2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
36 #define MGMT_VERSION 1
37 #define MGMT_REVISION 6
39 static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
76 MGMT_OP_UNBLOCK_DEVICE,
77 MGMT_OP_SET_DEVICE_ID,
78 MGMT_OP_SET_ADVERTISING,
80 MGMT_OP_SET_STATIC_ADDRESS,
81 MGMT_OP_SET_SCAN_PARAMS,
82 MGMT_OP_SET_SECURE_CONN,
83 MGMT_OP_SET_DEBUG_KEYS,
86 MGMT_OP_GET_CONN_INFO,
89 static const u16 mgmt_events[] = {
90 MGMT_EV_CONTROLLER_ERROR,
92 MGMT_EV_INDEX_REMOVED,
94 MGMT_EV_CLASS_OF_DEV_CHANGED,
95 MGMT_EV_LOCAL_NAME_CHANGED,
97 MGMT_EV_NEW_LONG_TERM_KEY,
98 MGMT_EV_DEVICE_CONNECTED,
99 MGMT_EV_DEVICE_DISCONNECTED,
100 MGMT_EV_CONNECT_FAILED,
101 MGMT_EV_PIN_CODE_REQUEST,
102 MGMT_EV_USER_CONFIRM_REQUEST,
103 MGMT_EV_USER_PASSKEY_REQUEST,
105 MGMT_EV_DEVICE_FOUND,
107 MGMT_EV_DEVICE_BLOCKED,
108 MGMT_EV_DEVICE_UNBLOCKED,
109 MGMT_EV_DEVICE_UNPAIRED,
110 MGMT_EV_PASSKEY_NOTIFY,
115 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
117 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
118 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
121 struct list_head list;
129 /* HCI to MGMT error code conversion table */
130 static u8 mgmt_status_table[] = {
132 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
133 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
134 MGMT_STATUS_FAILED, /* Hardware Failure */
135 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
136 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
137 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
138 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
139 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
140 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
141 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
142 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
143 MGMT_STATUS_BUSY, /* Command Disallowed */
144 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
145 MGMT_STATUS_REJECTED, /* Rejected Security */
146 MGMT_STATUS_REJECTED, /* Rejected Personal */
147 MGMT_STATUS_TIMEOUT, /* Host Timeout */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
149 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
150 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
151 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
152 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
153 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
154 MGMT_STATUS_BUSY, /* Repeated Attempts */
155 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
156 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
157 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
158 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
159 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
160 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
161 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
162 MGMT_STATUS_FAILED, /* Unspecified Error */
163 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
164 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
165 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
166 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
167 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
168 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
169 MGMT_STATUS_FAILED, /* Unit Link Key Used */
170 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
171 MGMT_STATUS_TIMEOUT, /* Instant Passed */
172 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
173 MGMT_STATUS_FAILED, /* Transaction Collision */
174 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
175 MGMT_STATUS_REJECTED, /* QoS Rejected */
176 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
177 MGMT_STATUS_REJECTED, /* Insufficient Security */
178 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
179 MGMT_STATUS_BUSY, /* Role Switch Pending */
180 MGMT_STATUS_FAILED, /* Slot Violation */
181 MGMT_STATUS_FAILED, /* Role Switch Failed */
182 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
183 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
184 MGMT_STATUS_BUSY, /* Host Busy Pairing */
185 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
186 MGMT_STATUS_BUSY, /* Controller Busy */
187 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
188 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
189 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
190 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
191 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
194 static u8 mgmt_status(u8 hci_status)
196 if (hci_status < ARRAY_SIZE(mgmt_status_table))
197 return mgmt_status_table[hci_status];
199 return MGMT_STATUS_FAILED;
202 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
205 struct mgmt_hdr *hdr;
206 struct mgmt_ev_cmd_status *ev;
209 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
211 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
215 hdr = (void *) skb_put(skb, sizeof(*hdr));
217 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
218 hdr->index = cpu_to_le16(index);
219 hdr->len = cpu_to_le16(sizeof(*ev));
221 ev = (void *) skb_put(skb, sizeof(*ev));
223 ev->opcode = cpu_to_le16(cmd);
225 err = sock_queue_rcv_skb(sk, skb);
232 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
233 void *rp, size_t rp_len)
236 struct mgmt_hdr *hdr;
237 struct mgmt_ev_cmd_complete *ev;
240 BT_DBG("sock %p", sk);
242 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
246 hdr = (void *) skb_put(skb, sizeof(*hdr));
248 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
249 hdr->index = cpu_to_le16(index);
250 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
252 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
253 ev->opcode = cpu_to_le16(cmd);
257 memcpy(ev->data, rp, rp_len);
259 err = sock_queue_rcv_skb(sk, skb);
266 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
269 struct mgmt_rp_read_version rp;
271 BT_DBG("sock %p", sk);
273 rp.version = MGMT_VERSION;
274 rp.revision = cpu_to_le16(MGMT_REVISION);
276 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
280 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
283 struct mgmt_rp_read_commands *rp;
284 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
285 const u16 num_events = ARRAY_SIZE(mgmt_events);
290 BT_DBG("sock %p", sk);
292 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
294 rp = kmalloc(rp_size, GFP_KERNEL);
298 rp->num_commands = cpu_to_le16(num_commands);
299 rp->num_events = cpu_to_le16(num_events);
301 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
302 put_unaligned_le16(mgmt_commands[i], opcode);
304 for (i = 0; i < num_events; i++, opcode++)
305 put_unaligned_le16(mgmt_events[i], opcode);
307 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
314 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
317 struct mgmt_rp_read_index_list *rp;
323 BT_DBG("sock %p", sk);
325 read_lock(&hci_dev_list_lock);
328 list_for_each_entry(d, &hci_dev_list, list) {
329 if (d->dev_type == HCI_BREDR)
333 rp_len = sizeof(*rp) + (2 * count);
334 rp = kmalloc(rp_len, GFP_ATOMIC);
336 read_unlock(&hci_dev_list_lock);
341 list_for_each_entry(d, &hci_dev_list, list) {
342 if (test_bit(HCI_SETUP, &d->dev_flags))
345 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
348 if (d->dev_type == HCI_BREDR) {
349 rp->index[count++] = cpu_to_le16(d->id);
350 BT_DBG("Added hci%u", d->id);
354 rp->num_controllers = cpu_to_le16(count);
355 rp_len = sizeof(*rp) + (2 * count);
357 read_unlock(&hci_dev_list_lock);
359 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
367 static u32 get_supported_settings(struct hci_dev *hdev)
371 settings |= MGMT_SETTING_POWERED;
372 settings |= MGMT_SETTING_PAIRABLE;
373 settings |= MGMT_SETTING_DEBUG_KEYS;
375 if (lmp_bredr_capable(hdev)) {
376 settings |= MGMT_SETTING_CONNECTABLE;
377 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
378 settings |= MGMT_SETTING_FAST_CONNECTABLE;
379 settings |= MGMT_SETTING_DISCOVERABLE;
380 settings |= MGMT_SETTING_BREDR;
381 settings |= MGMT_SETTING_LINK_SECURITY;
383 if (lmp_ssp_capable(hdev)) {
384 settings |= MGMT_SETTING_SSP;
385 settings |= MGMT_SETTING_HS;
388 if (lmp_sc_capable(hdev) ||
389 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
390 settings |= MGMT_SETTING_SECURE_CONN;
393 if (lmp_le_capable(hdev)) {
394 settings |= MGMT_SETTING_LE;
395 settings |= MGMT_SETTING_ADVERTISING;
396 settings |= MGMT_SETTING_PRIVACY;
402 static u32 get_current_settings(struct hci_dev *hdev)
406 if (hdev_is_powered(hdev))
407 settings |= MGMT_SETTING_POWERED;
409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
410 settings |= MGMT_SETTING_CONNECTABLE;
412 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_FAST_CONNECTABLE;
415 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
416 settings |= MGMT_SETTING_DISCOVERABLE;
418 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
419 settings |= MGMT_SETTING_PAIRABLE;
421 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
422 settings |= MGMT_SETTING_BREDR;
424 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
425 settings |= MGMT_SETTING_LE;
427 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
428 settings |= MGMT_SETTING_LINK_SECURITY;
430 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_SSP;
433 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
434 settings |= MGMT_SETTING_HS;
436 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
437 settings |= MGMT_SETTING_ADVERTISING;
439 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
440 settings |= MGMT_SETTING_SECURE_CONN;
442 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
443 settings |= MGMT_SETTING_DEBUG_KEYS;
445 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
446 settings |= MGMT_SETTING_PRIVACY;
451 #define PNP_INFO_SVCLASS_ID 0x1200
453 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
455 u8 *ptr = data, *uuids_start = NULL;
456 struct bt_uuid *uuid;
461 list_for_each_entry(uuid, &hdev->uuids, list) {
464 if (uuid->size != 16)
467 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
471 if (uuid16 == PNP_INFO_SVCLASS_ID)
477 uuids_start[1] = EIR_UUID16_ALL;
481 /* Stop if not enough space to put next UUID */
482 if ((ptr - data) + sizeof(u16) > len) {
483 uuids_start[1] = EIR_UUID16_SOME;
487 *ptr++ = (uuid16 & 0x00ff);
488 *ptr++ = (uuid16 & 0xff00) >> 8;
489 uuids_start[0] += sizeof(uuid16);
495 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
497 u8 *ptr = data, *uuids_start = NULL;
498 struct bt_uuid *uuid;
503 list_for_each_entry(uuid, &hdev->uuids, list) {
504 if (uuid->size != 32)
510 uuids_start[1] = EIR_UUID32_ALL;
514 /* Stop if not enough space to put next UUID */
515 if ((ptr - data) + sizeof(u32) > len) {
516 uuids_start[1] = EIR_UUID32_SOME;
520 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
522 uuids_start[0] += sizeof(u32);
528 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
530 u8 *ptr = data, *uuids_start = NULL;
531 struct bt_uuid *uuid;
536 list_for_each_entry(uuid, &hdev->uuids, list) {
537 if (uuid->size != 128)
543 uuids_start[1] = EIR_UUID128_ALL;
547 /* Stop if not enough space to put next UUID */
548 if ((ptr - data) + 16 > len) {
549 uuids_start[1] = EIR_UUID128_SOME;
553 memcpy(ptr, uuid->uuid, 16);
555 uuids_start[0] += 16;
561 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
563 struct pending_cmd *cmd;
565 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
566 if (cmd->opcode == opcode)
573 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
578 name_len = strlen(hdev->dev_name);
580 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
582 if (name_len > max_len) {
584 ptr[1] = EIR_NAME_SHORT;
586 ptr[1] = EIR_NAME_COMPLETE;
588 ptr[0] = name_len + 1;
590 memcpy(ptr + 2, hdev->dev_name, name_len);
592 ad_len += (name_len + 2);
593 ptr += (name_len + 2);
599 static void update_scan_rsp_data(struct hci_request *req)
601 struct hci_dev *hdev = req->hdev;
602 struct hci_cp_le_set_scan_rsp_data cp;
605 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
608 memset(&cp, 0, sizeof(cp));
610 len = create_scan_rsp_data(hdev, cp.data);
612 if (hdev->scan_rsp_data_len == len &&
613 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
616 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
617 hdev->scan_rsp_data_len = len;
621 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
624 static u8 get_adv_discov_flags(struct hci_dev *hdev)
626 struct pending_cmd *cmd;
628 /* If there's a pending mgmt command the flags will not yet have
629 * their final values, so check for this first.
