2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
33 #include <net/bluetooth/mgmt.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 7
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
79 MGMT_OP_SET_ADVERTISING,
81 MGMT_OP_SET_STATIC_ADDRESS,
82 MGMT_OP_SET_SCAN_PARAMS,
83 MGMT_OP_SET_SECURE_CONN,
84 MGMT_OP_SET_DEBUG_KEYS,
87 MGMT_OP_GET_CONN_INFO,
88 MGMT_OP_GET_CLOCK_INFO,
90 MGMT_OP_REMOVE_DEVICE,
91 MGMT_OP_LOAD_CONN_PARAM,
92 MGMT_OP_READ_UNCONF_INDEX_LIST,
93 MGMT_OP_READ_CONFIG_INFO,
94 MGMT_OP_SET_EXTERNAL_CONFIG,
95 MGMT_OP_SET_PUBLIC_ADDRESS,
98 static const u16 mgmt_events[] = {
99 MGMT_EV_CONTROLLER_ERROR,
101 MGMT_EV_INDEX_REMOVED,
102 MGMT_EV_NEW_SETTINGS,
103 MGMT_EV_CLASS_OF_DEV_CHANGED,
104 MGMT_EV_LOCAL_NAME_CHANGED,
105 MGMT_EV_NEW_LINK_KEY,
106 MGMT_EV_NEW_LONG_TERM_KEY,
107 MGMT_EV_DEVICE_CONNECTED,
108 MGMT_EV_DEVICE_DISCONNECTED,
109 MGMT_EV_CONNECT_FAILED,
110 MGMT_EV_PIN_CODE_REQUEST,
111 MGMT_EV_USER_CONFIRM_REQUEST,
112 MGMT_EV_USER_PASSKEY_REQUEST,
114 MGMT_EV_DEVICE_FOUND,
116 MGMT_EV_DEVICE_BLOCKED,
117 MGMT_EV_DEVICE_UNBLOCKED,
118 MGMT_EV_DEVICE_UNPAIRED,
119 MGMT_EV_PASSKEY_NOTIFY,
122 MGMT_EV_DEVICE_ADDED,
123 MGMT_EV_DEVICE_REMOVED,
124 MGMT_EV_NEW_CONN_PARAM,
125 MGMT_EV_UNCONF_INDEX_ADDED,
126 MGMT_EV_UNCONF_INDEX_REMOVED,
127 MGMT_EV_NEW_CONFIG_OPTIONS,
130 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
133 struct list_head list;
141 /* HCI to MGMT error code conversion table */
142 static u8 mgmt_status_table[] = {
144 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
145 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
146 MGMT_STATUS_FAILED, /* Hardware Failure */
147 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
148 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
149 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
150 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
151 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
152 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
153 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
154 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
155 MGMT_STATUS_BUSY, /* Command Disallowed */
156 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
157 MGMT_STATUS_REJECTED, /* Rejected Security */
158 MGMT_STATUS_REJECTED, /* Rejected Personal */
159 MGMT_STATUS_TIMEOUT, /* Host Timeout */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
161 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
162 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
163 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
164 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
165 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
166 MGMT_STATUS_BUSY, /* Repeated Attempts */
167 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
168 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
169 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
170 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
171 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
172 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
173 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
174 MGMT_STATUS_FAILED, /* Unspecified Error */
175 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
176 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
177 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
178 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
179 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
180 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
181 MGMT_STATUS_FAILED, /* Unit Link Key Used */
182 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
183 MGMT_STATUS_TIMEOUT, /* Instant Passed */
184 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
185 MGMT_STATUS_FAILED, /* Transaction Collision */
186 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
187 MGMT_STATUS_REJECTED, /* QoS Rejected */
188 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
189 MGMT_STATUS_REJECTED, /* Insufficient Security */
190 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
191 MGMT_STATUS_BUSY, /* Role Switch Pending */
192 MGMT_STATUS_FAILED, /* Slot Violation */
193 MGMT_STATUS_FAILED, /* Role Switch Failed */
194 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
195 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
196 MGMT_STATUS_BUSY, /* Host Busy Pairing */
197 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
198 MGMT_STATUS_BUSY, /* Controller Busy */
199 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
200 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
201 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
202 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
203 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
206 static u8 mgmt_status(u8 hci_status)
208 if (hci_status < ARRAY_SIZE(mgmt_status_table))
209 return mgmt_status_table[hci_status];
211 return MGMT_STATUS_FAILED;
214 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
215 struct sock *skip_sk)
218 struct mgmt_hdr *hdr;
220 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
224 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = cpu_to_le16(event);
227 hdr->index = cpu_to_le16(hdev->id);
229 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
230 hdr->len = cpu_to_le16(data_len);
233 memcpy(skb_put(skb, data_len), data, data_len);
236 __net_timestamp(skb);
238 hci_send_to_control(skb, skip_sk);
244 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
247 struct mgmt_hdr *hdr;
248 struct mgmt_ev_cmd_status *ev;
251 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
253 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
257 hdr = (void *) skb_put(skb, sizeof(*hdr));
259 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
260 hdr->index = cpu_to_le16(index);
261 hdr->len = cpu_to_le16(sizeof(*ev));
263 ev = (void *) skb_put(skb, sizeof(*ev));
265 ev->opcode = cpu_to_le16(cmd);
267 err = sock_queue_rcv_skb(sk, skb);
274 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
275 void *rp, size_t rp_len)
278 struct mgmt_hdr *hdr;
279 struct mgmt_ev_cmd_complete *ev;
282 BT_DBG("sock %p", sk);
284 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
288 hdr = (void *) skb_put(skb, sizeof(*hdr));
290 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
291 hdr->index = cpu_to_le16(index);
292 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
294 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
295 ev->opcode = cpu_to_le16(cmd);
299 memcpy(ev->data, rp, rp_len);
301 err = sock_queue_rcv_skb(sk, skb);
308 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
311 struct mgmt_rp_read_version rp;
313 BT_DBG("sock %p", sk);
315 rp.version = MGMT_VERSION;
316 rp.revision = cpu_to_le16(MGMT_REVISION);
318 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
322 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
325 struct mgmt_rp_read_commands *rp;
326 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
327 const u16 num_events = ARRAY_SIZE(mgmt_events);
332 BT_DBG("sock %p", sk);
334 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
336 rp = kmalloc(rp_size, GFP_KERNEL);
340 rp->num_commands = cpu_to_le16(num_commands);
341 rp->num_events = cpu_to_le16(num_events);
343 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
344 put_unaligned_le16(mgmt_commands[i], opcode);
346 for (i = 0; i < num_events; i++, opcode++)
347 put_unaligned_le16(mgmt_events[i], opcode);
349 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
356 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
359 struct mgmt_rp_read_index_list *rp;
365 BT_DBG("sock %p", sk);
367 read_lock(&hci_dev_list_lock);
370 list_for_each_entry(d, &hci_dev_list, list) {
371 if (d->dev_type == HCI_BREDR &&
372 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
376 rp_len = sizeof(*rp) + (2 * count);
377 rp = kmalloc(rp_len, GFP_ATOMIC);
379 read_unlock(&hci_dev_list_lock);
384 list_for_each_entry(d, &hci_dev_list, list) {
385 if (test_bit(HCI_SETUP, &d->dev_flags) ||
386 test_bit(HCI_CONFIG, &d->dev_flags) ||
387 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
390 /* Devices marked as raw-only are neither configured
391 * nor unconfigured controllers.
