2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
36 #define MGMT_VERSION 1
37 #define MGMT_REVISION 6
39 static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
76 MGMT_OP_UNBLOCK_DEVICE,
77 MGMT_OP_SET_DEVICE_ID,
78 MGMT_OP_SET_ADVERTISING,
80 MGMT_OP_SET_STATIC_ADDRESS,
81 MGMT_OP_SET_SCAN_PARAMS,
82 MGMT_OP_SET_SECURE_CONN,
83 MGMT_OP_SET_DEBUG_KEYS,
86 MGMT_OP_GET_CONN_INFO,
89 static const u16 mgmt_events[] = {
90 MGMT_EV_CONTROLLER_ERROR,
92 MGMT_EV_INDEX_REMOVED,
94 MGMT_EV_CLASS_OF_DEV_CHANGED,
95 MGMT_EV_LOCAL_NAME_CHANGED,
97 MGMT_EV_NEW_LONG_TERM_KEY,
98 MGMT_EV_DEVICE_CONNECTED,
99 MGMT_EV_DEVICE_DISCONNECTED,
100 MGMT_EV_CONNECT_FAILED,
101 MGMT_EV_PIN_CODE_REQUEST,
102 MGMT_EV_USER_CONFIRM_REQUEST,
103 MGMT_EV_USER_PASSKEY_REQUEST,
105 MGMT_EV_DEVICE_FOUND,
107 MGMT_EV_DEVICE_BLOCKED,
108 MGMT_EV_DEVICE_UNBLOCKED,
109 MGMT_EV_DEVICE_UNPAIRED,
110 MGMT_EV_PASSKEY_NOTIFY,
115 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
117 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
118 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
121 struct list_head list;
129 /* HCI to MGMT error code conversion table */
130 static u8 mgmt_status_table[] = {
132 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
133 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
134 MGMT_STATUS_FAILED, /* Hardware Failure */
135 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
136 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
137 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
138 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
139 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
140 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
141 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
142 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
143 MGMT_STATUS_BUSY, /* Command Disallowed */
144 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
145 MGMT_STATUS_REJECTED, /* Rejected Security */
146 MGMT_STATUS_REJECTED, /* Rejected Personal */
147 MGMT_STATUS_TIMEOUT, /* Host Timeout */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
149 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
150 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
151 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
152 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
153 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
154 MGMT_STATUS_BUSY, /* Repeated Attempts */
155 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
156 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
157 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
158 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
159 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
160 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
161 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
162 MGMT_STATUS_FAILED, /* Unspecified Error */
163 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
164 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
165 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
166 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
167 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
168 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
169 MGMT_STATUS_FAILED, /* Unit Link Key Used */
170 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
171 MGMT_STATUS_TIMEOUT, /* Instant Passed */
172 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
173 MGMT_STATUS_FAILED, /* Transaction Collision */
174 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
175 MGMT_STATUS_REJECTED, /* QoS Rejected */
176 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
177 MGMT_STATUS_REJECTED, /* Insufficient Security */
178 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
179 MGMT_STATUS_BUSY, /* Role Switch Pending */
180 MGMT_STATUS_FAILED, /* Slot Violation */
181 MGMT_STATUS_FAILED, /* Role Switch Failed */
182 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
183 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
184 MGMT_STATUS_BUSY, /* Host Busy Pairing */
185 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
186 MGMT_STATUS_BUSY, /* Controller Busy */
187 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
188 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
189 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
190 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
191 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
194 static u8 mgmt_status(u8 hci_status)
196 if (hci_status < ARRAY_SIZE(mgmt_status_table))
197 return mgmt_status_table[hci_status];
199 return MGMT_STATUS_FAILED;
202 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
205 struct mgmt_hdr *hdr;
206 struct mgmt_ev_cmd_status *ev;
209 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
211 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
215 hdr = (void *) skb_put(skb, sizeof(*hdr));
217 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
218 hdr->index = cpu_to_le16(index);
219 hdr->len = cpu_to_le16(sizeof(*ev));
221 ev = (void *) skb_put(skb, sizeof(*ev));
223 ev->opcode = cpu_to_le16(cmd);
225 err = sock_queue_rcv_skb(sk, skb);
232 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
233 void *rp, size_t rp_len)
236 struct mgmt_hdr *hdr;
237 struct mgmt_ev_cmd_complete *ev;
240 BT_DBG("sock %p", sk);
242 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
246 hdr = (void *) skb_put(skb, sizeof(*hdr));
248 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
249 hdr->index = cpu_to_le16(index);
250 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
252 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
253 ev->opcode = cpu_to_le16(cmd);
257 memcpy(ev->data, rp, rp_len);
259 err = sock_queue_rcv_skb(sk, skb);
266 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
269 struct mgmt_rp_read_version rp;
271 BT_DBG("sock %p", sk);
273 rp.version = MGMT_VERSION;
274 rp.revision = cpu_to_le16(MGMT_REVISION);
276 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
280 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
283 struct mgmt_rp_read_commands *rp;
284 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
285 const u16 num_events = ARRAY_SIZE(mgmt_events);
290 BT_DBG("sock %p", sk);
292 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
294 rp = kmalloc(rp_size, GFP_KERNEL);
298 rp->num_commands = cpu_to_le16(num_commands);
299 rp->num_events = cpu_to_le16(num_events);
301 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
302 put_unaligned_le16(mgmt_commands[i], opcode);
304 for (i = 0; i < num_events; i++, opcode++)
305 put_unaligned_le16(mgmt_events[i], opcode);
307 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
314 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
317 struct mgmt_rp_read_index_list *rp;
323 BT_DBG("sock %p", sk);
325 read_lock(&hci_dev_list_lock);
328 list_for_each_entry(d, &hci_dev_list, list) {
329 if (d->dev_type == HCI_BREDR)
333 rp_len = sizeof(*rp) + (2 * count);
334 rp = kmalloc(rp_len, GFP_ATOMIC);
336 read_unlock(&hci_dev_list_lock);
341 list_for_each_entry(d, &hci_dev_list, list) {
342 if (test_bit(HCI_SETUP, &d->dev_flags))
345 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
348 if (d->dev_type == HCI_BREDR) {
349 rp->index[count++] = cpu_to_le16(d->id);
350 BT_DBG("Added hci%u", d->id);
354 rp->num_controllers = cpu_to_le16(count);
355 rp_len = sizeof(*rp) + (2 * count);
357 read_unlock(&hci_dev_list_lock);
359 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
367 static u32 get_supported_settings(struct hci_dev *hdev)
371 settings |= MGMT_SETTING_POWERED;
372 settings |= MGMT_SETTING_PAIRABLE;
373 settings |= MGMT_SETTING_DEBUG_KEYS;
375 if (lmp_bredr_capable(hdev)) {
376 settings |= MGMT_SETTING_CONNECTABLE;
377 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
378 settings |= MGMT_SETTING_FAST_CONNECTABLE;
379 settings |= MGMT_SETTING_DISCOVERABLE;
380 settings |= MGMT_SETTING_BREDR;
381 settings |= MGMT_SETTING_LINK_SECURITY;
383 if (lmp_ssp_capable(hdev)) {
384 settings |= MGMT_SETTING_SSP;
385 settings |= MGMT_SETTING_HS;
388 if (lmp_sc_capable(hdev) ||
389 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
390 settings |= MGMT_SETTING_SECURE_CONN;
393 if (lmp_le_capable(hdev)) {
394 settings |= MGMT_SETTING_LE;
395 settings |= MGMT_SETTING_ADVERTISING;
396 settings |= MGMT_SETTING_PRIVACY;
402 static u32 get_current_settings(struct hci_dev *hdev)
406 if (hdev_is_powered(hdev))
407 settings |= MGMT_SETTING_POWERED;
409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
410 settings |= MGMT_SETTING_CONNECTABLE;
412 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_FAST_CONNECTABLE;
415 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
416 settings |= MGMT_SETTING_DISCOVERABLE;
418 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
419 settings |= MGMT_SETTING_PAIRABLE;
421 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
422 settings |= MGMT_SETTING_BREDR;
424 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
425 settings |= MGMT_SETTING_LE;
427 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
428 settings |= MGMT_SETTING_LINK_SECURITY;
430 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_SSP;
433 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
434 settings |= MGMT_SETTING_HS;
436 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
437 settings |= MGMT_SETTING_ADVERTISING;
439 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
440 settings |= MGMT_SETTING_SECURE_CONN;
442 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
443 settings |= MGMT_SETTING_DEBUG_KEYS;
445 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
446 settings |= MGMT_SETTING_PRIVACY;
451 #define PNP_INFO_SVCLASS_ID 0x1200
453 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
455 u8 *ptr = data, *uuids_start = NULL;
456 struct bt_uuid *uuid;
461 list_for_each_entry(uuid, &hdev->uuids, list) {
464 if (uuid->size != 16)
467 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
471 if (uuid16 == PNP_INFO_SVCLASS_ID)
477 uuids_start[1] = EIR_UUID16_ALL;
481 /* Stop if not enough space to put next UUID */
482 if ((ptr - data) + sizeof(u16) > len) {
483 uuids_start[1] = EIR_UUID16_SOME;
487 *ptr++ = (uuid16 & 0x00ff);
488 *ptr++ = (uuid16 & 0xff00) >> 8;
489 uuids_start[0] += sizeof(uuid16);
495 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
497 u8 *ptr = data, *uuids_start = NULL;
498 struct bt_uuid *uuid;
503 list_for_each_entry(uuid, &hdev->uuids, list) {
504 if (uuid->size != 32)
510 uuids_start[1] = EIR_UUID32_ALL;
514 /* Stop if not enough space to put next UUID */
515 if ((ptr - data) + sizeof(u32) > len) {
516 uuids_start[1] = EIR_UUID32_SOME;
520 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
522 uuids_start[0] += sizeof(u32);
528 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
530 u8 *ptr = data, *uuids_start = NULL;
531 struct bt_uuid *uuid;
536 list_for_each_entry(uuid, &hdev->uuids, list) {
537 if (uuid->size != 128)
543 uuids_start[1] = EIR_UUID128_ALL;
547 /* Stop if not enough space to put next UUID */
548 if ((ptr - data) + 16 > len) {
549 uuids_start[1] = EIR_UUID128_SOME;
553 memcpy(ptr, uuid->uuid, 16);
555 uuids_start[0] += 16;
561 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
563 struct pending_cmd *cmd;
565 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
566 if (cmd->opcode == opcode)
573 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
578 name_len = strlen(hdev->dev_name);
580 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
582 if (name_len > max_len) {
584 ptr[1] = EIR_NAME_SHORT;
586 ptr[1] = EIR_NAME_COMPLETE;
588 ptr[0] = name_len + 1;
590 memcpy(ptr + 2, hdev->dev_name, name_len);
592 ad_len += (name_len + 2);
593 ptr += (name_len + 2);
599 static void update_scan_rsp_data(struct hci_request *req)
601 struct hci_dev *hdev = req->hdev;
602 struct hci_cp_le_set_scan_rsp_data cp;
605 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
608 memset(&cp, 0, sizeof(cp));
610 len = create_scan_rsp_data(hdev, cp.data);
612 if (hdev->scan_rsp_data_len == len &&
613 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
616 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
617 hdev->scan_rsp_data_len = len;
621 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
624 static u8 get_adv_discov_flags(struct hci_dev *hdev)
626 struct pending_cmd *cmd;
628 /* If there's a pending mgmt command the flags will not yet have
629 * their final values, so check for this first.
