2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
35 #define MGMT_VERSION 1
36 #define MGMT_REVISION 4
38 static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_LINK_SECURITY,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_UNBLOCK_DEVICE,
76 MGMT_OP_SET_DEVICE_ID,
77 MGMT_OP_SET_ADVERTISING,
79 MGMT_OP_SET_STATIC_ADDRESS,
82 static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
103 MGMT_EV_PASSKEY_NOTIFY,
106 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
108 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112 struct list_head list;
120 /* HCI to MGMT error code conversion table */
121 static u8 mgmt_status_table[] = {
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185 static u8 mgmt_status(u8 hci_status)
187 if (hci_status < ARRAY_SIZE(mgmt_status_table))
188 return mgmt_status_table[hci_status];
190 return MGMT_STATUS_FAILED;
193 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
196 struct mgmt_hdr *hdr;
197 struct mgmt_ev_cmd_status *ev;
200 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
202 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
206 hdr = (void *) skb_put(skb, sizeof(*hdr));
208 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
209 hdr->index = cpu_to_le16(index);
210 hdr->len = cpu_to_le16(sizeof(*ev));
212 ev = (void *) skb_put(skb, sizeof(*ev));
214 ev->opcode = cpu_to_le16(cmd);
216 err = sock_queue_rcv_skb(sk, skb);
223 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
224 void *rp, size_t rp_len)
227 struct mgmt_hdr *hdr;
228 struct mgmt_ev_cmd_complete *ev;
231 BT_DBG("sock %p", sk);
233 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
237 hdr = (void *) skb_put(skb, sizeof(*hdr));
239 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
240 hdr->index = cpu_to_le16(index);
241 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
243 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
244 ev->opcode = cpu_to_le16(cmd);
248 memcpy(ev->data, rp, rp_len);
250 err = sock_queue_rcv_skb(sk, skb);
257 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
260 struct mgmt_rp_read_version rp;
262 BT_DBG("sock %p", sk);
264 rp.version = MGMT_VERSION;
265 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
267 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
271 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
274 struct mgmt_rp_read_commands *rp;
275 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
276 const u16 num_events = ARRAY_SIZE(mgmt_events);
281 BT_DBG("sock %p", sk);
283 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
285 rp = kmalloc(rp_size, GFP_KERNEL);
289 rp->num_commands = __constant_cpu_to_le16(num_commands);
290 rp->num_events = __constant_cpu_to_le16(num_events);
292 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
293 put_unaligned_le16(mgmt_commands[i], opcode);
295 for (i = 0; i < num_events; i++, opcode++)
296 put_unaligned_le16(mgmt_events[i], opcode);
298 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
305 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
308 struct mgmt_rp_read_index_list *rp;
314 BT_DBG("sock %p", sk);
316 read_lock(&hci_dev_list_lock);
319 list_for_each_entry(d, &hci_dev_list, list) {
320 if (d->dev_type == HCI_BREDR)
324 rp_len = sizeof(*rp) + (2 * count);
325 rp = kmalloc(rp_len, GFP_ATOMIC);
327 read_unlock(&hci_dev_list_lock);
332 list_for_each_entry(d, &hci_dev_list, list) {
333 if (test_bit(HCI_SETUP, &d->dev_flags))
336 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
339 if (d->dev_type == HCI_BREDR) {
340 rp->index[count++] = cpu_to_le16(d->id);
341 BT_DBG("Added hci%u", d->id);
345 rp->num_controllers = cpu_to_le16(count);
346 rp_len = sizeof(*rp) + (2 * count);
348 read_unlock(&hci_dev_list_lock);
350 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
358 static u32 get_supported_settings(struct hci_dev *hdev)
362 settings |= MGMT_SETTING_POWERED;
363 settings |= MGMT_SETTING_PAIRABLE;
365 if (lmp_ssp_capable(hdev))
366 settings |= MGMT_SETTING_SSP;
368 if (lmp_bredr_capable(hdev)) {
369 settings |= MGMT_SETTING_CONNECTABLE;
370 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
371 settings |= MGMT_SETTING_FAST_CONNECTABLE;
372 settings |= MGMT_SETTING_DISCOVERABLE;
373 settings |= MGMT_SETTING_BREDR;
374 settings |= MGMT_SETTING_LINK_SECURITY;
375 settings |= MGMT_SETTING_HS;
378 if (lmp_le_capable(hdev)) {
379 settings |= MGMT_SETTING_LE;
380 settings |= MGMT_SETTING_ADVERTISING;
386 static u32 get_current_settings(struct hci_dev *hdev)
390 if (hdev_is_powered(hdev))
391 settings |= MGMT_SETTING_POWERED;
393 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
394 settings |= MGMT_SETTING_CONNECTABLE;
396 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
397 settings |= MGMT_SETTING_FAST_CONNECTABLE;
399 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_DISCOVERABLE;
402 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
403 settings |= MGMT_SETTING_PAIRABLE;
405 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
406 settings |= MGMT_SETTING_BREDR;
408 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
409 settings |= MGMT_SETTING_LE;
411 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
412 settings |= MGMT_SETTING_LINK_SECURITY;
414 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
415 settings |= MGMT_SETTING_SSP;
417 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
418 settings |= MGMT_SETTING_HS;
420 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
421 settings |= MGMT_SETTING_ADVERTISING;
426 #define PNP_INFO_SVCLASS_ID 0x1200
428 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
430 u8 *ptr = data, *uuids_start = NULL;
431 struct bt_uuid *uuid;
436 list_for_each_entry(uuid, &hdev->uuids, list) {
439 if (uuid->size != 16)
442 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
446 if (uuid16 == PNP_INFO_SVCLASS_ID)
452 uuids_start[1] = EIR_UUID16_ALL;
456 /* Stop if not enough space to put next UUID */
457 if ((ptr - data) + sizeof(u16) > len) {
458 uuids_start[1] = EIR_UUID16_SOME;
462 *ptr++ = (uuid16 & 0x00ff);
463 *ptr++ = (uuid16 & 0xff00) >> 8;
464 uuids_start[0] += sizeof(uuid16);
470 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
472 u8 *ptr = data, *uuids_start = NULL;
473 struct bt_uuid *uuid;
478 list_for_each_entry(uuid, &hdev->uuids, list) {
479 if (uuid->size != 32)
485 uuids_start[1] = EIR_UUID32_ALL;
489 /* Stop if not enough space to put next UUID */
490 if ((ptr - data) + sizeof(u32) > len) {
491 uuids_start[1] = EIR_UUID32_SOME;
495 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
497 uuids_start[0] += sizeof(u32);
503 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
505 u8 *ptr = data, *uuids_start = NULL;
506 struct bt_uuid *uuid;
511 list_for_each_entry(uuid, &hdev->uuids, list) {
512 if (uuid->size != 128)
518 uuids_start[1] = EIR_UUID128_ALL;
522 /* Stop if not enough space to put next UUID */
523 if ((ptr - data) + 16 > len) {
524 uuids_start[1] = EIR_UUID128_SOME;
528 memcpy(ptr, uuid->uuid, 16);
530 uuids_start[0] += 16;
536 static void create_eir(struct hci_dev *hdev, u8 *data)
541 name_len = strlen(hdev->dev_name);
547 ptr[1] = EIR_NAME_SHORT;
549 ptr[1] = EIR_NAME_COMPLETE;
551 /* EIR Data length */
552 ptr[0] = name_len + 1;
554 memcpy(ptr + 2, hdev->dev_name, name_len);
556 ptr += (name_len + 2);
559 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
561 ptr[1] = EIR_TX_POWER;
562 ptr[2] = (u8) hdev->inq_tx_power;
567 if (hdev->devid_source > 0) {
569 ptr[1] = EIR_DEVICE_ID;
571 put_unaligned_le16(hdev->devid_source, ptr + 2);
572 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
573 put_unaligned_le16(hdev->devid_product, ptr + 6);
574 put_unaligned_le16(hdev->devid_version, ptr + 8);
579 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
580 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
581 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
584 static void update_eir(struct hci_request *req)
586 struct hci_dev *hdev = req->hdev;
587 struct hci_cp_write_eir cp;
589 if (!hdev_is_powered(hdev))
592 if (!lmp_ext_inq_capable(hdev))
595 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
598 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
601 memset(&cp, 0, sizeof(cp));
603 create_eir(hdev, cp.data);
605 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
608 memcpy(hdev->eir, cp.data, sizeof(cp.data));
610 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
613 static u8 get_service_classes(struct hci_dev *hdev)
615 struct bt_uuid *uuid;
618 list_for_each_entry(uuid, &hdev->uuids, list)
619 val |= uuid->svc_hint;
624 static void update_class(struct hci_request *req)
626 struct hci_dev *hdev = req->hdev;
629 BT_DBG("%s", hdev->name);
631 if (!hdev_is_powered(hdev))
634 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
637 cod[0] = hdev->minor_class;
638 cod[1] = hdev->major_class;
639 cod[2] = get_service_classes(hdev);
641 if (memcmp(cod, hdev->dev_class, 3) == 0)
644 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
647 static void service_cache_off(struct work_struct *work)
649 struct hci_dev *hdev = container_of(work, struct hci_dev,
651 struct hci_request req;
653 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
656 hci_req_init(&req, hdev);
663 hci_dev_unlock(hdev);
665 hci_req_run(&req, NULL);
668 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
670 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
673 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
675 /* Non-mgmt controlled devices get this bit set
676 * implicitly so that pairing works for them, however
677 * for mgmt we require user-space to explicitly enable
680 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
683 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
684 void *data, u16 data_len)
686 struct mgmt_rp_read_info rp;
688 BT_DBG("sock %p %s", sk, hdev->name);
692 memset(&rp, 0, sizeof(rp));
694 bacpy(&rp.bdaddr, &hdev->bdaddr);
696 rp.version = hdev->hci_ver;
697 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
699 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
700 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
702 memcpy(rp.dev_class, hdev->dev_class, 3);
704 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
705 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
707 hci_dev_unlock(hdev);
709 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
713 static void mgmt_pending_free(struct pending_cmd *cmd)
720 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
721 struct hci_dev *hdev, void *data,
724 struct pending_cmd *cmd;
726 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
730 cmd->opcode = opcode;
731 cmd->index = hdev->id;
733 cmd->param = kmalloc(len, GFP_KERNEL);
740 memcpy(cmd->param, data, len);
745 list_add(&cmd->list, &hdev->mgmt_pending);
750 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
751 void (*cb)(struct pending_cmd *cmd,
755 struct pending_cmd *cmd, *tmp;
757 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
758 if (opcode > 0 && cmd->opcode != opcode)
765 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
767 struct pending_cmd *cmd;
769 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
770 if (cmd->opcode == opcode)
777 static void mgmt_pending_remove(struct pending_cmd *cmd)
779 list_del(&cmd->list);
780 mgmt_pending_free(cmd);
783 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
785 __le32 settings = cpu_to_le32(get_current_settings(hdev));
787 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
791 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