631 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
633 struct mgmt_mode *cp = cmd->param;
635 return LE_AD_GENERAL;
636 else if (cp->val == 0x02)
637 return LE_AD_LIMITED;
639 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
640 return LE_AD_LIMITED;
641 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
642 return LE_AD_GENERAL;
648 static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
650 u8 ad_len = 0, flags = 0;
652 flags |= get_adv_discov_flags(hdev);
654 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
655 flags |= LE_AD_NO_BREDR;
658 BT_DBG("adv flags 0x%02x", flags);
668 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
670 ptr[1] = EIR_TX_POWER;
671 ptr[2] = (u8) hdev->adv_tx_power;
680 static void update_adv_data(struct hci_request *req)
682 struct hci_dev *hdev = req->hdev;
683 struct hci_cp_le_set_adv_data cp;
686 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
689 memset(&cp, 0, sizeof(cp));
691 len = create_adv_data(hdev, cp.data);
693 if (hdev->adv_data_len == len &&
694 memcmp(cp.data, hdev->adv_data, len) == 0)
697 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
698 hdev->adv_data_len = len;
702 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
705 static void create_eir(struct hci_dev *hdev, u8 *data)
710 name_len = strlen(hdev->dev_name);
716 ptr[1] = EIR_NAME_SHORT;
718 ptr[1] = EIR_NAME_COMPLETE;
720 /* EIR Data length */
721 ptr[0] = name_len + 1;
723 memcpy(ptr + 2, hdev->dev_name, name_len);
725 ptr += (name_len + 2);
728 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
730 ptr[1] = EIR_TX_POWER;
731 ptr[2] = (u8) hdev->inq_tx_power;
736 if (hdev->devid_source > 0) {
738 ptr[1] = EIR_DEVICE_ID;
740 put_unaligned_le16(hdev->devid_source, ptr + 2);
741 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
742 put_unaligned_le16(hdev->devid_product, ptr + 6);
743 put_unaligned_le16(hdev->devid_version, ptr + 8);
748 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
749 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
750 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
753 static void update_eir(struct hci_request *req)
755 struct hci_dev *hdev = req->hdev;
756 struct hci_cp_write_eir cp;
758 if (!hdev_is_powered(hdev))
761 if (!lmp_ext_inq_capable(hdev))
764 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
767 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
770 memset(&cp, 0, sizeof(cp));
772 create_eir(hdev, cp.data);
774 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
777 memcpy(hdev->eir, cp.data, sizeof(cp.data));
779 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
782 static u8 get_service_classes(struct hci_dev *hdev)
784 struct bt_uuid *uuid;
787 list_for_each_entry(uuid, &hdev->uuids, list)
788 val |= uuid->svc_hint;
793 static void update_class(struct hci_request *req)
795 struct hci_dev *hdev = req->hdev;
798 BT_DBG("%s", hdev->name);
800 if (!hdev_is_powered(hdev))
803 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
806 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
809 cod[0] = hdev->minor_class;
810 cod[1] = hdev->major_class;
811 cod[2] = get_service_classes(hdev);
813 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
816 if (memcmp(cod, hdev->dev_class, 3) == 0)
819 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
822 static bool get_connectable(struct hci_dev *hdev)
824 struct pending_cmd *cmd;
826 /* If there's a pending mgmt command the flag will not yet have
827 * it's final value, so check for this first.
829 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
831 struct mgmt_mode *cp = cmd->param;
835 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
838 static void enable_advertising(struct hci_request *req)
840 struct hci_dev *hdev = req->hdev;
841 struct hci_cp_le_set_adv_param cp;
842 u8 own_addr_type, enable = 0x01;
845 /* Clear the HCI_ADVERTISING bit temporarily so that the
846 * hci_update_random_address knows that it's safe to go ahead
847 * and write a new random address. The flag will be set back on
848 * as soon as the SET_ADV_ENABLE HCI command completes.
850 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
852 connectable = get_connectable(hdev);
854 /* Set require_privacy to true only when non-connectable
855 * advertising is used. In that case it is fine to use a
856 * non-resolvable private address.
858 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
861 memset(&cp, 0, sizeof(cp));
862 cp.min_interval = cpu_to_le16(0x0800);
863 cp.max_interval = cpu_to_le16(0x0800);
864 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
865 cp.own_address_type = own_addr_type;
866 cp.channel_map = hdev->le_adv_channel_map;
868 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
870 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
873 static void disable_advertising(struct hci_request *req)
877 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
880 static void service_cache_off(struct work_struct *work)
882 struct hci_dev *hdev = container_of(work, struct hci_dev,
884 struct hci_request req;
886 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
889 hci_req_init(&req, hdev);
896 hci_dev_unlock(hdev);
898 hci_req_run(&req, NULL);
901 static void rpa_expired(struct work_struct *work)
903 struct hci_dev *hdev = container_of(work, struct hci_dev,
905 struct hci_request req;
909 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
911 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
912 hci_conn_num(hdev, LE_LINK) > 0)
915 /* The generation of a new RPA and programming it into the
916 * controller happens in the enable_advertising() function.
919 hci_req_init(&req, hdev);
921 disable_advertising(&req);
922 enable_advertising(&req);
924 hci_req_run(&req, NULL);
927 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
929 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
932 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
933 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
935 /* Non-mgmt controlled devices get this bit set
936 * implicitly so that pairing works for them, however
937 * for mgmt we require user-space to explicitly enable
940 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
943 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
944 void *data, u16 data_len)
946 struct mgmt_rp_read_info rp;
948 BT_DBG("sock %p %s", sk, hdev->name);
952 memset(&rp, 0, sizeof(rp));
954 bacpy(&rp.bdaddr, &hdev->bdaddr);
956 rp.version = hdev->hci_ver;
957 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
959 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
960 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
962 memcpy(rp.dev_class, hdev->dev_class, 3);
964 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
965 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
967 hci_dev_unlock(hdev);
969 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
973 static void mgmt_pending_free(struct pending_cmd *cmd)
980 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
981 struct hci_dev *hdev, void *data,
984 struct pending_cmd *cmd;
986 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
990 cmd->opcode = opcode;
991 cmd->index = hdev->id;
993 cmd->param = kmalloc(len, GFP_KERNEL);
1000 memcpy(cmd->param, data, len);
1005 list_add(&cmd->list, &hdev->mgmt_pending);
1010 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
1011 void (*cb)(struct pending_cmd *cmd,
1015 struct pending_cmd *cmd, *tmp;
1017 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
1018 if (opcode > 0 && cmd->opcode != opcode)
1025 static void mgmt_pending_remove(struct pending_cmd *cmd)
1027 list_del(&cmd->list);
1028 mgmt_pending_free(cmd);
1031 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1033 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1035 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
1039 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1041 BT_DBG("%s status 0x%02x", hdev->name, status);
1043 if (hci_conn_count(hdev) == 0) {
1044 cancel_delayed_work(&hdev->power_off);
1045 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1049 static int clean_up_hci_state(struct hci_dev *hdev)
1051 struct hci_request req;
1052 struct hci_conn *conn;
1054 hci_req_init(&req, hdev);
1056 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1057 test_bit(HCI_PSCAN, &hdev->flags)) {
1059 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1062 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1063 disable_advertising(&req);
1065 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
1066 hci_req_add_le_scan_disable(&req);
1069 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1070 struct hci_cp_disconnect dc;
1071 struct hci_cp_reject_conn_req rej;
1073 switch (conn->state) {
1076 dc.handle = cpu_to_le16(conn->handle);
1077 dc.reason = 0x15; /* Terminated due to Power Off */
1078 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1081 if (conn->type == LE_LINK)
1082 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1084 else if (conn->type == ACL_LINK)
1085 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1089 bacpy(&rej.bdaddr, &conn->dst);
1090 rej.reason = 0x15; /* Terminated due to Power Off */
1091 if (conn->type == ACL_LINK)
1092 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1094 else if (conn->type == SCO_LINK)
1095 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1101 return hci_req_run(&req, clean_up_hci_complete);
1104 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1107 struct mgmt_mode *cp = data;
1108 struct pending_cmd *cmd;
1111 BT_DBG("request for %s", hdev->name);
1113 if (cp->val != 0x00 && cp->val != 0x01)
1114 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1115 MGMT_STATUS_INVALID_PARAMS);
1119 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1120 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1125 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1126 cancel_delayed_work(&hdev->power_off);
1129 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1131 err = mgmt_powered(hdev, 1);
1136 if (!!cp->val == hdev_is_powered(hdev)) {
1137 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1141 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1148 queue_work(hdev->req_workqueue, &hdev->power_on);
1151 /* Disconnect connections, stop scans, etc */
1152 err = clean_up_hci_state(hdev);
1154 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1155 HCI_POWER_OFF_TIMEOUT);
1157 /* ENODATA means there were no HCI commands queued */
1158 if (err == -ENODATA) {
1159 cancel_delayed_work(&hdev->power_off);
1160 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1166 hci_dev_unlock(hdev);
1170 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1171 struct sock *skip_sk)
1173 struct sk_buff *skb;
1174 struct mgmt_hdr *hdr;
1176 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
1180 hdr = (void *) skb_put(skb, sizeof(*hdr));
1181 hdr->opcode = cpu_to_le16(event);
1183 hdr->index = cpu_to_le16(hdev->id);
1185 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
1186 hdr->len = cpu_to_le16(data_len);
1189 memcpy(skb_put(skb, data_len), data, data_len);
1192 __net_timestamp(skb);
1194 hci_send_to_control(skb, skip_sk);
1200 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1204 ev = cpu_to_le32(get_current_settings(hdev));
1206 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1211 struct hci_dev *hdev;
1215 static void settings_rsp(struct pending_cmd *cmd, void *data)
1217 struct cmd_lookup *match = data;
1219 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1221 list_del(&cmd->list);
1223 if (match->sk == NULL) {
1224 match->sk = cmd->sk;
1225 sock_hold(match->sk);
1228 mgmt_pending_free(cmd);
1231 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1235 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1236 mgmt_pending_remove(cmd);
1239 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1241 if (!lmp_bredr_capable(hdev))
1242 return MGMT_STATUS_NOT_SUPPORTED;
1243 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1244 return MGMT_STATUS_REJECTED;
1246 return MGMT_STATUS_SUCCESS;
1249 static u8 mgmt_le_support(struct hci_dev *hdev)
1251 if (!lmp_le_capable(hdev))
1252 return MGMT_STATUS_NOT_SUPPORTED;
1253 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1254 return MGMT_STATUS_REJECTED;
1256 return MGMT_STATUS_SUCCESS;
1259 static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1261 struct pending_cmd *cmd;
1262 struct mgmt_mode *cp;
1263 struct hci_request req;
1266 BT_DBG("status 0x%02x", status);
1270 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1275 u8 mgmt_err = mgmt_status(status);
1276 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1277 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1283 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1286 if (hdev->discov_timeout > 0) {
1287 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1288 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1292 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1296 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1299 new_settings(hdev, cmd->sk);
1301 /* When the discoverable mode gets changed, make sure
1302 * that class of device has the limited discoverable
1303 * bit correctly set.
1305 hci_req_init(&req, hdev);
1307 hci_req_run(&req, NULL);
1310 mgmt_pending_remove(cmd);
1313 hci_dev_unlock(hdev);
1316 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1319 struct mgmt_cp_set_discoverable *cp = data;
1320 struct pending_cmd *cmd;
1321 struct hci_request req;
1326 BT_DBG("request for %s", hdev->name);
1328 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1329 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1330 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1331 MGMT_STATUS_REJECTED);
1333 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1334 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1335 MGMT_STATUS_INVALID_PARAMS);
1337 timeout = __le16_to_cpu(cp->timeout);
1339 /* Disabling discoverable requires that no timeout is set,
1340 * and enabling limited discoverable requires a timeout.
1342 if ((cp->val == 0x00 && timeout > 0) ||
1343 (cp->val == 0x02 && timeout == 0))
1344 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1345 MGMT_STATUS_INVALID_PARAMS);
1349 if (!hdev_is_powered(hdev) && timeout > 0) {
1350 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1351 MGMT_STATUS_NOT_POWERED);
1355 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1356 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1357 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1362 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1363 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1364 MGMT_STATUS_REJECTED);
1368 if (!hdev_is_powered(hdev)) {
1369 bool changed = false;
1371 /* Setting limited discoverable when powered off is
1372 * not a valid operation since it requires a timeout
1373 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1375 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1376 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1380 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1385 err = new_settings(hdev, sk);
1390 /* If the current mode is the same, then just update the timeout
1391 * value with the new value. And if only the timeout gets updated,
1392 * then no need for any HCI transactions.
1394 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1395 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1396 &hdev->dev_flags)) {
1397 cancel_delayed_work(&hdev->discov_off);
1398 hdev->discov_timeout = timeout;
1400 if (cp->val && hdev->discov_timeout > 0) {
1401 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1402 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1406 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1410 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1416 /* Cancel any potential discoverable timeout that might be
1417 * still active and store new timeout value. The arming of
1418 * the timeout happens in the complete handler.
1420 cancel_delayed_work(&hdev->discov_off);
1421 hdev->discov_timeout = timeout;
1423 /* Limited discoverable mode */
1424 if (cp->val == 0x02)
1425 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1427 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1429 hci_req_init(&req, hdev);
1431 /* The procedure for LE-only controllers is much simpler - just
1432 * update the advertising data.