393 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
396 if (d->dev_type == HCI_BREDR &&
397 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
398 rp->index[count++] = cpu_to_le16(d->id);
399 BT_DBG("Added hci%u", d->id);
403 rp->num_controllers = cpu_to_le16(count);
404 rp_len = sizeof(*rp) + (2 * count);
406 read_unlock(&hci_dev_list_lock);
408 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
416 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
417 void *data, u16 data_len)
419 struct mgmt_rp_read_unconf_index_list *rp;
425 BT_DBG("sock %p", sk);
427 read_lock(&hci_dev_list_lock);
430 list_for_each_entry(d, &hci_dev_list, list) {
431 if (d->dev_type == HCI_BREDR &&
432 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
436 rp_len = sizeof(*rp) + (2 * count);
437 rp = kmalloc(rp_len, GFP_ATOMIC);
439 read_unlock(&hci_dev_list_lock);
444 list_for_each_entry(d, &hci_dev_list, list) {
445 if (test_bit(HCI_SETUP, &d->dev_flags) ||
446 test_bit(HCI_CONFIG, &d->dev_flags) ||
447 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
450 /* Devices marked as raw-only are neither configured
451 * nor unconfigured controllers.
453 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
456 if (d->dev_type == HCI_BREDR &&
457 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
458 rp->index[count++] = cpu_to_le16(d->id);
459 BT_DBG("Added hci%u", d->id);
463 rp->num_controllers = cpu_to_le16(count);
464 rp_len = sizeof(*rp) + (2 * count);
466 read_unlock(&hci_dev_list_lock);
468 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
476 static bool is_configured(struct hci_dev *hdev)
478 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
479 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
482 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
483 !bacmp(&hdev->public_addr, BDADDR_ANY))
489 static __le32 get_missing_options(struct hci_dev *hdev)
493 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
494 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
495 options |= MGMT_OPTION_EXTERNAL_CONFIG;
497 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
498 !bacmp(&hdev->public_addr, BDADDR_ANY))
499 options |= MGMT_OPTION_PUBLIC_ADDRESS;
501 return cpu_to_le32(options);
504 static int new_options(struct hci_dev *hdev, struct sock *skip)
506 __le32 options = get_missing_options(hdev);
508 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
509 sizeof(options), skip);
512 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
514 __le32 options = get_missing_options(hdev);
516 return cmd_complete(sk, hdev->id, opcode, 0, &options,
520 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
521 void *data, u16 data_len)
523 struct mgmt_rp_read_config_info rp;
526 BT_DBG("sock %p %s", sk, hdev->name);
530 memset(&rp, 0, sizeof(rp));
531 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
533 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
534 options |= MGMT_OPTION_EXTERNAL_CONFIG;
536 if (hdev->set_bdaddr)
537 options |= MGMT_OPTION_PUBLIC_ADDRESS;
539 rp.supported_options = cpu_to_le32(options);
540 rp.missing_options = get_missing_options(hdev);
542 hci_dev_unlock(hdev);
544 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
548 static u32 get_supported_settings(struct hci_dev *hdev)
552 settings |= MGMT_SETTING_POWERED;
553 settings |= MGMT_SETTING_BONDABLE;
554 settings |= MGMT_SETTING_DEBUG_KEYS;
555 settings |= MGMT_SETTING_CONNECTABLE;
556 settings |= MGMT_SETTING_DISCOVERABLE;
558 if (lmp_bredr_capable(hdev)) {
559 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
560 settings |= MGMT_SETTING_FAST_CONNECTABLE;
561 settings |= MGMT_SETTING_BREDR;
562 settings |= MGMT_SETTING_LINK_SECURITY;
564 if (lmp_ssp_capable(hdev)) {
565 settings |= MGMT_SETTING_SSP;
566 settings |= MGMT_SETTING_HS;
569 if (lmp_sc_capable(hdev) ||
570 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
571 settings |= MGMT_SETTING_SECURE_CONN;
574 if (lmp_le_capable(hdev)) {
575 settings |= MGMT_SETTING_LE;
576 settings |= MGMT_SETTING_ADVERTISING;
577 settings |= MGMT_SETTING_PRIVACY;
580 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
582 settings |= MGMT_SETTING_CONFIGURATION;
587 static u32 get_current_settings(struct hci_dev *hdev)
591 if (hdev_is_powered(hdev))
592 settings |= MGMT_SETTING_POWERED;
594 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
595 settings |= MGMT_SETTING_CONNECTABLE;
597 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
598 settings |= MGMT_SETTING_FAST_CONNECTABLE;
600 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
601 settings |= MGMT_SETTING_DISCOVERABLE;
603 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
604 settings |= MGMT_SETTING_BONDABLE;
606 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
607 settings |= MGMT_SETTING_BREDR;
609 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
610 settings |= MGMT_SETTING_LE;
612 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
613 settings |= MGMT_SETTING_LINK_SECURITY;
615 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
616 settings |= MGMT_SETTING_SSP;
618 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
619 settings |= MGMT_SETTING_HS;
621 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
622 settings |= MGMT_SETTING_ADVERTISING;
624 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
625 settings |= MGMT_SETTING_SECURE_CONN;
627 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
628 settings |= MGMT_SETTING_DEBUG_KEYS;
630 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
631 settings |= MGMT_SETTING_PRIVACY;
636 #define PNP_INFO_SVCLASS_ID 0x1200
638 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
640 u8 *ptr = data, *uuids_start = NULL;
641 struct bt_uuid *uuid;
646 list_for_each_entry(uuid, &hdev->uuids, list) {
649 if (uuid->size != 16)
652 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
656 if (uuid16 == PNP_INFO_SVCLASS_ID)
662 uuids_start[1] = EIR_UUID16_ALL;
666 /* Stop if not enough space to put next UUID */
667 if ((ptr - data) + sizeof(u16) > len) {
668 uuids_start[1] = EIR_UUID16_SOME;
672 *ptr++ = (uuid16 & 0x00ff);
673 *ptr++ = (uuid16 & 0xff00) >> 8;
674 uuids_start[0] += sizeof(uuid16);
680 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
682 u8 *ptr = data, *uuids_start = NULL;
683 struct bt_uuid *uuid;
688 list_for_each_entry(uuid, &hdev->uuids, list) {
689 if (uuid->size != 32)
695 uuids_start[1] = EIR_UUID32_ALL;
699 /* Stop if not enough space to put next UUID */
700 if ((ptr - data) + sizeof(u32) > len) {
701 uuids_start[1] = EIR_UUID32_SOME;