794 struct mgmt_mode *cp = data;
795 struct pending_cmd *cmd;
798 BT_DBG("request for %s", hdev->name);
800 if (cp->val != 0x00 && cp->val != 0x01)
801 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
802 MGMT_STATUS_INVALID_PARAMS);
806 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
807 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
812 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
813 cancel_delayed_work(&hdev->power_off);
816 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
818 err = mgmt_powered(hdev, 1);
823 if (!!cp->val == hdev_is_powered(hdev)) {
824 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
828 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
835 queue_work(hdev->req_workqueue, &hdev->power_on);
837 queue_work(hdev->req_workqueue, &hdev->power_off.work);
842 hci_dev_unlock(hdev);
846 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
847 struct sock *skip_sk)
850 struct mgmt_hdr *hdr;
852 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
856 hdr = (void *) skb_put(skb, sizeof(*hdr));
857 hdr->opcode = cpu_to_le16(event);
859 hdr->index = cpu_to_le16(hdev->id);
861 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
862 hdr->len = cpu_to_le16(data_len);
865 memcpy(skb_put(skb, data_len), data, data_len);
868 __net_timestamp(skb);
870 hci_send_to_control(skb, skip_sk);
876 static int new_settings(struct hci_dev *hdev, struct sock *skip)
880 ev = cpu_to_le32(get_current_settings(hdev));
882 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
887 struct hci_dev *hdev;
891 static void settings_rsp(struct pending_cmd *cmd, void *data)
893 struct cmd_lookup *match = data;
895 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
897 list_del(&cmd->list);
899 if (match->sk == NULL) {
901 sock_hold(match->sk);
904 mgmt_pending_free(cmd);
907 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
911 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
912 mgmt_pending_remove(cmd);
915 static u8 mgmt_bredr_support(struct hci_dev *hdev)
917 if (!lmp_bredr_capable(hdev))
918 return MGMT_STATUS_NOT_SUPPORTED;
919 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
920 return MGMT_STATUS_REJECTED;
922 return MGMT_STATUS_SUCCESS;
925 static u8 mgmt_le_support(struct hci_dev *hdev)
927 if (!lmp_le_capable(hdev))
928 return MGMT_STATUS_NOT_SUPPORTED;
929 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
930 return MGMT_STATUS_REJECTED;
932 return MGMT_STATUS_SUCCESS;
935 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
938 struct mgmt_cp_set_discoverable *cp = data;
939 struct pending_cmd *cmd;
944 BT_DBG("request for %s", hdev->name);
946 status = mgmt_bredr_support(hdev);
948 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
951 if (cp->val != 0x00 && cp->val != 0x01)
952 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
953 MGMT_STATUS_INVALID_PARAMS);
955 timeout = __le16_to_cpu(cp->timeout);
956 if (!cp->val && timeout > 0)
957 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
958 MGMT_STATUS_INVALID_PARAMS);
962 if (!hdev_is_powered(hdev) && timeout > 0) {
963 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
964 MGMT_STATUS_NOT_POWERED);
968 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
969 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
970 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
975 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
976 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
977 MGMT_STATUS_REJECTED);
981 if (!hdev_is_powered(hdev)) {
982 bool changed = false;
984 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
985 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
989 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
994 err = new_settings(hdev, sk);
999 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1000 if (hdev->discov_timeout > 0) {
1001 cancel_delayed_work(&hdev->discov_off);
1002 hdev->discov_timeout = 0;
1005 if (cp->val && timeout > 0) {
1006 hdev->discov_timeout = timeout;
1007 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1008 msecs_to_jiffies(hdev->discov_timeout * 1000));
1011 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1015 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1024 scan |= SCAN_INQUIRY;
1026 cancel_delayed_work(&hdev->discov_off);
1028 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1030 mgmt_pending_remove(cmd);
1033 hdev->discov_timeout = timeout;
1036 hci_dev_unlock(hdev);
1040 static void write_fast_connectable(struct hci_request *req, bool enable)
1042 struct hci_dev *hdev = req->hdev;
1043 struct hci_cp_write_page_scan_activity acp;
1046 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1050 type = PAGE_SCAN_TYPE_INTERLACED;
1052 /* 160 msec page scan interval */
1053 acp.interval = __constant_cpu_to_le16(0x0100);
1055 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1057 /* default 1.28 sec page scan */
1058 acp.interval = __constant_cpu_to_le16(0x0800);
1061 acp.window = __constant_cpu_to_le16(0x0012);
1063 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1064 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1065 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1068 if (hdev->page_scan_type != type)
1069 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1072 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1074 struct pending_cmd *cmd;
1076 BT_DBG("status 0x%02x", status);
1080 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1084 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1086 mgmt_pending_remove(cmd);
1089 hci_dev_unlock(hdev);
1092 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1095 struct mgmt_mode *cp = data;
1096 struct pending_cmd *cmd;
1097 struct hci_request req;
1101 BT_DBG("request for %s", hdev->name);
1103 status = mgmt_bredr_support(hdev);
1105 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1108 if (cp->val != 0x00 && cp->val != 0x01)
1109 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1110 MGMT_STATUS_INVALID_PARAMS);
1114 if (!hdev_is_powered(hdev)) {
1115 bool changed = false;
1117 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1121 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1123 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1124 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1127 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1132 err = new_settings(hdev, sk);
1137 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1138 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1139 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1144 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1145 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1149 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1160 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1161 hdev->discov_timeout > 0)
1162 cancel_delayed_work(&hdev->discov_off);
1165 hci_req_init(&req, hdev);
1167 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1169 /* If we're going from non-connectable to connectable or
1170 * vice-versa when fast connectable is enabled ensure that fast
1171 * connectable gets disabled. write_fast_connectable won't do
1172 * anything if the page scan parameters are already what they
1175 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1176 write_fast_connectable(&req, false);
1178 err = hci_req_run(&req, set_connectable_complete);
1180 mgmt_pending_remove(cmd);
1183 hci_dev_unlock(hdev);
1187 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1190 struct mgmt_mode *cp = data;
1194 BT_DBG("request for %s", hdev->name);
1196 if (cp->val != 0x00 && cp->val != 0x01)
1197 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1198 MGMT_STATUS_INVALID_PARAMS);
1203 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1205 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1207 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1212 err = new_settings(hdev, sk);
1215 hci_dev_unlock(hdev);
1219 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1222 struct mgmt_mode *cp = data;
1223 struct pending_cmd *cmd;
1227 BT_DBG("request for %s", hdev->name);
1229 status = mgmt_bredr_support(hdev);
1231 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1234 if (cp->val != 0x00 && cp->val != 0x01)
1235 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1236 MGMT_STATUS_INVALID_PARAMS);
1240 if (!hdev_is_powered(hdev)) {
1241 bool changed = false;
1243 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1244 &hdev->dev_flags)) {
1245 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1249 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1254 err = new_settings(hdev, sk);
1259 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1260 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1267 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1268 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1272 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1278 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1280 mgmt_pending_remove(cmd);
1285 hci_dev_unlock(hdev);
1289 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1291 struct mgmt_mode *cp = data;
1292 struct pending_cmd *cmd;
1296 BT_DBG("request for %s", hdev->name);
1298 status = mgmt_bredr_support(hdev);
1300 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1302 if (!lmp_ssp_capable(hdev))
1303 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1304 MGMT_STATUS_NOT_SUPPORTED);
1306 if (cp->val != 0x00 && cp->val != 0x01)
1307 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1308 MGMT_STATUS_INVALID_PARAMS);
1314 if (!hdev_is_powered(hdev)) {
1315 bool changed = false;
1317 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1318 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1322 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1327 err = new_settings(hdev, sk);
1332 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1333 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1338 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1339 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1343 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1349 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1351 mgmt_pending_remove(cmd);
1356 hci_dev_unlock(hdev);
1360 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1362 struct mgmt_mode *cp = data;
1367 BT_DBG("request for %s", hdev->name);
1369 status = mgmt_bredr_support(hdev);
1371 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1373 if (cp->val != 0x00 && cp->val != 0x01)
1374 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1375 MGMT_STATUS_INVALID_PARAMS);
1380 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1382 if (hdev_is_powered(hdev)) {
1383 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1384 MGMT_STATUS_REJECTED);
1388 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1391 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1396 err = new_settings(hdev, sk);
1399 hci_dev_unlock(hdev);
1403 static void enable_advertising(struct hci_request *req)
1405 struct hci_dev *hdev = req->hdev;
1406 struct hci_cp_le_set_adv_param cp;
1409 memset(&cp, 0, sizeof(cp));
1410 cp.min_interval = __constant_cpu_to_le16(0x0800);
1411 cp.max_interval = __constant_cpu_to_le16(0x0800);
1412 cp.type = LE_ADV_IND;
1413 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1414 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1416 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1417 cp.channel_map = 0x07;
