3095 BT_DBG("%s", hdev->name);
3099 if (!hci_discovery_active(hdev)) {
3100 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3101 MGMT_STATUS_FAILED);
3105 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3107 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3108 MGMT_STATUS_INVALID_PARAMS);
3112 if (cp->name_known) {
3113 e->name_state = NAME_KNOWN;
3116 e->name_state = NAME_NEEDED;
3117 hci_inquiry_cache_update_resolve(hdev, e);
3120 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3124 hci_dev_unlock(hdev);
3128 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3131 struct mgmt_cp_block_device *cp = data;
3135 BT_DBG("%s", hdev->name);
3137 if (!bdaddr_type_is_valid(cp->addr.type))
3138 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3139 MGMT_STATUS_INVALID_PARAMS,
3140 &cp->addr, sizeof(cp->addr));
3144 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3146 status = MGMT_STATUS_FAILED;
3148 status = MGMT_STATUS_SUCCESS;
3150 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3151 &cp->addr, sizeof(cp->addr));
3153 hci_dev_unlock(hdev);
3158 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3161 struct mgmt_cp_unblock_device *cp = data;
3165 BT_DBG("%s", hdev->name);
3167 if (!bdaddr_type_is_valid(cp->addr.type))
3168 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3169 MGMT_STATUS_INVALID_PARAMS,
3170 &cp->addr, sizeof(cp->addr));
3174 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3176 status = MGMT_STATUS_INVALID_PARAMS;
3178 status = MGMT_STATUS_SUCCESS;
3180 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3181 &cp->addr, sizeof(cp->addr));
3183 hci_dev_unlock(hdev);
3188 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3191 struct mgmt_cp_set_device_id *cp = data;
3192 struct hci_request req;
3196 BT_DBG("%s", hdev->name);
3198 source = __le16_to_cpu(cp->source);
3200 if (source > 0x0002)
3201 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3202 MGMT_STATUS_INVALID_PARAMS);
3206 hdev->devid_source = source;
3207 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3208 hdev->devid_product = __le16_to_cpu(cp->product);
3209 hdev->devid_version = __le16_to_cpu(cp->version);
3211 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3213 hci_req_init(&req, hdev);
3215 hci_req_run(&req, NULL);
3217 hci_dev_unlock(hdev);
3222 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3224 struct cmd_lookup match = { NULL, hdev };
3227 u8 mgmt_err = mgmt_status(status);
3229 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3230 cmd_status_rsp, &mgmt_err);
3234 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3237 new_settings(hdev, match.sk);
3243 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3245 struct mgmt_mode *cp = data;
3246 struct pending_cmd *cmd;
3247 struct hci_request req;
3248 u8 val, enabled, status;
3251 BT_DBG("request for %s", hdev->name);
3253 status = mgmt_le_support(hdev);
3255 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3258 if (cp->val != 0x00 && cp->val != 0x01)
3259 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3260 MGMT_STATUS_INVALID_PARAMS);
3265 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3267 if (!hdev_is_powered(hdev) || val == enabled) {
3268 bool changed = false;
3270 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3271 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3275 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3280 err = new_settings(hdev, sk);
3285 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3286 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3287 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3292 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3298 hci_req_init(&req, hdev);
3301 enable_advertising(&req);
3303 disable_advertising(&req);
3305 err = hci_req_run(&req, set_advertising_complete);
3307 mgmt_pending_remove(cmd);
3310 hci_dev_unlock(hdev);
3314 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3315 void *data, u16 len)
3317 struct mgmt_cp_set_static_address *cp = data;
3320 BT_DBG("%s", hdev->name);
3322 if (!lmp_le_capable(hdev))
3323 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3324 MGMT_STATUS_NOT_SUPPORTED);
3326 if (hdev_is_powered(hdev))
3327 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3328 MGMT_STATUS_REJECTED);
3330 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3331 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3332 return cmd_status(sk, hdev->id,
3333 MGMT_OP_SET_STATIC_ADDRESS,
3334 MGMT_STATUS_INVALID_PARAMS);