705 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
707 uuids_start[0] += sizeof(u32);
713 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
715 u8 *ptr = data, *uuids_start = NULL;
716 struct bt_uuid *uuid;
721 list_for_each_entry(uuid, &hdev->uuids, list) {
722 if (uuid->size != 128)
728 uuids_start[1] = EIR_UUID128_ALL;
732 /* Stop if not enough space to put next UUID */
733 if ((ptr - data) + 16 > len) {
734 uuids_start[1] = EIR_UUID128_SOME;
738 memcpy(ptr, uuid->uuid, 16);
740 uuids_start[0] += 16;
746 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
748 struct pending_cmd *cmd;
750 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
751 if (cmd->opcode == opcode)
758 static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
759 struct hci_dev *hdev,
762 struct pending_cmd *cmd;
764 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
765 if (cmd->user_data != data)
767 if (cmd->opcode == opcode)
774 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
779 name_len = strlen(hdev->dev_name);
781 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
783 if (name_len > max_len) {
785 ptr[1] = EIR_NAME_SHORT;
787 ptr[1] = EIR_NAME_COMPLETE;
789 ptr[0] = name_len + 1;
791 memcpy(ptr + 2, hdev->dev_name, name_len);
793 ad_len += (name_len + 2);
794 ptr += (name_len + 2);
800 static void update_scan_rsp_data(struct hci_request *req)
802 struct hci_dev *hdev = req->hdev;
803 struct hci_cp_le_set_scan_rsp_data cp;
806 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
809 memset(&cp, 0, sizeof(cp));
811 len = create_scan_rsp_data(hdev, cp.data);
813 if (hdev->scan_rsp_data_len == len &&
814 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
817 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
818 hdev->scan_rsp_data_len = len;
822 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
825 static u8 get_adv_discov_flags(struct hci_dev *hdev)
827 struct pending_cmd *cmd;
829 /* If there's a pending mgmt command the flags will not yet have
830 * their final values, so check for this first.
832 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
834 struct mgmt_mode *cp = cmd->param;
836 return LE_AD_GENERAL;
837 else if (cp->val == 0x02)
838 return LE_AD_LIMITED;
840 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
841 return LE_AD_LIMITED;
842 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
843 return LE_AD_GENERAL;
849 static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
851 u8 ad_len = 0, flags = 0;
853 flags |= get_adv_discov_flags(hdev);
855 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
856 flags |= LE_AD_NO_BREDR;
859 BT_DBG("adv flags 0x%02x", flags);
869 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
871 ptr[1] = EIR_TX_POWER;
872 ptr[2] = (u8) hdev->adv_tx_power;
881 static void update_adv_data(struct hci_request *req)
883 struct hci_dev *hdev = req->hdev;
884 struct hci_cp_le_set_adv_data cp;
887 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
890 memset(&cp, 0, sizeof(cp));
892 len = create_adv_data(hdev, cp.data);
894 if (hdev->adv_data_len == len &&
895 memcmp(cp.data, hdev->adv_data, len) == 0)
898 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
899 hdev->adv_data_len = len;
903 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
906 int mgmt_update_adv_data(struct hci_dev *hdev)
908 struct hci_request req;
910 hci_req_init(&req, hdev);
911 update_adv_data(&req);
913 return hci_req_run(&req, NULL);
916 static void create_eir(struct hci_dev *hdev, u8 *data)
921 name_len = strlen(hdev->dev_name);
927 ptr[1] = EIR_NAME_SHORT;
929 ptr[1] = EIR_NAME_COMPLETE;
931 /* EIR Data length */
932 ptr[0] = name_len + 1;
934 memcpy(ptr + 2, hdev->dev_name, name_len);
936 ptr += (name_len + 2);
939 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
941 ptr[1] = EIR_TX_POWER;
942 ptr[2] = (u8) hdev->inq_tx_power;
947 if (hdev->devid_source > 0) {
949 ptr[1] = EIR_DEVICE_ID;
951 put_unaligned_le16(hdev->devid_source, ptr + 2);
952 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
953 put_unaligned_le16(hdev->devid_product, ptr + 6);
954 put_unaligned_le16(hdev->devid_version, ptr + 8);
959 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
960 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
961 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
964 static void update_eir(struct hci_request *req)
966 struct hci_dev *hdev = req->hdev;
967 struct hci_cp_write_eir cp;
969 if (!hdev_is_powered(hdev))
972 if (!lmp_ext_inq_capable(hdev))
975 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
978 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
981 memset(&cp, 0, sizeof(cp));
983 create_eir(hdev, cp.data);
985 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
988 memcpy(hdev->eir, cp.data, sizeof(cp.data));
990 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
993 static u8 get_service_classes(struct hci_dev *hdev)
995 struct bt_uuid *uuid;
998 list_for_each_entry(uuid, &hdev->uuids, list)
999 val |= uuid->svc_hint;
1004 static void update_class(struct hci_request *req)
1006 struct hci_dev *hdev = req->hdev;
1009 BT_DBG("%s", hdev->name);
1011 if (!hdev_is_powered(hdev))
1014 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1017 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1020 cod[0] = hdev->minor_class;
1021 cod[1] = hdev->major_class;
1022 cod[2] = get_service_classes(hdev);
1024 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1027 if (memcmp(cod, hdev->dev_class, 3) == 0)
1030 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1033 static bool get_connectable(struct hci_dev *hdev)
1035 struct pending_cmd *cmd;
1037 /* If there's a pending mgmt command the flag will not yet have
1038 * it's final value, so check for this first.
1040 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1042 struct mgmt_mode *cp = cmd->param;
1046 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1049 static void disable_advertising(struct hci_request *req)
1053 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1056 static void enable_advertising(struct hci_request *req)
1058 struct hci_dev *hdev = req->hdev;
1059 struct hci_cp_le_set_adv_param cp;
1060 u8 own_addr_type, enable = 0x01;
1063 if (hci_conn_num(hdev, LE_LINK) > 0)
1066 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1067 disable_advertising(req);
1069 /* Clear the HCI_LE_ADV bit temporarily so that the
1070 * hci_update_random_address knows that it's safe to go ahead
1071 * and write a new random address. The flag will be set back on
1072 * as soon as the SET_ADV_ENABLE HCI command completes.