631 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
633 struct mgmt_mode *cp = cmd->param;
635 return LE_AD_GENERAL;
636 else if (cp->val == 0x02)
637 return LE_AD_LIMITED;
639 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
640 return LE_AD_LIMITED;
641 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
642 return LE_AD_GENERAL;
648 static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
650 u8 ad_len = 0, flags = 0;
652 flags |= get_adv_discov_flags(hdev);
654 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
655 flags |= LE_AD_NO_BREDR;
658 BT_DBG("adv flags 0x%02x", flags);
668 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
670 ptr[1] = EIR_TX_POWER;
671 ptr[2] = (u8) hdev->adv_tx_power;
680 static void update_adv_data(struct hci_request *req)
682 struct hci_dev *hdev = req->hdev;
683 struct hci_cp_le_set_adv_data cp;
686 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
689 memset(&cp, 0, sizeof(cp));
691 len = create_adv_data(hdev, cp.data);
693 if (hdev->adv_data_len == len &&
694 memcmp(cp.data, hdev->adv_data, len) == 0)
697 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
698 hdev->adv_data_len = len;
702 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
705 static void create_eir(struct hci_dev *hdev, u8 *data)
710 name_len = strlen(hdev->dev_name);
716 ptr[1] = EIR_NAME_SHORT;
718 ptr[1] = EIR_NAME_COMPLETE;
720 /* EIR Data length */
721 ptr[0] = name_len + 1;
723 memcpy(ptr + 2, hdev->dev_name, name_len);
725 ptr += (name_len + 2);
728 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
730 ptr[1] = EIR_TX_POWER;
731 ptr[2] = (u8) hdev->inq_tx_power;
736 if (hdev->devid_source > 0) {
738 ptr[1] = EIR_DEVICE_ID;
740 put_unaligned_le16(hdev->devid_source, ptr + 2);
741 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
742 put_unaligned_le16(hdev->devid_product, ptr + 6);
743 put_unaligned_le16(hdev->devid_version, ptr + 8);
748 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
749 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
750 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
753 static void update_eir(struct hci_request *req)
755 struct hci_dev *hdev = req->hdev;
756 struct hci_cp_write_eir cp;
758 if (!hdev_is_powered(hdev))
761 if (!lmp_ext_inq_capable(hdev))
764 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
767 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
770 memset(&cp, 0, sizeof(cp));
772 create_eir(hdev, cp.data);
774 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
777 memcpy(hdev->eir, cp.data, sizeof(cp.data));
779 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
782 static u8 get_service_classes(struct hci_dev *hdev)
784 struct bt_uuid *uuid;
787 list_for_each_entry(uuid, &hdev->uuids, list)
788 val |= uuid->svc_hint;
793 static void update_class(struct hci_request *req)
795 struct hci_dev *hdev = req->hdev;
798 BT_DBG("%s", hdev->name);
800 if (!hdev_is_powered(hdev))
803 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
806 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
809 cod[0] = hdev->minor_class;
810 cod[1] = hdev->major_class;
811 cod[2] = get_service_classes(hdev);
813 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
816 if (memcmp(cod, hdev->dev_class, 3) == 0)
819 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
822 static bool get_connectable(struct hci_dev *hdev)
824 struct pending_cmd *cmd;
826 /* If there's a pending mgmt command the flag will not yet have
827 * it's final value, so check for this first.
829 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
831 struct mgmt_mode *cp = cmd->param;
835 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
838 static void enable_advertising(struct hci_request *req)
840 struct hci_dev *hdev = req->hdev;
841 struct hci_cp_le_set_adv_param cp;
842 u8 own_addr_type, enable = 0x01;
845 /* Clear the HCI_ADVERTISING bit temporarily so that the
846 * hci_update_random_address knows that it's safe to go ahead
847 * and write a new random address. The flag will be set back on
848 * as soon as the SET_ADV_ENABLE HCI command completes.
850 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
852 connectable = get_connectable(hdev);
854 /* Set require_privacy to true only when non-connectable
855 * advertising is used. In that case it is fine to use a
856 * non-resolvable private address.
858 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
861 memset(&cp, 0, sizeof(cp));
862 cp.min_interval = cpu_to_le16(0x0800);
863 cp.max_interval = cpu_to_le16(0x0800);
864 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
865 cp.own_address_type = own_addr_type;
866 cp.channel_map = hdev->le_adv_channel_map;
868 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
870 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
873 static void disable_advertising(struct hci_request *req)
877 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
880 static void service_cache_off(struct work_struct *work)
882 struct hci_dev *hdev = container_of(work, struct hci_dev,
884 struct hci_request req;
886 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
889 hci_req_init(&req, hdev);
896 hci_dev_unlock(hdev);
898 hci_req_run(&req, NULL);
901 static void rpa_expired(struct work_struct *work)
903 struct hci_dev *hdev = container_of(work, struct hci_dev,
905 struct hci_request req;
909 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
911 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
912 hci_conn_num(hdev, LE_LINK) > 0)
915 /* The generation of a new RPA and programming it into the
916 * controller happens in the enable_advertising() function.
919 hci_req_init(&req, hdev);
921 disable_advertising(&req);
922 enable_advertising(&req);
924 hci_req_run(&req, NULL);
927 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
929 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
932 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
933 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
935 /* Non-mgmt controlled devices get this bit set
936 * implicitly so that pairing works for them, however
937 * for mgmt we require user-space to explicitly enable
940 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
943 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
944 void *data, u16 data_len)
946 struct mgmt_rp_read_info rp;
948 BT_DBG("sock %p %s", sk, hdev->name);
952 memset(&rp, 0, sizeof(rp));
954 bacpy(&rp.bdaddr, &hdev->bdaddr);
956 rp.version = hdev->hci_ver;
957 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
959 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
960 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
962 memcpy(rp.dev_class, hdev->dev_class, 3);
964 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
965 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
967 hci_dev_unlock(hdev);
969 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
973 static void mgmt_pending_free(struct pending_cmd *cmd)
980 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
981 struct hci_dev *hdev, void *data,
984 struct pending_cmd *cmd;
986 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
990 cmd->opcode = opcode;
991 cmd->index = hdev->id;
993 cmd->param = kmalloc(len, GFP_KERNEL);
1000 memcpy(cmd->param, data, len);
1005 list_add(&cmd->list, &hdev->mgmt_pending);
1010 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
1011 void (*cb)(struct pending_cmd *cmd,
1015 struct pending_cmd *cmd, *tmp;
1017 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
1018 if (opcode > 0 && cmd->opcode != opcode)
1025 static void mgmt_pending_remove(struct pending_cmd *cmd)
1027 list_del(&cmd->list);
1028 mgmt_pending_free(cmd);
1031 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1033 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1035 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
1039 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1041 BT_DBG("%s status 0x%02x", hdev->name, status);
1043 if (hci_conn_count(hdev) == 0) {
1044 cancel_delayed_work(&hdev->power_off);
1045 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1049 static int clean_up_hci_state(struct hci_dev *hdev)
1051 struct hci_request req;
1052 struct hci_conn *conn;
1054 hci_req_init(&req, hdev);
1056 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1057 test_bit(HCI_PSCAN, &hdev->flags)) {
1059 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1062 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1063 disable_advertising(&req);
1065 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
1066 hci_req_add_le_scan_disable(&req);
1069 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1070 struct hci_cp_disconnect dc;
1071 struct hci_cp_reject_conn_req rej;
1073 switch (conn->state) {
1076 dc.handle = cpu_to_le16(conn->handle);
1077 dc.reason = 0x15; /* Terminated due to Power Off */
1078 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1081 if (conn->type == LE_LINK)
1082 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1084 else if (conn->type == ACL_LINK)
1085 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1089 bacpy(&rej.bdaddr, &conn->dst);
1090 rej.reason = 0x15; /* Terminated due to Power Off */
1091 if (conn->type == ACL_LINK)
1092 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1094 else if (conn->type == SCO_LINK)
1095 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1101 return hci_req_run(&req, clean_up_hci_complete);
1104 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1107 struct mgmt_mode *cp = data;
1108 struct pending_cmd *cmd;
1111 BT_DBG("request for %s", hdev->name);
1113 if (cp->val != 0x00 && cp->val != 0x01)
1114 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1115 MGMT_STATUS_INVALID_PARAMS);
1119 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1120 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1125 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1126 cancel_delayed_work(&hdev->power_off);
1129 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1131 err = mgmt_powered(hdev, 1);
1136 if (!!cp->val == hdev_is_powered(hdev)) {
1137 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1141 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1148 queue_work(hdev->req_workqueue, &hdev->power_on);
1151 /* Disconnect connections, stop scans, etc */
1152 err = clean_up_hci_state(hdev);
1154 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1155 HCI_POWER_OFF_TIMEOUT);
1157 /* ENODATA means there were no HCI commands queued */
1158 if (err == -ENODATA) {
1159 cancel_delayed_work(&hdev->power_off);
1160 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1166 hci_dev_unlock(hdev);
1170 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1171 struct sock *skip_sk)
1173 struct sk_buff *skb;
1174 struct mgmt_hdr *hdr;
1176 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
1180 hdr = (void *) skb_put(skb, sizeof(*hdr));
1181 hdr->opcode = cpu_to_le16(event);
1183 hdr->index = cpu_to_le16(hdev->id);
1185 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
1186 hdr->len = cpu_to_le16(data_len);
1189 memcpy(skb_put(skb, data_len), data, data_len);
1192 __net_timestamp(skb);
1194 hci_send_to_control(skb, skip_sk);
1200 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1204 ev = cpu_to_le32(get_current_settings(hdev));
1206 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1211 struct hci_dev *hdev;
1215 static void settings_rsp(struct pending_cmd *cmd, void *data)
1217 struct cmd_lookup *match = data;
1219 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1221 list_del(&cmd->list);
1223 if (match->sk == NULL) {
1224 match->sk = cmd->sk;
1225 sock_hold(match->sk);
1228 mgmt_pending_free(cmd);
1231 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1235 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1236 mgmt_pending_remove(cmd);
1239 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1241 if (!lmp_bredr_capable(hdev))
1242 return MGMT_STATUS_NOT_SUPPORTED;
1243 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1244 return MGMT_STATUS_REJECTED;
1246 return MGMT_STATUS_SUCCESS;
1249 static u8 mgmt_le_support(struct hci_dev *hdev)
1251 if (!lmp_le_capable(hdev))
1252 return MGMT_STATUS_NOT_SUPPORTED;
1253 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1254 return MGMT_STATUS_REJECTED;
1256 return MGMT_STATUS_SUCCESS;
1259 static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1261 struct pending_cmd *cmd;
1262 struct mgmt_mode *cp;
1263 struct hci_request req;
1266 BT_DBG("status 0x%02x", status);
1270 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1275 u8 mgmt_err = mgmt_status(status);
1276 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1277 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1283 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1286 if (hdev->discov_timeout > 0) {
1287 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1288 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1292 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1296 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1299 new_settings(hdev, cmd->sk);
1301 /* When the discoverable mode gets changed, make sure
1302 * that class of device has the limited discoverable
1303 * bit correctly set.
1305 hci_req_init(&req, hdev);
1307 hci_req_run(&req, NULL);
1310 mgmt_pending_remove(cmd);
1313 hci_dev_unlock(hdev);
1316 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1319 struct mgmt_cp_set_discoverable *cp = data;
1320 struct pending_cmd *cmd;
1321 struct hci_request req;
1326 BT_DBG("request for %s", hdev->name);
1328 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1329 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1330 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1331 MGMT_STATUS_REJECTED);
1333 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1334 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1335 MGMT_STATUS_INVALID_PARAMS);
1337 timeout = __le16_to_cpu(cp->timeout);
1339 /* Disabling discoverable requires that no timeout is set,
1340 * and enabling limited discoverable requires a timeout.
1342 if ((cp->val == 0x00 && timeout > 0) ||
1343 (cp->val == 0x02 && timeout == 0))
1344 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1345 MGMT_STATUS_INVALID_PARAMS);
1349 if (!hdev_is_powered(hdev) && timeout > 0) {
1350 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1351 MGMT_STATUS_NOT_POWERED);
1355 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1356 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1357 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1362 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1363 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1364 MGMT_STATUS_REJECTED);
1368 if (!hdev_is_powered(hdev)) {
1369 bool changed = false;
1371 /* Setting limited discoverable when powered off is
1372 * not a valid operation since it requires a timeout
1373 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1375 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1376 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1380 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1385 err = new_settings(hdev, sk);
1390 /* If the current mode is the same, then just update the timeout
1391 * value with the new value. And if only the timeout gets updated,
1392 * then no need for any HCI transactions.
1394 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1395 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1396 &hdev->dev_flags)) {
1397 cancel_delayed_work(&hdev->discov_off);
1398 hdev->discov_timeout = timeout;
1400 if (cp->val && hdev->discov_timeout > 0) {
1401 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1402 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1406 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1410 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1416 /* Cancel any potential discoverable timeout that might be
1417 * still active and store new timeout value. The arming of
1418 * the timeout happens in the complete handler.
1420 cancel_delayed_work(&hdev->discov_off);
1421 hdev->discov_timeout = timeout;
1423 /* Limited discoverable mode */
1424 if (cp->val == 0x02)
1425 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1427 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1429 hci_req_init(&req, hdev);
1431 /* The procedure for LE-only controllers is much simpler - just
1432 * update the advertising data.