3336 /* Two most significant bits shall be set */
3337 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3338 return cmd_status(sk, hdev->id,
3339 MGMT_OP_SET_STATIC_ADDRESS,
3340 MGMT_STATUS_INVALID_PARAMS);
3345 bacpy(&hdev->static_addr, &cp->bdaddr);
3347 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3349 hci_dev_unlock(hdev);
3354 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3356 struct pending_cmd *cmd;
3358 BT_DBG("status 0x%02x", status);
3362 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3367 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3368 mgmt_status(status));
3370 struct mgmt_mode *cp = cmd->param;
3373 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3375 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3377 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3378 new_settings(hdev, cmd->sk);
3381 mgmt_pending_remove(cmd);
3384 hci_dev_unlock(hdev);
3387 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3388 void *data, u16 len)
3390 struct mgmt_mode *cp = data;
3391 struct pending_cmd *cmd;
3392 struct hci_request req;
3395 BT_DBG("%s", hdev->name);
3397 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3398 hdev->hci_ver < BLUETOOTH_VER_1_2)
3399 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3400 MGMT_STATUS_NOT_SUPPORTED);
3402 if (cp->val != 0x00 && cp->val != 0x01)
3403 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3404 MGMT_STATUS_INVALID_PARAMS);
3406 if (!hdev_is_powered(hdev))
3407 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3408 MGMT_STATUS_NOT_POWERED);
3410 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3411 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3412 MGMT_STATUS_REJECTED);
3416 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3417 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3422 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3423 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3428 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3435 hci_req_init(&req, hdev);
3437 write_fast_connectable(&req, cp->val);
3439 err = hci_req_run(&req, fast_connectable_complete);
3441 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3442 MGMT_STATUS_FAILED);
3443 mgmt_pending_remove(cmd);
3447 hci_dev_unlock(hdev);
3452 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3454 struct pending_cmd *cmd;
3456 BT_DBG("status 0x%02x", status);
3460 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3465 u8 mgmt_err = mgmt_status(status);
3467 /* We need to restore the flag if related HCI commands
3470 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3472 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3474 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3475 new_settings(hdev, cmd->sk);
3478 mgmt_pending_remove(cmd);
3481 hci_dev_unlock(hdev);
3484 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3486 struct mgmt_mode *cp = data;
3487 struct pending_cmd *cmd;
3488 struct hci_request req;
3491 BT_DBG("request for %s", hdev->name);
3493 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3494 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3495 MGMT_STATUS_NOT_SUPPORTED);
3497 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3498 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3499 MGMT_STATUS_REJECTED);
3501 if (cp->val != 0x00 && cp->val != 0x01)
3502 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3503 MGMT_STATUS_INVALID_PARAMS);
3507 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3508 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3512 if (!hdev_is_powered(hdev)) {
3514 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3515 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3516 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3517 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3518 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3519 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3522 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3524 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3528 err = new_settings(hdev, sk);
3532 /* Reject disabling when powered on */
3534 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3535 MGMT_STATUS_REJECTED);
3539 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3540 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3545 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3551 /* We need to flip the bit already here so that hci_update_ad
3552 * generates the correct flags.