1419 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1421 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1424 static void disable_advertising(struct hci_request *req)
1428 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1431 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1433 struct cmd_lookup match = { NULL, hdev };
1436 u8 mgmt_err = mgmt_status(status);
1438 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1443 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1445 new_settings(hdev, match.sk);
1451 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1453 struct mgmt_mode *cp = data;
1454 struct hci_cp_write_le_host_supported hci_cp;
1455 struct pending_cmd *cmd;
1456 struct hci_request req;
1460 BT_DBG("request for %s", hdev->name);
1462 if (!lmp_le_capable(hdev))
1463 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1464 MGMT_STATUS_NOT_SUPPORTED);
1466 if (cp->val != 0x00 && cp->val != 0x01)
1467 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1468 MGMT_STATUS_INVALID_PARAMS);
1470 /* LE-only devices do not allow toggling LE on/off */
1471 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1472 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1473 MGMT_STATUS_REJECTED);
1478 enabled = lmp_host_le_capable(hdev);
1480 if (!hdev_is_powered(hdev) || val == enabled) {
1481 bool changed = false;
1483 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1484 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1488 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1489 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1493 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1498 err = new_settings(hdev, sk);
1503 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1504 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1505 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1510 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1516 memset(&hci_cp, 0, sizeof(hci_cp));
1520 hci_cp.simul = lmp_le_br_capable(hdev);
1523 hci_req_init(&req, hdev);
1525 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && !val)
1526 disable_advertising(&req);
1528 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1531 err = hci_req_run(&req, le_enable_complete);
1533 mgmt_pending_remove(cmd);
1536 hci_dev_unlock(hdev);
1540 /* This is a helper function to test for pending mgmt commands that can
1541 * cause CoD or EIR HCI commands. We can only allow one such pending
1542 * mgmt command at a time since otherwise we cannot easily track what
1543 * the current values are, will be, and based on that calculate if a new
1544 * HCI command needs to be sent and if yes with what value.
1546 static bool pending_eir_or_class(struct hci_dev *hdev)
1548 struct pending_cmd *cmd;
1550 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1551 switch (cmd->opcode) {
1552 case MGMT_OP_ADD_UUID:
1553 case MGMT_OP_REMOVE_UUID:
1554 case MGMT_OP_SET_DEV_CLASS:
1555 case MGMT_OP_SET_POWERED:
1563 static const u8 bluetooth_base_uuid[] = {
1564 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1565 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1568 static u8 get_uuid_size(const u8 *uuid)
1572 if (memcmp(uuid, bluetooth_base_uuid, 12))
1575 val = get_unaligned_le32(&uuid[12]);
1582 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1584 struct pending_cmd *cmd;
1588 cmd = mgmt_pending_find(mgmt_op, hdev);
1592 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1593 hdev->dev_class, 3);
1595 mgmt_pending_remove(cmd);
1598 hci_dev_unlock(hdev);
1601 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1603 BT_DBG("status 0x%02x", status);
1605 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1608 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1610 struct mgmt_cp_add_uuid *cp = data;
1611 struct pending_cmd *cmd;
1612 struct hci_request req;
1613 struct bt_uuid *uuid;
1616 BT_DBG("request for %s", hdev->name);
1620 if (pending_eir_or_class(hdev)) {
1621 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1626 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1632 memcpy(uuid->uuid, cp->uuid, 16);
1633 uuid->svc_hint = cp->svc_hint;
1634 uuid->size = get_uuid_size(cp->uuid);
1636 list_add_tail(&uuid->list, &hdev->uuids);
1638 hci_req_init(&req, hdev);
1643 err = hci_req_run(&req, add_uuid_complete);
1645 if (err != -ENODATA)
1648 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1649 hdev->dev_class, 3);
1653 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1662 hci_dev_unlock(hdev);
1666 static bool enable_service_cache(struct hci_dev *hdev)
1668 if (!hdev_is_powered(hdev))
1671 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1672 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1680 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1682 BT_DBG("status 0x%02x", status);
1684 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1687 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1690 struct mgmt_cp_remove_uuid *cp = data;
1691 struct pending_cmd *cmd;
1692 struct bt_uuid *match, *tmp;
1693 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1694 struct hci_request req;
1697 BT_DBG("request for %s", hdev->name);
1701 if (pending_eir_or_class(hdev)) {
1702 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1707 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1708 err = hci_uuids_clear(hdev);
1710 if (enable_service_cache(hdev)) {
1711 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1712 0, hdev->dev_class, 3);
1721 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1722 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1725 list_del(&match->list);
1731 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1732 MGMT_STATUS_INVALID_PARAMS);
1737 hci_req_init(&req, hdev);
1742 err = hci_req_run(&req, remove_uuid_complete);
1744 if (err != -ENODATA)
1747 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1748 hdev->dev_class, 3);
1752 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1761 hci_dev_unlock(hdev);
1765 static void set_class_complete(struct hci_dev *hdev, u8 status)
1767 BT_DBG("status 0x%02x", status);
1769 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1772 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1775 struct mgmt_cp_set_dev_class *cp = data;
1776 struct pending_cmd *cmd;
1777 struct hci_request req;
1780 BT_DBG("request for %s", hdev->name);
1782 if (!lmp_bredr_capable(hdev))
1783 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1784 MGMT_STATUS_NOT_SUPPORTED);
1788 if (pending_eir_or_class(hdev)) {
1789 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1794 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1795 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1796 MGMT_STATUS_INVALID_PARAMS);
1800 hdev->major_class = cp->major;
1801 hdev->minor_class = cp->minor;
1803 if (!hdev_is_powered(hdev)) {
1804 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1805 hdev->dev_class, 3);
1809 hci_req_init(&req, hdev);
1811 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1812 hci_dev_unlock(hdev);
1813 cancel_delayed_work_sync(&hdev->service_cache);
1820 err = hci_req_run(&req, set_class_complete);
1822 if (err != -ENODATA)
1825 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1826 hdev->dev_class, 3);
1830 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1839 hci_dev_unlock(hdev);
1843 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1846 struct mgmt_cp_load_link_keys *cp = data;
1847 u16 key_count, expected_len;
1850 BT_DBG("request for %s", hdev->name);
1852 if (!lmp_bredr_capable(hdev))
1853 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1854 MGMT_STATUS_NOT_SUPPORTED);
1856 key_count = __le16_to_cpu(cp->key_count);
1858 expected_len = sizeof(*cp) + key_count *
1859 sizeof(struct mgmt_link_key_info);
1860 if (expected_len != len) {
1861 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1863 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1864 MGMT_STATUS_INVALID_PARAMS);
1867 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1868 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1869 MGMT_STATUS_INVALID_PARAMS);
1871 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1874 for (i = 0; i < key_count; i++) {
1875 struct mgmt_link_key_info *key = &cp->keys[i];
1877 if (key->addr.type != BDADDR_BREDR)
1878 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1879 MGMT_STATUS_INVALID_PARAMS);
1884 hci_link_keys_clear(hdev);
1887 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1889 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1891 for (i = 0; i < key_count; i++) {
1892 struct mgmt_link_key_info *key = &cp->keys[i];
1894 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1895 key->type, key->pin_len);
1898 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1900 hci_dev_unlock(hdev);
1905 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1906 u8 addr_type, struct sock *skip_sk)
1908 struct mgmt_ev_device_unpaired ev;
1910 bacpy(&ev.addr.bdaddr, bdaddr);
1911 ev.addr.type = addr_type;
1913 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1917 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1920 struct mgmt_cp_unpair_device *cp = data;
1921 struct mgmt_rp_unpair_device rp;
1922 struct hci_cp_disconnect dc;
1923 struct pending_cmd *cmd;
1924 struct hci_conn *conn;
1927 memset(&rp, 0, sizeof(rp));
1928 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1929 rp.addr.type = cp->addr.type;
1931 if (!bdaddr_type_is_valid(cp->addr.type))
1932 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1933 MGMT_STATUS_INVALID_PARAMS,
1936 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1937 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1938 MGMT_STATUS_INVALID_PARAMS,
1943 if (!hdev_is_powered(hdev)) {
1944 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1945 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1949 if (cp->addr.type == BDADDR_BREDR)
1950 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1952 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1955 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1956 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1960 if (cp->disconnect) {
1961 if (cp->addr.type == BDADDR_BREDR)
1962 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1965 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1972 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1974 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1978 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1985 dc.handle = cpu_to_le16(conn->handle);
1986 dc.reason = 0x13; /* Remote User Terminated Connection */
1987 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1989 mgmt_pending_remove(cmd);
1992 hci_dev_unlock(hdev);
1996 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1999 struct mgmt_cp_disconnect *cp = data;
2000 struct mgmt_rp_disconnect rp;
2001 struct hci_cp_disconnect dc;
2002 struct pending_cmd *cmd;
2003 struct hci_conn *conn;
2008 memset(&rp, 0, sizeof(rp));
2009 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2010 rp.addr.type = cp->addr.type;
2012 if (!bdaddr_type_is_valid(cp->addr.type))
2013 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2014 MGMT_STATUS_INVALID_PARAMS,
2019 if (!test_bit(HCI_UP, &hdev->flags)) {
2020 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2021 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2025 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2026 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2027 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2031 if (cp->addr.type == BDADDR_BREDR)