1434 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1440 struct hci_cp_write_current_iac_lap hci_cp;
1442 if (cp->val == 0x02) {
1443 /* Limited discoverable mode */
1444 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1445 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1446 hci_cp.iac_lap[1] = 0x8b;
1447 hci_cp.iac_lap[2] = 0x9e;
1448 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1449 hci_cp.iac_lap[4] = 0x8b;
1450 hci_cp.iac_lap[5] = 0x9e;
1452 /* General discoverable mode */
1454 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1455 hci_cp.iac_lap[1] = 0x8b;
1456 hci_cp.iac_lap[2] = 0x9e;
1459 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1460 (hci_cp.num_iac * 3) + 1, &hci_cp);
1462 scan |= SCAN_INQUIRY;
1464 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1467 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1470 update_adv_data(&req);
1472 err = hci_req_run(&req, set_discoverable_complete);
1474 mgmt_pending_remove(cmd);
1477 hci_dev_unlock(hdev);
1481 static void write_fast_connectable(struct hci_request *req, bool enable)
1483 struct hci_dev *hdev = req->hdev;
1484 struct hci_cp_write_page_scan_activity acp;
1487 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1490 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1494 type = PAGE_SCAN_TYPE_INTERLACED;
1496 /* 160 msec page scan interval */
1497 acp.interval = cpu_to_le16(0x0100);
1499 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1501 /* default 1.28 sec page scan */
1502 acp.interval = cpu_to_le16(0x0800);
1505 acp.window = cpu_to_le16(0x0012);
1507 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1508 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1509 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1512 if (hdev->page_scan_type != type)
1513 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1516 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1518 struct pending_cmd *cmd;
1519 struct mgmt_mode *cp;
1522 BT_DBG("status 0x%02x", status);
1526 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1531 u8 mgmt_err = mgmt_status(status);
1532 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1538 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1540 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1542 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1545 new_settings(hdev, cmd->sk);
1548 mgmt_pending_remove(cmd);
1551 hci_dev_unlock(hdev);
1554 static int set_connectable_update_settings(struct hci_dev *hdev,
1555 struct sock *sk, u8 val)
1557 bool changed = false;
1560 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1564 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1566 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1567 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1570 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1575 return new_settings(hdev, sk);
1580 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1583 struct mgmt_mode *cp = data;
1584 struct pending_cmd *cmd;
1585 struct hci_request req;
1589 BT_DBG("request for %s", hdev->name);
1591 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1592 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1593 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1594 MGMT_STATUS_REJECTED);
1596 if (cp->val != 0x00 && cp->val != 0x01)
1597 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1598 MGMT_STATUS_INVALID_PARAMS);
1602 if (!hdev_is_powered(hdev)) {
1603 err = set_connectable_update_settings(hdev, sk, cp->val);
1607 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1608 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1609 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1614 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1620 hci_req_init(&req, hdev);
1622 /* If BR/EDR is not enabled and we disable advertising as a
1623 * by-product of disabling connectable, we need to update the
1624 * advertising flags.
1626 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1628 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1629 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1631 update_adv_data(&req);
1632 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1638 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1639 hdev->discov_timeout > 0)
1640 cancel_delayed_work(&hdev->discov_off);
1643 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1646 /* If we're going from non-connectable to connectable or
1647 * vice-versa when fast connectable is enabled ensure that fast
1648 * connectable gets disabled. write_fast_connectable won't do
1649 * anything if the page scan parameters are already what they
1652 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1653 write_fast_connectable(&req, false);
1655 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1656 hci_conn_num(hdev, LE_LINK) == 0) {
1657 disable_advertising(&req);
1658 enable_advertising(&req);
1661 err = hci_req_run(&req, set_connectable_complete);
1663 mgmt_pending_remove(cmd);
1664 if (err == -ENODATA)
1665 err = set_connectable_update_settings(hdev, sk,
1671 hci_dev_unlock(hdev);
1675 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1678 struct mgmt_mode *cp = data;
1682 BT_DBG("request for %s", hdev->name);
1684 if (cp->val != 0x00 && cp->val != 0x01)
1685 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1686 MGMT_STATUS_INVALID_PARAMS);
1691 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1693 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1695 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1700 err = new_settings(hdev, sk);
1703 hci_dev_unlock(hdev);
1707 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1710 struct mgmt_mode *cp = data;
1711 struct pending_cmd *cmd;
1715 BT_DBG("request for %s", hdev->name);
1717 status = mgmt_bredr_support(hdev);
1719 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1722 if (cp->val != 0x00 && cp->val != 0x01)
1723 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1724 MGMT_STATUS_INVALID_PARAMS);
1728 if (!hdev_is_powered(hdev)) {
1729 bool changed = false;
1731 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1732 &hdev->dev_flags)) {
1733 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1737 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1742 err = new_settings(hdev, sk);
1747 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1748 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1755 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1756 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1760 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1766 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1768 mgmt_pending_remove(cmd);
1773 hci_dev_unlock(hdev);
1777 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1779 struct mgmt_mode *cp = data;
1780 struct pending_cmd *cmd;
1784 BT_DBG("request for %s", hdev->name);
1786 status = mgmt_bredr_support(hdev);
1788 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1790 if (!lmp_ssp_capable(hdev))
1791 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1792 MGMT_STATUS_NOT_SUPPORTED);
1794 if (cp->val != 0x00 && cp->val != 0x01)
1795 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1796 MGMT_STATUS_INVALID_PARAMS);
1800 if (!hdev_is_powered(hdev)) {
1804 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1807 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1810 changed = test_and_clear_bit(HCI_HS_ENABLED,
1813 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1816 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1821 err = new_settings(hdev, sk);
1826 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1827 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
1828 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1833 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1834 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1838 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1844 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1846 mgmt_pending_remove(cmd);
1851 hci_dev_unlock(hdev);
1855 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1857 struct mgmt_mode *cp = data;
1862 BT_DBG("request for %s", hdev->name);
1864 status = mgmt_bredr_support(hdev);
1866 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1868 if (!lmp_ssp_capable(hdev))
1869 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1870 MGMT_STATUS_NOT_SUPPORTED);
1872 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1873 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1874 MGMT_STATUS_REJECTED);
1876 if (cp->val != 0x00 && cp->val != 0x01)
1877 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1878 MGMT_STATUS_INVALID_PARAMS);
1883 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1885 if (hdev_is_powered(hdev)) {
1886 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1887 MGMT_STATUS_REJECTED);
1891 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1894 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1899 err = new_settings(hdev, sk);
1902 hci_dev_unlock(hdev);
1906 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1908 struct cmd_lookup match = { NULL, hdev };
1911 u8 mgmt_err = mgmt_status(status);
1913 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1918 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1920 new_settings(hdev, match.sk);
1925 /* Make sure the controller has a good default for
1926 * advertising data. Restrict the update to when LE
1927 * has actually been enabled. During power on, the
1928 * update in powered_update_hci will take care of it.
1930 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1931 struct hci_request req;
1935 hci_req_init(&req, hdev);
1936 update_adv_data(&req);
1937 update_scan_rsp_data(&req);
1938 hci_req_run(&req, NULL);
1940 hci_dev_unlock(hdev);
1944 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1946 struct mgmt_mode *cp = data;
1947 struct hci_cp_write_le_host_supported hci_cp;
1948 struct pending_cmd *cmd;
1949 struct hci_request req;
1953 BT_DBG("request for %s", hdev->name);
1955 if (!lmp_le_capable(hdev))
1956 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1957 MGMT_STATUS_NOT_SUPPORTED);
1959 if (cp->val != 0x00 && cp->val != 0x01)
1960 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1961 MGMT_STATUS_INVALID_PARAMS);
1963 /* LE-only devices do not allow toggling LE on/off */
1964 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1965 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1966 MGMT_STATUS_REJECTED);
1971 enabled = lmp_host_le_capable(hdev);
1973 if (!hdev_is_powered(hdev) || val == enabled) {
1974 bool changed = false;
1976 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1977 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1981 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1982 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1986 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1991 err = new_settings(hdev, sk);
1996 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1997 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1998 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2003 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2009 hci_req_init(&req, hdev);
2011 memset(&hci_cp, 0, sizeof(hci_cp));
2015 hci_cp.simul = lmp_le_br_capable(hdev);
2017 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2018 disable_advertising(&req);
2021 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2024 err = hci_req_run(&req, le_enable_complete);
2026 mgmt_pending_remove(cmd);
2029 hci_dev_unlock(hdev);
2033 /* This is a helper function to test for pending mgmt commands that can
2034 * cause CoD or EIR HCI commands. We can only allow one such pending
2035 * mgmt command at a time since otherwise we cannot easily track what
2036 * the current values are, will be, and based on that calculate if a new
2037 * HCI command needs to be sent and if yes with what value.
2039 static bool pending_eir_or_class(struct hci_dev *hdev)
2041 struct pending_cmd *cmd;
2043 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2044 switch (cmd->opcode) {
2045 case MGMT_OP_ADD_UUID:
2046 case MGMT_OP_REMOVE_UUID:
2047 case MGMT_OP_SET_DEV_CLASS:
2048 case MGMT_OP_SET_POWERED:
2056 static const u8 bluetooth_base_uuid[] = {
2057 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2058 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2061 static u8 get_uuid_size(const u8 *uuid)
2065 if (memcmp(uuid, bluetooth_base_uuid, 12))
2068 val = get_unaligned_le32(&uuid[12]);
2075 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2077 struct pending_cmd *cmd;
2081 cmd = mgmt_pending_find(mgmt_op, hdev);
2085 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2086 hdev->dev_class, 3);
2088 mgmt_pending_remove(cmd);
2091 hci_dev_unlock(hdev);
2094 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2096 BT_DBG("status 0x%02x", status);
2098 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2101 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2103 struct mgmt_cp_add_uuid *cp = data;
2104 struct pending_cmd *cmd;
2105 struct hci_request req;
2106 struct bt_uuid *uuid;
2109 BT_DBG("request for %s", hdev->name);
2113 if (pending_eir_or_class(hdev)) {
2114 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2119 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2125 memcpy(uuid->uuid, cp->uuid, 16);
2126 uuid->svc_hint = cp->svc_hint;
2127 uuid->size = get_uuid_size(cp->uuid);
2129 list_add_tail(&uuid->list, &hdev->uuids);
2131 hci_req_init(&req, hdev);
2136 err = hci_req_run(&req, add_uuid_complete);
2138 if (err != -ENODATA)
2141 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2142 hdev->dev_class, 3);
2146 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2155 hci_dev_unlock(hdev);
2159 static bool enable_service_cache(struct hci_dev *hdev)
2161 if (!hdev_is_powered(hdev))
2164 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2165 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2173 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2175 BT_DBG("status 0x%02x", status);
2177 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2180 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2183 struct mgmt_cp_remove_uuid *cp = data;
2184 struct pending_cmd *cmd;
2185 struct bt_uuid *match, *tmp;
2186 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2187 struct hci_request req;
2190 BT_DBG("request for %s", hdev->name);
2194 if (pending_eir_or_class(hdev)) {
2195 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2200 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2201 hci_uuids_clear(hdev);
2203 if (enable_service_cache(hdev)) {
2204 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2205 0, hdev->dev_class, 3);
2214 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2215 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2218 list_del(&match->list);
2224 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2225 MGMT_STATUS_INVALID_PARAMS);
2230 hci_req_init(&req, hdev);
2235 err = hci_req_run(&req, remove_uuid_complete);
2237 if (err != -ENODATA)
2240 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2241 hdev->dev_class, 3);
2245 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2254 hci_dev_unlock(hdev);
2258 static void set_class_complete(struct hci_dev *hdev, u8 status)
2260 BT_DBG("status 0x%02x", status);
2262 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2265 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2268 struct mgmt_cp_set_dev_class *cp = data;
2269 struct pending_cmd *cmd;
2270 struct hci_request req;
2273 BT_DBG("request for %s", hdev->name);
2275 if (!lmp_bredr_capable(hdev))
2276 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2277 MGMT_STATUS_NOT_SUPPORTED);
2281 if (pending_eir_or_class(hdev)) {
2282 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2287 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2288 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2289 MGMT_STATUS_INVALID_PARAMS);
2293 hdev->major_class = cp->major;
2294 hdev->minor_class = cp->minor;
2296 if (!hdev_is_powered(hdev)) {
2297 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2298 hdev->dev_class, 3);
2302 hci_req_init(&req, hdev);
2304 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2305 hci_dev_unlock(hdev);
2306 cancel_delayed_work_sync(&hdev->service_cache);
2313 err = hci_req_run(&req, set_class_complete);
2315 if (err != -ENODATA)
2318 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2319 hdev->dev_class, 3);