3554 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3556 hci_req_init(&req, hdev);
3557 hci_update_ad(&req);
3558 err = hci_req_run(&req, set_bredr_complete);
3560 mgmt_pending_remove(cmd);
3563 hci_dev_unlock(hdev);
3567 static bool ltk_is_valid(struct mgmt_ltk_info *key)
3569 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3571 if (key->master != 0x00 && key->master != 0x01)
3573 if (!bdaddr_type_is_le(key->addr.type))
3578 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
3579 void *cp_data, u16 len)
3581 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3582 u16 key_count, expected_len;
3585 BT_DBG("request for %s", hdev->name);
3587 if (!lmp_le_capable(hdev))
3588 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3589 MGMT_STATUS_NOT_SUPPORTED);
3591 key_count = __le16_to_cpu(cp->key_count);
3593 expected_len = sizeof(*cp) + key_count *
3594 sizeof(struct mgmt_ltk_info);
3595 if (expected_len != len) {
3596 BT_ERR("load_keys: expected %u bytes, got %u bytes",
3598 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3599 MGMT_STATUS_INVALID_PARAMS);
3602 BT_DBG("%s key_count %u", hdev->name, key_count);
3604 for (i = 0; i < key_count; i++) {
3605 struct mgmt_ltk_info *key = &cp->keys[i];
3607 if (!ltk_is_valid(key))
3608 return cmd_status(sk, hdev->id,
3609 MGMT_OP_LOAD_LONG_TERM_KEYS,
3610 MGMT_STATUS_INVALID_PARAMS);
3615 hci_smp_ltks_clear(hdev);
3617 for (i = 0; i < key_count; i++) {
3618 struct mgmt_ltk_info *key = &cp->keys[i];
3624 type = HCI_SMP_LTK_SLAVE;
3626 hci_add_ltk(hdev, &key->addr.bdaddr,
3627 bdaddr_to_le(key->addr.type),
3628 type, 0, key->authenticated, key->val,
3629 key->enc_size, key->ediv, key->rand);
3632 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3635 hci_dev_unlock(hdev);
3640 static const struct mgmt_handler {
3641 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3645 } mgmt_handlers[] = {
3646 { NULL }, /* 0x0000 (no command) */
3647 { read_version, false, MGMT_READ_VERSION_SIZE },
3648 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3649 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3650 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3651 { set_powered, false, MGMT_SETTING_SIZE },
3652 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3653 { set_connectable, false, MGMT_SETTING_SIZE },
3654 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3655 { set_pairable, false, MGMT_SETTING_SIZE },
3656 { set_link_security, false, MGMT_SETTING_SIZE },
3657 { set_ssp, false, MGMT_SETTING_SIZE },
3658 { set_hs, false, MGMT_SETTING_SIZE },
3659 { set_le, false, MGMT_SETTING_SIZE },
3660 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3661 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3662 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3663 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3664 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3665 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3666 { disconnect, false, MGMT_DISCONNECT_SIZE },
3667 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3668 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3669 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3670 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3671 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3672 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3673 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3674 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3675 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3676 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3677 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3678 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3679 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3680 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3681 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3682 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3683 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3684 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3685 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
3686 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
3687 { set_advertising, false, MGMT_SETTING_SIZE },
3688 { set_bredr, false, MGMT_SETTING_SIZE },
3689 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
3693 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3697 struct mgmt_hdr *hdr;
3698 u16 opcode, index, len;
3699 struct hci_dev *hdev = NULL;
3700 const struct mgmt_handler *handler;
3703 BT_DBG("got %zu bytes", msglen);
3705 if (msglen < sizeof(*hdr))
3708 buf = kmalloc(msglen, GFP_KERNEL);
3712 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3718 opcode = __le16_to_cpu(hdr->opcode);
3719 index = __le16_to_cpu(hdr->index);
3720 len = __le16_to_cpu(hdr->len);
3722 if (len != msglen - sizeof(*hdr)) {
3727 if (index != MGMT_INDEX_NONE) {
3728 hdev = hci_dev_get(index);
3730 err = cmd_status(sk, index, opcode,
3731 MGMT_STATUS_INVALID_INDEX);
3735 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3736 err = cmd_status(sk, index, opcode,
3737 MGMT_STATUS_INVALID_INDEX);