2032 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2035 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2037 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2038 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2039 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2043 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2049 dc.handle = cpu_to_le16(conn->handle);
2050 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2052 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2054 mgmt_pending_remove(cmd);
2057 hci_dev_unlock(hdev);
2061 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2063 switch (link_type) {
2065 switch (addr_type) {
2066 case ADDR_LE_DEV_PUBLIC:
2067 return BDADDR_LE_PUBLIC;
2070 /* Fallback to LE Random address type */
2071 return BDADDR_LE_RANDOM;
2075 /* Fallback to BR/EDR type */
2076 return BDADDR_BREDR;
2080 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2083 struct mgmt_rp_get_connections *rp;
2093 if (!hdev_is_powered(hdev)) {
2094 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2095 MGMT_STATUS_NOT_POWERED);
2100 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2101 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2105 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2106 rp = kmalloc(rp_len, GFP_KERNEL);
2113 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2114 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2116 bacpy(&rp->addr[i].bdaddr, &c->dst);
2117 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2118 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2123 rp->conn_count = cpu_to_le16(i);
2125 /* Recalculate length in case of filtered SCO connections, etc */
2126 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2128 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2134 hci_dev_unlock(hdev);
2138 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2139 struct mgmt_cp_pin_code_neg_reply *cp)
2141 struct pending_cmd *cmd;
2144 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2149 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2150 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2152 mgmt_pending_remove(cmd);
2157 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2160 struct hci_conn *conn;
2161 struct mgmt_cp_pin_code_reply *cp = data;
2162 struct hci_cp_pin_code_reply reply;
2163 struct pending_cmd *cmd;
2170 if (!hdev_is_powered(hdev)) {
2171 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2172 MGMT_STATUS_NOT_POWERED);
2176 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2178 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2179 MGMT_STATUS_NOT_CONNECTED);
2183 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2184 struct mgmt_cp_pin_code_neg_reply ncp;
2186 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2188 BT_ERR("PIN code is not 16 bytes long");
2190 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2192 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2193 MGMT_STATUS_INVALID_PARAMS);
2198 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2204 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2205 reply.pin_len = cp->pin_len;
2206 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2208 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2210 mgmt_pending_remove(cmd);
2213 hci_dev_unlock(hdev);
2217 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2220 struct mgmt_cp_set_io_capability *cp = data;
2226 hdev->io_capability = cp->io_capability;
2228 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2229 hdev->io_capability);
2231 hci_dev_unlock(hdev);
2233 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2237 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2239 struct hci_dev *hdev = conn->hdev;
2240 struct pending_cmd *cmd;
2242 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2243 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2246 if (cmd->user_data != conn)
2255 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2257 struct mgmt_rp_pair_device rp;
2258 struct hci_conn *conn = cmd->user_data;
2260 bacpy(&rp.addr.bdaddr, &conn->dst);
2261 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2263 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2266 /* So we don't get further callbacks for this connection */
2267 conn->connect_cfm_cb = NULL;
2268 conn->security_cfm_cb = NULL;
2269 conn->disconn_cfm_cb = NULL;
2271 hci_conn_drop(conn);
2273 mgmt_pending_remove(cmd);
2276 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2278 struct pending_cmd *cmd;
2280 BT_DBG("status %u", status);
2282 cmd = find_pairing(conn);
2284 BT_DBG("Unable to find a pending command");
2286 pairing_complete(cmd, mgmt_status(status));
2289 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2291 struct pending_cmd *cmd;
2293 BT_DBG("status %u", status);
2298 cmd = find_pairing(conn);
2300 BT_DBG("Unable to find a pending command");
2302 pairing_complete(cmd, mgmt_status(status));
2305 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2308 struct mgmt_cp_pair_device *cp = data;
2309 struct mgmt_rp_pair_device rp;
2310 struct pending_cmd *cmd;
2311 u8 sec_level, auth_type;
2312 struct hci_conn *conn;
2317 memset(&rp, 0, sizeof(rp));
2318 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2319 rp.addr.type = cp->addr.type;
2321 if (!bdaddr_type_is_valid(cp->addr.type))
2322 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2323 MGMT_STATUS_INVALID_PARAMS,
2328 if (!hdev_is_powered(hdev)) {
2329 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2330 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2334 sec_level = BT_SECURITY_MEDIUM;
2335 if (cp->io_cap == 0x03)
2336 auth_type = HCI_AT_DEDICATED_BONDING;
2338 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2340 if (cp->addr.type == BDADDR_BREDR)
2341 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2342 cp->addr.type, sec_level, auth_type);
2344 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2345 cp->addr.type, sec_level, auth_type);
2350 if (PTR_ERR(conn) == -EBUSY)
2351 status = MGMT_STATUS_BUSY;
2353 status = MGMT_STATUS_CONNECT_FAILED;
2355 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2361 if (conn->connect_cfm_cb) {
2362 hci_conn_drop(conn);
2363 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2364 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2368 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2371 hci_conn_drop(conn);
2375 /* For LE, just connecting isn't a proof that the pairing finished */
2376 if (cp->addr.type == BDADDR_BREDR)
2377 conn->connect_cfm_cb = pairing_complete_cb;
2379 conn->connect_cfm_cb = le_connect_complete_cb;
2381 conn->security_cfm_cb = pairing_complete_cb;
2382 conn->disconn_cfm_cb = pairing_complete_cb;
2383 conn->io_capability = cp->io_cap;
2384 cmd->user_data = conn;
2386 if (conn->state == BT_CONNECTED &&
2387 hci_conn_security(conn, sec_level, auth_type))
2388 pairing_complete(cmd, 0);
2393 hci_dev_unlock(hdev);
2397 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2400 struct mgmt_addr_info *addr = data;
2401 struct pending_cmd *cmd;
2402 struct hci_conn *conn;
2409 if (!hdev_is_powered(hdev)) {
2410 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2411 MGMT_STATUS_NOT_POWERED);
2415 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2417 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2418 MGMT_STATUS_INVALID_PARAMS);
2422 conn = cmd->user_data;
2424 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2425 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2426 MGMT_STATUS_INVALID_PARAMS);
2430 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2432 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2433 addr, sizeof(*addr));
2435 hci_dev_unlock(hdev);
2439 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2440 struct mgmt_addr_info *addr, u16 mgmt_op,
2441 u16 hci_op, __le32 passkey)
2443 struct pending_cmd *cmd;
2444 struct hci_conn *conn;
2449 if (!hdev_is_powered(hdev)) {
2450 err = cmd_complete(sk, hdev->id, mgmt_op,
2451 MGMT_STATUS_NOT_POWERED, addr,
2456 if (addr->type == BDADDR_BREDR)
2457 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2459 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2462 err = cmd_complete(sk, hdev->id, mgmt_op,
2463 MGMT_STATUS_NOT_CONNECTED, addr,
2468 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2469 /* Continue with pairing via SMP */
2470 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2473 err = cmd_complete(sk, hdev->id, mgmt_op,
2474 MGMT_STATUS_SUCCESS, addr,
2477 err = cmd_complete(sk, hdev->id, mgmt_op,
2478 MGMT_STATUS_FAILED, addr,
2484 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2490 /* Continue with pairing via HCI */
2491 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2492 struct hci_cp_user_passkey_reply cp;
2494 bacpy(&cp.bdaddr, &addr->bdaddr);
2495 cp.passkey = passkey;
2496 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2498 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2502 mgmt_pending_remove(cmd);
2505 hci_dev_unlock(hdev);
2509 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2510 void *data, u16 len)
2512 struct mgmt_cp_pin_code_neg_reply *cp = data;
2516 return user_pairing_resp(sk, hdev, &cp->addr,
2517 MGMT_OP_PIN_CODE_NEG_REPLY,
2518 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2521 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2524 struct mgmt_cp_user_confirm_reply *cp = data;
2528 if (len != sizeof(*cp))
2529 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2530 MGMT_STATUS_INVALID_PARAMS);
2532 return user_pairing_resp(sk, hdev, &cp->addr,
2533 MGMT_OP_USER_CONFIRM_REPLY,
2534 HCI_OP_USER_CONFIRM_REPLY, 0);
2537 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2538 void *data, u16 len)
2540 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2544 return user_pairing_resp(sk, hdev, &cp->addr,
2545 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2546 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2549 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2552 struct mgmt_cp_user_passkey_reply *cp = data;
2556 return user_pairing_resp(sk, hdev, &cp->addr,
2557 MGMT_OP_USER_PASSKEY_REPLY,
2558 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2561 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2562 void *data, u16 len)
2564 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2568 return user_pairing_resp(sk, hdev, &cp->addr,
2569 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2570 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2573 static void update_name(struct hci_request *req)
2575 struct hci_dev *hdev = req->hdev;
2576 struct hci_cp_write_local_name cp;
2578 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2580 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2583 static void set_name_complete(struct hci_dev *hdev, u8 status)
2585 struct mgmt_cp_set_local_name *cp;
2586 struct pending_cmd *cmd;
2588 BT_DBG("status 0x%02x", status);
2592 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2599 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2600 mgmt_status(status));
2602 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2605 mgmt_pending_remove(cmd);
2608 hci_dev_unlock(hdev);
2611 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2614 struct mgmt_cp_set_local_name *cp = data;
2615 struct pending_cmd *cmd;
2616 struct hci_request req;
2623 /* If the old values are the same as the new ones just return a
2624 * direct command complete event.