1434 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1440 struct hci_cp_write_current_iac_lap hci_cp;
1442 if (cp->val == 0x02) {
1443 /* Limited discoverable mode */
1444 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1445 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1446 hci_cp.iac_lap[1] = 0x8b;
1447 hci_cp.iac_lap[2] = 0x9e;
1448 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1449 hci_cp.iac_lap[4] = 0x8b;
1450 hci_cp.iac_lap[5] = 0x9e;
1452 /* General discoverable mode */
1454 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1455 hci_cp.iac_lap[1] = 0x8b;
1456 hci_cp.iac_lap[2] = 0x9e;
1459 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1460 (hci_cp.num_iac * 3) + 1, &hci_cp);
1462 scan |= SCAN_INQUIRY;
1464 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1467 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1470 update_adv_data(&req);
1472 err = hci_req_run(&req, set_discoverable_complete);
1474 mgmt_pending_remove(cmd);
1477 hci_dev_unlock(hdev);
1481 static void write_fast_connectable(struct hci_request *req, bool enable)
1483 struct hci_dev *hdev = req->hdev;
1484 struct hci_cp_write_page_scan_activity acp;
1487 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1490 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1494 type = PAGE_SCAN_TYPE_INTERLACED;
1496 /* 160 msec page scan interval */
1497 acp.interval = cpu_to_le16(0x0100);
1499 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1501 /* default 1.28 sec page scan */
1502 acp.interval = cpu_to_le16(0x0800);
1505 acp.window = cpu_to_le16(0x0012);
1507 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1508 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1509 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1512 if (hdev->page_scan_type != type)
1513 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1516 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1518 struct pending_cmd *cmd;
1519 struct mgmt_mode *cp;
1522 BT_DBG("status 0x%02x", status);
1526 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1531 u8 mgmt_err = mgmt_status(status);
1532 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1538 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1540 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1542 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1545 new_settings(hdev, cmd->sk);
1548 mgmt_pending_remove(cmd);
1551 hci_dev_unlock(hdev);
1554 static int set_connectable_update_settings(struct hci_dev *hdev,
1555 struct sock *sk, u8 val)
1557 bool changed = false;
1560 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1564 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1566 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1567 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1570 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1575 return new_settings(hdev, sk);
1580 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1583 struct mgmt_mode *cp = data;
1584 struct pending_cmd *cmd;
1585 struct hci_request req;
1589 BT_DBG("request for %s", hdev->name);
1591 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1592 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1593 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1594 MGMT_STATUS_REJECTED);
1596 if (cp->val != 0x00 && cp->val != 0x01)
1597 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1598 MGMT_STATUS_INVALID_PARAMS);
1602 if (!hdev_is_powered(hdev)) {
1603 err = set_connectable_update_settings(hdev, sk, cp->val);
1607 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1608 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1609 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1614 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1620 hci_req_init(&req, hdev);
1622 /* If BR/EDR is not enabled and we disable advertising as a
1623 * by-product of disabling connectable, we need to update the
1624 * advertising flags.
1626 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1628 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1629 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1631 update_adv_data(&req);
1632 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1638 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1639 hdev->discov_timeout > 0)
1640 cancel_delayed_work(&hdev->discov_off);
1643 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1646 /* If we're going from non-connectable to connectable or
1647 * vice-versa when fast connectable is enabled ensure that fast
1648 * connectable gets disabled. write_fast_connectable won't do
1649 * anything if the page scan parameters are already what they
1652 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1653 write_fast_connectable(&req, false);
1655 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1656 hci_conn_num(hdev, LE_LINK) == 0) {
1657 disable_advertising(&req);
1658 enable_advertising(&req);
1661 err = hci_req_run(&req, set_connectable_complete);
1663 mgmt_pending_remove(cmd);
1664 if (err == -ENODATA)
1665 err = set_connectable_update_settings(hdev, sk,
1671 hci_dev_unlock(hdev);
1675 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1678 struct mgmt_mode *cp = data;
1682 BT_DBG("request for %s", hdev->name);
1684 if (cp->val != 0x00 && cp->val != 0x01)
1685 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1686 MGMT_STATUS_INVALID_PARAMS);
1691 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1693 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1695 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1700 err = new_settings(hdev, sk);
1703 hci_dev_unlock(hdev);
1707 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1710 struct mgmt_mode *cp = data;
1711 struct pending_cmd *cmd;
1715 BT_DBG("request for %s", hdev->name);
1717 status = mgmt_bredr_support(hdev);
1719 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1722 if (cp->val != 0x00 && cp->val != 0x01)
1723 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1724 MGMT_STATUS_INVALID_PARAMS);
1728 if (!hdev_is_powered(hdev)) {
1729 bool changed = false;
1731 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1732 &hdev->dev_flags)) {
1733 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1737 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1742 err = new_settings(hdev, sk);
1747 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1748 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1755 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1756 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1760 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1766 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1768 mgmt_pending_remove(cmd);
1773 hci_dev_unlock(hdev);
1777 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1779 struct mgmt_mode *cp = data;
1780 struct pending_cmd *cmd;
1784 BT_DBG("request for %s", hdev->name);
1786 status = mgmt_bredr_support(hdev);
1788 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1790 if (!lmp_ssp_capable(hdev))
1791 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1792 MGMT_STATUS_NOT_SUPPORTED);
1794 if (cp->val != 0x00 && cp->val != 0x01)
1795 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1796 MGMT_STATUS_INVALID_PARAMS);
1800 if (!hdev_is_powered(hdev)) {
1804 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1807 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1810 changed = test_and_clear_bit(HCI_HS_ENABLED,
1813 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1816 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1821 err = new_settings(hdev, sk);
1826 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1827 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
1828 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1833 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1834 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1838 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1844 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1846 mgmt_pending_remove(cmd);
1851 hci_dev_unlock(hdev);
1855 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1857 struct mgmt_mode *cp = data;
1862 BT_DBG("request for %s", hdev->name);
1864 status = mgmt_bredr_support(hdev);
1866 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1868 if (!lmp_ssp_capable(hdev))
1869 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1870 MGMT_STATUS_NOT_SUPPORTED);
1872 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1873 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1874 MGMT_STATUS_REJECTED);
1876 if (cp->val != 0x00 && cp->val != 0x01)
1877 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1878 MGMT_STATUS_INVALID_PARAMS);
1883 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1885 if (hdev_is_powered(hdev)) {
1886 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1887 MGMT_STATUS_REJECTED);
1891 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1894 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1899 err = new_settings(hdev, sk);
1902 hci_dev_unlock(hdev);
1906 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1908 struct cmd_lookup match = { NULL, hdev };
1911 u8 mgmt_err = mgmt_status(status);
1913 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1918 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1920 new_settings(hdev, match.sk);
1925 /* Make sure the controller has a good default for
1926 * advertising data. Restrict the update to when LE
1927 * has actually been enabled. During power on, the
1928 * update in powered_update_hci will take care of it.
1930 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1931 struct hci_request req;
1935 hci_req_init(&req, hdev);
1936 update_adv_data(&req);
1937 update_scan_rsp_data(&req);
1938 hci_req_run(&req, NULL);
1940 hci_dev_unlock(hdev);
1944 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1946 struct mgmt_mode *cp = data;
1947 struct hci_cp_write_le_host_supported hci_cp;
1948 struct pending_cmd *cmd;
1949 struct hci_request req;
1953 BT_DBG("request for %s", hdev->name);
1955 if (!lmp_le_capable(hdev))
1956 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1957 MGMT_STATUS_NOT_SUPPORTED);
1959 if (cp->val != 0x00 && cp->val != 0x01)
1960 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1961 MGMT_STATUS_INVALID_PARAMS);
1963 /* LE-only devices do not allow toggling LE on/off */
1964 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1965 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1966 MGMT_STATUS_REJECTED);
1971 enabled = lmp_host_le_capable(hdev);
1973 if (!hdev_is_powered(hdev) || val == enabled) {
1974 bool changed = false;
1976 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1977 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1981 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1982 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1986 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1991 err = new_settings(hdev, sk);
1996 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1997 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1998 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2003 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2009 hci_req_init(&req, hdev);
2011 memset(&hci_cp, 0, sizeof(hci_cp));
2015 hci_cp.simul = lmp_le_br_capable(hdev);
2017 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2018 disable_advertising(&req);
2021 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2024 err = hci_req_run(&req, le_enable_complete);
2026 mgmt_pending_remove(cmd);
2029 hci_dev_unlock(hdev);
2033 /* This is a helper function to test for pending mgmt commands that can
2034 * cause CoD or EIR HCI commands. We can only allow one such pending
2035 * mgmt command at a time since otherwise we cannot easily track what
2036 * the current values are, will be, and based on that calculate if a new
2037 * HCI command needs to be sent and if yes with what value.
2039 static bool pending_eir_or_class(struct hci_dev *hdev)
2041 struct pending_cmd *cmd;
2043 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2044 switch (cmd->opcode) {
2045 case MGMT_OP_ADD_UUID:
2046 case MGMT_OP_REMOVE_UUID:
2047 case MGMT_OP_SET_DEV_CLASS:
2048 case MGMT_OP_SET_POWERED:
2056 static const u8 bluetooth_base_uuid[] = {
2057 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2058 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2061 static u8 get_uuid_size(const u8 *uuid)
2065 if (memcmp(uuid, bluetooth_base_uuid, 12))
2068 val = get_unaligned_le32(&uuid[12]);
2075 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2077 struct pending_cmd *cmd;
2081 cmd = mgmt_pending_find(mgmt_op, hdev);
2085 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2086 hdev->dev_class, 3);
2088 mgmt_pending_remove(cmd);
2091 hci_dev_unlock(hdev);
2094 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2096 BT_DBG("status 0x%02x", status);
2098 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2101 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2103 struct mgmt_cp_add_uuid *cp = data;
2104 struct pending_cmd *cmd;
2105 struct hci_request req;
2106 struct bt_uuid *uuid;
2109 BT_DBG("request for %s", hdev->name);
2113 if (pending_eir_or_class(hdev)) {
2114 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2119 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2125 memcpy(uuid->uuid, cp->uuid, 16);
2126 uuid->svc_hint = cp->svc_hint;
2127 uuid->size = get_uuid_size(cp->uuid);
2129 list_add_tail(&uuid->list, &hdev->uuids);
2131 hci_req_init(&req, hdev);
2136 err = hci_req_run(&req, add_uuid_complete);
2138 if (err != -ENODATA)
2141 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2142 hdev->dev_class, 3);
2146 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2155 hci_dev_unlock(hdev);
2159 static bool enable_service_cache(struct hci_dev *hdev)
2161 if (!hdev_is_powered(hdev))
2164 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2165 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2173 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2175 BT_DBG("status 0x%02x", status);
2177 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2180 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2183 struct mgmt_cp_remove_uuid *cp = data;
2184 struct pending_cmd *cmd;
2185 struct bt_uuid *match, *tmp;
2186 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2187 struct hci_request req;
2190 BT_DBG("request for %s", hdev->name);
2194 if (pending_eir_or_class(hdev)) {
2195 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2200 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2201 hci_uuids_clear(hdev);
2203 if (enable_service_cache(hdev)) {
2204 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2205 0, hdev->dev_class, 3);
2214 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2215 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2218 list_del(&match->list);
2224 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2225 MGMT_STATUS_INVALID_PARAMS);
2230 hci_req_init(&req, hdev);
2235 err = hci_req_run(&req, remove_uuid_complete);
2237 if (err != -ENODATA)
2240 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2241 hdev->dev_class, 3);
2245 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2254 hci_dev_unlock(hdev);
2258 static void set_class_complete(struct hci_dev *hdev, u8 status)
2260 BT_DBG("status 0x%02x", status);
2262 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2265 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2268 struct mgmt_cp_set_dev_class *cp = data;
2269 struct pending_cmd *cmd;
2270 struct hci_request req;
2273 BT_DBG("request for %s", hdev->name);
2275 if (!lmp_bredr_capable(hdev))
2276 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2277 MGMT_STATUS_NOT_SUPPORTED);
2281 if (pending_eir_or_class(hdev)) {
2282 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2287 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2288 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2289 MGMT_STATUS_INVALID_PARAMS);
2293 hdev->major_class = cp->major;
2294 hdev->minor_class = cp->minor;
2296 if (!hdev_is_powered(hdev)) {
2297 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2298 hdev->dev_class, 3);
2302 hci_req_init(&req, hdev);
2304 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2305 hci_dev_unlock(hdev);
2306 cancel_delayed_work_sync(&hdev->service_cache);
2313 err = hci_req_run(&req, set_class_complete);
2315 if (err != -ENODATA)
2318 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2319 hdev->dev_class, 3);
2323 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2332 hci_dev_unlock(hdev);
2336 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2339 struct mgmt_cp_load_link_keys *cp = data;
2340 u16 key_count, expected_len;
2344 BT_DBG("request for %s", hdev->name);
2346 if (!lmp_bredr_capable(hdev))
2347 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2348 MGMT_STATUS_NOT_SUPPORTED);