3742 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
3743 mgmt_handlers[opcode].func == NULL) {
3744 BT_DBG("Unknown op %u", opcode);
3745 err = cmd_status(sk, index, opcode,
3746 MGMT_STATUS_UNKNOWN_COMMAND);
3750 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
3751 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
3752 err = cmd_status(sk, index, opcode,
3753 MGMT_STATUS_INVALID_INDEX);
3757 handler = &mgmt_handlers[opcode];
3759 if ((handler->var_len && len < handler->data_len) ||
3760 (!handler->var_len && len != handler->data_len)) {
3761 err = cmd_status(sk, index, opcode,
3762 MGMT_STATUS_INVALID_PARAMS);
3767 mgmt_init_hdev(sk, hdev);
3769 cp = buf + sizeof(*hdr);
3771 err = handler->func(sk, hdev, cp, len);
3785 void mgmt_index_added(struct hci_dev *hdev)
3787 if (hdev->dev_type != HCI_BREDR)
3790 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
3793 void mgmt_index_removed(struct hci_dev *hdev)
3795 u8 status = MGMT_STATUS_INVALID_INDEX;
3797 if (hdev->dev_type != HCI_BREDR)
3800 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3802 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
3805 static void set_bredr_scan(struct hci_request *req)
3807 struct hci_dev *hdev = req->hdev;
3810 /* Ensure that fast connectable is disabled. This function will
3811 * not do anything if the page scan parameters are already what
3814 write_fast_connectable(req, false);
3816 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3818 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3819 scan |= SCAN_INQUIRY;
3822 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3825 static void powered_complete(struct hci_dev *hdev, u8 status)
3827 struct cmd_lookup match = { NULL, hdev };
3829 BT_DBG("status 0x%02x", status);
3833 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3835 new_settings(hdev, match.sk);
3837 hci_dev_unlock(hdev);
3843 static int powered_update_hci(struct hci_dev *hdev)
3845 struct hci_request req;
3848 hci_req_init(&req, hdev);
3850 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3851 !lmp_host_ssp_capable(hdev)) {
3854 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
3857 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3858 lmp_bredr_capable(hdev)) {
3859 struct hci_cp_write_le_host_supported cp;
3862 cp.simul = lmp_le_br_capable(hdev);
3864 /* Check first if we already have the right
3865 * host state (host features set)
3867 if (cp.le != lmp_host_le_capable(hdev) ||
3868 cp.simul != lmp_host_le_br_capable(hdev))
3869 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3872 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3873 hci_update_ad(&req);
3876 if (lmp_le_capable(hdev)) {
3877 /* Set random address to static address if configured */
3878 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3879 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3880 &hdev->static_addr);
3882 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
3883 enable_advertising(&req);
3886 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3887 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
3888 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3889 sizeof(link_sec), &link_sec);
3891 if (lmp_bredr_capable(hdev)) {
3892 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3893 set_bredr_scan(&req);
3899 return hci_req_run(&req, powered_complete);
3902 int mgmt_powered(struct hci_dev *hdev, u8 powered)
3904 struct cmd_lookup match = { NULL, hdev };
3905 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3906 u8 zero_cod[] = { 0, 0, 0 };
3909 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3913 if (powered_update_hci(hdev) == 0)
3916 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3921 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3922 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3924 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3925 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3926 zero_cod, sizeof(zero_cod), NULL);
3929 err = new_settings(hdev, match.sk);
3937 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3939 struct pending_cmd *cmd;
3942 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3946 if (err == -ERFKILL)
3947 status = MGMT_STATUS_RFKILLED;
3949 status = MGMT_STATUS_FAILED;
3951 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3953 mgmt_pending_remove(cmd);
3956 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3958 struct cmd_lookup match = { NULL, hdev };
3959 bool changed = false;
3963 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3966 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3970 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3974 err = new_settings(hdev, match.sk);
3982 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3984 struct pending_cmd *cmd;
3985 bool changed = false;
3989 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3992 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3996 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
3999 err = new_settings(hdev, cmd ? cmd->sk : NULL);
4004 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