2626 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2627 !memcmp(hdev->short_name, cp->short_name,
2628 sizeof(hdev->short_name))) {
2629 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2634 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2636 if (!hdev_is_powered(hdev)) {
2637 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2639 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2644 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2650 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2656 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2658 hci_req_init(&req, hdev);
2660 if (lmp_bredr_capable(hdev)) {
2665 if (lmp_le_capable(hdev))
2666 hci_update_ad(&req);
2668 err = hci_req_run(&req, set_name_complete);
2670 mgmt_pending_remove(cmd);
2673 hci_dev_unlock(hdev);
2677 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2678 void *data, u16 data_len)
2680 struct pending_cmd *cmd;
2683 BT_DBG("%s", hdev->name);
2687 if (!hdev_is_powered(hdev)) {
2688 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2689 MGMT_STATUS_NOT_POWERED);
2693 if (!lmp_ssp_capable(hdev)) {
2694 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2695 MGMT_STATUS_NOT_SUPPORTED);
2699 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2700 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2705 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2711 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2713 mgmt_pending_remove(cmd);
2716 hci_dev_unlock(hdev);
2720 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2721 void *data, u16 len)
2723 struct mgmt_cp_add_remote_oob_data *cp = data;
2727 BT_DBG("%s ", hdev->name);
2731 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2734 status = MGMT_STATUS_FAILED;
2736 status = MGMT_STATUS_SUCCESS;
2738 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2739 &cp->addr, sizeof(cp->addr));
2741 hci_dev_unlock(hdev);
2745 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2746 void *data, u16 len)
2748 struct mgmt_cp_remove_remote_oob_data *cp = data;
2752 BT_DBG("%s", hdev->name);
2756 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2758 status = MGMT_STATUS_INVALID_PARAMS;
2760 status = MGMT_STATUS_SUCCESS;
2762 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2763 status, &cp->addr, sizeof(cp->addr));
2765 hci_dev_unlock(hdev);
2769 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2771 struct pending_cmd *cmd;
2775 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2777 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2781 type = hdev->discovery.type;
2783 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2784 &type, sizeof(type));
2785 mgmt_pending_remove(cmd);
2790 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2792 BT_DBG("status %d", status);
2796 mgmt_start_discovery_failed(hdev, status);
2797 hci_dev_unlock(hdev);
2802 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2803 hci_dev_unlock(hdev);
2805 switch (hdev->discovery.type) {
2806 case DISCOV_TYPE_LE:
2807 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2811 case DISCOV_TYPE_INTERLEAVED:
2812 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2813 DISCOV_INTERLEAVED_TIMEOUT);
2816 case DISCOV_TYPE_BREDR:
2820 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2824 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2825 void *data, u16 len)
2827 struct mgmt_cp_start_discovery *cp = data;
2828 struct pending_cmd *cmd;
2829 struct hci_cp_le_set_scan_param param_cp;
2830 struct hci_cp_le_set_scan_enable enable_cp;
2831 struct hci_cp_inquiry inq_cp;
2832 struct hci_request req;
2833 /* General inquiry access code (GIAC) */
2834 u8 lap[3] = { 0x33, 0x8b, 0x9e };
2838 BT_DBG("%s", hdev->name);
2842 if (!hdev_is_powered(hdev)) {
2843 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2844 MGMT_STATUS_NOT_POWERED);
2848 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2849 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2854 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2855 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2860 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2866 hdev->discovery.type = cp->type;
2868 hci_req_init(&req, hdev);
2870 switch (hdev->discovery.type) {
2871 case DISCOV_TYPE_BREDR:
2872 status = mgmt_bredr_support(hdev);
2874 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2876 mgmt_pending_remove(cmd);
2880 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2881 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2883 mgmt_pending_remove(cmd);
2887 hci_inquiry_cache_flush(hdev);
2889 memset(&inq_cp, 0, sizeof(inq_cp));
2890 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
2891 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
2892 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
2895 case DISCOV_TYPE_LE:
2896 case DISCOV_TYPE_INTERLEAVED:
2897 status = mgmt_le_support(hdev);
2899 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2901 mgmt_pending_remove(cmd);
2905 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
2906 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
2907 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2908 MGMT_STATUS_NOT_SUPPORTED);
2909 mgmt_pending_remove(cmd);
2913 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2914 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2915 MGMT_STATUS_REJECTED);
2916 mgmt_pending_remove(cmd);
2920 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2921 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2923 mgmt_pending_remove(cmd);
2927 memset(¶m_cp, 0, sizeof(param_cp));
2928 param_cp.type = LE_SCAN_ACTIVE;
2929 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2930 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
2931 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
2932 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
2934 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
2935 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2938 memset(&enable_cp, 0, sizeof(enable_cp));
2939 enable_cp.enable = LE_SCAN_ENABLE;
2940 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2941 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2946 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2947 MGMT_STATUS_INVALID_PARAMS);
2948 mgmt_pending_remove(cmd);
2952 err = hci_req_run(&req, start_discovery_complete);
2954 mgmt_pending_remove(cmd);
2956 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2959 hci_dev_unlock(hdev);
2963 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2965 struct pending_cmd *cmd;
2968 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2972 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2973 &hdev->discovery.type, sizeof(hdev->discovery.type));
2974 mgmt_pending_remove(cmd);
2979 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2981 BT_DBG("status %d", status);
2986 mgmt_stop_discovery_failed(hdev, status);
2990 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2993 hci_dev_unlock(hdev);
2996 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2999 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3000 struct pending_cmd *cmd;
3001 struct hci_cp_remote_name_req_cancel cp;
3002 struct inquiry_entry *e;
3003 struct hci_request req;
3004 struct hci_cp_le_set_scan_enable enable_cp;
3007 BT_DBG("%s", hdev->name);
3011 if (!hci_discovery_active(hdev)) {
3012 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3013 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3014 sizeof(mgmt_cp->type));
3018 if (hdev->discovery.type != mgmt_cp->type) {
3019 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3020 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3021 sizeof(mgmt_cp->type));
3025 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3031 hci_req_init(&req, hdev);
3033 switch (hdev->discovery.state) {
3034 case DISCOVERY_FINDING:
3035 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3036 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3038 cancel_delayed_work(&hdev->le_scan_disable);
3040 memset(&enable_cp, 0, sizeof(enable_cp));
3041 enable_cp.enable = LE_SCAN_DISABLE;
3042 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3043 sizeof(enable_cp), &enable_cp);
3048 case DISCOVERY_RESOLVING:
3049 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3052 mgmt_pending_remove(cmd);
3053 err = cmd_complete(sk, hdev->id,
3054 MGMT_OP_STOP_DISCOVERY, 0,
3056 sizeof(mgmt_cp->type));
3057 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3061 bacpy(&cp.bdaddr, &e->data.bdaddr);
3062 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3068 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3070 mgmt_pending_remove(cmd);
3071 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3072 MGMT_STATUS_FAILED, &mgmt_cp->type,
3073 sizeof(mgmt_cp->type));
3077 err = hci_req_run(&req, stop_discovery_complete);
3079 mgmt_pending_remove(cmd);
3081 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3084 hci_dev_unlock(hdev);
3088 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3091 struct mgmt_cp_confirm_name *cp = data;
3092 struct inquiry_entry *e;
3095 BT_DBG("%s", hdev->name);
3099 if (!hci_discovery_active(hdev)) {