1074 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
1076 connectable = get_connectable(hdev);
1078 /* Set require_privacy to true only when non-connectable
1079 * advertising is used. In that case it is fine to use a
1080 * non-resolvable private address.
1082 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1085 memset(&cp, 0, sizeof(cp));
1086 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1087 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1088 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1089 cp.own_address_type = own_addr_type;
1090 cp.channel_map = hdev->le_adv_channel_map;
1092 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1094 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1097 static void service_cache_off(struct work_struct *work)
1099 struct hci_dev *hdev = container_of(work, struct hci_dev,
1100 service_cache.work);
1101 struct hci_request req;
1103 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1106 hci_req_init(&req, hdev);
1113 hci_dev_unlock(hdev);
1115 hci_req_run(&req, NULL);
1118 static void rpa_expired(struct work_struct *work)
1120 struct hci_dev *hdev = container_of(work, struct hci_dev,
1122 struct hci_request req;
1126 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1128 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1131 /* The generation of a new RPA and programming it into the
1132 * controller happens in the enable_advertising() function.
1134 hci_req_init(&req, hdev);
1135 enable_advertising(&req);
1136 hci_req_run(&req, NULL);
1139 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1141 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
1144 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1145 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1147 /* Non-mgmt controlled devices get this bit set
1148 * implicitly so that pairing works for them, however
1149 * for mgmt we require user-space to explicitly enable
1152 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1155 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1156 void *data, u16 data_len)
1158 struct mgmt_rp_read_info rp;
1160 BT_DBG("sock %p %s", sk, hdev->name);
1164 memset(&rp, 0, sizeof(rp));
1166 bacpy(&rp.bdaddr, &hdev->bdaddr);
1168 rp.version = hdev->hci_ver;
1169 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1171 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1172 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1174 memcpy(rp.dev_class, hdev->dev_class, 3);
1176 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1177 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1179 hci_dev_unlock(hdev);
1181 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1185 static void mgmt_pending_free(struct pending_cmd *cmd)
1192 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1193 struct hci_dev *hdev, void *data,
1196 struct pending_cmd *cmd;
1198 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1202 cmd->opcode = opcode;
1203 cmd->index = hdev->id;
1205 cmd->param = kmalloc(len, GFP_KERNEL);
1212 memcpy(cmd->param, data, len);
1217 list_add(&cmd->list, &hdev->mgmt_pending);
1222 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
1223 void (*cb)(struct pending_cmd *cmd,
1227 struct pending_cmd *cmd, *tmp;
1229 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
1230 if (opcode > 0 && cmd->opcode != opcode)
1237 static void mgmt_pending_remove(struct pending_cmd *cmd)
1239 list_del(&cmd->list);
1240 mgmt_pending_free(cmd);
1243 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1245 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1247 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
1251 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1253 BT_DBG("%s status 0x%02x", hdev->name, status);
1255 if (hci_conn_count(hdev) == 0) {
1256 cancel_delayed_work(&hdev->power_off);
1257 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1261 static bool hci_stop_discovery(struct hci_request *req)
1263 struct hci_dev *hdev = req->hdev;
1264 struct hci_cp_remote_name_req_cancel cp;
1265 struct inquiry_entry *e;
1267 switch (hdev->discovery.state) {
1268 case DISCOVERY_FINDING:
1269 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1270 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1272 cancel_delayed_work(&hdev->le_scan_disable);
1273 hci_req_add_le_scan_disable(req);
1278 case DISCOVERY_RESOLVING:
1279 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1284 bacpy(&cp.bdaddr, &e->data.bdaddr);
1285 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1291 /* Passive scanning */
1292 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
1293 hci_req_add_le_scan_disable(req);
1303 static int clean_up_hci_state(struct hci_dev *hdev)
1305 struct hci_request req;
1306 struct hci_conn *conn;
1307 bool discov_stopped;
1310 hci_req_init(&req, hdev);
1312 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1313 test_bit(HCI_PSCAN, &hdev->flags)) {
1315 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1318 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1319 disable_advertising(&req);
1321 discov_stopped = hci_stop_discovery(&req);
1323 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1324 struct hci_cp_disconnect dc;
1325 struct hci_cp_reject_conn_req rej;
1327 switch (conn->state) {
1330 dc.handle = cpu_to_le16(conn->handle);
1331 dc.reason = 0x15; /* Terminated due to Power Off */
1332 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1335 if (conn->type == LE_LINK)
1336 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1338 else if (conn->type == ACL_LINK)
1339 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1343 bacpy(&rej.bdaddr, &conn->dst);
1344 rej.reason = 0x15; /* Terminated due to Power Off */
1345 if (conn->type == ACL_LINK)
1346 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1348 else if (conn->type == SCO_LINK)
1349 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1355 err = hci_req_run(&req, clean_up_hci_complete);
1356 if (!err && discov_stopped)
1357 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1362 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1365 struct mgmt_mode *cp = data;
1366 struct pending_cmd *cmd;
1369 BT_DBG("request for %s", hdev->name);
1371 if (cp->val != 0x00 && cp->val != 0x01)
1372 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1373 MGMT_STATUS_INVALID_PARAMS);
1377 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1378 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1383 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1384 cancel_delayed_work(&hdev->power_off);
1387 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1389 err = mgmt_powered(hdev, 1);
1394 if (!!cp->val == hdev_is_powered(hdev)) {
1395 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1399 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1406 queue_work(hdev->req_workqueue, &hdev->power_on);
1409 /* Disconnect connections, stop scans, etc */
1410 err = clean_up_hci_state(hdev);
1412 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1413 HCI_POWER_OFF_TIMEOUT);
1415 /* ENODATA means there were no HCI commands queued */
1416 if (err == -ENODATA) {
1417 cancel_delayed_work(&hdev->power_off);
1418 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1424 hci_dev_unlock(hdev);
1428 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1432 ev = cpu_to_le32(get_current_settings(hdev));
1434 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1437 int mgmt_new_settings(struct hci_dev *hdev)
1439 return new_settings(hdev, NULL);
1444 struct hci_dev *hdev;
1448 static void settings_rsp(struct pending_cmd *cmd, void *data)
1450 struct cmd_lookup *match = data;
1452 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1454 list_del(&cmd->list);
1456 if (match->sk == NULL) {
1457 match->sk = cmd->sk;
1458 sock_hold(match->sk);
1461 mgmt_pending_free(cmd);
1464 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1468 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1469 mgmt_pending_remove(cmd);
1472 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1474 if (!lmp_bredr_capable(hdev))
1475 return MGMT_STATUS_NOT_SUPPORTED;
1476 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1477 return MGMT_STATUS_REJECTED;
1479 return MGMT_STATUS_SUCCESS;
1482 static u8 mgmt_le_support(struct hci_dev *hdev)
1484 if (!lmp_le_capable(hdev))
1485 return MGMT_STATUS_NOT_SUPPORTED;
1486 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1487 return MGMT_STATUS_REJECTED;
1489 return MGMT_STATUS_SUCCESS;
1492 static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1494 struct pending_cmd *cmd;
1495 struct mgmt_mode *cp;
1496 struct hci_request req;
1499 BT_DBG("status 0x%02x", status);
1503 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1508 u8 mgmt_err = mgmt_status(status);
1509 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1510 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1516 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1519 if (hdev->discov_timeout > 0) {
1520 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1521 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1525 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1529 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1532 new_settings(hdev, cmd->sk);
1534 /* When the discoverable mode gets changed, make sure
1535 * that class of device has the limited discoverable
1536 * bit correctly set. Also update page scan based on whitelist
1539 hci_req_init(&req, hdev);
1540 hci_update_page_scan(hdev, &req);
1542 hci_req_run(&req, NULL);
1545 mgmt_pending_remove(cmd);
1548 hci_dev_unlock(hdev);
1551 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1554 struct mgmt_cp_set_discoverable *cp = data;
1555 struct pending_cmd *cmd;
1556 struct hci_request req;
1561 BT_DBG("request for %s", hdev->name);
1563 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1564 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1565 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1566 MGMT_STATUS_REJECTED);
1568 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1569 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1570 MGMT_STATUS_INVALID_PARAMS);
1572 timeout = __le16_to_cpu(cp->timeout);
1574 /* Disabling discoverable requires that no timeout is set,
1575 * and enabling limited discoverable requires a timeout.