2350 key_count = __le16_to_cpu(cp->key_count);
2352 expected_len = sizeof(*cp) + key_count *
2353 sizeof(struct mgmt_link_key_info);
2354 if (expected_len != len) {
2355 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2357 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2358 MGMT_STATUS_INVALID_PARAMS);
2361 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2362 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2363 MGMT_STATUS_INVALID_PARAMS);
2365 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2368 for (i = 0; i < key_count; i++) {
2369 struct mgmt_link_key_info *key = &cp->keys[i];
2371 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2372 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2373 MGMT_STATUS_INVALID_PARAMS);
2378 hci_link_keys_clear(hdev);
2381 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2383 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2386 new_settings(hdev, NULL);
2388 for (i = 0; i < key_count; i++) {
2389 struct mgmt_link_key_info *key = &cp->keys[i];
2391 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
2392 key->type, key->pin_len);
2395 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2397 hci_dev_unlock(hdev);
2402 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2403 u8 addr_type, struct sock *skip_sk)
2405 struct mgmt_ev_device_unpaired ev;
2407 bacpy(&ev.addr.bdaddr, bdaddr);
2408 ev.addr.type = addr_type;
2410 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2414 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2417 struct mgmt_cp_unpair_device *cp = data;
2418 struct mgmt_rp_unpair_device rp;
2419 struct hci_cp_disconnect dc;
2420 struct pending_cmd *cmd;
2421 struct hci_conn *conn;
2424 memset(&rp, 0, sizeof(rp));
2425 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2426 rp.addr.type = cp->addr.type;
2428 if (!bdaddr_type_is_valid(cp->addr.type))
2429 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2430 MGMT_STATUS_INVALID_PARAMS,
2433 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2434 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2435 MGMT_STATUS_INVALID_PARAMS,
2440 if (!hdev_is_powered(hdev)) {
2441 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2442 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2446 if (cp->addr.type == BDADDR_BREDR) {
2447 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2451 if (cp->addr.type == BDADDR_LE_PUBLIC)
2452 addr_type = ADDR_LE_DEV_PUBLIC;
2454 addr_type = ADDR_LE_DEV_RANDOM;
2456 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2458 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2460 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2464 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2465 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2469 if (cp->disconnect) {
2470 if (cp->addr.type == BDADDR_BREDR)
2471 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2474 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2481 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2483 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2487 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2494 dc.handle = cpu_to_le16(conn->handle);
2495 dc.reason = 0x13; /* Remote User Terminated Connection */
2496 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2498 mgmt_pending_remove(cmd);
2501 hci_dev_unlock(hdev);
2505 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2508 struct mgmt_cp_disconnect *cp = data;
2509 struct mgmt_rp_disconnect rp;
2510 struct hci_cp_disconnect dc;
2511 struct pending_cmd *cmd;
2512 struct hci_conn *conn;
2517 memset(&rp, 0, sizeof(rp));
2518 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2519 rp.addr.type = cp->addr.type;
2521 if (!bdaddr_type_is_valid(cp->addr.type))
2522 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2523 MGMT_STATUS_INVALID_PARAMS,
2528 if (!test_bit(HCI_UP, &hdev->flags)) {
2529 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2530 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2534 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2535 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2536 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2540 if (cp->addr.type == BDADDR_BREDR)
2541 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2544 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2546 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2547 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2548 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2552 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2558 dc.handle = cpu_to_le16(conn->handle);
2559 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2561 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2563 mgmt_pending_remove(cmd);
2566 hci_dev_unlock(hdev);
2570 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2572 switch (link_type) {
2574 switch (addr_type) {
2575 case ADDR_LE_DEV_PUBLIC:
2576 return BDADDR_LE_PUBLIC;
2579 /* Fallback to LE Random address type */
2580 return BDADDR_LE_RANDOM;
2584 /* Fallback to BR/EDR type */
2585 return BDADDR_BREDR;
2589 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2592 struct mgmt_rp_get_connections *rp;
2602 if (!hdev_is_powered(hdev)) {
2603 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2604 MGMT_STATUS_NOT_POWERED);
2609 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2610 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2614 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2615 rp = kmalloc(rp_len, GFP_KERNEL);
2622 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2623 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2625 bacpy(&rp->addr[i].bdaddr, &c->dst);
2626 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2627 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2632 rp->conn_count = cpu_to_le16(i);
2634 /* Recalculate length in case of filtered SCO connections, etc */
2635 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2637 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2643 hci_dev_unlock(hdev);
2647 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2648 struct mgmt_cp_pin_code_neg_reply *cp)
2650 struct pending_cmd *cmd;
2653 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2658 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2659 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2661 mgmt_pending_remove(cmd);
2666 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2669 struct hci_conn *conn;
2670 struct mgmt_cp_pin_code_reply *cp = data;
2671 struct hci_cp_pin_code_reply reply;
2672 struct pending_cmd *cmd;
2679 if (!hdev_is_powered(hdev)) {
2680 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2681 MGMT_STATUS_NOT_POWERED);
2685 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2687 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2688 MGMT_STATUS_NOT_CONNECTED);
2692 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2693 struct mgmt_cp_pin_code_neg_reply ncp;
2695 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2697 BT_ERR("PIN code is not 16 bytes long");
2699 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2701 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2702 MGMT_STATUS_INVALID_PARAMS);
2707 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2713 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2714 reply.pin_len = cp->pin_len;
2715 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2717 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2719 mgmt_pending_remove(cmd);
2722 hci_dev_unlock(hdev);
2726 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2729 struct mgmt_cp_set_io_capability *cp = data;
2735 hdev->io_capability = cp->io_capability;
2737 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2738 hdev->io_capability);
2740 hci_dev_unlock(hdev);
2742 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2746 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2748 struct hci_dev *hdev = conn->hdev;
2749 struct pending_cmd *cmd;
2751 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2752 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2755 if (cmd->user_data != conn)
2764 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2766 struct mgmt_rp_pair_device rp;
2767 struct hci_conn *conn = cmd->user_data;
2769 bacpy(&rp.addr.bdaddr, &conn->dst);
2770 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2772 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2775 /* So we don't get further callbacks for this connection */
2776 conn->connect_cfm_cb = NULL;
2777 conn->security_cfm_cb = NULL;
2778 conn->disconn_cfm_cb = NULL;
2780 hci_conn_drop(conn);
2782 mgmt_pending_remove(cmd);
2785 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2787 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2788 struct pending_cmd *cmd;
2790 cmd = find_pairing(conn);
2792 pairing_complete(cmd, status);
2795 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2797 struct pending_cmd *cmd;
2799 BT_DBG("status %u", status);
2801 cmd = find_pairing(conn);
2803 BT_DBG("Unable to find a pending command");
2805 pairing_complete(cmd, mgmt_status(status));
2808 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2810 struct pending_cmd *cmd;
2812 BT_DBG("status %u", status);
2817 cmd = find_pairing(conn);
2819 BT_DBG("Unable to find a pending command");
2821 pairing_complete(cmd, mgmt_status(status));
2824 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2827 struct mgmt_cp_pair_device *cp = data;
2828 struct mgmt_rp_pair_device rp;
2829 struct pending_cmd *cmd;
2830 u8 sec_level, auth_type;
2831 struct hci_conn *conn;
2836 memset(&rp, 0, sizeof(rp));
2837 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2838 rp.addr.type = cp->addr.type;
2840 if (!bdaddr_type_is_valid(cp->addr.type))
2841 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2842 MGMT_STATUS_INVALID_PARAMS,
2847 if (!hdev_is_powered(hdev)) {
2848 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2849 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2853 sec_level = BT_SECURITY_MEDIUM;
2854 auth_type = HCI_AT_DEDICATED_BONDING;
2856 if (cp->addr.type == BDADDR_BREDR) {
2857 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2862 /* Convert from L2CAP channel address type to HCI address type
2864 if (cp->addr.type == BDADDR_LE_PUBLIC)
2865 addr_type = ADDR_LE_DEV_PUBLIC;
2867 addr_type = ADDR_LE_DEV_RANDOM;
2869 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
2870 sec_level, auth_type);
2876 if (PTR_ERR(conn) == -EBUSY)
2877 status = MGMT_STATUS_BUSY;
2879 status = MGMT_STATUS_CONNECT_FAILED;
2881 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2887 if (conn->connect_cfm_cb) {
2888 hci_conn_drop(conn);
2889 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2890 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2894 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2897 hci_conn_drop(conn);
2901 /* For LE, just connecting isn't a proof that the pairing finished */
2902 if (cp->addr.type == BDADDR_BREDR) {
2903 conn->connect_cfm_cb = pairing_complete_cb;
2904 conn->security_cfm_cb = pairing_complete_cb;
2905 conn->disconn_cfm_cb = pairing_complete_cb;
2907 conn->connect_cfm_cb = le_pairing_complete_cb;
2908 conn->security_cfm_cb = le_pairing_complete_cb;
2909 conn->disconn_cfm_cb = le_pairing_complete_cb;
2912 conn->io_capability = cp->io_cap;
2913 cmd->user_data = conn;
2915 if (conn->state == BT_CONNECTED &&
2916 hci_conn_security(conn, sec_level, auth_type))
2917 pairing_complete(cmd, 0);
2922 hci_dev_unlock(hdev);
2926 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2929 struct mgmt_addr_info *addr = data;
2930 struct pending_cmd *cmd;
2931 struct hci_conn *conn;
2938 if (!hdev_is_powered(hdev)) {
2939 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2940 MGMT_STATUS_NOT_POWERED);
2944 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2946 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2947 MGMT_STATUS_INVALID_PARAMS);
2951 conn = cmd->user_data;
2953 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2954 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2955 MGMT_STATUS_INVALID_PARAMS);
2959 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2961 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2962 addr, sizeof(*addr));
2964 hci_dev_unlock(hdev);
2968 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2969 struct mgmt_addr_info *addr, u16 mgmt_op,
2970 u16 hci_op, __le32 passkey)
2972 struct pending_cmd *cmd;
2973 struct hci_conn *conn;
2978 if (!hdev_is_powered(hdev)) {
2979 err = cmd_complete(sk, hdev->id, mgmt_op,
2980 MGMT_STATUS_NOT_POWERED, addr,
2985 if (addr->type == BDADDR_BREDR)
2986 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2988 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2991 err = cmd_complete(sk, hdev->id, mgmt_op,
2992 MGMT_STATUS_NOT_CONNECTED, addr,
2997 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2998 /* Continue with pairing via SMP */
2999 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3002 err = cmd_complete(sk, hdev->id, mgmt_op,
3003 MGMT_STATUS_SUCCESS, addr,
3006 err = cmd_complete(sk, hdev->id, mgmt_op,
3007 MGMT_STATUS_FAILED, addr,
3013 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3019 /* Continue with pairing via HCI */
3020 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3021 struct hci_cp_user_passkey_reply cp;
3023 bacpy(&cp.bdaddr, &addr->bdaddr);
3024 cp.passkey = passkey;
3025 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3027 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3031 mgmt_pending_remove(cmd);
3034 hci_dev_unlock(hdev);
3038 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3039 void *data, u16 len)
3041 struct mgmt_cp_pin_code_neg_reply *cp = data;
3045 return user_pairing_resp(sk, hdev, &cp->addr,
3046 MGMT_OP_PIN_CODE_NEG_REPLY,
3047 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3050 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3053 struct mgmt_cp_user_confirm_reply *cp = data;
3057 if (len != sizeof(*cp))
3058 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3059 MGMT_STATUS_INVALID_PARAMS);
3061 return user_pairing_resp(sk, hdev, &cp->addr,
3062 MGMT_OP_USER_CONFIRM_REPLY,
3063 HCI_OP_USER_CONFIRM_REPLY, 0);
3066 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3067 void *data, u16 len)
3069 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3073 return user_pairing_resp(sk, hdev, &cp->addr,
3074 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3075 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3078 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3081 struct mgmt_cp_user_passkey_reply *cp = data;
3085 return user_pairing_resp(sk, hdev, &cp->addr,
3086 MGMT_OP_USER_PASSKEY_REPLY,
3087 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3090 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3091 void *data, u16 len)
3093 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3097 return user_pairing_resp(sk, hdev, &cp->addr,
3098 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3099 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3102 static void update_name(struct hci_request *req)
3104 struct hci_dev *hdev = req->hdev;
3105 struct hci_cp_write_local_name cp;
3107 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3109 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3112 static void set_name_complete(struct hci_dev *hdev, u8 status)
3114 struct mgmt_cp_set_local_name *cp;
3115 struct pending_cmd *cmd;
3117 BT_DBG("status 0x%02x", status);
3121 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3128 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3129 mgmt_status(status));
3131 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3134 mgmt_pending_remove(cmd);
3137 hci_dev_unlock(hdev);
3140 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3143 struct mgmt_cp_set_local_name *cp = data;
3144 struct pending_cmd *cmd;
3145 struct hci_request req;
3152 /* If the old values are the same as the new ones just return a
3153 * direct command complete event.
3155 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3156 !memcmp(hdev->short_name, cp->short_name,
3157 sizeof(hdev->short_name))) {
3158 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3163 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3165 if (!hdev_is_powered(hdev)) {
3166 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3168 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3173 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3179 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3185 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3187 hci_req_init(&req, hdev);
3189 if (lmp_bredr_capable(hdev)) {
3194 /* The name is stored in the scan response data and so
3195 * no need to udpate the advertising data here.