3100 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3101 MGMT_STATUS_FAILED);
3105 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3107 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3108 MGMT_STATUS_INVALID_PARAMS);
3112 if (cp->name_known) {
3113 e->name_state = NAME_KNOWN;
3116 e->name_state = NAME_NEEDED;
3117 hci_inquiry_cache_update_resolve(hdev, e);
3120 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3124 hci_dev_unlock(hdev);
3128 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3131 struct mgmt_cp_block_device *cp = data;
3135 BT_DBG("%s", hdev->name);
3137 if (!bdaddr_type_is_valid(cp->addr.type))
3138 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3139 MGMT_STATUS_INVALID_PARAMS,
3140 &cp->addr, sizeof(cp->addr));
3144 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3146 status = MGMT_STATUS_FAILED;
3148 status = MGMT_STATUS_SUCCESS;
3150 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3151 &cp->addr, sizeof(cp->addr));
3153 hci_dev_unlock(hdev);
3158 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3161 struct mgmt_cp_unblock_device *cp = data;
3165 BT_DBG("%s", hdev->name);
3167 if (!bdaddr_type_is_valid(cp->addr.type))
3168 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3169 MGMT_STATUS_INVALID_PARAMS,
3170 &cp->addr, sizeof(cp->addr));
3174 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3176 status = MGMT_STATUS_INVALID_PARAMS;
3178 status = MGMT_STATUS_SUCCESS;
3180 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3181 &cp->addr, sizeof(cp->addr));
3183 hci_dev_unlock(hdev);
3188 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3191 struct mgmt_cp_set_device_id *cp = data;
3192 struct hci_request req;
3196 BT_DBG("%s", hdev->name);
3198 source = __le16_to_cpu(cp->source);
3200 if (source > 0x0002)
3201 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3202 MGMT_STATUS_INVALID_PARAMS);
3206 hdev->devid_source = source;
3207 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3208 hdev->devid_product = __le16_to_cpu(cp->product);
3209 hdev->devid_version = __le16_to_cpu(cp->version);
3211 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3213 hci_req_init(&req, hdev);
3215 hci_req_run(&req, NULL);
3217 hci_dev_unlock(hdev);
3222 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3224 struct cmd_lookup match = { NULL, hdev };
3227 u8 mgmt_err = mgmt_status(status);
3229 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3230 cmd_status_rsp, &mgmt_err);
3234 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3237 new_settings(hdev, match.sk);
3243 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3245 struct mgmt_mode *cp = data;
3246 struct pending_cmd *cmd;
3247 struct hci_request req;
3248 u8 val, enabled, status;
3251 BT_DBG("request for %s", hdev->name);
3253 status = mgmt_le_support(hdev);
3255 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3258 if (cp->val != 0x00 && cp->val != 0x01)
3259 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3260 MGMT_STATUS_INVALID_PARAMS);
3265 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3267 /* The following conditions are ones which mean that we should
3268 * not do any HCI communication but directly send a mgmt
3269 * response to user space (after toggling the flag if
3272 if (!hdev_is_powered(hdev) || val == enabled ||
3273 hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECTED)) {
3274 bool changed = false;
3276 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3277 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3281 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3286 err = new_settings(hdev, sk);
3291 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3292 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3293 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3298 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3304 hci_req_init(&req, hdev);
3307 enable_advertising(&req);
3309 disable_advertising(&req);
3311 err = hci_req_run(&req, set_advertising_complete);
3313 mgmt_pending_remove(cmd);
3316 hci_dev_unlock(hdev);
3320 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3321 void *data, u16 len)
3323 struct mgmt_cp_set_static_address *cp = data;
3326 BT_DBG("%s", hdev->name);
3328 if (!lmp_le_capable(hdev))
3329 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3330 MGMT_STATUS_NOT_SUPPORTED);
3332 if (hdev_is_powered(hdev))
3333 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3334 MGMT_STATUS_REJECTED);
3336 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3337 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3338 return cmd_status(sk, hdev->id,
3339 MGMT_OP_SET_STATIC_ADDRESS,
3340 MGMT_STATUS_INVALID_PARAMS);
3342 /* Two most significant bits shall be set */
3343 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3344 return cmd_status(sk, hdev->id,
3345 MGMT_OP_SET_STATIC_ADDRESS,
3346 MGMT_STATUS_INVALID_PARAMS);
3351 bacpy(&hdev->static_addr, &cp->bdaddr);
3353 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3355 hci_dev_unlock(hdev);
3360 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3362 struct pending_cmd *cmd;
3364 BT_DBG("status 0x%02x", status);
3368 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3373 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3374 mgmt_status(status));
3376 struct mgmt_mode *cp = cmd->param;
3379 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3381 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3383 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3384 new_settings(hdev, cmd->sk);
3387 mgmt_pending_remove(cmd);
3390 hci_dev_unlock(hdev);
3393 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3394 void *data, u16 len)
3396 struct mgmt_mode *cp = data;
3397 struct pending_cmd *cmd;
3398 struct hci_request req;
3401 BT_DBG("%s", hdev->name);
3403 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3404 hdev->hci_ver < BLUETOOTH_VER_1_2)
3405 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3406 MGMT_STATUS_NOT_SUPPORTED);
3408 if (cp->val != 0x00 && cp->val != 0x01)
3409 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3410 MGMT_STATUS_INVALID_PARAMS);
3412 if (!hdev_is_powered(hdev))
3413 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3414 MGMT_STATUS_NOT_POWERED);
3416 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3417 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3418 MGMT_STATUS_REJECTED);
3422 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3423 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3428 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3429 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3434 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3441 hci_req_init(&req, hdev);
3443 write_fast_connectable(&req, cp->val);
3445 err = hci_req_run(&req, fast_connectable_complete);
3447 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3448 MGMT_STATUS_FAILED);
3449 mgmt_pending_remove(cmd);
3453 hci_dev_unlock(hdev);
3458 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3460 struct pending_cmd *cmd;
3462 BT_DBG("status 0x%02x", status);
3466 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3471 u8 mgmt_err = mgmt_status(status);
3473 /* We need to restore the flag if related HCI commands
3476 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3478 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3480 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3481 new_settings(hdev, cmd->sk);
3484 mgmt_pending_remove(cmd);
3487 hci_dev_unlock(hdev);
3490 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3492 struct mgmt_mode *cp = data;
3493 struct pending_cmd *cmd;
3494 struct hci_request req;
3497 BT_DBG("request for %s", hdev->name);
3499 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3500 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3501 MGMT_STATUS_NOT_SUPPORTED);
3503 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3504 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3505 MGMT_STATUS_REJECTED);
3507 if (cp->val != 0x00 && cp->val != 0x01)
3508 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3509 MGMT_STATUS_INVALID_PARAMS);
3513 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3514 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3518 if (!hdev_is_powered(hdev)) {
3520 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3521 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3522 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3523 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3524 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3525 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3528 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3530 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3534 err = new_settings(hdev, sk);
3538 /* Reject disabling when powered on */
3540 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3541 MGMT_STATUS_REJECTED);
3545 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3546 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3551 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3557 /* We need to flip the bit already here so that hci_update_ad
3558 * generates the correct flags.