4006 u8 mgmt_err = mgmt_status(status);
4008 if (scan & SCAN_PAGE)
4009 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
4010 cmd_status_rsp, &mgmt_err);
4012 if (scan & SCAN_INQUIRY)
4013 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
4014 cmd_status_rsp, &mgmt_err);
4019 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4022 struct mgmt_ev_new_link_key ev;
4024 memset(&ev, 0, sizeof(ev));
4026 ev.store_hint = persistent;
4027 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4028 ev.key.addr.type = BDADDR_BREDR;
4029 ev.key.type = key->type;
4030 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
4031 ev.key.pin_len = key->pin_len;
4033 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4036 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4038 struct mgmt_ev_new_long_term_key ev;
4040 memset(&ev, 0, sizeof(ev));
4042 ev.store_hint = persistent;
4043 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4044 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4045 ev.key.authenticated = key->authenticated;
4046 ev.key.enc_size = key->enc_size;
4047 ev.key.ediv = key->ediv;
4049 if (key->type == HCI_SMP_LTK)
4052 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4053 memcpy(ev.key.val, key->val, sizeof(key->val));
4055 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4059 void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4060 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4064 struct mgmt_ev_device_connected *ev = (void *) buf;
4067 bacpy(&ev->addr.bdaddr, bdaddr);
4068 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4070 ev->flags = __cpu_to_le32(flags);
4073 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4076 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4077 eir_len = eir_append_data(ev->eir, eir_len,
4078 EIR_CLASS_OF_DEV, dev_class, 3);
4080 ev->eir_len = cpu_to_le16(eir_len);
4082 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4083 sizeof(*ev) + eir_len, NULL);
4086 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4088 struct mgmt_cp_disconnect *cp = cmd->param;
4089 struct sock **sk = data;
4090 struct mgmt_rp_disconnect rp;
4092 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4093 rp.addr.type = cp->addr.type;
4095 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4101 mgmt_pending_remove(cmd);
4104 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4106 struct hci_dev *hdev = data;
4107 struct mgmt_cp_unpair_device *cp = cmd->param;
4108 struct mgmt_rp_unpair_device rp;
4110 memset(&rp, 0, sizeof(rp));
4111 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4112 rp.addr.type = cp->addr.type;
4114 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4116 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4118 mgmt_pending_remove(cmd);
4121 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4122 u8 link_type, u8 addr_type, u8 reason)
4124 struct mgmt_ev_device_disconnected ev;
4125 struct sock *sk = NULL;
4128 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4130 bacpy(&ev.addr.bdaddr, bdaddr);
4131 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4134 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
4140 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4146 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4147 u8 link_type, u8 addr_type, u8 status)
4149 struct mgmt_rp_disconnect rp;
4150 struct pending_cmd *cmd;
4152 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4155 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4159 bacpy(&rp.addr.bdaddr, bdaddr);
4160 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4162 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4163 mgmt_status(status), &rp, sizeof(rp));
4165 mgmt_pending_remove(cmd);
4168 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4169 u8 addr_type, u8 status)
4171 struct mgmt_ev_connect_failed ev;
4173 bacpy(&ev.addr.bdaddr, bdaddr);
4174 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4175 ev.status = mgmt_status(status);
4177 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4180 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
4182 struct mgmt_ev_pin_code_request ev;
4184 bacpy(&ev.addr.bdaddr, bdaddr);
4185 ev.addr.type = BDADDR_BREDR;
4188 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4192 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4195 struct pending_cmd *cmd;
4196 struct mgmt_rp_pin_code_reply rp;
4199 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
4203 bacpy(&rp.addr.bdaddr, bdaddr);
4204 rp.addr.type = BDADDR_BREDR;
4206 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4207 mgmt_status(status), &rp, sizeof(rp));
4209 mgmt_pending_remove(cmd);
4214 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4217 struct pending_cmd *cmd;
4218 struct mgmt_rp_pin_code_reply rp;
4221 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
4225 bacpy(&rp.addr.bdaddr, bdaddr);
4226 rp.addr.type = BDADDR_BREDR;
4228 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4229 mgmt_status(status), &rp, sizeof(rp));
4231 mgmt_pending_remove(cmd);