2323 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2332 hci_dev_unlock(hdev);
2336 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2339 struct mgmt_cp_load_link_keys *cp = data;
2340 u16 key_count, expected_len;
2344 BT_DBG("request for %s", hdev->name);
2346 if (!lmp_bredr_capable(hdev))
2347 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2348 MGMT_STATUS_NOT_SUPPORTED);
2350 key_count = __le16_to_cpu(cp->key_count);
2352 expected_len = sizeof(*cp) + key_count *
2353 sizeof(struct mgmt_link_key_info);
2354 if (expected_len != len) {
2355 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2357 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2358 MGMT_STATUS_INVALID_PARAMS);
2361 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2362 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2363 MGMT_STATUS_INVALID_PARAMS);
2365 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2368 for (i = 0; i < key_count; i++) {
2369 struct mgmt_link_key_info *key = &cp->keys[i];
2371 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2372 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2373 MGMT_STATUS_INVALID_PARAMS);
2378 hci_link_keys_clear(hdev);
2381 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2383 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2386 new_settings(hdev, NULL);
2388 for (i = 0; i < key_count; i++) {
2389 struct mgmt_link_key_info *key = &cp->keys[i];
2391 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
2392 key->type, key->pin_len);
2395 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2397 hci_dev_unlock(hdev);
2402 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2403 u8 addr_type, struct sock *skip_sk)
2405 struct mgmt_ev_device_unpaired ev;
2407 bacpy(&ev.addr.bdaddr, bdaddr);
2408 ev.addr.type = addr_type;
2410 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2414 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2417 struct mgmt_cp_unpair_device *cp = data;
2418 struct mgmt_rp_unpair_device rp;
2419 struct hci_cp_disconnect dc;
2420 struct pending_cmd *cmd;
2421 struct hci_conn *conn;
2424 memset(&rp, 0, sizeof(rp));
2425 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2426 rp.addr.type = cp->addr.type;
2428 if (!bdaddr_type_is_valid(cp->addr.type))
2429 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2430 MGMT_STATUS_INVALID_PARAMS,
2433 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2434 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2435 MGMT_STATUS_INVALID_PARAMS,
2440 if (!hdev_is_powered(hdev)) {
2441 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2442 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2446 if (cp->addr.type == BDADDR_BREDR) {
2447 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2451 if (cp->addr.type == BDADDR_LE_PUBLIC)
2452 addr_type = ADDR_LE_DEV_PUBLIC;
2454 addr_type = ADDR_LE_DEV_RANDOM;
2456 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2458 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2460 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2464 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2465 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2469 if (cp->disconnect) {
2470 if (cp->addr.type == BDADDR_BREDR)
2471 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2474 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2481 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2483 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2487 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2494 dc.handle = cpu_to_le16(conn->handle);
2495 dc.reason = 0x13; /* Remote User Terminated Connection */
2496 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2498 mgmt_pending_remove(cmd);
2501 hci_dev_unlock(hdev);
2505 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2508 struct mgmt_cp_disconnect *cp = data;
2509 struct mgmt_rp_disconnect rp;
2510 struct hci_cp_disconnect dc;
2511 struct pending_cmd *cmd;
2512 struct hci_conn *conn;
2517 memset(&rp, 0, sizeof(rp));
2518 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2519 rp.addr.type = cp->addr.type;
2521 if (!bdaddr_type_is_valid(cp->addr.type))
2522 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2523 MGMT_STATUS_INVALID_PARAMS,
2528 if (!test_bit(HCI_UP, &hdev->flags)) {
2529 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2530 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2534 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2535 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2536 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2540 if (cp->addr.type == BDADDR_BREDR)
2541 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2544 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2546 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2547 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2548 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2552 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2558 dc.handle = cpu_to_le16(conn->handle);
2559 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2561 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2563 mgmt_pending_remove(cmd);
2566 hci_dev_unlock(hdev);
2570 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2572 switch (link_type) {
2574 switch (addr_type) {
2575 case ADDR_LE_DEV_PUBLIC:
2576 return BDADDR_LE_PUBLIC;
2579 /* Fallback to LE Random address type */
2580 return BDADDR_LE_RANDOM;
2584 /* Fallback to BR/EDR type */
2585 return BDADDR_BREDR;
2589 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2592 struct mgmt_rp_get_connections *rp;
2602 if (!hdev_is_powered(hdev)) {
2603 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2604 MGMT_STATUS_NOT_POWERED);
2609 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2610 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2614 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2615 rp = kmalloc(rp_len, GFP_KERNEL);
2622 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2623 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2625 bacpy(&rp->addr[i].bdaddr, &c->dst);
2626 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2627 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2632 rp->conn_count = cpu_to_le16(i);
2634 /* Recalculate length in case of filtered SCO connections, etc */
2635 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2637 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2643 hci_dev_unlock(hdev);
2647 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2648 struct mgmt_cp_pin_code_neg_reply *cp)
2650 struct pending_cmd *cmd;
2653 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2658 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2659 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2661 mgmt_pending_remove(cmd);
2666 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2669 struct hci_conn *conn;
2670 struct mgmt_cp_pin_code_reply *cp = data;
2671 struct hci_cp_pin_code_reply reply;
2672 struct pending_cmd *cmd;
2679 if (!hdev_is_powered(hdev)) {
2680 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2681 MGMT_STATUS_NOT_POWERED);
2685 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2687 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2688 MGMT_STATUS_NOT_CONNECTED);
2692 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2693 struct mgmt_cp_pin_code_neg_reply ncp;
2695 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2697 BT_ERR("PIN code is not 16 bytes long");
2699 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2701 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2702 MGMT_STATUS_INVALID_PARAMS);
2707 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2713 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2714 reply.pin_len = cp->pin_len;
2715 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2717 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2719 mgmt_pending_remove(cmd);
2722 hci_dev_unlock(hdev);
2726 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2729 struct mgmt_cp_set_io_capability *cp = data;
2735 hdev->io_capability = cp->io_capability;
2737 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2738 hdev->io_capability);
2740 hci_dev_unlock(hdev);
2742 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2746 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2748 struct hci_dev *hdev = conn->hdev;
2749 struct pending_cmd *cmd;
2751 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2752 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2755 if (cmd->user_data != conn)
2764 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2766 struct mgmt_rp_pair_device rp;
2767 struct hci_conn *conn = cmd->user_data;
2769 bacpy(&rp.addr.bdaddr, &conn->dst);
2770 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2772 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2775 /* So we don't get further callbacks for this connection */
2776 conn->connect_cfm_cb = NULL;
2777 conn->security_cfm_cb = NULL;
2778 conn->disconn_cfm_cb = NULL;
2780 hci_conn_drop(conn);
2782 mgmt_pending_remove(cmd);
2785 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2787 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2788 struct pending_cmd *cmd;
2790 cmd = find_pairing(conn);
2792 pairing_complete(cmd, status);
2795 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2797 struct pending_cmd *cmd;
2799 BT_DBG("status %u", status);
2801 cmd = find_pairing(conn);
2803 BT_DBG("Unable to find a pending command");
2805 pairing_complete(cmd, mgmt_status(status));
2808 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
2810 struct pending_cmd *cmd;
2812 BT_DBG("status %u", status);
2817 cmd = find_pairing(conn);
2819 BT_DBG("Unable to find a pending command");
2821 pairing_complete(cmd, mgmt_status(status));
2824 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2827 struct mgmt_cp_pair_device *cp = data;
2828 struct mgmt_rp_pair_device rp;
2829 struct pending_cmd *cmd;
2830 u8 sec_level, auth_type;
2831 struct hci_conn *conn;
2836 memset(&rp, 0, sizeof(rp));
2837 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2838 rp.addr.type = cp->addr.type;
2840 if (!bdaddr_type_is_valid(cp->addr.type))
2841 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2842 MGMT_STATUS_INVALID_PARAMS,
2847 if (!hdev_is_powered(hdev)) {
2848 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2849 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2853 sec_level = BT_SECURITY_MEDIUM;
2854 auth_type = HCI_AT_DEDICATED_BONDING;
2856 if (cp->addr.type == BDADDR_BREDR) {
2857 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2862 /* Convert from L2CAP channel address type to HCI address type
2864 if (cp->addr.type == BDADDR_LE_PUBLIC)
2865 addr_type = ADDR_LE_DEV_PUBLIC;
2867 addr_type = ADDR_LE_DEV_RANDOM;
2869 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
2870 sec_level, auth_type);
2876 if (PTR_ERR(conn) == -EBUSY)
2877 status = MGMT_STATUS_BUSY;
2879 status = MGMT_STATUS_CONNECT_FAILED;
2881 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2887 if (conn->connect_cfm_cb) {
2888 hci_conn_drop(conn);
2889 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2890 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2894 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2897 hci_conn_drop(conn);
2901 /* For LE, just connecting isn't a proof that the pairing finished */
2902 if (cp->addr.type == BDADDR_BREDR) {
2903 conn->connect_cfm_cb = pairing_complete_cb;
2904 conn->security_cfm_cb = pairing_complete_cb;
2905 conn->disconn_cfm_cb = pairing_complete_cb;
2907 conn->connect_cfm_cb = le_pairing_complete_cb;
2908 conn->security_cfm_cb = le_pairing_complete_cb;
2909 conn->disconn_cfm_cb = le_pairing_complete_cb;
2912 conn->io_capability = cp->io_cap;
2913 cmd->user_data = conn;
2915 if (conn->state == BT_CONNECTED &&
2916 hci_conn_security(conn, sec_level, auth_type))
2917 pairing_complete(cmd, 0);
2922 hci_dev_unlock(hdev);
2926 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2929 struct mgmt_addr_info *addr = data;
2930 struct pending_cmd *cmd;
2931 struct hci_conn *conn;
2938 if (!hdev_is_powered(hdev)) {
2939 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2940 MGMT_STATUS_NOT_POWERED);
2944 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2946 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2947 MGMT_STATUS_INVALID_PARAMS);
2951 conn = cmd->user_data;
2953 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2954 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2955 MGMT_STATUS_INVALID_PARAMS);
2959 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2961 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2962 addr, sizeof(*addr));
2964 hci_dev_unlock(hdev);
2968 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2969 struct mgmt_addr_info *addr, u16 mgmt_op,
2970 u16 hci_op, __le32 passkey)
2972 struct pending_cmd *cmd;
2973 struct hci_conn *conn;
2978 if (!hdev_is_powered(hdev)) {
2979 err = cmd_complete(sk, hdev->id, mgmt_op,
2980 MGMT_STATUS_NOT_POWERED, addr,
2985 if (addr->type == BDADDR_BREDR)
2986 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2988 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2991 err = cmd_complete(sk, hdev->id, mgmt_op,
2992 MGMT_STATUS_NOT_CONNECTED, addr,
2997 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2998 /* Continue with pairing via SMP */
2999 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3002 err = cmd_complete(sk, hdev->id, mgmt_op,
3003 MGMT_STATUS_SUCCESS, addr,
3006 err = cmd_complete(sk, hdev->id, mgmt_op,
3007 MGMT_STATUS_FAILED, addr,
3013 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3019 /* Continue with pairing via HCI */
3020 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3021 struct hci_cp_user_passkey_reply cp;
3023 bacpy(&cp.bdaddr, &addr->bdaddr);
3024 cp.passkey = passkey;
3025 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3027 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3031 mgmt_pending_remove(cmd);
3034 hci_dev_unlock(hdev);
3038 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3039 void *data, u16 len)
3041 struct mgmt_cp_pin_code_neg_reply *cp = data;
3045 return user_pairing_resp(sk, hdev, &cp->addr,
3046 MGMT_OP_PIN_CODE_NEG_REPLY,
3047 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3050 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3053 struct mgmt_cp_user_confirm_reply *cp = data;
3057 if (len != sizeof(*cp))
3058 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3059 MGMT_STATUS_INVALID_PARAMS);
3061 return user_pairing_resp(sk, hdev, &cp->addr,
3062 MGMT_OP_USER_CONFIRM_REPLY,
3063 HCI_OP_USER_CONFIRM_REPLY, 0);
3066 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3067 void *data, u16 len)
3069 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3073 return user_pairing_resp(sk, hdev, &cp->addr,
3074 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3075 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3078 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3081 struct mgmt_cp_user_passkey_reply *cp = data;
3085 return user_pairing_resp(sk, hdev, &cp->addr,
3086 MGMT_OP_USER_PASSKEY_REPLY,
3087 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3090 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3091 void *data, u16 len)
3093 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3097 return user_pairing_resp(sk, hdev, &cp->addr,
3098 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3099 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3102 static void update_name(struct hci_request *req)
3104 struct hci_dev *hdev = req->hdev;
3105 struct hci_cp_write_local_name cp;
3107 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3109 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3112 static void set_name_complete(struct hci_dev *hdev, u8 status)
3114 struct mgmt_cp_set_local_name *cp;
3115 struct pending_cmd *cmd;
3117 BT_DBG("status 0x%02x", status);
3121 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3128 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3129 mgmt_status(status));
3131 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3134 mgmt_pending_remove(cmd);
3137 hci_dev_unlock(hdev);
3140 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3143 struct mgmt_cp_set_local_name *cp = data;
3144 struct pending_cmd *cmd;
3145 struct hci_request req;
3152 /* If the old values are the same as the new ones just return a
3153 * direct command complete event.