1577 if ((cp->val == 0x00 && timeout > 0) ||
1578 (cp->val == 0x02 && timeout == 0))
1579 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1580 MGMT_STATUS_INVALID_PARAMS);
1584 if (!hdev_is_powered(hdev) && timeout > 0) {
1585 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1586 MGMT_STATUS_NOT_POWERED);
1590 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1591 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1592 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1597 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1598 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1599 MGMT_STATUS_REJECTED);
1603 if (!hdev_is_powered(hdev)) {
1604 bool changed = false;
1606 /* Setting limited discoverable when powered off is
1607 * not a valid operation since it requires a timeout
1608 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1610 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1611 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1615 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1620 err = new_settings(hdev, sk);
1625 /* If the current mode is the same, then just update the timeout
1626 * value with the new value. And if only the timeout gets updated,
1627 * then no need for any HCI transactions.
1629 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1630 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1631 &hdev->dev_flags)) {
1632 cancel_delayed_work(&hdev->discov_off);
1633 hdev->discov_timeout = timeout;
1635 if (cp->val && hdev->discov_timeout > 0) {
1636 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1637 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1641 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1645 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1651 /* Cancel any potential discoverable timeout that might be
1652 * still active and store new timeout value. The arming of
1653 * the timeout happens in the complete handler.
1655 cancel_delayed_work(&hdev->discov_off);
1656 hdev->discov_timeout = timeout;
1658 /* Limited discoverable mode */
1659 if (cp->val == 0x02)
1660 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1662 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1664 hci_req_init(&req, hdev);
1666 /* The procedure for LE-only controllers is much simpler - just
1667 * update the advertising data.
1669 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1675 struct hci_cp_write_current_iac_lap hci_cp;
1677 if (cp->val == 0x02) {
1678 /* Limited discoverable mode */
1679 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1680 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1681 hci_cp.iac_lap[1] = 0x8b;
1682 hci_cp.iac_lap[2] = 0x9e;
1683 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1684 hci_cp.iac_lap[4] = 0x8b;
1685 hci_cp.iac_lap[5] = 0x9e;
1687 /* General discoverable mode */
1689 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1690 hci_cp.iac_lap[1] = 0x8b;
1691 hci_cp.iac_lap[2] = 0x9e;
1694 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1695 (hci_cp.num_iac * 3) + 1, &hci_cp);
1697 scan |= SCAN_INQUIRY;
1699 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1702 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1705 update_adv_data(&req);
1707 err = hci_req_run(&req, set_discoverable_complete);
1709 mgmt_pending_remove(cmd);
1712 hci_dev_unlock(hdev);
1716 static void write_fast_connectable(struct hci_request *req, bool enable)
1718 struct hci_dev *hdev = req->hdev;
1719 struct hci_cp_write_page_scan_activity acp;
1722 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1725 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1729 type = PAGE_SCAN_TYPE_INTERLACED;
1731 /* 160 msec page scan interval */
1732 acp.interval = cpu_to_le16(0x0100);
1734 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1736 /* default 1.28 sec page scan */
1737 acp.interval = cpu_to_le16(0x0800);
1740 acp.window = cpu_to_le16(0x0012);
1742 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1743 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1744 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1747 if (hdev->page_scan_type != type)
1748 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1751 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1753 struct pending_cmd *cmd;
1754 struct mgmt_mode *cp;
1755 bool conn_changed, discov_changed;
1757 BT_DBG("status 0x%02x", status);
1761 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1766 u8 mgmt_err = mgmt_status(status);
1767 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1773 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1775 discov_changed = false;
1777 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1779 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1783 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1785 if (conn_changed || discov_changed) {
1786 new_settings(hdev, cmd->sk);
1787 hci_update_page_scan(hdev, NULL);
1789 mgmt_update_adv_data(hdev);
1790 hci_update_background_scan(hdev);
1794 mgmt_pending_remove(cmd);
1797 hci_dev_unlock(hdev);
1800 static int set_connectable_update_settings(struct hci_dev *hdev,
1801 struct sock *sk, u8 val)
1803 bool changed = false;
1806 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1810 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1812 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1813 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1816 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1821 hci_update_page_scan(hdev, NULL);
1822 hci_update_background_scan(hdev);
1823 return new_settings(hdev, sk);
1829 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1832 struct mgmt_mode *cp = data;
1833 struct pending_cmd *cmd;
1834 struct hci_request req;
1838 BT_DBG("request for %s", hdev->name);
1840 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1841 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1842 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1843 MGMT_STATUS_REJECTED);
1845 if (cp->val != 0x00 && cp->val != 0x01)
1846 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1847 MGMT_STATUS_INVALID_PARAMS);
1851 if (!hdev_is_powered(hdev)) {
1852 err = set_connectable_update_settings(hdev, sk, cp->val);
1856 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1857 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1858 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1863 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1869 hci_req_init(&req, hdev);
1871 /* If BR/EDR is not enabled and we disable advertising as a
1872 * by-product of disabling connectable, we need to update the
1873 * advertising flags.