4236 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4237 u8 link_type, u8 addr_type, __le32 value,
4240 struct mgmt_ev_user_confirm_request ev;
4242 BT_DBG("%s", hdev->name);
4244 bacpy(&ev.addr.bdaddr, bdaddr);
4245 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4246 ev.confirm_hint = confirm_hint;
4249 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4253 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4254 u8 link_type, u8 addr_type)
4256 struct mgmt_ev_user_passkey_request ev;
4258 BT_DBG("%s", hdev->name);
4260 bacpy(&ev.addr.bdaddr, bdaddr);
4261 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4263 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
4267 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4268 u8 link_type, u8 addr_type, u8 status,
4271 struct pending_cmd *cmd;
4272 struct mgmt_rp_user_confirm_reply rp;
4275 cmd = mgmt_pending_find(opcode, hdev);
4279 bacpy(&rp.addr.bdaddr, bdaddr);
4280 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4281 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
4284 mgmt_pending_remove(cmd);
4289 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4290 u8 link_type, u8 addr_type, u8 status)
4292 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4293 status, MGMT_OP_USER_CONFIRM_REPLY);
4296 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4297 u8 link_type, u8 addr_type, u8 status)
4299 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4301 MGMT_OP_USER_CONFIRM_NEG_REPLY);
4304 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4305 u8 link_type, u8 addr_type, u8 status)
4307 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4308 status, MGMT_OP_USER_PASSKEY_REPLY);
4311 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4312 u8 link_type, u8 addr_type, u8 status)
4314 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4316 MGMT_OP_USER_PASSKEY_NEG_REPLY);
4319 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4320 u8 link_type, u8 addr_type, u32 passkey,
4323 struct mgmt_ev_passkey_notify ev;
4325 BT_DBG("%s", hdev->name);
4327 bacpy(&ev.addr.bdaddr, bdaddr);
4328 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4329 ev.passkey = __cpu_to_le32(passkey);
4330 ev.entered = entered;
4332 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4335 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4336 u8 addr_type, u8 status)
4338 struct mgmt_ev_auth_failed ev;
4340 bacpy(&ev.addr.bdaddr, bdaddr);
4341 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4342 ev.status = mgmt_status(status);
4344 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
4347 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4349 struct cmd_lookup match = { NULL, hdev };
4350 bool changed = false;
4354 u8 mgmt_err = mgmt_status(status);
4355 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
4356 cmd_status_rsp, &mgmt_err);
4360 if (test_bit(HCI_AUTH, &hdev->flags)) {
4361 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4364 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4368 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
4372 err = new_settings(hdev, match.sk);
4380 static void clear_eir(struct hci_request *req)
4382 struct hci_dev *hdev = req->hdev;
4383 struct hci_cp_write_eir cp;
4385 if (!lmp_ext_inq_capable(hdev))
4388 memset(hdev->eir, 0, sizeof(hdev->eir));
4390 memset(&cp, 0, sizeof(cp));
4392 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
4395 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4397 struct cmd_lookup match = { NULL, hdev };
4398 struct hci_request req;
4399 bool changed = false;
4403 u8 mgmt_err = mgmt_status(status);
4405 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
4407 err = new_settings(hdev, NULL);
4409 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4416 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4419 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4423 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4426 err = new_settings(hdev, match.sk);
4431 hci_req_init(&req, hdev);
4433 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4438 hci_req_run(&req, NULL);
4443 static void sk_lookup(struct pending_cmd *cmd, void *data)
4445 struct cmd_lookup *match = data;
4447 if (match->sk == NULL) {
4448 match->sk = cmd->sk;
4449 sock_hold(match->sk);
4453 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4456 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4459 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4460 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4461 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
4464 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4473 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
4475 struct mgmt_cp_set_local_name ev;
4476 struct pending_cmd *cmd;
4481 memset(&ev, 0, sizeof(ev));
4482 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
4483 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
4485 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
4487 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
4489 /* If this is a HCI command related to powering on the
4490 * HCI dev don't send any mgmt signals.