3155 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3156 !memcmp(hdev->short_name, cp->short_name,
3157 sizeof(hdev->short_name))) {
3158 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3163 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3165 if (!hdev_is_powered(hdev)) {
3166 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3168 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3173 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3179 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3185 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3187 hci_req_init(&req, hdev);
3189 if (lmp_bredr_capable(hdev)) {
3194 /* The name is stored in the scan response data and so
3195 * no need to udpate the advertising data here.
3197 if (lmp_le_capable(hdev))
3198 update_scan_rsp_data(&req);
3200 err = hci_req_run(&req, set_name_complete);
3202 mgmt_pending_remove(cmd);
3205 hci_dev_unlock(hdev);
3209 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3210 void *data, u16 data_len)
3212 struct pending_cmd *cmd;
3215 BT_DBG("%s", hdev->name);
3219 if (!hdev_is_powered(hdev)) {
3220 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3221 MGMT_STATUS_NOT_POWERED);
3225 if (!lmp_ssp_capable(hdev)) {
3226 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3227 MGMT_STATUS_NOT_SUPPORTED);
3231 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3232 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3237 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3243 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3244 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3247 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3250 mgmt_pending_remove(cmd);
3253 hci_dev_unlock(hdev);
3257 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3258 void *data, u16 len)
3262 BT_DBG("%s ", hdev->name);
3266 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3267 struct mgmt_cp_add_remote_oob_data *cp = data;
3270 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3271 cp->hash, cp->randomizer);
3273 status = MGMT_STATUS_FAILED;
3275 status = MGMT_STATUS_SUCCESS;
3277 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3278 status, &cp->addr, sizeof(cp->addr));
3279 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3280 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3283 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3289 status = MGMT_STATUS_FAILED;
3291 status = MGMT_STATUS_SUCCESS;
3293 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3294 status, &cp->addr, sizeof(cp->addr));
3296 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3297 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3298 MGMT_STATUS_INVALID_PARAMS);
3301 hci_dev_unlock(hdev);
3305 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3306 void *data, u16 len)
3308 struct mgmt_cp_remove_remote_oob_data *cp = data;
3312 BT_DBG("%s", hdev->name);
3316 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
3318 status = MGMT_STATUS_INVALID_PARAMS;
3320 status = MGMT_STATUS_SUCCESS;
3322 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3323 status, &cp->addr, sizeof(cp->addr));
3325 hci_dev_unlock(hdev);
3329 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3331 struct pending_cmd *cmd;
3335 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3337 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3341 type = hdev->discovery.type;
3343 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3344 &type, sizeof(type));
3345 mgmt_pending_remove(cmd);
3350 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3352 unsigned long timeout = 0;
3354 BT_DBG("status %d", status);
3358 mgmt_start_discovery_failed(hdev, status);
3359 hci_dev_unlock(hdev);
3364 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3365 hci_dev_unlock(hdev);
3367 switch (hdev->discovery.type) {
3368 case DISCOV_TYPE_LE:
3369 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3372 case DISCOV_TYPE_INTERLEAVED:
3373 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3376 case DISCOV_TYPE_BREDR:
3380 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3386 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
3389 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3390 void *data, u16 len)
3392 struct mgmt_cp_start_discovery *cp = data;
3393 struct pending_cmd *cmd;
3394 struct hci_cp_le_set_scan_param param_cp;
3395 struct hci_cp_le_set_scan_enable enable_cp;
3396 struct hci_cp_inquiry inq_cp;
3397 struct hci_request req;
3398 /* General inquiry access code (GIAC) */
3399 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3400 u8 status, own_addr_type;
3403 BT_DBG("%s", hdev->name);
3407 if (!hdev_is_powered(hdev)) {
3408 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3409 MGMT_STATUS_NOT_POWERED);
3413 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3414 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3419 if (hdev->discovery.state != DISCOVERY_STOPPED) {
3420 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3425 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
3431 hdev->discovery.type = cp->type;
3433 hci_req_init(&req, hdev);
3435 switch (hdev->discovery.type) {
3436 case DISCOV_TYPE_BREDR:
3437 status = mgmt_bredr_support(hdev);
3439 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3441 mgmt_pending_remove(cmd);
3445 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3446 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3448 mgmt_pending_remove(cmd);
3452 hci_inquiry_cache_flush(hdev);
3454 memset(&inq_cp, 0, sizeof(inq_cp));
3455 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3456 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3457 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3460 case DISCOV_TYPE_LE:
3461 case DISCOV_TYPE_INTERLEAVED:
3462 status = mgmt_le_support(hdev);
3464 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3466 mgmt_pending_remove(cmd);
3470 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3471 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3472 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3473 MGMT_STATUS_NOT_SUPPORTED);
3474 mgmt_pending_remove(cmd);
3478 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3479 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3480 MGMT_STATUS_REJECTED);
3481 mgmt_pending_remove(cmd);
3485 /* If controller is scanning, it means the background scanning
3486 * is running. Thus, we should temporarily stop it in order to
3487 * set the discovery scanning parameters.
3489 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3490 hci_req_add_le_scan_disable(&req);
3492 memset(¶m_cp, 0, sizeof(param_cp));
3494 /* All active scans will be done with either a resolvable
3495 * private address (when privacy feature has been enabled)
3496 * or unresolvable private address.
3498 err = hci_update_random_address(&req, true, &own_addr_type);
3500 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3501 MGMT_STATUS_FAILED);
3502 mgmt_pending_remove(cmd);
3506 param_cp.type = LE_SCAN_ACTIVE;
3507 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3508 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3509 param_cp.own_address_type = own_addr_type;
3510 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3513 memset(&enable_cp, 0, sizeof(enable_cp));
3514 enable_cp.enable = LE_SCAN_ENABLE;
3515 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3516 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3521 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3522 MGMT_STATUS_INVALID_PARAMS);
3523 mgmt_pending_remove(cmd);
3527 err = hci_req_run(&req, start_discovery_complete);
3529 mgmt_pending_remove(cmd);
3531 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3534 hci_dev_unlock(hdev);
3538 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3540 struct pending_cmd *cmd;
3543 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3547 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3548 &hdev->discovery.type, sizeof(hdev->discovery.type));
3549 mgmt_pending_remove(cmd);
3554 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3556 BT_DBG("status %d", status);
3561 mgmt_stop_discovery_failed(hdev, status);
3565 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3568 hci_dev_unlock(hdev);
3571 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3574 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3575 struct pending_cmd *cmd;
3576 struct hci_cp_remote_name_req_cancel cp;
3577 struct inquiry_entry *e;
3578 struct hci_request req;
3581 BT_DBG("%s", hdev->name);
3585 if (!hci_discovery_active(hdev)) {
3586 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3587 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3588 sizeof(mgmt_cp->type));
3592 if (hdev->discovery.type != mgmt_cp->type) {
3593 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3594 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3595 sizeof(mgmt_cp->type));
3599 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3605 hci_req_init(&req, hdev);
3607 switch (hdev->discovery.state) {
3608 case DISCOVERY_FINDING:
3609 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3610 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3612 cancel_delayed_work(&hdev->le_scan_disable);
3614 hci_req_add_le_scan_disable(&req);
3619 case DISCOVERY_RESOLVING:
3620 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3623 mgmt_pending_remove(cmd);
3624 err = cmd_complete(sk, hdev->id,
3625 MGMT_OP_STOP_DISCOVERY, 0,
3627 sizeof(mgmt_cp->type));
3628 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3632 bacpy(&cp.bdaddr, &e->data.bdaddr);
3633 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3639 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3641 mgmt_pending_remove(cmd);
3642 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3643 MGMT_STATUS_FAILED, &mgmt_cp->type,
3644 sizeof(mgmt_cp->type));
3648 err = hci_req_run(&req, stop_discovery_complete);
3650 mgmt_pending_remove(cmd);
3652 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3655 hci_dev_unlock(hdev);
3659 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3662 struct mgmt_cp_confirm_name *cp = data;
3663 struct inquiry_entry *e;
3666 BT_DBG("%s", hdev->name);
3670 if (!hci_discovery_active(hdev)) {
3671 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3672 MGMT_STATUS_FAILED, &cp->addr,
3677 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3679 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3680 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3685 if (cp->name_known) {
3686 e->name_state = NAME_KNOWN;
3689 e->name_state = NAME_NEEDED;
3690 hci_inquiry_cache_update_resolve(hdev, e);
3693 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3697 hci_dev_unlock(hdev);
3701 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3704 struct mgmt_cp_block_device *cp = data;
3708 BT_DBG("%s", hdev->name);
3710 if (!bdaddr_type_is_valid(cp->addr.type))
3711 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3712 MGMT_STATUS_INVALID_PARAMS,
3713 &cp->addr, sizeof(cp->addr));
3717 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3719 status = MGMT_STATUS_FAILED;
3721 status = MGMT_STATUS_SUCCESS;
3723 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3724 &cp->addr, sizeof(cp->addr));
3726 hci_dev_unlock(hdev);
3731 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3734 struct mgmt_cp_unblock_device *cp = data;
3738 BT_DBG("%s", hdev->name);
3740 if (!bdaddr_type_is_valid(cp->addr.type))
3741 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3742 MGMT_STATUS_INVALID_PARAMS,
3743 &cp->addr, sizeof(cp->addr));
3747 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3749 status = MGMT_STATUS_INVALID_PARAMS;
3751 status = MGMT_STATUS_SUCCESS;
3753 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3754 &cp->addr, sizeof(cp->addr));
3756 hci_dev_unlock(hdev);
3761 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3764 struct mgmt_cp_set_device_id *cp = data;
3765 struct hci_request req;
3769 BT_DBG("%s", hdev->name);
3771 source = __le16_to_cpu(cp->source);
3773 if (source > 0x0002)
3774 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3775 MGMT_STATUS_INVALID_PARAMS);
3779 hdev->devid_source = source;
3780 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3781 hdev->devid_product = __le16_to_cpu(cp->product);
3782 hdev->devid_version = __le16_to_cpu(cp->version);
3784 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3786 hci_req_init(&req, hdev);
3788 hci_req_run(&req, NULL);
3790 hci_dev_unlock(hdev);
3795 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3797 struct cmd_lookup match = { NULL, hdev };
3800 u8 mgmt_err = mgmt_status(status);
3802 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3803 cmd_status_rsp, &mgmt_err);
3807 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3810 new_settings(hdev, match.sk);
3816 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3819 struct mgmt_mode *cp = data;
3820 struct pending_cmd *cmd;
3821 struct hci_request req;
3822 u8 val, enabled, status;
3825 BT_DBG("request for %s", hdev->name);
3827 status = mgmt_le_support(hdev);
3829 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3832 if (cp->val != 0x00 && cp->val != 0x01)
3833 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3834 MGMT_STATUS_INVALID_PARAMS);
3839 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3841 /* The following conditions are ones which mean that we should
3842 * not do any HCI communication but directly send a mgmt
3843 * response to user space (after toggling the flag if
3846 if (!hdev_is_powered(hdev) || val == enabled ||
3847 hci_conn_num(hdev, LE_LINK) > 0) {
3848 bool changed = false;
3850 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3851 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3855 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3860 err = new_settings(hdev, sk);
3865 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3866 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3867 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3872 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3878 hci_req_init(&req, hdev);
3881 enable_advertising(&req);
3883 disable_advertising(&req);
3885 err = hci_req_run(&req, set_advertising_complete);
3887 mgmt_pending_remove(cmd);
3890 hci_dev_unlock(hdev);
3894 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3895 void *data, u16 len)
3897 struct mgmt_cp_set_static_address *cp = data;
3900 BT_DBG("%s", hdev->name);
3902 if (!lmp_le_capable(hdev))
3903 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3904 MGMT_STATUS_NOT_SUPPORTED);
3906 if (hdev_is_powered(hdev))
3907 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3908 MGMT_STATUS_REJECTED);
3910 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3911 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3912 return cmd_status(sk, hdev->id,
3913 MGMT_OP_SET_STATIC_ADDRESS,
3914 MGMT_STATUS_INVALID_PARAMS);
3916 /* Two most significant bits shall be set */
3917 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3918 return cmd_status(sk, hdev->id,
3919 MGMT_OP_SET_STATIC_ADDRESS,
3920 MGMT_STATUS_INVALID_PARAMS);
3925 bacpy(&hdev->static_addr, &cp->bdaddr);
3927 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3929 hci_dev_unlock(hdev);
3934 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3935 void *data, u16 len)
3937 struct mgmt_cp_set_scan_params *cp = data;
3938 __u16 interval, window;
3941 BT_DBG("%s", hdev->name);
3943 if (!lmp_le_capable(hdev))
3944 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3945 MGMT_STATUS_NOT_SUPPORTED);
3947 interval = __le16_to_cpu(cp->interval);
3949 if (interval < 0x0004 || interval > 0x4000)
3950 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3951 MGMT_STATUS_INVALID_PARAMS);