3560 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3562 hci_req_init(&req, hdev);
3563 hci_update_ad(&req);
3564 err = hci_req_run(&req, set_bredr_complete);
3566 mgmt_pending_remove(cmd);
3569 hci_dev_unlock(hdev);
3573 static bool ltk_is_valid(struct mgmt_ltk_info *key)
3575 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3577 if (key->master != 0x00 && key->master != 0x01)
3579 if (!bdaddr_type_is_le(key->addr.type))
3584 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
3585 void *cp_data, u16 len)
3587 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3588 u16 key_count, expected_len;
3591 BT_DBG("request for %s", hdev->name);
3593 if (!lmp_le_capable(hdev))
3594 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3595 MGMT_STATUS_NOT_SUPPORTED);
3597 key_count = __le16_to_cpu(cp->key_count);
3599 expected_len = sizeof(*cp) + key_count *
3600 sizeof(struct mgmt_ltk_info);
3601 if (expected_len != len) {
3602 BT_ERR("load_keys: expected %u bytes, got %u bytes",
3604 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3605 MGMT_STATUS_INVALID_PARAMS);
3608 BT_DBG("%s key_count %u", hdev->name, key_count);
3610 for (i = 0; i < key_count; i++) {
3611 struct mgmt_ltk_info *key = &cp->keys[i];
3613 if (!ltk_is_valid(key))
3614 return cmd_status(sk, hdev->id,
3615 MGMT_OP_LOAD_LONG_TERM_KEYS,
3616 MGMT_STATUS_INVALID_PARAMS);
3621 hci_smp_ltks_clear(hdev);
3623 for (i = 0; i < key_count; i++) {
3624 struct mgmt_ltk_info *key = &cp->keys[i];
3630 type = HCI_SMP_LTK_SLAVE;
3632 hci_add_ltk(hdev, &key->addr.bdaddr,
3633 bdaddr_to_le(key->addr.type),
3634 type, 0, key->authenticated, key->val,
3635 key->enc_size, key->ediv, key->rand);
3638 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3641 hci_dev_unlock(hdev);
3646 static const struct mgmt_handler {
3647 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3651 } mgmt_handlers[] = {
3652 { NULL }, /* 0x0000 (no command) */
3653 { read_version, false, MGMT_READ_VERSION_SIZE },
3654 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3655 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3656 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3657 { set_powered, false, MGMT_SETTING_SIZE },
3658 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3659 { set_connectable, false, MGMT_SETTING_SIZE },
3660 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3661 { set_pairable, false, MGMT_SETTING_SIZE },
3662 { set_link_security, false, MGMT_SETTING_SIZE },
3663 { set_ssp, false, MGMT_SETTING_SIZE },
3664 { set_hs, false, MGMT_SETTING_SIZE },
3665 { set_le, false, MGMT_SETTING_SIZE },
3666 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3667 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3668 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3669 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3670 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3671 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3672 { disconnect, false, MGMT_DISCONNECT_SIZE },
3673 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3674 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3675 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3676 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3677 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3678 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3679 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3680 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3681 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3682 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3683 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3684 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3685 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3686 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3687 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3688 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3689 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3690 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3691 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
3692 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
3693 { set_advertising, false, MGMT_SETTING_SIZE },
3694 { set_bredr, false, MGMT_SETTING_SIZE },
3695 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
3699 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3703 struct mgmt_hdr *hdr;
3704 u16 opcode, index, len;
3705 struct hci_dev *hdev = NULL;
3706 const struct mgmt_handler *handler;
3709 BT_DBG("got %zu bytes", msglen);
3711 if (msglen < sizeof(*hdr))
3714 buf = kmalloc(msglen, GFP_KERNEL);
3718 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3724 opcode = __le16_to_cpu(hdr->opcode);
3725 index = __le16_to_cpu(hdr->index);
3726 len = __le16_to_cpu(hdr->len);
3728 if (len != msglen - sizeof(*hdr)) {
3733 if (index != MGMT_INDEX_NONE) {
3734 hdev = hci_dev_get(index);
3736 err = cmd_status(sk, index, opcode,
3737 MGMT_STATUS_INVALID_INDEX);
3741 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3742 err = cmd_status(sk, index, opcode,
3743 MGMT_STATUS_INVALID_INDEX);
3748 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
3749 mgmt_handlers[opcode].func == NULL) {
3750 BT_DBG("Unknown op %u", opcode);
3751 err = cmd_status(sk, index, opcode,
3752 MGMT_STATUS_UNKNOWN_COMMAND);
3756 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
3757 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
3758 err = cmd_status(sk, index, opcode,
3759 MGMT_STATUS_INVALID_INDEX);
3763 handler = &mgmt_handlers[opcode];
3765 if ((handler->var_len && len < handler->data_len) ||
3766 (!handler->var_len && len != handler->data_len)) {
3767 err = cmd_status(sk, index, opcode,
3768 MGMT_STATUS_INVALID_PARAMS);
3773 mgmt_init_hdev(sk, hdev);
3775 cp = buf + sizeof(*hdr);
3777 err = handler->func(sk, hdev, cp, len);
3791 void mgmt_index_added(struct hci_dev *hdev)
3793 if (hdev->dev_type != HCI_BREDR)
3796 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
3799 void mgmt_index_removed(struct hci_dev *hdev)
3801 u8 status = MGMT_STATUS_INVALID_INDEX;
3803 if (hdev->dev_type != HCI_BREDR)
3806 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3808 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
3811 static void set_bredr_scan(struct hci_request *req)
3813 struct hci_dev *hdev = req->hdev;
3816 /* Ensure that fast connectable is disabled. This function will
3817 * not do anything if the page scan parameters are already what
3820 write_fast_connectable(req, false);
3822 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3824 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3825 scan |= SCAN_INQUIRY;
3828 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3831 static void powered_complete(struct hci_dev *hdev, u8 status)
3833 struct cmd_lookup match = { NULL, hdev };
3835 BT_DBG("status 0x%02x", status);
3839 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3841 new_settings(hdev, match.sk);
3843 hci_dev_unlock(hdev);
3849 static int powered_update_hci(struct hci_dev *hdev)
3851 struct hci_request req;
3854 hci_req_init(&req, hdev);
3856 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3857 !lmp_host_ssp_capable(hdev)) {
3860 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
3863 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3864 lmp_bredr_capable(hdev)) {
3865 struct hci_cp_write_le_host_supported cp;
3868 cp.simul = lmp_le_br_capable(hdev);
3870 /* Check first if we already have the right
3871 * host state (host features set)
3873 if (cp.le != lmp_host_le_capable(hdev) ||
3874 cp.simul != lmp_host_le_br_capable(hdev))
3875 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3878 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3879 hci_update_ad(&req);
3882 if (lmp_le_capable(hdev)) {
3883 /* Set random address to static address if configured */
3884 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3885 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3886 &hdev->static_addr);
3888 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
3889 enable_advertising(&req);
3892 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3893 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
3894 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3895 sizeof(link_sec), &link_sec);
3897 if (lmp_bredr_capable(hdev)) {
3898 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3899 set_bredr_scan(&req);
3905 return hci_req_run(&req, powered_complete);
3908 int mgmt_powered(struct hci_dev *hdev, u8 powered)
3910 struct cmd_lookup match = { NULL, hdev };
3911 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3912 u8 zero_cod[] = { 0, 0, 0 };
3915 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3919 if (powered_update_hci(hdev) == 0)
3922 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3927 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3928 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3930 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3931 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3932 zero_cod, sizeof(zero_cod), NULL);
3935 err = new_settings(hdev, match.sk);
3943 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3945 struct pending_cmd *cmd;
3948 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3952 if (err == -ERFKILL)
3953 status = MGMT_STATUS_RFKILLED;
3955 status = MGMT_STATUS_FAILED;
3957 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3959 mgmt_pending_remove(cmd);
3962 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3964 struct cmd_lookup match = { NULL, hdev };
3965 bool changed = false;
3969 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3972 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3976 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3980 err = new_settings(hdev, match.sk);
3988 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3990 struct pending_cmd *cmd;
3991 bool changed = false;
3995 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3998 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4002 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
4005 err = new_settings(hdev, cmd ? cmd->sk : NULL);
4010 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
4012 u8 mgmt_err = mgmt_status(status);
4014 if (scan & SCAN_PAGE)
4015 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
4016 cmd_status_rsp, &mgmt_err);
4018 if (scan & SCAN_INQUIRY)
4019 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
4020 cmd_status_rsp, &mgmt_err);
4025 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4028 struct mgmt_ev_new_link_key ev;
4030 memset(&ev, 0, sizeof(ev));
4032 ev.store_hint = persistent;
4033 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4034 ev.key.addr.type = BDADDR_BREDR;
4035 ev.key.type = key->type;
4036 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
4037 ev.key.pin_len = key->pin_len;
4039 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4042 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4044 struct mgmt_ev_new_long_term_key ev;
4046 memset(&ev, 0, sizeof(ev));
4048 ev.store_hint = persistent;
4049 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4050 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4051 ev.key.authenticated = key->authenticated;
4052 ev.key.enc_size = key->enc_size;
4053 ev.key.ediv = key->ediv;
4055 if (key->type == HCI_SMP_LTK)
4058 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4059 memcpy(ev.key.val, key->val, sizeof(key->val));
4061 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4065 void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4066 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4070 struct mgmt_ev_device_connected *ev = (void *) buf;
4073 bacpy(&ev->addr.bdaddr, bdaddr);
4074 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4076 ev->flags = __cpu_to_le32(flags);
4079 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4082 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4083 eir_len = eir_append_data(ev->eir, eir_len,
4084 EIR_CLASS_OF_DEV, dev_class, 3);
4086 ev->eir_len = cpu_to_le16(eir_len);
4088 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4089 sizeof(*ev) + eir_len, NULL);
4092 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4094 struct mgmt_cp_disconnect *cp = cmd->param;
4095 struct sock **sk = data;