1875 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1877 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1878 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1880 update_adv_data(&req);
1881 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1885 /* If we don't have any whitelist entries just
1886 * disable all scanning. If there are entries
1887 * and we had both page and inquiry scanning
1888 * enabled then fall back to only page scanning.
1889 * Otherwise no changes are needed.
1891 if (list_empty(&hdev->whitelist))
1892 scan = SCAN_DISABLED;
1893 else if (test_bit(HCI_ISCAN, &hdev->flags))
1896 goto no_scan_update;
1898 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1899 hdev->discov_timeout > 0)
1900 cancel_delayed_work(&hdev->discov_off);
1903 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1907 /* If we're going from non-connectable to connectable or
1908 * vice-versa when fast connectable is enabled ensure that fast
1909 * connectable gets disabled. write_fast_connectable won't do
1910 * anything if the page scan parameters are already what they
1913 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1914 write_fast_connectable(&req, false);
1916 /* Update the advertising parameters if necessary */
1917 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1918 enable_advertising(&req);
1920 err = hci_req_run(&req, set_connectable_complete);
1922 mgmt_pending_remove(cmd);
1923 if (err == -ENODATA)
1924 err = set_connectable_update_settings(hdev, sk,
1930 hci_dev_unlock(hdev);
1934 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1937 struct mgmt_mode *cp = data;
1941 BT_DBG("request for %s", hdev->name);
1943 if (cp->val != 0x00 && cp->val != 0x01)
1944 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1945 MGMT_STATUS_INVALID_PARAMS);
1950 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
1952 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1954 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1959 err = new_settings(hdev, sk);
1962 hci_dev_unlock(hdev);
1966 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1969 struct mgmt_mode *cp = data;
1970 struct pending_cmd *cmd;
1974 BT_DBG("request for %s", hdev->name);
1976 status = mgmt_bredr_support(hdev);
1978 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1981 if (cp->val != 0x00 && cp->val != 0x01)
1982 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1983 MGMT_STATUS_INVALID_PARAMS);
1987 if (!hdev_is_powered(hdev)) {
1988 bool changed = false;
1990 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1991 &hdev->dev_flags)) {
1992 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1996 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2001 err = new_settings(hdev, sk);
2006 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2007 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2014 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2015 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2019 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2025 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2027 mgmt_pending_remove(cmd);
2032 hci_dev_unlock(hdev);
2036 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2038 struct mgmt_mode *cp = data;
2039 struct pending_cmd *cmd;
2043 BT_DBG("request for %s", hdev->name);
2045 status = mgmt_bredr_support(hdev);
2047 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2049 if (!lmp_ssp_capable(hdev))
2050 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2051 MGMT_STATUS_NOT_SUPPORTED);
2053 if (cp->val != 0x00 && cp->val != 0x01)
2054 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2055 MGMT_STATUS_INVALID_PARAMS);
2059 if (!hdev_is_powered(hdev)) {
2063 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2066 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2069 changed = test_and_clear_bit(HCI_HS_ENABLED,
2072 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2075 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2080 err = new_settings(hdev, sk);
2085 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2086 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
2087 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2092 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2093 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2097 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2103 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2104 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2105 sizeof(cp->val), &cp->val);
2107 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2109 mgmt_pending_remove(cmd);
2114 hci_dev_unlock(hdev);
2118 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2120 struct mgmt_mode *cp = data;
2125 BT_DBG("request for %s", hdev->name);
2127 status = mgmt_bredr_support(hdev);
2129 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2131 if (!lmp_ssp_capable(hdev))
2132 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2133 MGMT_STATUS_NOT_SUPPORTED);
2135 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2136 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2137 MGMT_STATUS_REJECTED);
2139 if (cp->val != 0x00 && cp->val != 0x01)
2140 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2141 MGMT_STATUS_INVALID_PARAMS);
2146 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2148 if (hdev_is_powered(hdev)) {
2149 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2150 MGMT_STATUS_REJECTED);
2154 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2157 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2162 err = new_settings(hdev, sk);
2165 hci_dev_unlock(hdev);
2169 static void le_enable_complete(struct hci_dev *hdev, u8 status)
2171 struct cmd_lookup match = { NULL, hdev };
2174 u8 mgmt_err = mgmt_status(status);
2176 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2181 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2183 new_settings(hdev, match.sk);
2188 /* Make sure the controller has a good default for
2189 * advertising data. Restrict the update to when LE
2190 * has actually been enabled. During power on, the
2191 * update in powered_update_hci will take care of it.
2193 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2194 struct hci_request req;
2198 hci_req_init(&req, hdev);
2199 update_adv_data(&req);
2200 update_scan_rsp_data(&req);
2201 hci_req_run(&req, NULL);
2203 hci_update_background_scan(hdev);
2205 hci_dev_unlock(hdev);
2209 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2211 struct mgmt_mode *cp = data;
2212 struct hci_cp_write_le_host_supported hci_cp;
2213 struct pending_cmd *cmd;
2214 struct hci_request req;
2218 BT_DBG("request for %s", hdev->name);
2220 if (!lmp_le_capable(hdev))
2221 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2222 MGMT_STATUS_NOT_SUPPORTED);
2224 if (cp->val != 0x00 && cp->val != 0x01)
2225 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2226 MGMT_STATUS_INVALID_PARAMS);
2228 /* LE-only devices do not allow toggling LE on/off */
2229 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
2230 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2231 MGMT_STATUS_REJECTED);
2236 enabled = lmp_host_le_capable(hdev);
2238 if (!hdev_is_powered(hdev) || val == enabled) {
2239 bool changed = false;
2241 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2242 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2246 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2247 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
2251 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2256 err = new_settings(hdev, sk);
2261 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2262 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2263 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2268 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2274 hci_req_init(&req, hdev);
2276 memset(&hci_cp, 0, sizeof(hci_cp));
2280 hci_cp.simul = 0x00;
2282 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
2283 disable_advertising(&req);
2286 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2289 err = hci_req_run(&req, le_enable_complete);
2291 mgmt_pending_remove(cmd);
2294 hci_dev_unlock(hdev);
2298 /* This is a helper function to test for pending mgmt commands that can
2299 * cause CoD or EIR HCI commands. We can only allow one such pending
2300 * mgmt command at a time since otherwise we cannot easily track what
2301 * the current values are, will be, and based on that calculate if a new
2302 * HCI command needs to be sent and if yes with what value.