3197 if (lmp_le_capable(hdev))
3198 update_scan_rsp_data(&req);
3200 err = hci_req_run(&req, set_name_complete);
3202 mgmt_pending_remove(cmd);
3205 hci_dev_unlock(hdev);
3209 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3210 void *data, u16 data_len)
3212 struct pending_cmd *cmd;
3215 BT_DBG("%s", hdev->name);
3219 if (!hdev_is_powered(hdev)) {
3220 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3221 MGMT_STATUS_NOT_POWERED);
3225 if (!lmp_ssp_capable(hdev)) {
3226 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3227 MGMT_STATUS_NOT_SUPPORTED);
3231 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3232 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3237 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3243 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3244 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3247 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3250 mgmt_pending_remove(cmd);
3253 hci_dev_unlock(hdev);
3257 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3258 void *data, u16 len)
3262 BT_DBG("%s ", hdev->name);
3266 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3267 struct mgmt_cp_add_remote_oob_data *cp = data;
3270 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3271 cp->hash, cp->randomizer);
3273 status = MGMT_STATUS_FAILED;
3275 status = MGMT_STATUS_SUCCESS;
3277 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3278 status, &cp->addr, sizeof(cp->addr));
3279 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3280 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3283 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3289 status = MGMT_STATUS_FAILED;
3291 status = MGMT_STATUS_SUCCESS;
3293 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3294 status, &cp->addr, sizeof(cp->addr));
3296 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3297 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3298 MGMT_STATUS_INVALID_PARAMS);
3301 hci_dev_unlock(hdev);
3305 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3306 void *data, u16 len)
3308 struct mgmt_cp_remove_remote_oob_data *cp = data;
3312 BT_DBG("%s", hdev->name);
3316 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
3318 status = MGMT_STATUS_INVALID_PARAMS;
3320 status = MGMT_STATUS_SUCCESS;
3322 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3323 status, &cp->addr, sizeof(cp->addr));
3325 hci_dev_unlock(hdev);
3329 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3331 struct pending_cmd *cmd;
3335 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3337 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3341 type = hdev->discovery.type;
3343 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3344 &type, sizeof(type));
3345 mgmt_pending_remove(cmd);
3350 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3352 unsigned long timeout = 0;
3354 BT_DBG("status %d", status);
3358 mgmt_start_discovery_failed(hdev, status);
3359 hci_dev_unlock(hdev);
3364 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3365 hci_dev_unlock(hdev);
3367 switch (hdev->discovery.type) {
3368 case DISCOV_TYPE_LE:
3369 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3372 case DISCOV_TYPE_INTERLEAVED:
3373 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3376 case DISCOV_TYPE_BREDR:
3380 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3386 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
3389 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3390 void *data, u16 len)
3392 struct mgmt_cp_start_discovery *cp = data;
3393 struct pending_cmd *cmd;
3394 struct hci_cp_le_set_scan_param param_cp;
3395 struct hci_cp_le_set_scan_enable enable_cp;
3396 struct hci_cp_inquiry inq_cp;
3397 struct hci_request req;
3398 /* General inquiry access code (GIAC) */
3399 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3400 u8 status, own_addr_type;
3403 BT_DBG("%s", hdev->name);
3407 if (!hdev_is_powered(hdev)) {
3408 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3409 MGMT_STATUS_NOT_POWERED);
3413 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3414 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3419 if (hdev->discovery.state != DISCOVERY_STOPPED) {
3420 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3425 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
3431 hdev->discovery.type = cp->type;
3433 hci_req_init(&req, hdev);
3435 switch (hdev->discovery.type) {
3436 case DISCOV_TYPE_BREDR:
3437 status = mgmt_bredr_support(hdev);
3439 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3441 mgmt_pending_remove(cmd);
3445 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3446 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3448 mgmt_pending_remove(cmd);
3452 hci_inquiry_cache_flush(hdev);
3454 memset(&inq_cp, 0, sizeof(inq_cp));
3455 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3456 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3457 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3460 case DISCOV_TYPE_LE:
3461 case DISCOV_TYPE_INTERLEAVED:
3462 status = mgmt_le_support(hdev);
3464 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3466 mgmt_pending_remove(cmd);
3470 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3471 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3472 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3473 MGMT_STATUS_NOT_SUPPORTED);
3474 mgmt_pending_remove(cmd);
3478 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3479 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3480 MGMT_STATUS_REJECTED);
3481 mgmt_pending_remove(cmd);
3485 /* If controller is scanning, it means the background scanning
3486 * is running. Thus, we should temporarily stop it in order to
3487 * set the discovery scanning parameters.
3489 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3490 hci_req_add_le_scan_disable(&req);
3492 memset(¶m_cp, 0, sizeof(param_cp));
3494 /* All active scans will be done with either a resolvable
3495 * private address (when privacy feature has been enabled)
3496 * or unresolvable private address.
3498 err = hci_update_random_address(&req, true, &own_addr_type);
3500 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3501 MGMT_STATUS_FAILED);
3502 mgmt_pending_remove(cmd);
3506 param_cp.type = LE_SCAN_ACTIVE;
3507 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3508 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3509 param_cp.own_address_type = own_addr_type;
3510 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3513 memset(&enable_cp, 0, sizeof(enable_cp));
3514 enable_cp.enable = LE_SCAN_ENABLE;
3515 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3516 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3521 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3522 MGMT_STATUS_INVALID_PARAMS);
3523 mgmt_pending_remove(cmd);
3527 err = hci_req_run(&req, start_discovery_complete);
3529 mgmt_pending_remove(cmd);
3531 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3534 hci_dev_unlock(hdev);
3538 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3540 struct pending_cmd *cmd;
3543 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3547 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3548 &hdev->discovery.type, sizeof(hdev->discovery.type));
3549 mgmt_pending_remove(cmd);
3554 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3556 BT_DBG("status %d", status);
3561 mgmt_stop_discovery_failed(hdev, status);
3565 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3568 hci_dev_unlock(hdev);
3571 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3574 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3575 struct pending_cmd *cmd;
3576 struct hci_cp_remote_name_req_cancel cp;
3577 struct inquiry_entry *e;
3578 struct hci_request req;
3581 BT_DBG("%s", hdev->name);
3585 if (!hci_discovery_active(hdev)) {
3586 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3587 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3588 sizeof(mgmt_cp->type));
3592 if (hdev->discovery.type != mgmt_cp->type) {
3593 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3594 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3595 sizeof(mgmt_cp->type));
3599 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3605 hci_req_init(&req, hdev);
3607 switch (hdev->discovery.state) {
3608 case DISCOVERY_FINDING:
3609 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3610 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3612 cancel_delayed_work(&hdev->le_scan_disable);
3614 hci_req_add_le_scan_disable(&req);
3619 case DISCOVERY_RESOLVING:
3620 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3623 mgmt_pending_remove(cmd);
3624 err = cmd_complete(sk, hdev->id,
3625 MGMT_OP_STOP_DISCOVERY, 0,
3627 sizeof(mgmt_cp->type));
3628 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3632 bacpy(&cp.bdaddr, &e->data.bdaddr);
3633 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3639 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3641 mgmt_pending_remove(cmd);
3642 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3643 MGMT_STATUS_FAILED, &mgmt_cp->type,
3644 sizeof(mgmt_cp->type));
3648 err = hci_req_run(&req, stop_discovery_complete);
3650 mgmt_pending_remove(cmd);
3652 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3655 hci_dev_unlock(hdev);
3659 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3662 struct mgmt_cp_confirm_name *cp = data;
3663 struct inquiry_entry *e;
3666 BT_DBG("%s", hdev->name);
3670 if (!hci_discovery_active(hdev)) {
3671 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3672 MGMT_STATUS_FAILED, &cp->addr,
3677 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3679 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3680 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3685 if (cp->name_known) {
3686 e->name_state = NAME_KNOWN;
3689 e->name_state = NAME_NEEDED;
3690 hci_inquiry_cache_update_resolve(hdev, e);
3693 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3697 hci_dev_unlock(hdev);
3701 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3704 struct mgmt_cp_block_device *cp = data;
3708 BT_DBG("%s", hdev->name);
3710 if (!bdaddr_type_is_valid(cp->addr.type))
3711 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3712 MGMT_STATUS_INVALID_PARAMS,
3713 &cp->addr, sizeof(cp->addr));
3717 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3719 status = MGMT_STATUS_FAILED;
3721 status = MGMT_STATUS_SUCCESS;
3723 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3724 &cp->addr, sizeof(cp->addr));
3726 hci_dev_unlock(hdev);
3731 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3734 struct mgmt_cp_unblock_device *cp = data;
3738 BT_DBG("%s", hdev->name);
3740 if (!bdaddr_type_is_valid(cp->addr.type))
3741 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3742 MGMT_STATUS_INVALID_PARAMS,
3743 &cp->addr, sizeof(cp->addr));
3747 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3749 status = MGMT_STATUS_INVALID_PARAMS;
3751 status = MGMT_STATUS_SUCCESS;
3753 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3754 &cp->addr, sizeof(cp->addr));
3756 hci_dev_unlock(hdev);
3761 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3764 struct mgmt_cp_set_device_id *cp = data;
3765 struct hci_request req;
3769 BT_DBG("%s", hdev->name);
3771 source = __le16_to_cpu(cp->source);
3773 if (source > 0x0002)
3774 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3775 MGMT_STATUS_INVALID_PARAMS);
3779 hdev->devid_source = source;
3780 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3781 hdev->devid_product = __le16_to_cpu(cp->product);
3782 hdev->devid_version = __le16_to_cpu(cp->version);
3784 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3786 hci_req_init(&req, hdev);
3788 hci_req_run(&req, NULL);
3790 hci_dev_unlock(hdev);
3795 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3797 struct cmd_lookup match = { NULL, hdev };
3800 u8 mgmt_err = mgmt_status(status);
3802 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3803 cmd_status_rsp, &mgmt_err);
3807 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3810 new_settings(hdev, match.sk);
3816 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3819 struct mgmt_mode *cp = data;
3820 struct pending_cmd *cmd;
3821 struct hci_request req;
3822 u8 val, enabled, status;
3825 BT_DBG("request for %s", hdev->name);
3827 status = mgmt_le_support(hdev);
3829 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3832 if (cp->val != 0x00 && cp->val != 0x01)
3833 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3834 MGMT_STATUS_INVALID_PARAMS);
3839 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3841 /* The following conditions are ones which mean that we should
3842 * not do any HCI communication but directly send a mgmt
3843 * response to user space (after toggling the flag if
3846 if (!hdev_is_powered(hdev) || val == enabled ||
3847 hci_conn_num(hdev, LE_LINK) > 0) {
3848 bool changed = false;
3850 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3851 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3855 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3860 err = new_settings(hdev, sk);
3865 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3866 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3867 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3872 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3878 hci_req_init(&req, hdev);
3881 enable_advertising(&req);
3883 disable_advertising(&req);
3885 err = hci_req_run(&req, set_advertising_complete);
3887 mgmt_pending_remove(cmd);
3890 hci_dev_unlock(hdev);
3894 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3895 void *data, u16 len)
3897 struct mgmt_cp_set_static_address *cp = data;
3900 BT_DBG("%s", hdev->name);
3902 if (!lmp_le_capable(hdev))
3903 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3904 MGMT_STATUS_NOT_SUPPORTED);
3906 if (hdev_is_powered(hdev))
3907 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3908 MGMT_STATUS_REJECTED);
3910 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3911 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3912 return cmd_status(sk, hdev->id,
3913 MGMT_OP_SET_STATIC_ADDRESS,
3914 MGMT_STATUS_INVALID_PARAMS);
3916 /* Two most significant bits shall be set */
3917 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3918 return cmd_status(sk, hdev->id,
3919 MGMT_OP_SET_STATIC_ADDRESS,
3920 MGMT_STATUS_INVALID_PARAMS);
3925 bacpy(&hdev->static_addr, &cp->bdaddr);
3927 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3929 hci_dev_unlock(hdev);
3934 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3935 void *data, u16 len)
3937 struct mgmt_cp_set_scan_params *cp = data;
3938 __u16 interval, window;
3941 BT_DBG("%s", hdev->name);
3943 if (!lmp_le_capable(hdev))
3944 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3945 MGMT_STATUS_NOT_SUPPORTED);
3947 interval = __le16_to_cpu(cp->interval);
3949 if (interval < 0x0004 || interval > 0x4000)
3950 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3951 MGMT_STATUS_INVALID_PARAMS);
3953 window = __le16_to_cpu(cp->window);
3955 if (window < 0x0004 || window > 0x4000)
3956 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3957 MGMT_STATUS_INVALID_PARAMS);
3959 if (window > interval)
3960 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3961 MGMT_STATUS_INVALID_PARAMS);
3965 hdev->le_scan_interval = interval;
3966 hdev->le_scan_window = window;
3968 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3970 /* If background scan is running, restart it so new parameters are
3973 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
3974 hdev->discovery.state == DISCOVERY_STOPPED) {
3975 struct hci_request req;
3977 hci_req_init(&req, hdev);
3979 hci_req_add_le_scan_disable(&req);
3980 hci_req_add_le_passive_scan(&req);
3982 hci_req_run(&req, NULL);
3985 hci_dev_unlock(hdev);
3990 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3992 struct pending_cmd *cmd;
3994 BT_DBG("status 0x%02x", status);
3998 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4003 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4004 mgmt_status(status));
4006 struct mgmt_mode *cp = cmd->param;
4009 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4011 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4013 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4014 new_settings(hdev, cmd->sk);
4017 mgmt_pending_remove(cmd);
4020 hci_dev_unlock(hdev);
4023 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4024 void *data, u16 len)
4026 struct mgmt_mode *cp = data;
4027 struct pending_cmd *cmd;
4028 struct hci_request req;
4031 BT_DBG("%s", hdev->name);
4033 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4034 hdev->hci_ver < BLUETOOTH_VER_1_2)
4035 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4036 MGMT_STATUS_NOT_SUPPORTED);
4038 if (cp->val != 0x00 && cp->val != 0x01)
4039 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4040 MGMT_STATUS_INVALID_PARAMS);
4042 if (!hdev_is_powered(hdev))
4043 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4044 MGMT_STATUS_NOT_POWERED);
4046 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4047 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4048 MGMT_STATUS_REJECTED);
4052 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4053 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4058 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4059 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4064 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4071 hci_req_init(&req, hdev);
4073 write_fast_connectable(&req, cp->val);
4075 err = hci_req_run(&req, fast_connectable_complete);
4077 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4078 MGMT_STATUS_FAILED);
4079 mgmt_pending_remove(cmd);
4083 hci_dev_unlock(hdev);
4088 static void set_bredr_scan(struct hci_request *req)
4090 struct hci_dev *hdev = req->hdev;
4093 /* Ensure that fast connectable is disabled. This function will
4094 * not do anything if the page scan parameters are already what
4097 write_fast_connectable(req, false);
4099 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4101 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4102 scan |= SCAN_INQUIRY;
4105 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4108 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4110 struct pending_cmd *cmd;
4112 BT_DBG("status 0x%02x", status);
4116 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4121 u8 mgmt_err = mgmt_status(status);
4123 /* We need to restore the flag if related HCI commands
4126 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4128 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4130 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4131 new_settings(hdev, cmd->sk);
4134 mgmt_pending_remove(cmd);
4137 hci_dev_unlock(hdev);
4140 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4142 struct mgmt_mode *cp = data;
4143 struct pending_cmd *cmd;
4144 struct hci_request req;
4147 BT_DBG("request for %s", hdev->name);
4149 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4150 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4151 MGMT_STATUS_NOT_SUPPORTED);
4153 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4154 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4155 MGMT_STATUS_REJECTED);
4157 if (cp->val != 0x00 && cp->val != 0x01)
4158 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4159 MGMT_STATUS_INVALID_PARAMS);
4163 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4164 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4168 if (!hdev_is_powered(hdev)) {
4170 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4171 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4172 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4173 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4174 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4177 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4179 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4183 err = new_settings(hdev, sk);
4187 /* Reject disabling when powered on */
4189 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4190 MGMT_STATUS_REJECTED);
4194 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4195 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4200 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4206 /* We need to flip the bit already here so that update_adv_data
4207 * generates the correct flags.