4492 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4496 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4497 cmd ? cmd->sk : NULL);
4500 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4501 u8 *randomizer, u8 status)
4503 struct pending_cmd *cmd;
4506 BT_DBG("%s status %u", hdev->name, status);
4508 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4513 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4514 mgmt_status(status));
4516 struct mgmt_rp_read_local_oob_data rp;
4518 memcpy(rp.hash, hash, sizeof(rp.hash));
4519 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4521 err = cmd_complete(cmd->sk, hdev->id,
4522 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4526 mgmt_pending_remove(cmd);
4531 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4532 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4533 ssp, u8 *eir, u16 eir_len)
4536 struct mgmt_ev_device_found *ev = (void *) buf;
4539 if (!hci_discovery_active(hdev))
4542 /* Leave 5 bytes for a potential CoD field */
4543 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
4546 memset(buf, 0, sizeof(buf));
4548 bacpy(&ev->addr.bdaddr, bdaddr);
4549 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4552 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
4554 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
4557 memcpy(ev->eir, eir, eir_len);
4559 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4560 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
4563 ev->eir_len = cpu_to_le16(eir_len);
4564 ev_size = sizeof(*ev) + eir_len;
4566 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
4569 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4570 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
4572 struct mgmt_ev_device_found *ev;
4573 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4576 ev = (struct mgmt_ev_device_found *) buf;
4578 memset(buf, 0, sizeof(buf));
4580 bacpy(&ev->addr.bdaddr, bdaddr);
4581 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4584 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
4587 ev->eir_len = cpu_to_le16(eir_len);
4589 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
4590 sizeof(*ev) + eir_len, NULL);
4593 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
4595 struct mgmt_ev_discovering ev;
4596 struct pending_cmd *cmd;
4598 BT_DBG("%s discovering %u", hdev->name, discovering);
4601 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
4603 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4606 u8 type = hdev->discovery.type;
4608 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4610 mgmt_pending_remove(cmd);
4613 memset(&ev, 0, sizeof(ev));
4614 ev.type = hdev->discovery.type;
4615 ev.discovering = discovering;
4617 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
4620 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4622 struct pending_cmd *cmd;
4623 struct mgmt_ev_device_blocked ev;
4625 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
4627 bacpy(&ev.addr.bdaddr, bdaddr);
4628 ev.addr.type = type;
4630 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
4631 cmd ? cmd->sk : NULL);
4634 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4636 struct pending_cmd *cmd;
4637 struct mgmt_ev_device_unblocked ev;
4639 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
4641 bacpy(&ev.addr.bdaddr, bdaddr);
4642 ev.addr.type = type;
4644 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
4645 cmd ? cmd->sk : NULL);
4648 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4650 BT_DBG("%s status %u", hdev->name, status);
4652 /* Clear the advertising mgmt setting if we failed to re-enable it */
4654 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4655 new_settings(hdev, NULL);
4659 void mgmt_reenable_advertising(struct hci_dev *hdev)
4661 struct hci_request req;
4663 if (hdev->conn_hash.le_num)
4666 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4669 hci_req_init(&req, hdev);
4670 enable_advertising(&req);
4672 /* If this fails we have no option but to let user space know
4673 * that we've disabled advertising.
4675 if (hci_req_run(&req, adv_enable_complete) < 0) {
4676 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4677 new_settings(hdev, NULL);
projects / karo-tx-linux.git / blob