2304 static bool pending_eir_or_class(struct hci_dev *hdev)
2306 struct pending_cmd *cmd;
2308 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2309 switch (cmd->opcode) {
2310 case MGMT_OP_ADD_UUID:
2311 case MGMT_OP_REMOVE_UUID:
2312 case MGMT_OP_SET_DEV_CLASS:
2313 case MGMT_OP_SET_POWERED:
2321 static const u8 bluetooth_base_uuid[] = {
2322 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2323 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2326 static u8 get_uuid_size(const u8 *uuid)
2330 if (memcmp(uuid, bluetooth_base_uuid, 12))
2333 val = get_unaligned_le32(&uuid[12]);
2340 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2342 struct pending_cmd *cmd;
2346 cmd = mgmt_pending_find(mgmt_op, hdev);
2350 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2351 hdev->dev_class, 3);
2353 mgmt_pending_remove(cmd);
2356 hci_dev_unlock(hdev);
2359 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2361 BT_DBG("status 0x%02x", status);
2363 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2366 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2368 struct mgmt_cp_add_uuid *cp = data;
2369 struct pending_cmd *cmd;
2370 struct hci_request req;
2371 struct bt_uuid *uuid;
2374 BT_DBG("request for %s", hdev->name);
2378 if (pending_eir_or_class(hdev)) {
2379 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2384 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2390 memcpy(uuid->uuid, cp->uuid, 16);
2391 uuid->svc_hint = cp->svc_hint;
2392 uuid->size = get_uuid_size(cp->uuid);
2394 list_add_tail(&uuid->list, &hdev->uuids);
2396 hci_req_init(&req, hdev);
2401 err = hci_req_run(&req, add_uuid_complete);
2403 if (err != -ENODATA)
2406 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2407 hdev->dev_class, 3);
2411 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2420 hci_dev_unlock(hdev);
2424 static bool enable_service_cache(struct hci_dev *hdev)
2426 if (!hdev_is_powered(hdev))
2429 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2430 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2438 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2440 BT_DBG("status 0x%02x", status);
2442 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2445 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2448 struct mgmt_cp_remove_uuid *cp = data;
2449 struct pending_cmd *cmd;
2450 struct bt_uuid *match, *tmp;
2451 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2452 struct hci_request req;
2455 BT_DBG("request for %s", hdev->name);
2459 if (pending_eir_or_class(hdev)) {
2460 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2465 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2466 hci_uuids_clear(hdev);
2468 if (enable_service_cache(hdev)) {
2469 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2470 0, hdev->dev_class, 3);
2479 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2480 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2483 list_del(&match->list);
2489 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2490 MGMT_STATUS_INVALID_PARAMS);
2495 hci_req_init(&req, hdev);
2500 err = hci_req_run(&req, remove_uuid_complete);
2502 if (err != -ENODATA)
2505 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2506 hdev->dev_class, 3);
2510 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2519 hci_dev_unlock(hdev);
2523 static void set_class_complete(struct hci_dev *hdev, u8 status)
2525 BT_DBG("status 0x%02x", status);
2527 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2530 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2533 struct mgmt_cp_set_dev_class *cp = data;
2534 struct pending_cmd *cmd;
2535 struct hci_request req;
2538 BT_DBG("request for %s", hdev->name);
2540 if (!lmp_bredr_capable(hdev))
2541 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2542 MGMT_STATUS_NOT_SUPPORTED);
2546 if (pending_eir_or_class(hdev)) {
2547 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2552 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2553 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2554 MGMT_STATUS_INVALID_PARAMS);
2558 hdev->major_class = cp->major;
2559 hdev->minor_class = cp->minor;
2561 if (!hdev_is_powered(hdev)) {
2562 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2563 hdev->dev_class, 3);
2567 hci_req_init(&req, hdev);
2569 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2570 hci_dev_unlock(hdev);
2571 cancel_delayed_work_sync(&hdev->service_cache);
2578 err = hci_req_run(&req, set_class_complete);
2580 if (err != -ENODATA)
2583 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2584 hdev->dev_class, 3);
2588 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2597 hci_dev_unlock(hdev);
2601 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2604 struct mgmt_cp_load_link_keys *cp = data;
2605 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2606 sizeof(struct mgmt_link_key_info));
2607 u16 key_count, expected_len;
2611 BT_DBG("request for %s", hdev->name);
2613 if (!lmp_bredr_capable(hdev))
2614 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2615 MGMT_STATUS_NOT_SUPPORTED);
2617 key_count = __le16_to_cpu(cp->key_count);
2618 if (key_count > max_key_count) {
2619 BT_ERR("load_link_keys: too big key_count value %u",
2621 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2622 MGMT_STATUS_INVALID_PARAMS);
2625 expected_len = sizeof(*cp) + key_count *
2626 sizeof(struct mgmt_link_key_info);
2627 if (expected_len != len) {
2628 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2630 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2631 MGMT_STATUS_INVALID_PARAMS);
2634 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2635 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2636 MGMT_STATUS_INVALID_PARAMS);
2638 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2641 for (i = 0; i < key_count; i++) {
2642 struct mgmt_link_key_info *key = &cp->keys[i];
2644 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2645 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2646 MGMT_STATUS_INVALID_PARAMS);
2651 hci_link_keys_clear(hdev);
2654 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2657 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2661 new_settings(hdev, NULL);
2663 for (i = 0; i < key_count; i++) {
2664 struct mgmt_link_key_info *key = &cp->keys[i];
2666 /* Always ignore debug keys and require a new pairing if
2667 * the user wants to use them.
2669 if (key->type == HCI_LK_DEBUG_COMBINATION)
2672 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2673 key->type, key->pin_len, NULL);
2676 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2678 hci_dev_unlock(hdev);
2683 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2684 u8 addr_type, struct sock *skip_sk)
2686 struct mgmt_ev_device_unpaired ev;
2688 bacpy(&ev.addr.bdaddr, bdaddr);
2689 ev.addr.type = addr_type;
2691 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2695 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2698 struct mgmt_cp_unpair_device *cp = data;
2699 struct mgmt_rp_unpair_device rp;
2700 struct hci_cp_disconnect dc;
2701 struct pending_cmd *cmd;
2702 struct hci_conn *conn;
2705 memset(&rp, 0, sizeof(rp));
2706 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2707 rp.addr.type = cp->addr.type;
2709 if (!bdaddr_type_is_valid(cp->addr.type))
2710 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2711 MGMT_STATUS_INVALID_PARAMS,
2714 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2715 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2716 MGMT_STATUS_INVALID_PARAMS,
2721 if (!hdev_is_powered(hdev)) {
2722 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2723 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2727 if (cp->addr.type == BDADDR_BREDR) {
2728 /* If disconnection is requested, then look up the
2729 * connection. If the remote device is connected, it
2730 * will be later used to terminate the link.