3953 window = __le16_to_cpu(cp->window);
3955 if (window < 0x0004 || window > 0x4000)
3956 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3957 MGMT_STATUS_INVALID_PARAMS);
3959 if (window > interval)
3960 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3961 MGMT_STATUS_INVALID_PARAMS);
3965 hdev->le_scan_interval = interval;
3966 hdev->le_scan_window = window;
3968 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3970 /* If background scan is running, restart it so new parameters are
3973 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
3974 hdev->discovery.state == DISCOVERY_STOPPED) {
3975 struct hci_request req;
3977 hci_req_init(&req, hdev);
3979 hci_req_add_le_scan_disable(&req);
3980 hci_req_add_le_passive_scan(&req);
3982 hci_req_run(&req, NULL);
3985 hci_dev_unlock(hdev);
3990 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3992 struct pending_cmd *cmd;
3994 BT_DBG("status 0x%02x", status);
3998 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4003 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4004 mgmt_status(status));
4006 struct mgmt_mode *cp = cmd->param;
4009 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4011 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4013 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4014 new_settings(hdev, cmd->sk);
4017 mgmt_pending_remove(cmd);
4020 hci_dev_unlock(hdev);
4023 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4024 void *data, u16 len)
4026 struct mgmt_mode *cp = data;
4027 struct pending_cmd *cmd;
4028 struct hci_request req;
4031 BT_DBG("%s", hdev->name);
4033 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4034 hdev->hci_ver < BLUETOOTH_VER_1_2)
4035 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4036 MGMT_STATUS_NOT_SUPPORTED);
4038 if (cp->val != 0x00 && cp->val != 0x01)
4039 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4040 MGMT_STATUS_INVALID_PARAMS);
4042 if (!hdev_is_powered(hdev))
4043 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4044 MGMT_STATUS_NOT_POWERED);
4046 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4047 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4048 MGMT_STATUS_REJECTED);
4052 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4053 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4058 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4059 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4064 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4071 hci_req_init(&req, hdev);
4073 write_fast_connectable(&req, cp->val);
4075 err = hci_req_run(&req, fast_connectable_complete);
4077 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4078 MGMT_STATUS_FAILED);
4079 mgmt_pending_remove(cmd);
4083 hci_dev_unlock(hdev);
4088 static void set_bredr_scan(struct hci_request *req)
4090 struct hci_dev *hdev = req->hdev;
4093 /* Ensure that fast connectable is disabled. This function will
4094 * not do anything if the page scan parameters are already what
4097 write_fast_connectable(req, false);
4099 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4101 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4102 scan |= SCAN_INQUIRY;
4105 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4108 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4110 struct pending_cmd *cmd;
4112 BT_DBG("status 0x%02x", status);
4116 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4121 u8 mgmt_err = mgmt_status(status);
4123 /* We need to restore the flag if related HCI commands
4126 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4128 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4130 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4131 new_settings(hdev, cmd->sk);
4134 mgmt_pending_remove(cmd);
4137 hci_dev_unlock(hdev);
4140 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4142 struct mgmt_mode *cp = data;
4143 struct pending_cmd *cmd;
4144 struct hci_request req;
4147 BT_DBG("request for %s", hdev->name);
4149 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4150 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4151 MGMT_STATUS_NOT_SUPPORTED);
4153 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4154 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4155 MGMT_STATUS_REJECTED);
4157 if (cp->val != 0x00 && cp->val != 0x01)
4158 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4159 MGMT_STATUS_INVALID_PARAMS);
4163 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4164 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4168 if (!hdev_is_powered(hdev)) {
4170 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4171 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4172 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4173 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4174 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4177 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4179 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4183 err = new_settings(hdev, sk);
4187 /* Reject disabling when powered on */
4189 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4190 MGMT_STATUS_REJECTED);
4194 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4195 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4200 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4206 /* We need to flip the bit already here so that update_adv_data
4207 * generates the correct flags.
4209 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4211 hci_req_init(&req, hdev);
4213 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4214 set_bredr_scan(&req);
4216 /* Since only the advertising data flags will change, there
4217 * is no need to update the scan response data.
4219 update_adv_data(&req);
4221 err = hci_req_run(&req, set_bredr_complete);
4223 mgmt_pending_remove(cmd);
4226 hci_dev_unlock(hdev);
4230 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4231 void *data, u16 len)
4233 struct mgmt_mode *cp = data;
4234 struct pending_cmd *cmd;
4238 BT_DBG("request for %s", hdev->name);
4240 status = mgmt_bredr_support(hdev);
4242 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4245 if (!lmp_sc_capable(hdev) &&
4246 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
4247 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4248 MGMT_STATUS_NOT_SUPPORTED);
4250 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4251 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4252 MGMT_STATUS_INVALID_PARAMS);
4256 if (!hdev_is_powered(hdev)) {
4260 changed = !test_and_set_bit(HCI_SC_ENABLED,
4262 if (cp->val == 0x02)
4263 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4265 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4267 changed = test_and_clear_bit(HCI_SC_ENABLED,
4269 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4272 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4277 err = new_settings(hdev, sk);
4282 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4283 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4290 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4291 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
4292 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4296 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4302 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4304 mgmt_pending_remove(cmd);
4308 if (cp->val == 0x02)
4309 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4311 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4314 hci_dev_unlock(hdev);
4318 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4319 void *data, u16 len)
4321 struct mgmt_mode *cp = data;
4325 BT_DBG("request for %s", hdev->name);
4327 if (cp->val != 0x00 && cp->val != 0x01)
4328 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4329 MGMT_STATUS_INVALID_PARAMS);
4334 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4336 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4338 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4343 err = new_settings(hdev, sk);
4346 hci_dev_unlock(hdev);
4350 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4353 struct mgmt_cp_set_privacy *cp = cp_data;
4357 BT_DBG("request for %s", hdev->name);
4359 if (!lmp_le_capable(hdev))
4360 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4361 MGMT_STATUS_NOT_SUPPORTED);
4363 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4364 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4365 MGMT_STATUS_INVALID_PARAMS);
4367 if (hdev_is_powered(hdev))
4368 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4369 MGMT_STATUS_REJECTED);
4373 /* If user space supports this command it is also expected to
4374 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4376 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4379 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4380 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4381 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4383 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4384 memset(hdev->irk, 0, sizeof(hdev->irk));
4385 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4388 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4393 err = new_settings(hdev, sk);
4396 hci_dev_unlock(hdev);
4400 static bool irk_is_valid(struct mgmt_irk_info *irk)
4402 switch (irk->addr.type) {
4403 case BDADDR_LE_PUBLIC:
4406 case BDADDR_LE_RANDOM:
4407 /* Two most significant bits shall be set */
4408 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4416 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4419 struct mgmt_cp_load_irks *cp = cp_data;
4420 u16 irk_count, expected_len;
4423 BT_DBG("request for %s", hdev->name);
4425 if (!lmp_le_capable(hdev))
4426 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4427 MGMT_STATUS_NOT_SUPPORTED);
4429 irk_count = __le16_to_cpu(cp->irk_count);
4431 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4432 if (expected_len != len) {
4433 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4435 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4436 MGMT_STATUS_INVALID_PARAMS);
4439 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4441 for (i = 0; i < irk_count; i++) {
4442 struct mgmt_irk_info *key = &cp->irks[i];
4444 if (!irk_is_valid(key))
4445 return cmd_status(sk, hdev->id,
4447 MGMT_STATUS_INVALID_PARAMS);
4452 hci_smp_irks_clear(hdev);
4454 for (i = 0; i < irk_count; i++) {
4455 struct mgmt_irk_info *irk = &cp->irks[i];
4458 if (irk->addr.type == BDADDR_LE_PUBLIC)
4459 addr_type = ADDR_LE_DEV_PUBLIC;
4461 addr_type = ADDR_LE_DEV_RANDOM;
4463 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4467 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4469 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4471 hci_dev_unlock(hdev);
4476 static bool ltk_is_valid(struct mgmt_ltk_info *key)
4478 if (key->master != 0x00 && key->master != 0x01)
4481 switch (key->addr.type) {
4482 case BDADDR_LE_PUBLIC:
4485 case BDADDR_LE_RANDOM:
4486 /* Two most significant bits shall be set */
4487 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4495 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4496 void *cp_data, u16 len)
4498 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4499 u16 key_count, expected_len;
4502 BT_DBG("request for %s", hdev->name);
4504 if (!lmp_le_capable(hdev))
4505 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4506 MGMT_STATUS_NOT_SUPPORTED);
4508 key_count = __le16_to_cpu(cp->key_count);
4510 expected_len = sizeof(*cp) + key_count *
4511 sizeof(struct mgmt_ltk_info);
4512 if (expected_len != len) {
4513 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4515 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4516 MGMT_STATUS_INVALID_PARAMS);
4519 BT_DBG("%s key_count %u", hdev->name, key_count);
4521 for (i = 0; i < key_count; i++) {
4522 struct mgmt_ltk_info *key = &cp->keys[i];
4524 if (!ltk_is_valid(key))
4525 return cmd_status(sk, hdev->id,
4526 MGMT_OP_LOAD_LONG_TERM_KEYS,
4527 MGMT_STATUS_INVALID_PARAMS);
4532 hci_smp_ltks_clear(hdev);
4534 for (i = 0; i < key_count; i++) {
4535 struct mgmt_ltk_info *key = &cp->keys[i];
4538 if (key->addr.type == BDADDR_LE_PUBLIC)
4539 addr_type = ADDR_LE_DEV_PUBLIC;
4541 addr_type = ADDR_LE_DEV_RANDOM;
4546 type = HCI_SMP_LTK_SLAVE;
4548 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4549 key->type, key->val, key->enc_size, key->ediv,
4553 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4556 hci_dev_unlock(hdev);
4561 struct cmd_conn_lookup {
4562 struct hci_conn *conn;
4563 bool valid_tx_power;
4567 static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4569 struct cmd_conn_lookup *match = data;
4570 struct mgmt_cp_get_conn_info *cp;
4571 struct mgmt_rp_get_conn_info rp;
4572 struct hci_conn *conn = cmd->user_data;
4574 if (conn != match->conn)
4577 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4579 memset(&rp, 0, sizeof(rp));
4580 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4581 rp.addr.type = cp->addr.type;
4583 if (!match->mgmt_status) {
4584 rp.rssi = conn->rssi;
4586 if (match->valid_tx_power)
4587 rp.tx_power = conn->tx_power;
4589 rp.tx_power = HCI_TX_POWER_INVALID;
4591 rp.max_tx_power = HCI_TX_POWER_INVALID;
4594 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4595 match->mgmt_status, &rp, sizeof(rp));
4597 hci_conn_drop(conn);
4599 mgmt_pending_remove(cmd);
4602 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4604 struct hci_cp_read_rssi *cp;
4605 struct hci_conn *conn;
4606 struct cmd_conn_lookup match;
4609 BT_DBG("status 0x%02x", status);
4613 /* TX power data is valid in case request completed successfully,
4614 * otherwise we assume it's not valid.
4616 match.valid_tx_power = !status;
4618 /* Commands sent in request are either Read RSSI or Read Transmit Power
4619 * Level so we check which one was last sent to retrieve connection
4620 * handle. Both commands have handle as first parameter so it's safe to
4621 * cast data on the same command struct.
4623 * First command sent is always Read RSSI and we fail only if it fails.
4624 * In other case we simply override error to indicate success as we
4625 * already remembered if TX power value is actually valid.
4627 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4629 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4634 BT_ERR("invalid sent_cmd in response");
4638 handle = __le16_to_cpu(cp->handle);
4639 conn = hci_conn_hash_lookup_handle(hdev, handle);
4641 BT_ERR("unknown handle (%d) in response", handle);
4646 match.mgmt_status = mgmt_status(status);
4648 /* Cache refresh is complete, now reply for mgmt request for given
4651 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4652 get_conn_info_complete, &match);
4655 hci_dev_unlock(hdev);
4658 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4661 struct mgmt_cp_get_conn_info *cp = data;
4662 struct mgmt_rp_get_conn_info rp;
4663 struct hci_conn *conn;
4664 unsigned long conn_info_age;
4667 BT_DBG("%s", hdev->name);
4669 memset(&rp, 0, sizeof(rp));
4670 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4671 rp.addr.type = cp->addr.type;
4673 if (!bdaddr_type_is_valid(cp->addr.type))
4674 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4675 MGMT_STATUS_INVALID_PARAMS,
4680 if (!hdev_is_powered(hdev)) {
4681 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4682 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4686 if (cp->addr.type == BDADDR_BREDR)
4687 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4690 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4692 if (!conn || conn->state != BT_CONNECTED) {
4693 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4694 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4698 /* To avoid client trying to guess when to poll again for information we
4699 * calculate conn info age as random value between min/max set in hdev.