4209 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4211 hci_req_init(&req, hdev);
4213 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4214 set_bredr_scan(&req);
4216 /* Since only the advertising data flags will change, there
4217 * is no need to update the scan response data.
4219 update_adv_data(&req);
4221 err = hci_req_run(&req, set_bredr_complete);
4223 mgmt_pending_remove(cmd);
4226 hci_dev_unlock(hdev);
4230 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4231 void *data, u16 len)
4233 struct mgmt_mode *cp = data;
4234 struct pending_cmd *cmd;
4238 BT_DBG("request for %s", hdev->name);
4240 status = mgmt_bredr_support(hdev);
4242 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4245 if (!lmp_sc_capable(hdev) &&
4246 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
4247 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4248 MGMT_STATUS_NOT_SUPPORTED);
4250 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4251 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4252 MGMT_STATUS_INVALID_PARAMS);
4256 if (!hdev_is_powered(hdev)) {
4260 changed = !test_and_set_bit(HCI_SC_ENABLED,
4262 if (cp->val == 0x02)
4263 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4265 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4267 changed = test_and_clear_bit(HCI_SC_ENABLED,
4269 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4272 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4277 err = new_settings(hdev, sk);
4282 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4283 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4290 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4291 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
4292 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4296 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4302 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4304 mgmt_pending_remove(cmd);
4308 if (cp->val == 0x02)
4309 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4311 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4314 hci_dev_unlock(hdev);
4318 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4319 void *data, u16 len)
4321 struct mgmt_mode *cp = data;
4325 BT_DBG("request for %s", hdev->name);
4327 if (cp->val != 0x00 && cp->val != 0x01)
4328 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4329 MGMT_STATUS_INVALID_PARAMS);
4334 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4336 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4338 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4343 err = new_settings(hdev, sk);
4346 hci_dev_unlock(hdev);
4350 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4353 struct mgmt_cp_set_privacy *cp = cp_data;
4357 BT_DBG("request for %s", hdev->name);
4359 if (!lmp_le_capable(hdev))
4360 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4361 MGMT_STATUS_NOT_SUPPORTED);
4363 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4364 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4365 MGMT_STATUS_INVALID_PARAMS);
4367 if (hdev_is_powered(hdev))
4368 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4369 MGMT_STATUS_REJECTED);
4373 /* If user space supports this command it is also expected to
4374 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4376 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4379 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4380 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4381 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4383 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4384 memset(hdev->irk, 0, sizeof(hdev->irk));
4385 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4388 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4393 err = new_settings(hdev, sk);
4396 hci_dev_unlock(hdev);
4400 static bool irk_is_valid(struct mgmt_irk_info *irk)
4402 switch (irk->addr.type) {
4403 case BDADDR_LE_PUBLIC:
4406 case BDADDR_LE_RANDOM:
4407 /* Two most significant bits shall be set */
4408 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4416 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4419 struct mgmt_cp_load_irks *cp = cp_data;
4420 u16 irk_count, expected_len;
4423 BT_DBG("request for %s", hdev->name);
4425 if (!lmp_le_capable(hdev))
4426 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4427 MGMT_STATUS_NOT_SUPPORTED);
4429 irk_count = __le16_to_cpu(cp->irk_count);
4431 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4432 if (expected_len != len) {
4433 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4435 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4436 MGMT_STATUS_INVALID_PARAMS);
4439 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4441 for (i = 0; i < irk_count; i++) {
4442 struct mgmt_irk_info *key = &cp->irks[i];
4444 if (!irk_is_valid(key))
4445 return cmd_status(sk, hdev->id,
4447 MGMT_STATUS_INVALID_PARAMS);
4452 hci_smp_irks_clear(hdev);
4454 for (i = 0; i < irk_count; i++) {
4455 struct mgmt_irk_info *irk = &cp->irks[i];
4458 if (irk->addr.type == BDADDR_LE_PUBLIC)
4459 addr_type = ADDR_LE_DEV_PUBLIC;
4461 addr_type = ADDR_LE_DEV_RANDOM;
4463 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4467 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4469 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4471 hci_dev_unlock(hdev);
4476 static bool ltk_is_valid(struct mgmt_ltk_info *key)
4478 if (key->master != 0x00 && key->master != 0x01)
4481 switch (key->addr.type) {
4482 case BDADDR_LE_PUBLIC:
4485 case BDADDR_LE_RANDOM:
4486 /* Two most significant bits shall be set */
4487 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4495 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4496 void *cp_data, u16 len)
4498 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4499 u16 key_count, expected_len;
4502 BT_DBG("request for %s", hdev->name);
4504 if (!lmp_le_capable(hdev))
4505 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4506 MGMT_STATUS_NOT_SUPPORTED);
4508 key_count = __le16_to_cpu(cp->key_count);
4510 expected_len = sizeof(*cp) + key_count *
4511 sizeof(struct mgmt_ltk_info);
4512 if (expected_len != len) {
4513 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4515 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4516 MGMT_STATUS_INVALID_PARAMS);
4519 BT_DBG("%s key_count %u", hdev->name, key_count);
4521 for (i = 0; i < key_count; i++) {
4522 struct mgmt_ltk_info *key = &cp->keys[i];
4524 if (!ltk_is_valid(key))
4525 return cmd_status(sk, hdev->id,
4526 MGMT_OP_LOAD_LONG_TERM_KEYS,
4527 MGMT_STATUS_INVALID_PARAMS);
4532 hci_smp_ltks_clear(hdev);
4534 for (i = 0; i < key_count; i++) {
4535 struct mgmt_ltk_info *key = &cp->keys[i];
4538 if (key->addr.type == BDADDR_LE_PUBLIC)
4539 addr_type = ADDR_LE_DEV_PUBLIC;
4541 addr_type = ADDR_LE_DEV_RANDOM;
4546 type = HCI_SMP_LTK_SLAVE;
4548 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4549 key->type, key->val, key->enc_size, key->ediv,
4553 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4556 hci_dev_unlock(hdev);
4561 struct cmd_conn_lookup {
4562 struct hci_conn *conn;
4563 bool valid_tx_power;
4567 static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4569 struct cmd_conn_lookup *match = data;
4570 struct mgmt_cp_get_conn_info *cp;
4571 struct mgmt_rp_get_conn_info rp;
4572 struct hci_conn *conn = cmd->user_data;
4574 if (conn != match->conn)
4577 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4579 memset(&rp, 0, sizeof(rp));
4580 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4581 rp.addr.type = cp->addr.type;
4583 if (!match->mgmt_status) {
4584 rp.rssi = conn->rssi;
4586 if (match->valid_tx_power) {
4587 rp.tx_power = conn->tx_power;
4588 rp.max_tx_power = conn->max_tx_power;
4590 rp.tx_power = HCI_TX_POWER_INVALID;
4591 rp.max_tx_power = HCI_TX_POWER_INVALID;
4595 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4596 match->mgmt_status, &rp, sizeof(rp));
4598 hci_conn_drop(conn);
4600 mgmt_pending_remove(cmd);
4603 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4605 struct hci_cp_read_rssi *cp;
4606 struct hci_conn *conn;
4607 struct cmd_conn_lookup match;
4610 BT_DBG("status 0x%02x", status);
4614 /* TX power data is valid in case request completed successfully,
4615 * otherwise we assume it's not valid. At the moment we assume that
4616 * either both or none of current and max values are valid to keep code
4619 match.valid_tx_power = !status;
4621 /* Commands sent in request are either Read RSSI or Read Transmit Power
4622 * Level so we check which one was last sent to retrieve connection
4623 * handle. Both commands have handle as first parameter so it's safe to
4624 * cast data on the same command struct.
4626 * First command sent is always Read RSSI and we fail only if it fails.
4627 * In other case we simply override error to indicate success as we
4628 * already remembered if TX power value is actually valid.
4630 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4632 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4637 BT_ERR("invalid sent_cmd in response");
4641 handle = __le16_to_cpu(cp->handle);
4642 conn = hci_conn_hash_lookup_handle(hdev, handle);
4644 BT_ERR("unknown handle (%d) in response", handle);
4649 match.mgmt_status = mgmt_status(status);
4651 /* Cache refresh is complete, now reply for mgmt request for given
4654 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4655 get_conn_info_complete, &match);
4658 hci_dev_unlock(hdev);
4661 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4664 struct mgmt_cp_get_conn_info *cp = data;
4665 struct mgmt_rp_get_conn_info rp;
4666 struct hci_conn *conn;
4667 unsigned long conn_info_age;
4670 BT_DBG("%s", hdev->name);
4672 memset(&rp, 0, sizeof(rp));
4673 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4674 rp.addr.type = cp->addr.type;
4676 if (!bdaddr_type_is_valid(cp->addr.type))
4677 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4678 MGMT_STATUS_INVALID_PARAMS,
4683 if (!hdev_is_powered(hdev)) {
4684 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4685 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4689 if (cp->addr.type == BDADDR_BREDR)
4690 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4693 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4695 if (!conn || conn->state != BT_CONNECTED) {
4696 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4697 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4701 /* To avoid client trying to guess when to poll again for information we
4702 * calculate conn info age as random value between min/max set in hdev.