4096 struct mgmt_rp_disconnect rp;
4098 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4099 rp.addr.type = cp->addr.type;
4101 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4107 mgmt_pending_remove(cmd);
4110 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4112 struct hci_dev *hdev = data;
4113 struct mgmt_cp_unpair_device *cp = cmd->param;
4114 struct mgmt_rp_unpair_device rp;
4116 memset(&rp, 0, sizeof(rp));
4117 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4118 rp.addr.type = cp->addr.type;
4120 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4122 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4124 mgmt_pending_remove(cmd);
4127 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4128 u8 link_type, u8 addr_type, u8 reason)
4130 struct mgmt_ev_device_disconnected ev;
4131 struct sock *sk = NULL;
4133 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4135 bacpy(&ev.addr.bdaddr, bdaddr);
4136 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4139 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
4144 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4148 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4149 u8 link_type, u8 addr_type, u8 status)
4151 struct mgmt_rp_disconnect rp;
4152 struct pending_cmd *cmd;
4154 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4157 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4161 bacpy(&rp.addr.bdaddr, bdaddr);
4162 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4164 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4165 mgmt_status(status), &rp, sizeof(rp));
4167 mgmt_pending_remove(cmd);
4170 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4171 u8 addr_type, u8 status)
4173 struct mgmt_ev_connect_failed ev;
4175 bacpy(&ev.addr.bdaddr, bdaddr);
4176 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4177 ev.status = mgmt_status(status);
4179 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4182 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
4184 struct mgmt_ev_pin_code_request ev;
4186 bacpy(&ev.addr.bdaddr, bdaddr);
4187 ev.addr.type = BDADDR_BREDR;
4190 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4194 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4197 struct pending_cmd *cmd;
4198 struct mgmt_rp_pin_code_reply rp;
4201 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
4205 bacpy(&rp.addr.bdaddr, bdaddr);
4206 rp.addr.type = BDADDR_BREDR;
4208 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4209 mgmt_status(status), &rp, sizeof(rp));
4211 mgmt_pending_remove(cmd);
4216 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4219 struct pending_cmd *cmd;
4220 struct mgmt_rp_pin_code_reply rp;
4223 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
4227 bacpy(&rp.addr.bdaddr, bdaddr);
4228 rp.addr.type = BDADDR_BREDR;
4230 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4231 mgmt_status(status), &rp, sizeof(rp));
4233 mgmt_pending_remove(cmd);
4238 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4239 u8 link_type, u8 addr_type, __le32 value,
4242 struct mgmt_ev_user_confirm_request ev;
4244 BT_DBG("%s", hdev->name);
4246 bacpy(&ev.addr.bdaddr, bdaddr);
4247 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4248 ev.confirm_hint = confirm_hint;
4251 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4255 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4256 u8 link_type, u8 addr_type)
4258 struct mgmt_ev_user_passkey_request ev;
4260 BT_DBG("%s", hdev->name);
4262 bacpy(&ev.addr.bdaddr, bdaddr);
4263 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4265 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
4269 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4270 u8 link_type, u8 addr_type, u8 status,
4273 struct pending_cmd *cmd;
4274 struct mgmt_rp_user_confirm_reply rp;
4277 cmd = mgmt_pending_find(opcode, hdev);
4281 bacpy(&rp.addr.bdaddr, bdaddr);
4282 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4283 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
4286 mgmt_pending_remove(cmd);
4291 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4292 u8 link_type, u8 addr_type, u8 status)
4294 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4295 status, MGMT_OP_USER_CONFIRM_REPLY);
4298 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4299 u8 link_type, u8 addr_type, u8 status)
4301 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4303 MGMT_OP_USER_CONFIRM_NEG_REPLY);
4306 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4307 u8 link_type, u8 addr_type, u8 status)
4309 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4310 status, MGMT_OP_USER_PASSKEY_REPLY);
4313 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4314 u8 link_type, u8 addr_type, u8 status)
4316 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4318 MGMT_OP_USER_PASSKEY_NEG_REPLY);
4321 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4322 u8 link_type, u8 addr_type, u32 passkey,
4325 struct mgmt_ev_passkey_notify ev;
4327 BT_DBG("%s", hdev->name);
4329 bacpy(&ev.addr.bdaddr, bdaddr);
4330 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4331 ev.passkey = __cpu_to_le32(passkey);
4332 ev.entered = entered;
4334 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4337 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4338 u8 addr_type, u8 status)
4340 struct mgmt_ev_auth_failed ev;
4342 bacpy(&ev.addr.bdaddr, bdaddr);
4343 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4344 ev.status = mgmt_status(status);
4346 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
4349 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4351 struct cmd_lookup match = { NULL, hdev };
4352 bool changed = false;
4356 u8 mgmt_err = mgmt_status(status);
4357 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
4358 cmd_status_rsp, &mgmt_err);
4362 if (test_bit(HCI_AUTH, &hdev->flags)) {
4363 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4366 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4370 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
4374 err = new_settings(hdev, match.sk);
4382 static void clear_eir(struct hci_request *req)
4384 struct hci_dev *hdev = req->hdev;
4385 struct hci_cp_write_eir cp;
4387 if (!lmp_ext_inq_capable(hdev))
4390 memset(hdev->eir, 0, sizeof(hdev->eir));
4392 memset(&cp, 0, sizeof(cp));
4394 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
4397 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4399 struct cmd_lookup match = { NULL, hdev };
4400 struct hci_request req;
4401 bool changed = false;
4405 u8 mgmt_err = mgmt_status(status);
4407 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
4409 err = new_settings(hdev, NULL);
4411 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4418 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4421 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4425 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4428 err = new_settings(hdev, match.sk);
4433 hci_req_init(&req, hdev);
4435 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4440 hci_req_run(&req, NULL);
4445 static void sk_lookup(struct pending_cmd *cmd, void *data)
4447 struct cmd_lookup *match = data;
4449 if (match->sk == NULL) {
4450 match->sk = cmd->sk;
4451 sock_hold(match->sk);
4455 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4458 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4461 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4462 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4463 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
4466 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4475 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
4477 struct mgmt_cp_set_local_name ev;
4478 struct pending_cmd *cmd;
4483 memset(&ev, 0, sizeof(ev));
4484 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
4485 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
4487 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
4489 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
4491 /* If this is a HCI command related to powering on the
4492 * HCI dev don't send any mgmt signals.
4494 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4498 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4499 cmd ? cmd->sk : NULL);
4502 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4503 u8 *randomizer, u8 status)
4505 struct pending_cmd *cmd;
4508 BT_DBG("%s status %u", hdev->name, status);
4510 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4515 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4516 mgmt_status(status));
4518 struct mgmt_rp_read_local_oob_data rp;
4520 memcpy(rp.hash, hash, sizeof(rp.hash));
4521 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4523 err = cmd_complete(cmd->sk, hdev->id,
4524 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4528 mgmt_pending_remove(cmd);
4533 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4534 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4535 ssp, u8 *eir, u16 eir_len)
4538 struct mgmt_ev_device_found *ev = (void *) buf;
4541 if (!hci_discovery_active(hdev))
4544 /* Leave 5 bytes for a potential CoD field */
4545 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
4548 memset(buf, 0, sizeof(buf));
4550 bacpy(&ev->addr.bdaddr, bdaddr);
4551 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4554 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
4556 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
4559 memcpy(ev->eir, eir, eir_len);
4561 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4562 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
4565 ev->eir_len = cpu_to_le16(eir_len);
4566 ev_size = sizeof(*ev) + eir_len;
4568 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
4571 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4572 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
4574 struct mgmt_ev_device_found *ev;
4575 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4578 ev = (struct mgmt_ev_device_found *) buf;
4580 memset(buf, 0, sizeof(buf));
4582 bacpy(&ev->addr.bdaddr, bdaddr);
4583 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4586 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
4589 ev->eir_len = cpu_to_le16(eir_len);
4591 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
4594 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
4596 struct mgmt_ev_discovering ev;
4597 struct pending_cmd *cmd;
4599 BT_DBG("%s discovering %u", hdev->name, discovering);
4602 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
4604 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4607 u8 type = hdev->discovery.type;
4609 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4611 mgmt_pending_remove(cmd);
4614 memset(&ev, 0, sizeof(ev));
4615 ev.type = hdev->discovery.type;
4616 ev.discovering = discovering;
4618 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
4621 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4623 struct pending_cmd *cmd;
4624 struct mgmt_ev_device_blocked ev;
4626 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
4628 bacpy(&ev.addr.bdaddr, bdaddr);
4629 ev.addr.type = type;
4631 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
4632 cmd ? cmd->sk : NULL);
4635 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4637 struct pending_cmd *cmd;
4638 struct mgmt_ev_device_unblocked ev;
4640 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
4642 bacpy(&ev.addr.bdaddr, bdaddr);
4643 ev.addr.type = type;
4645 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
4646 cmd ? cmd->sk : NULL);
4649 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4651 BT_DBG("%s status %u", hdev->name, status);
4653 /* Clear the advertising mgmt setting if we failed to re-enable it */
4655 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4656 new_settings(hdev, NULL);
4660 void mgmt_reenable_advertising(struct hci_dev *hdev)
4662 struct hci_request req;
4664 if (hdev->conn_hash.le_num)
4667 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4670 hci_req_init(&req, hdev);
4671 enable_advertising(&req);
4673 /* If this fails we have no option but to let user space know
4674 * that we've disabled advertising.
4676 if (hci_req_run(&req, adv_enable_complete) < 0) {
4677 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4678 new_settings(hdev, NULL);
projects / karo-tx-linux.git / blob