4701 conn_info_age = hdev->conn_info_min_age +
4702 prandom_u32_max(hdev->conn_info_max_age -
4703 hdev->conn_info_min_age);
4705 /* Query controller to refresh cached values if they are too old or were
4708 if (time_after(jiffies, conn->conn_info_timestamp + conn_info_age) ||
4709 !conn->conn_info_timestamp) {
4710 struct hci_request req;
4711 struct hci_cp_read_tx_power req_txp_cp;
4712 struct hci_cp_read_rssi req_rssi_cp;
4713 struct pending_cmd *cmd;
4715 hci_req_init(&req, hdev);
4716 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4717 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4720 req_txp_cp.handle = cpu_to_le16(conn->handle);
4721 req_txp_cp.type = 0x00;
4722 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4723 sizeof(req_txp_cp), &req_txp_cp);
4725 err = hci_req_run(&req, conn_info_refresh_complete);
4729 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4736 hci_conn_hold(conn);
4737 cmd->user_data = conn;
4739 conn->conn_info_timestamp = jiffies;
4741 /* Cache is valid, just reply with values cached in hci_conn */
4742 rp.rssi = conn->rssi;
4743 rp.tx_power = conn->tx_power;
4744 rp.max_tx_power = HCI_TX_POWER_INVALID;
4746 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4747 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4751 hci_dev_unlock(hdev);
4755 static const struct mgmt_handler {
4756 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4760 } mgmt_handlers[] = {
4761 { NULL }, /* 0x0000 (no command) */
4762 { read_version, false, MGMT_READ_VERSION_SIZE },
4763 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4764 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4765 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4766 { set_powered, false, MGMT_SETTING_SIZE },
4767 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4768 { set_connectable, false, MGMT_SETTING_SIZE },
4769 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4770 { set_pairable, false, MGMT_SETTING_SIZE },
4771 { set_link_security, false, MGMT_SETTING_SIZE },
4772 { set_ssp, false, MGMT_SETTING_SIZE },
4773 { set_hs, false, MGMT_SETTING_SIZE },
4774 { set_le, false, MGMT_SETTING_SIZE },
4775 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4776 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4777 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4778 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4779 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4780 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4781 { disconnect, false, MGMT_DISCONNECT_SIZE },
4782 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4783 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4784 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4785 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4786 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4787 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4788 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4789 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4790 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4791 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4792 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4793 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
4794 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
4795 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4796 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4797 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4798 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4799 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4800 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
4801 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4802 { set_advertising, false, MGMT_SETTING_SIZE },
4803 { set_bredr, false, MGMT_SETTING_SIZE },
4804 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
4805 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
4806 { set_secure_conn, false, MGMT_SETTING_SIZE },
4807 { set_debug_keys, false, MGMT_SETTING_SIZE },
4808 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
4809 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
4810 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
4814 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4818 struct mgmt_hdr *hdr;
4819 u16 opcode, index, len;
4820 struct hci_dev *hdev = NULL;
4821 const struct mgmt_handler *handler;
4824 BT_DBG("got %zu bytes", msglen);
4826 if (msglen < sizeof(*hdr))
4829 buf = kmalloc(msglen, GFP_KERNEL);
4833 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4839 opcode = __le16_to_cpu(hdr->opcode);
4840 index = __le16_to_cpu(hdr->index);
4841 len = __le16_to_cpu(hdr->len);
4843 if (len != msglen - sizeof(*hdr)) {
4848 if (index != MGMT_INDEX_NONE) {
4849 hdev = hci_dev_get(index);
4851 err = cmd_status(sk, index, opcode,
4852 MGMT_STATUS_INVALID_INDEX);
4856 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4857 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
4858 err = cmd_status(sk, index, opcode,
4859 MGMT_STATUS_INVALID_INDEX);
4864 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
4865 mgmt_handlers[opcode].func == NULL) {
4866 BT_DBG("Unknown op %u", opcode);
4867 err = cmd_status(sk, index, opcode,
4868 MGMT_STATUS_UNKNOWN_COMMAND);
4872 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
4873 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
4874 err = cmd_status(sk, index, opcode,
4875 MGMT_STATUS_INVALID_INDEX);
4879 handler = &mgmt_handlers[opcode];
4881 if ((handler->var_len && len < handler->data_len) ||
4882 (!handler->var_len && len != handler->data_len)) {
4883 err = cmd_status(sk, index, opcode,
4884 MGMT_STATUS_INVALID_PARAMS);
4889 mgmt_init_hdev(sk, hdev);
4891 cp = buf + sizeof(*hdr);
4893 err = handler->func(sk, hdev, cp, len);
4907 void mgmt_index_added(struct hci_dev *hdev)
4909 if (hdev->dev_type != HCI_BREDR)
4912 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
4915 void mgmt_index_removed(struct hci_dev *hdev)
4917 u8 status = MGMT_STATUS_INVALID_INDEX;
4919 if (hdev->dev_type != HCI_BREDR)
4922 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
4924 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
4927 /* This function requires the caller holds hdev->lock */
4928 static void restart_le_auto_conns(struct hci_dev *hdev)
4930 struct hci_conn_params *p;
4932 list_for_each_entry(p, &hdev->le_conn_params, list) {
4933 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
4934 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
4938 static void powered_complete(struct hci_dev *hdev, u8 status)
4940 struct cmd_lookup match = { NULL, hdev };
4942 BT_DBG("status 0x%02x", status);
4946 restart_le_auto_conns(hdev);
4948 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4950 new_settings(hdev, match.sk);
4952 hci_dev_unlock(hdev);
4958 static int powered_update_hci(struct hci_dev *hdev)
4960 struct hci_request req;
4963 hci_req_init(&req, hdev);
4965 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4966 !lmp_host_ssp_capable(hdev)) {
4969 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
4972 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4973 lmp_bredr_capable(hdev)) {
4974 struct hci_cp_write_le_host_supported cp;
4977 cp.simul = lmp_le_br_capable(hdev);
4979 /* Check first if we already have the right
4980 * host state (host features set)
4982 if (cp.le != lmp_host_le_capable(hdev) ||
4983 cp.simul != lmp_host_le_br_capable(hdev))
4984 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4988 if (lmp_le_capable(hdev)) {
4989 /* Make sure the controller has a good default for
4990 * advertising data. This also applies to the case
4991 * where BR/EDR was toggled during the AUTO_OFF phase.
4993 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
4994 update_adv_data(&req);
4995 update_scan_rsp_data(&req);
4998 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4999 enable_advertising(&req);
5002 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5003 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
5004 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5005 sizeof(link_sec), &link_sec);
5007 if (lmp_bredr_capable(hdev)) {
5008 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5009 set_bredr_scan(&req);
5015 return hci_req_run(&req, powered_complete);
5018 int mgmt_powered(struct hci_dev *hdev, u8 powered)
5020 struct cmd_lookup match = { NULL, hdev };
5021 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5022 u8 zero_cod[] = { 0, 0, 0 };
5025 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5029 if (powered_update_hci(hdev) == 0)
5032 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5037 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5038 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5040 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5041 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5042 zero_cod, sizeof(zero_cod), NULL);
5045 err = new_settings(hdev, match.sk);
5053 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
5055 struct pending_cmd *cmd;
5058 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5062 if (err == -ERFKILL)
5063 status = MGMT_STATUS_RFKILLED;
5065 status = MGMT_STATUS_FAILED;
5067 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
5069 mgmt_pending_remove(cmd);
5072 void mgmt_discoverable_timeout(struct hci_dev *hdev)
5074 struct hci_request req;
5078 /* When discoverable timeout triggers, then just make sure
5079 * the limited discoverable flag is cleared. Even in the case
5080 * of a timeout triggered from general discoverable, it is
5081 * safe to unconditionally clear the flag.
5083 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
5084 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
5086 hci_req_init(&req, hdev);
5087 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5088 u8 scan = SCAN_PAGE;
5089 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5090 sizeof(scan), &scan);
5093 update_adv_data(&req);
5094 hci_req_run(&req, NULL);
5096 hdev->discov_timeout = 0;
5098 new_settings(hdev, NULL);
5100 hci_dev_unlock(hdev);
5103 void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
5107 /* Nothing needed here if there's a pending command since that
5108 * commands request completion callback takes care of everything
5111 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
5114 /* Powering off may clear the scan mode - don't let that interfere */
5115 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5119 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
5121 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
5122 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
5126 struct hci_request req;
5128 /* In case this change in discoverable was triggered by
5129 * a disabling of connectable there could be a need to
5130 * update the advertising flags.
5132 hci_req_init(&req, hdev);
5133 update_adv_data(&req);
5134 hci_req_run(&req, NULL);
5136 new_settings(hdev, NULL);
5140 void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
5144 /* Nothing needed here if there's a pending command since that
5145 * commands request completion callback takes care of everything
5148 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
5151 /* Powering off may clear the scan mode - don't let that interfere */
5152 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5156 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5158 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5161 new_settings(hdev, NULL);
5164 void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5166 /* Powering off may stop advertising - don't let that interfere */
5167 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5171 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5173 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5176 void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
5178 u8 mgmt_err = mgmt_status(status);
5180 if (scan & SCAN_PAGE)
5181 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
5182 cmd_status_rsp, &mgmt_err);
5184 if (scan & SCAN_INQUIRY)
5185 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
5186 cmd_status_rsp, &mgmt_err);
5189 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5192 struct mgmt_ev_new_link_key ev;
5194 memset(&ev, 0, sizeof(ev));
5196 ev.store_hint = persistent;
5197 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
5198 ev.key.addr.type = BDADDR_BREDR;
5199 ev.key.type = key->type;
5200 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
5201 ev.key.pin_len = key->pin_len;
5203 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
5206 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
5208 struct mgmt_ev_new_long_term_key ev;
5210 memset(&ev, 0, sizeof(ev));
5212 /* Devices using resolvable or non-resolvable random addresses
5213 * without providing an indentity resolving key don't require
5214 * to store long term keys. Their addresses will change the
5217 * Only when a remote device provides an identity address
5218 * make sure the long term key is stored. If the remote
5219 * identity is known, the long term keys are internally
5220 * mapped to the identity address. So allow static random
5221 * and public addresses here.
5223 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5224 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5225 ev.store_hint = 0x00;
5227 ev.store_hint = persistent;
5229 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
5230 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
5231 ev.key.type = key->authenticated;
5232 ev.key.enc_size = key->enc_size;
5233 ev.key.ediv = key->ediv;
5234 ev.key.rand = key->rand;
5236 if (key->type == HCI_SMP_LTK)
5239 memcpy(ev.key.val, key->val, sizeof(key->val));
5241 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
5244 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5246 struct mgmt_ev_new_irk ev;
5248 memset(&ev, 0, sizeof(ev));
5250 /* For identity resolving keys from devices that are already
5251 * using a public address or static random address, do not
5252 * ask for storing this key. The identity resolving key really
5253 * is only mandatory for devices using resovlable random
5256 * Storing all identity resolving keys has the downside that
5257 * they will be also loaded on next boot of they system. More
5258 * identity resolving keys, means more time during scanning is
5259 * needed to actually resolve these addresses.
5261 if (bacmp(&irk->rpa, BDADDR_ANY))
5262 ev.store_hint = 0x01;
5264 ev.store_hint = 0x00;
5266 bacpy(&ev.rpa, &irk->rpa);
5267 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5268 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5269 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5271 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5274 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5277 struct mgmt_ev_new_csrk ev;
5279 memset(&ev, 0, sizeof(ev));
5281 /* Devices using resolvable or non-resolvable random addresses
5282 * without providing an indentity resolving key don't require
5283 * to store signature resolving keys. Their addresses will change
5284 * the next time around.
5286 * Only when a remote device provides an identity address
5287 * make sure the signature resolving key is stored. So allow
5288 * static random and public addresses here.