4704 conn_info_age = hdev->conn_info_min_age +
4705 prandom_u32_max(hdev->conn_info_max_age -
4706 hdev->conn_info_min_age);
4708 /* Query controller to refresh cached values if they are too old or were
4711 if (time_after(jiffies, conn->conn_info_timestamp + conn_info_age) ||
4712 !conn->conn_info_timestamp) {
4713 struct hci_request req;
4714 struct hci_cp_read_tx_power req_txp_cp;
4715 struct hci_cp_read_rssi req_rssi_cp;
4716 struct pending_cmd *cmd;
4718 hci_req_init(&req, hdev);
4719 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4720 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4723 /* For LE links TX power does not change thus we don't need to
4724 * query for it once value is known.
4726 if (!bdaddr_type_is_le(cp->addr.type) ||
4727 conn->tx_power == HCI_TX_POWER_INVALID) {
4728 req_txp_cp.handle = cpu_to_le16(conn->handle);
4729 req_txp_cp.type = 0x00;
4730 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4731 sizeof(req_txp_cp), &req_txp_cp);
4734 /* Max TX power needs to be read only once per connection */
4735 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4736 req_txp_cp.handle = cpu_to_le16(conn->handle);
4737 req_txp_cp.type = 0x01;
4738 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4739 sizeof(req_txp_cp), &req_txp_cp);
4742 err = hci_req_run(&req, conn_info_refresh_complete);
4746 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4753 hci_conn_hold(conn);
4754 cmd->user_data = conn;
4756 conn->conn_info_timestamp = jiffies;
4758 /* Cache is valid, just reply with values cached in hci_conn */
4759 rp.rssi = conn->rssi;
4760 rp.tx_power = conn->tx_power;
4761 rp.max_tx_power = conn->max_tx_power;
4763 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4764 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4768 hci_dev_unlock(hdev);
4772 static const struct mgmt_handler {
4773 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4777 } mgmt_handlers[] = {
4778 { NULL }, /* 0x0000 (no command) */
4779 { read_version, false, MGMT_READ_VERSION_SIZE },
4780 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4781 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4782 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4783 { set_powered, false, MGMT_SETTING_SIZE },
4784 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4785 { set_connectable, false, MGMT_SETTING_SIZE },
4786 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4787 { set_pairable, false, MGMT_SETTING_SIZE },
4788 { set_link_security, false, MGMT_SETTING_SIZE },
4789 { set_ssp, false, MGMT_SETTING_SIZE },
4790 { set_hs, false, MGMT_SETTING_SIZE },
4791 { set_le, false, MGMT_SETTING_SIZE },
4792 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4793 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4794 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4795 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4796 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4797 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4798 { disconnect, false, MGMT_DISCONNECT_SIZE },
4799 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4800 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4801 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4802 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4803 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4804 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4805 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4806 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4807 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4808 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4809 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4810 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
4811 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
4812 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4813 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4814 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4815 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4816 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4817 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
4818 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4819 { set_advertising, false, MGMT_SETTING_SIZE },
4820 { set_bredr, false, MGMT_SETTING_SIZE },
4821 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
4822 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
4823 { set_secure_conn, false, MGMT_SETTING_SIZE },
4824 { set_debug_keys, false, MGMT_SETTING_SIZE },
4825 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
4826 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
4827 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
4831 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4835 struct mgmt_hdr *hdr;
4836 u16 opcode, index, len;
4837 struct hci_dev *hdev = NULL;
4838 const struct mgmt_handler *handler;
4841 BT_DBG("got %zu bytes", msglen);
4843 if (msglen < sizeof(*hdr))
4846 buf = kmalloc(msglen, GFP_KERNEL);
4850 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4856 opcode = __le16_to_cpu(hdr->opcode);
4857 index = __le16_to_cpu(hdr->index);
4858 len = __le16_to_cpu(hdr->len);
4860 if (len != msglen - sizeof(*hdr)) {
4865 if (index != MGMT_INDEX_NONE) {
4866 hdev = hci_dev_get(index);
4868 err = cmd_status(sk, index, opcode,
4869 MGMT_STATUS_INVALID_INDEX);
4873 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4874 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
4875 err = cmd_status(sk, index, opcode,
4876 MGMT_STATUS_INVALID_INDEX);
4881 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
4882 mgmt_handlers[opcode].func == NULL) {
4883 BT_DBG("Unknown op %u", opcode);
4884 err = cmd_status(sk, index, opcode,
4885 MGMT_STATUS_UNKNOWN_COMMAND);
4889 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
4890 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
4891 err = cmd_status(sk, index, opcode,
4892 MGMT_STATUS_INVALID_INDEX);
4896 handler = &mgmt_handlers[opcode];
4898 if ((handler->var_len && len < handler->data_len) ||
4899 (!handler->var_len && len != handler->data_len)) {
4900 err = cmd_status(sk, index, opcode,
4901 MGMT_STATUS_INVALID_PARAMS);
4906 mgmt_init_hdev(sk, hdev);
4908 cp = buf + sizeof(*hdr);
4910 err = handler->func(sk, hdev, cp, len);
4924 void mgmt_index_added(struct hci_dev *hdev)
4926 if (hdev->dev_type != HCI_BREDR)
4929 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
4932 void mgmt_index_removed(struct hci_dev *hdev)
4934 u8 status = MGMT_STATUS_INVALID_INDEX;
4936 if (hdev->dev_type != HCI_BREDR)
4939 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
4941 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
4944 /* This function requires the caller holds hdev->lock */
4945 static void restart_le_auto_conns(struct hci_dev *hdev)
4947 struct hci_conn_params *p;
4949 list_for_each_entry(p, &hdev->le_conn_params, list) {
4950 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
4951 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
4955 static void powered_complete(struct hci_dev *hdev, u8 status)
4957 struct cmd_lookup match = { NULL, hdev };
4959 BT_DBG("status 0x%02x", status);
4963 restart_le_auto_conns(hdev);
4965 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4967 new_settings(hdev, match.sk);
4969 hci_dev_unlock(hdev);
4975 static int powered_update_hci(struct hci_dev *hdev)
4977 struct hci_request req;
4980 hci_req_init(&req, hdev);
4982 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4983 !lmp_host_ssp_capable(hdev)) {
4986 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
4989 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4990 lmp_bredr_capable(hdev)) {
4991 struct hci_cp_write_le_host_supported cp;
4994 cp.simul = lmp_le_br_capable(hdev);
4996 /* Check first if we already have the right
4997 * host state (host features set)
4999 if (cp.le != lmp_host_le_capable(hdev) ||
5000 cp.simul != lmp_host_le_br_capable(hdev))
5001 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5005 if (lmp_le_capable(hdev)) {
5006 /* Make sure the controller has a good default for
5007 * advertising data. This also applies to the case
5008 * where BR/EDR was toggled during the AUTO_OFF phase.
5010 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5011 update_adv_data(&req);
5012 update_scan_rsp_data(&req);
5015 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5016 enable_advertising(&req);
5019 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5020 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
5021 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5022 sizeof(link_sec), &link_sec);
5024 if (lmp_bredr_capable(hdev)) {
5025 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5026 set_bredr_scan(&req);
5032 return hci_req_run(&req, powered_complete);
5035 int mgmt_powered(struct hci_dev *hdev, u8 powered)
5037 struct cmd_lookup match = { NULL, hdev };
5038 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5039 u8 zero_cod[] = { 0, 0, 0 };
5042 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5046 if (powered_update_hci(hdev) == 0)
5049 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5054 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5055 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5057 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5058 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5059 zero_cod, sizeof(zero_cod), NULL);
5062 err = new_settings(hdev, match.sk);
5070 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
5072 struct pending_cmd *cmd;
5075 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5079 if (err == -ERFKILL)
5080 status = MGMT_STATUS_RFKILLED;
5082 status = MGMT_STATUS_FAILED;
5084 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
5086 mgmt_pending_remove(cmd);
5089 void mgmt_discoverable_timeout(struct hci_dev *hdev)
5091 struct hci_request req;
5095 /* When discoverable timeout triggers, then just make sure
5096 * the limited discoverable flag is cleared. Even in the case
5097 * of a timeout triggered from general discoverable, it is
5098 * safe to unconditionally clear the flag.
5100 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
5101 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
5103 hci_req_init(&req, hdev);
5104 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5105 u8 scan = SCAN_PAGE;
5106 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5107 sizeof(scan), &scan);
5110 update_adv_data(&req);
5111 hci_req_run(&req, NULL);
5113 hdev->discov_timeout = 0;
5115 new_settings(hdev, NULL);
5117 hci_dev_unlock(hdev);
5120 void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
5124 /* Nothing needed here if there's a pending command since that
5125 * commands request completion callback takes care of everything
5128 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
5131 /* Powering off may clear the scan mode - don't let that interfere */
5132 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5136 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
5138 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
5139 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
5143 struct hci_request req;
5145 /* In case this change in discoverable was triggered by
5146 * a disabling of connectable there could be a need to
5147 * update the advertising flags.
5149 hci_req_init(&req, hdev);
5150 update_adv_data(&req);
5151 hci_req_run(&req, NULL);
5153 new_settings(hdev, NULL);
5157 void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
5161 /* Nothing needed here if there's a pending command since that
5162 * commands request completion callback takes care of everything
5165 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
5168 /* Powering off may clear the scan mode - don't let that interfere */
5169 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5173 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5175 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5178 new_settings(hdev, NULL);
5181 void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5183 /* Powering off may stop advertising - don't let that interfere */
5184 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5188 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5190 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5193 void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
5195 u8 mgmt_err = mgmt_status(status);
5197 if (scan & SCAN_PAGE)
5198 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
5199 cmd_status_rsp, &mgmt_err);
5201 if (scan & SCAN_INQUIRY)
5202 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
5203 cmd_status_rsp, &mgmt_err);
5206 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5209 struct mgmt_ev_new_link_key ev;
5211 memset(&ev, 0, sizeof(ev));
5213 ev.store_hint = persistent;
5214 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
5215 ev.key.addr.type = BDADDR_BREDR;
5216 ev.key.type = key->type;
5217 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
5218 ev.key.pin_len = key->pin_len;
5220 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
5223 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
5225 struct mgmt_ev_new_long_term_key ev;
5227 memset(&ev, 0, sizeof(ev));
5229 /* Devices using resolvable or non-resolvable random addresses
5230 * without providing an indentity resolving key don't require
5231 * to store long term keys. Their addresses will change the
5234 * Only when a remote device provides an identity address
5235 * make sure the long term key is stored. If the remote
5236 * identity is known, the long term keys are internally
5237 * mapped to the identity address. So allow static random
5238 * and public addresses here.
5240 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5241 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5242 ev.store_hint = 0x00;
5244 ev.store_hint = persistent;
5246 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
5247 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
5248 ev.key.type = key->authenticated;
5249 ev.key.enc_size = key->enc_size;
5250 ev.key.ediv = key->ediv;
5251 ev.key.rand = key->rand;
5253 if (key->type == HCI_SMP_LTK)
5256 memcpy(ev.key.val, key->val, sizeof(key->val));
5258 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
5261 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5263 struct mgmt_ev_new_irk ev;
5265 memset(&ev, 0, sizeof(ev));
5267 /* For identity resolving keys from devices that are already
5268 * using a public address or static random address, do not
5269 * ask for storing this key. The identity resolving key really
5270 * is only mandatory for devices using resovlable random
5273 * Storing all identity resolving keys has the downside that
5274 * they will be also loaded on next boot of they system. More
5275 * identity resolving keys, means more time during scanning is
5276 * needed to actually resolve these addresses.
5278 if (bacmp(&irk->rpa, BDADDR_ANY))
5279 ev.store_hint = 0x01;
5281 ev.store_hint = 0x00;
5283 bacpy(&ev.rpa, &irk->rpa);
5284 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5285 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5286 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5288 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5291 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5294 struct mgmt_ev_new_csrk ev;
5296 memset(&ev, 0, sizeof(ev));
5298 /* Devices using resolvable or non-resolvable random addresses
5299 * without providing an indentity resolving key don't require
5300 * to store signature resolving keys. Their addresses will change
5301 * the next time around.
5303 * Only when a remote device provides an identity address
5304 * make sure the signature resolving key is stored. So allow
5305 * static random and public addresses here.