5290 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5291 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5292 ev.store_hint = 0x00;
5294 ev.store_hint = persistent;
5296 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5297 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5298 ev.key.master = csrk->master;
5299 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5301 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5304 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5307 eir[eir_len++] = sizeof(type) + data_len;
5308 eir[eir_len++] = type;
5309 memcpy(&eir[eir_len], data, data_len);
5310 eir_len += data_len;
5315 void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5316 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5320 struct mgmt_ev_device_connected *ev = (void *) buf;
5323 bacpy(&ev->addr.bdaddr, bdaddr);
5324 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5326 ev->flags = __cpu_to_le32(flags);
5329 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
5332 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
5333 eir_len = eir_append_data(ev->eir, eir_len,
5334 EIR_CLASS_OF_DEV, dev_class, 3);
5336 ev->eir_len = cpu_to_le16(eir_len);
5338 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5339 sizeof(*ev) + eir_len, NULL);
5342 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5344 struct mgmt_cp_disconnect *cp = cmd->param;
5345 struct sock **sk = data;
5346 struct mgmt_rp_disconnect rp;
5348 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5349 rp.addr.type = cp->addr.type;
5351 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
5357 mgmt_pending_remove(cmd);
5360 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
5362 struct hci_dev *hdev = data;
5363 struct mgmt_cp_unpair_device *cp = cmd->param;
5364 struct mgmt_rp_unpair_device rp;
5366 memset(&rp, 0, sizeof(rp));
5367 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5368 rp.addr.type = cp->addr.type;
5370 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5372 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
5374 mgmt_pending_remove(cmd);
5377 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
5378 u8 link_type, u8 addr_type, u8 reason,
5379 bool mgmt_connected)
5381 struct mgmt_ev_device_disconnected ev;
5382 struct pending_cmd *power_off;
5383 struct sock *sk = NULL;
5385 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5387 struct mgmt_mode *cp = power_off->param;
5389 /* The connection is still in hci_conn_hash so test for 1
5390 * instead of 0 to know if this is the last one.
5392 if (!cp->val && hci_conn_count(hdev) == 1) {
5393 cancel_delayed_work(&hdev->power_off);
5394 queue_work(hdev->req_workqueue, &hdev->power_off.work);
5398 if (!mgmt_connected)
5401 if (link_type != ACL_LINK && link_type != LE_LINK)
5404 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
5406 bacpy(&ev.addr.bdaddr, bdaddr);
5407 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5410 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
5415 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5419 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5420 u8 link_type, u8 addr_type, u8 status)
5422 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5423 struct mgmt_cp_disconnect *cp;
5424 struct mgmt_rp_disconnect rp;
5425 struct pending_cmd *cmd;
5427 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5430 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
5436 if (bacmp(bdaddr, &cp->addr.bdaddr))
5439 if (cp->addr.type != bdaddr_type)
5442 bacpy(&rp.addr.bdaddr, bdaddr);
5443 rp.addr.type = bdaddr_type;
5445 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5446 mgmt_status(status), &rp, sizeof(rp));
5448 mgmt_pending_remove(cmd);
5451 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5452 u8 addr_type, u8 status)
5454 struct mgmt_ev_connect_failed ev;
5455 struct pending_cmd *power_off;
5457 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5459 struct mgmt_mode *cp = power_off->param;
5461 /* The connection is still in hci_conn_hash so test for 1
5462 * instead of 0 to know if this is the last one.
5464 if (!cp->val && hci_conn_count(hdev) == 1) {
5465 cancel_delayed_work(&hdev->power_off);
5466 queue_work(hdev->req_workqueue, &hdev->power_off.work);
5470 bacpy(&ev.addr.bdaddr, bdaddr);
5471 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5472 ev.status = mgmt_status(status);
5474 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
5477 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
5479 struct mgmt_ev_pin_code_request ev;
5481 bacpy(&ev.addr.bdaddr, bdaddr);
5482 ev.addr.type = BDADDR_BREDR;
5485 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
5488 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5491 struct pending_cmd *cmd;
5492 struct mgmt_rp_pin_code_reply rp;
5494 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
5498 bacpy(&rp.addr.bdaddr, bdaddr);
5499 rp.addr.type = BDADDR_BREDR;
5501 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5502 mgmt_status(status), &rp, sizeof(rp));
5504 mgmt_pending_remove(cmd);
5507 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5510 struct pending_cmd *cmd;
5511 struct mgmt_rp_pin_code_reply rp;
5513 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
5517 bacpy(&rp.addr.bdaddr, bdaddr);
5518 rp.addr.type = BDADDR_BREDR;
5520 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5521 mgmt_status(status), &rp, sizeof(rp));
5523 mgmt_pending_remove(cmd);
5526 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
5527 u8 link_type, u8 addr_type, u32 value,
5530 struct mgmt_ev_user_confirm_request ev;
5532 BT_DBG("%s", hdev->name);
5534 bacpy(&ev.addr.bdaddr, bdaddr);
5535 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5536 ev.confirm_hint = confirm_hint;
5537 ev.value = cpu_to_le32(value);
5539 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
5543 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
5544 u8 link_type, u8 addr_type)
5546 struct mgmt_ev_user_passkey_request ev;
5548 BT_DBG("%s", hdev->name);
5550 bacpy(&ev.addr.bdaddr, bdaddr);
5551 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5553 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
5557 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5558 u8 link_type, u8 addr_type, u8 status,
5561 struct pending_cmd *cmd;
5562 struct mgmt_rp_user_confirm_reply rp;
5565 cmd = mgmt_pending_find(opcode, hdev);
5569 bacpy(&rp.addr.bdaddr, bdaddr);
5570 rp.addr.type = link_to_bdaddr(link_type, addr_type);
5571 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
5574 mgmt_pending_remove(cmd);
5579 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5580 u8 link_type, u8 addr_type, u8 status)
5582 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5583 status, MGMT_OP_USER_CONFIRM_REPLY);
5586 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5587 u8 link_type, u8 addr_type, u8 status)
5589 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5591 MGMT_OP_USER_CONFIRM_NEG_REPLY);
5594 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5595 u8 link_type, u8 addr_type, u8 status)
5597 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5598 status, MGMT_OP_USER_PASSKEY_REPLY);
5601 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5602 u8 link_type, u8 addr_type, u8 status)
5604 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
5606 MGMT_OP_USER_PASSKEY_NEG_REPLY);
5609 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5610 u8 link_type, u8 addr_type, u32 passkey,
5613 struct mgmt_ev_passkey_notify ev;
5615 BT_DBG("%s", hdev->name);
5617 bacpy(&ev.addr.bdaddr, bdaddr);
5618 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5619 ev.passkey = __cpu_to_le32(passkey);
5620 ev.entered = entered;
5622 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5625 void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5626 u8 addr_type, u8 status)
5628 struct mgmt_ev_auth_failed ev;
5630 bacpy(&ev.addr.bdaddr, bdaddr);
5631 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5632 ev.status = mgmt_status(status);
5634 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
5637 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
5639 struct cmd_lookup match = { NULL, hdev };
5643 u8 mgmt_err = mgmt_status(status);
5644 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
5645 cmd_status_rsp, &mgmt_err);
5649 if (test_bit(HCI_AUTH, &hdev->flags))
5650 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5653 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5656 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
5660 new_settings(hdev, match.sk);
5666 static void clear_eir(struct hci_request *req)
5668 struct hci_dev *hdev = req->hdev;
5669 struct hci_cp_write_eir cp;
5671 if (!lmp_ext_inq_capable(hdev))
5674 memset(hdev->eir, 0, sizeof(hdev->eir));
5676 memset(&cp, 0, sizeof(cp));
5678 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
5681 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5683 struct cmd_lookup match = { NULL, hdev };
5684 struct hci_request req;
5685 bool changed = false;
5688 u8 mgmt_err = mgmt_status(status);
5690 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
5691 &hdev->dev_flags)) {
5692 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
5693 new_settings(hdev, NULL);
5696 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5702 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5704 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5706 changed = test_and_clear_bit(HCI_HS_ENABLED,
5709 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
5712 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5715 new_settings(hdev, match.sk);
5720 hci_req_init(&req, hdev);
5722 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
5727 hci_req_run(&req, NULL);
5730 void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5732 struct cmd_lookup match = { NULL, hdev };
5733 bool changed = false;
5736 u8 mgmt_err = mgmt_status(status);
5739 if (test_and_clear_bit(HCI_SC_ENABLED,
5741 new_settings(hdev, NULL);
5742 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5745 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5746 cmd_status_rsp, &mgmt_err);
5751 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5753 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5754 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5757 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5758 settings_rsp, &match);
5761 new_settings(hdev, match.sk);
5767 static void sk_lookup(struct pending_cmd *cmd, void *data)
5769 struct cmd_lookup *match = data;
5771 if (match->sk == NULL) {
5772 match->sk = cmd->sk;
5773 sock_hold(match->sk);
5777 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5780 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
5782 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5783 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5784 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
5787 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5794 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
5796 struct mgmt_cp_set_local_name ev;
5797 struct pending_cmd *cmd;
5802 memset(&ev, 0, sizeof(ev));
5803 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
5804 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
5806 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
5808 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
5810 /* If this is a HCI command related to powering on the
5811 * HCI dev don't send any mgmt signals.
5813 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5817 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5818 cmd ? cmd->sk : NULL);
5821 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5822 u8 *randomizer192, u8 *hash256,
5823 u8 *randomizer256, u8 status)
5825 struct pending_cmd *cmd;
5827 BT_DBG("%s status %u", hdev->name, status);
5829 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
5834 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5835 mgmt_status(status));
5837 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5838 hash256 && randomizer256) {
5839 struct mgmt_rp_read_local_oob_ext_data rp;
5841 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5842 memcpy(rp.randomizer192, randomizer192,
5843 sizeof(rp.randomizer192));
5845 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5846 memcpy(rp.randomizer256, randomizer256,
5847 sizeof(rp.randomizer256));
5849 cmd_complete(cmd->sk, hdev->id,
5850 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5853 struct mgmt_rp_read_local_oob_data rp;
5855 memcpy(rp.hash, hash192, sizeof(rp.hash));
5856 memcpy(rp.randomizer, randomizer192,
5857 sizeof(rp.randomizer));
5859 cmd_complete(cmd->sk, hdev->id,
5860 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5865 mgmt_pending_remove(cmd);
5868 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5869 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name,
5870 u8 ssp, u8 *eir, u16 eir_len, u8 *scan_rsp,
5874 struct mgmt_ev_device_found *ev = (void *) buf;
5875 struct smp_irk *irk;
5878 if (!hci_discovery_active(hdev))
5881 /* Make sure that the buffer is big enough. The 5 extra bytes
5882 * are for the potential CoD field.
5884 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
5887 memset(buf, 0, sizeof(buf));
5889 irk = hci_get_irk(hdev, bdaddr, addr_type);
5891 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5892 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5894 bacpy(&ev->addr.bdaddr, bdaddr);
5895 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5900 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
5902 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
5905 memcpy(ev->eir, eir, eir_len);
5907 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5908 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
5911 if (scan_rsp_len > 0)
5912 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
5914 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
5915 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
5917 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
5920 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5921 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
5923 struct mgmt_ev_device_found *ev;
5924 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5927 ev = (struct mgmt_ev_device_found *) buf;
5929 memset(buf, 0, sizeof(buf));
5931 bacpy(&ev->addr.bdaddr, bdaddr);
5932 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5935 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
5938 ev->eir_len = cpu_to_le16(eir_len);
5940 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
5943 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
5945 struct mgmt_ev_discovering ev;
5946 struct pending_cmd *cmd;
5948 BT_DBG("%s discovering %u", hdev->name, discovering);
5951 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
5953 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
5956 u8 type = hdev->discovery.type;
5958 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5960 mgmt_pending_remove(cmd);
5963 memset(&ev, 0, sizeof(ev));
5964 ev.type = hdev->discovery.type;
5965 ev.discovering = discovering;
5967 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
5970 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5972 struct pending_cmd *cmd;
5973 struct mgmt_ev_device_blocked ev;
5975 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5977 bacpy(&ev.addr.bdaddr, bdaddr);
5978 ev.addr.type = type;
5980 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
5981 cmd ? cmd->sk : NULL);
5984 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5986 struct pending_cmd *cmd;
5987 struct mgmt_ev_device_unblocked ev;
5989 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5991 bacpy(&ev.addr.bdaddr, bdaddr);
5992 ev.addr.type = type;
5994 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
5995 cmd ? cmd->sk : NULL);
5998 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6000 BT_DBG("%s status %u", hdev->name, status);
6002 /* Clear the advertising mgmt setting if we failed to re-enable it */
6004 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
6005 new_settings(hdev, NULL);
6009 void mgmt_reenable_advertising(struct hci_dev *hdev)
6011 struct hci_request req;
6013 if (hci_conn_num(hdev, LE_LINK) > 0)
6016 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6019 hci_req_init(&req, hdev);
6020 enable_advertising(&req);
6022 /* If this fails we have no option but to let user space know
6023 * that we've disabled advertising.
6025 if (hci_req_run(&req, adv_enable_complete) < 0) {
6026 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
6027 new_settings(hdev, NULL);
projects / cascardo / linux.git / blob