5307 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5308 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5309 ev.store_hint = 0x00;
5311 ev.store_hint = persistent;
5313 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5314 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5315 ev.key.master = csrk->master;
5316 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5318 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5321 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5324 eir[eir_len++] = sizeof(type) + data_len;
5325 eir[eir_len++] = type;
5326 memcpy(&eir[eir_len], data, data_len);
5327 eir_len += data_len;
5332 void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5333 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5337 struct mgmt_ev_device_connected *ev = (void *) buf;
5340 bacpy(&ev->addr.bdaddr, bdaddr);
5341 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5343 ev->flags = __cpu_to_le32(flags);
5346 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
5349 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
5350 eir_len = eir_append_data(ev->eir, eir_len,
5351 EIR_CLASS_OF_DEV, dev_class, 3);
5353 ev->eir_len = cpu_to_le16(eir_len);
5355 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5356 sizeof(*ev) + eir_len, NULL);
5359 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5361 struct mgmt_cp_disconnect *cp = cmd->param;
5362 struct sock **sk = data;
5363 struct mgmt_rp_disconnect rp;
5365 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5366 rp.addr.type = cp->addr.type;
5368 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
5374 mgmt_pending_remove(cmd);
5377 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
5379 struct hci_dev *hdev = data;
5380 struct mgmt_cp_unpair_device *cp = cmd->param;
5381 struct mgmt_rp_unpair_device rp;
5383 memset(&rp, 0, sizeof(rp));
5384 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5385 rp.addr.type = cp->addr.type;
5387 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5389 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
5391 mgmt_pending_remove(cmd);
5394 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
5395 u8 link_type, u8 addr_type, u8 reason,
5396 bool mgmt_connected)
5398 struct mgmt_ev_device_disconnected ev;
5399 struct pending_cmd *power_off;
5400 struct sock *sk = NULL;
5402 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5404 struct mgmt_mode *cp = power_off->param;
5406 /* The connection is still in hci_conn_hash so test for 1
5407 * instead of 0 to know if this is the last one.
5409 if (!cp->val && hci_conn_count(hdev) == 1) {
5410 cancel_delayed_work(&hdev->power_off);
5411 queue_work(hdev->req_workqueue, &hdev->power_off.work);
5415 if (!mgmt_connected)
5418 if (link_type != ACL_LINK && link_type != LE_LINK)
5421 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
5423 bacpy(&ev.addr.bdaddr, bdaddr);
5424 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5427 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
5432 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5436 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5437 u8 link_type, u8 addr_type, u8 status)
5439 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5440 struct mgmt_cp_disconnect *cp;
5441 struct mgmt_rp_disconnect rp;
5442 struct pending_cmd *cmd;
5444 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5447 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
5453 if (bacmp(bdaddr, &cp->addr.bdaddr))
5456 if (cp->addr.type != bdaddr_type)
5459 bacpy(&rp.addr.bdaddr, bdaddr);
5460 rp.addr.type = bdaddr_type;
5462 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5463 mgmt_status(status), &rp, sizeof(rp));
5465 mgmt_pending_remove(cmd);
5468 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5469 u8 addr_type, u8 status)
5471 struct mgmt_ev_connect_failed ev;
5472 struct pending_cmd *power_off;
5474 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5476 struct mgmt_mode *cp = power_off->param;
5478 /* The connection is still in hci_conn_hash so test for 1
5479 * instead of 0 to know if this is the last one.
5481 if (!cp->val && hci_conn_count(hdev) == 1) {
5482 cancel_delayed_work(&hdev->power_off);
5483 queue_work(hdev->req_workqueue, &hdev->power_off.work);
5487 bacpy(&ev.addr.bdaddr, bdaddr);
5488 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5489 ev.status = mgmt_status(status);
5491 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
5494 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
5496 struct mgmt_ev_pin_code_request ev;
5498 bacpy(&ev.addr.bdaddr, bdaddr);
5499 ev.addr.type = BDADDR_BREDR;
5502 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
5505 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5508 struct pending_cmd *cmd;
5509 struct mgmt_rp_pin_code_reply rp;
5511 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
5515 bacpy(&rp.addr.bdaddr, bdaddr);
5516 rp.addr.type = BDADDR_BREDR;
5518 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5519 mgmt_status(status), &rp, sizeof(rp));
5521 mgmt_pending_remove(cmd);
5524 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5527 struct pending_cmd *cmd;
5528 struct mgmt_rp_pin_code_reply rp;
5530 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
5534 bacpy(&rp.addr.bdaddr, bdaddr);
5535 rp.addr.type = BDADDR_BREDR;
5537 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5538 mgmt_status(status), &rp, sizeof(rp));
5540 mgmt_pending_remove(cmd);
5543 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
5544 u8 link_type, u8 addr_type, u32 value,
5547 struct mgmt_ev_user_confirm_request ev;
5549 BT_DBG("%s", hdev->name);
5551 bacpy(&ev.addr.bdaddr, bdaddr);
5552 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5553 ev.confirm_hint = confirm_hint;
5554 ev.value = cpu_to_le32(value);
5556 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
5560 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
5561 u8 link_type, u8 addr_type)
5563 struct mgmt_ev_user_passkey_request ev;
5565 BT_DBG("%s", hdev->name);
5567 bacpy(&ev.addr.bdaddr, bdaddr);
5568 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5570 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
5574 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5575 u8 link_type, u8 addr_type, u8 status,
5578 struct pending_cmd *cmd;
5579 struct mgmt_rp_user_confirm_reply rp;
5582 cmd = mgmt_pending_find(opcode, hdev);
5586 bacpy(&rp.addr.bdaddr, bdaddr);
5587 rp.addr.type = link_to_bdaddr(link_type, addr_type);
5588 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
5591 mgmt_pending_remove(cmd);
5596 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5597 u8 link_type, u8 addr_type, u8 status)
5599 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5600 status, MGMT_OP_USER_CONFIRM_REPLY);
5603 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5604 u8 link_type, u8 addr_type, u8 status)
5606 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5608 MGMT_OP_USER_CONFIRM_NEG_REPLY);
5611 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5612 u8 link_type, u8 addr_type, u8 status)
5614 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5615 status, MGMT_OP_USER_PASSKEY_REPLY);
5618 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5619 u8 link_type, u8 addr_type, u8 status)
5621 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5623 MGMT_OP_USER_PASSKEY_NEG_REPLY);
5626 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5627 u8 link_type, u8 addr_type, u32 passkey,
5630 struct mgmt_ev_passkey_notify ev;
5632 BT_DBG("%s", hdev->name);
5634 bacpy(&ev.addr.bdaddr, bdaddr);
5635 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5636 ev.passkey = __cpu_to_le32(passkey);
5637 ev.entered = entered;
5639 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5642 void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5643 u8 addr_type, u8 status)
5645 struct mgmt_ev_auth_failed ev;
5647 bacpy(&ev.addr.bdaddr, bdaddr);
5648 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5649 ev.status = mgmt_status(status);
5651 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
5654 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
5656 struct cmd_lookup match = { NULL, hdev };
5660 u8 mgmt_err = mgmt_status(status);
5661 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
5662 cmd_status_rsp, &mgmt_err);
5666 if (test_bit(HCI_AUTH, &hdev->flags))
5667 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5670 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5673 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
5677 new_settings(hdev, match.sk);
5683 static void clear_eir(struct hci_request *req)
5685 struct hci_dev *hdev = req->hdev;
5686 struct hci_cp_write_eir cp;
5688 if (!lmp_ext_inq_capable(hdev))
5691 memset(hdev->eir, 0, sizeof(hdev->eir));
5693 memset(&cp, 0, sizeof(cp));
5695 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
5698 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5700 struct cmd_lookup match = { NULL, hdev };
5701 struct hci_request req;
5702 bool changed = false;
5705 u8 mgmt_err = mgmt_status(status);
5707 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
5708 &hdev->dev_flags)) {
5709 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
5710 new_settings(hdev, NULL);
5713 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5719 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5721 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5723 changed = test_and_clear_bit(HCI_HS_ENABLED,
5726 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
5729 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5732 new_settings(hdev, match.sk);
5737 hci_req_init(&req, hdev);
5739 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
5744 hci_req_run(&req, NULL);
5747 void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5749 struct cmd_lookup match = { NULL, hdev };
5750 bool changed = false;
5753 u8 mgmt_err = mgmt_status(status);
5756 if (test_and_clear_bit(HCI_SC_ENABLED,
5758 new_settings(hdev, NULL);
5759 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5762 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5763 cmd_status_rsp, &mgmt_err);
5768 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5770 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5771 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5774 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5775 settings_rsp, &match);
5778 new_settings(hdev, match.sk);
5784 static void sk_lookup(struct pending_cmd *cmd, void *data)
5786 struct cmd_lookup *match = data;
5788 if (match->sk == NULL) {
5789 match->sk = cmd->sk;
5790 sock_hold(match->sk);
5794 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5797 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
5799 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5800 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5801 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
5804 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5811 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
5813 struct mgmt_cp_set_local_name ev;
5814 struct pending_cmd *cmd;
5819 memset(&ev, 0, sizeof(ev));
5820 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
5821 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
5823 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
5825 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
5827 /* If this is a HCI command related to powering on the
5828 * HCI dev don't send any mgmt signals.
5830 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5834 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5835 cmd ? cmd->sk : NULL);
5838 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5839 u8 *randomizer192, u8 *hash256,
5840 u8 *randomizer256, u8 status)
5842 struct pending_cmd *cmd;
5844 BT_DBG("%s status %u", hdev->name, status);
5846 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
5851 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5852 mgmt_status(status));
5854 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5855 hash256 && randomizer256) {
5856 struct mgmt_rp_read_local_oob_ext_data rp;
5858 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5859 memcpy(rp.randomizer192, randomizer192,
5860 sizeof(rp.randomizer192));
5862 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5863 memcpy(rp.randomizer256, randomizer256,
5864 sizeof(rp.randomizer256));
5866 cmd_complete(cmd->sk, hdev->id,
5867 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5870 struct mgmt_rp_read_local_oob_data rp;
5872 memcpy(rp.hash, hash192, sizeof(rp.hash));
5873 memcpy(rp.randomizer, randomizer192,
5874 sizeof(rp.randomizer));
5876 cmd_complete(cmd->sk, hdev->id,
5877 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5882 mgmt_pending_remove(cmd);
5885 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5886 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name,
5887 u8 ssp, u8 *eir, u16 eir_len, u8 *scan_rsp,
5891 struct mgmt_ev_device_found *ev = (void *) buf;
5892 struct smp_irk *irk;
5895 if (!hci_discovery_active(hdev))
5898 /* Make sure that the buffer is big enough. The 5 extra bytes
5899 * are for the potential CoD field.
5901 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
5904 memset(buf, 0, sizeof(buf));
5906 irk = hci_get_irk(hdev, bdaddr, addr_type);
5908 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5909 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5911 bacpy(&ev->addr.bdaddr, bdaddr);
5912 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5917 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
5919 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
5922 memcpy(ev->eir, eir, eir_len);
5924 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5925 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
5928 if (scan_rsp_len > 0)
5929 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
5931 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
5932 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
5934 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
5937 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5938 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
5940 struct mgmt_ev_device_found *ev;
5941 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5944 ev = (struct mgmt_ev_device_found *) buf;
5946 memset(buf, 0, sizeof(buf));
5948 bacpy(&ev->addr.bdaddr, bdaddr);
5949 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5952 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
5955 ev->eir_len = cpu_to_le16(eir_len);
5957 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
5960 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
5962 struct mgmt_ev_discovering ev;
5963 struct pending_cmd *cmd;
5965 BT_DBG("%s discovering %u", hdev->name, discovering);
5968 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
5970 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
5973 u8 type = hdev->discovery.type;
5975 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5977 mgmt_pending_remove(cmd);
5980 memset(&ev, 0, sizeof(ev));
5981 ev.type = hdev->discovery.type;
5982 ev.discovering = discovering;
5984 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
5987 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5989 struct pending_cmd *cmd;
5990 struct mgmt_ev_device_blocked ev;
5992 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5994 bacpy(&ev.addr.bdaddr, bdaddr);
5995 ev.addr.type = type;
5997 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
5998 cmd ? cmd->sk : NULL);
6001 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
6003 struct pending_cmd *cmd;
6004 struct mgmt_ev_device_unblocked ev;
6006 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
6008 bacpy(&ev.addr.bdaddr, bdaddr);
6009 ev.addr.type = type;
6011 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
6012 cmd ? cmd->sk : NULL);
6015 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6017 BT_DBG("%s status %u", hdev->name, status);
6019 /* Clear the advertising mgmt setting if we failed to re-enable it */
6021 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
6022 new_settings(hdev, NULL);
6026 void mgmt_reenable_advertising(struct hci_dev *hdev)
6028 struct hci_request req;
6030 if (hci_conn_num(hdev, LE_LINK) > 0)
6033 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6036 hci_req_init(&req, hdev);
6037 enable_advertising(&req);
6039 /* If this fails we have no option but to let user space know
6040 * that we've disabled advertising.
6042 if (hci_req_run(&req, adv_enable_complete) < 0) {
6043 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
6044 new_settings(hdev, NULL);
projects / cascardo / linux.git / blob