2732 * Setting it to NULL explicitly will cause no
2733 * termination of the link.
2736 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2741 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2745 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2748 /* Defer clearing up the connection parameters
2749 * until closing to give a chance of keeping
2750 * them if a repairing happens.
2752 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2754 /* If disconnection is not requested, then
2755 * clear the connection variable so that the
2756 * link is not terminated.
2758 if (!cp->disconnect)
2762 if (cp->addr.type == BDADDR_LE_PUBLIC)
2763 addr_type = ADDR_LE_DEV_PUBLIC;
2765 addr_type = ADDR_LE_DEV_RANDOM;
2767 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2769 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2773 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2774 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2778 /* If the connection variable is set, then termination of the
2779 * link is requested.
2782 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2784 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2788 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2795 dc.handle = cpu_to_le16(conn->handle);
2796 dc.reason = 0x13; /* Remote User Terminated Connection */
2797 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2799 mgmt_pending_remove(cmd);
2802 hci_dev_unlock(hdev);
2806 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2809 struct mgmt_cp_disconnect *cp = data;
2810 struct mgmt_rp_disconnect rp;
2811 struct pending_cmd *cmd;
2812 struct hci_conn *conn;
2817 memset(&rp, 0, sizeof(rp));
2818 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2819 rp.addr.type = cp->addr.type;
2821 if (!bdaddr_type_is_valid(cp->addr.type))
2822 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2823 MGMT_STATUS_INVALID_PARAMS,
2828 if (!test_bit(HCI_UP, &hdev->flags)) {
2829 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2830 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2834 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2835 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2836 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2840 if (cp->addr.type == BDADDR_BREDR)
2841 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2844 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2846 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2847 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2848 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2852 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2858 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2860 mgmt_pending_remove(cmd);
2863 hci_dev_unlock(hdev);
2867 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2869 switch (link_type) {
2871 switch (addr_type) {
2872 case ADDR_LE_DEV_PUBLIC:
2873 return BDADDR_LE_PUBLIC;
2876 /* Fallback to LE Random address type */
2877 return BDADDR_LE_RANDOM;
2881 /* Fallback to BR/EDR type */
2882 return BDADDR_BREDR;
2886 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2889 struct mgmt_rp_get_connections *rp;
2899 if (!hdev_is_powered(hdev)) {
2900 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2901 MGMT_STATUS_NOT_POWERED);
2906 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2907 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2911 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2912 rp = kmalloc(rp_len, GFP_KERNEL);
2919 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2920 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2922 bacpy(&rp->addr[i].bdaddr, &c->dst);
2923 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2924 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2929 rp->conn_count = cpu_to_le16(i);
2931 /* Recalculate length in case of filtered SCO connections, etc */
2932 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2934 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2940 hci_dev_unlock(hdev);
2944 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2945 struct mgmt_cp_pin_code_neg_reply *cp)
2947 struct pending_cmd *cmd;
2950 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2955 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2956 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2958 mgmt_pending_remove(cmd);
2963 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2966 struct hci_conn *conn;
2967 struct mgmt_cp_pin_code_reply *cp = data;
2968 struct hci_cp_pin_code_reply reply;
2969 struct pending_cmd *cmd;
2976 if (!hdev_is_powered(hdev)) {
2977 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2978 MGMT_STATUS_NOT_POWERED);
2982 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2984 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2985 MGMT_STATUS_NOT_CONNECTED);
2989 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2990 struct mgmt_cp_pin_code_neg_reply ncp;
2992 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2994 BT_ERR("PIN code is not 16 bytes long");
2996 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2998 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2999 MGMT_STATUS_INVALID_PARAMS);
3004 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3010 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3011 reply.pin_len = cp->pin_len;
3012 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3014 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3016 mgmt_pending_remove(cmd);
3019 hci_dev_unlock(hdev);
3023 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3026 struct mgmt_cp_set_io_capability *cp = data;
3030 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3031 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3032 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3036 hdev->io_capability = cp->io_capability;
3038 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3039 hdev->io_capability);
3041 hci_dev_unlock(hdev);
3043 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3047 static struct pending_cmd *find_pairing(struct hci_conn *conn)
3049 struct hci_dev *hdev = conn->hdev;
3050 struct pending_cmd *cmd;
3052 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3053 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3056 if (cmd->user_data != conn)
3065 static void pairing_complete(struct pending_cmd *cmd, u8 status)
3067 struct mgmt_rp_pair_device rp;
3068 struct hci_conn *conn = cmd->user_data;
3070 bacpy(&rp.addr.bdaddr, &conn->dst);
3071 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3073 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
3076 /* So we don't get further callbacks for this connection */
3077 conn->connect_cfm_cb = NULL;
3078 conn->security_cfm_cb = NULL;
3079 conn->disconn_cfm_cb = NULL;
3081 hci_conn_drop(conn);
3084 mgmt_pending_remove(cmd);
3086 /* The device is paired so there is no need to remove
3087 * its connection parameters anymore.
3089 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3092 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3094 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3095 struct pending_cmd *cmd;
3097 cmd = find_pairing(conn);
3099 pairing_complete(cmd, status);
3102 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3104 struct pending_cmd *cmd;
3106 BT_DBG("status %u", status);
3108 cmd = find_pairing(conn);
3110 BT_DBG("Unable to find a pending command");
3112 pairing_complete(cmd, mgmt_status(status));
3115 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3117 struct pending_cmd *cmd;
3119 BT_DBG("status %u", status);
3124 cmd = find_pairing(conn);
3126 BT_DBG("Unable to find a pending command");
3128 pairing_complete(cmd, mgmt_status(status));
3131 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3134 struct mgmt_cp_pair_device *cp = data;
3135 struct mgmt_rp_pair_device rp;
3136 struct pending_cmd *cmd;
3137 u8 sec_level, auth_type;
3138 struct hci_conn *conn;
3143 memset(&rp, 0, sizeof(rp));
3144 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3145 rp.addr.type = cp->addr.type;
3147 if (!bdaddr_type_is_valid(cp->addr.type))
3148 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3149 MGMT_STATUS_INVALID_PARAMS,
3152 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3153 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3154 MGMT_STATUS_INVALID_PARAMS,
3159 if (!hdev_is_powered(hdev)) {
3160 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3161 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
3165 sec_level = BT_SECURITY_MEDIUM;
3166 auth_type = HCI_AT_DEDICATED_BONDING;
3168 if (cp->addr.type == BDADDR_BREDR) {
3169 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3174 /* Convert from L2CAP channel address type to HCI address type
3176 if (cp->addr.type == BDADDR_LE_PUBLIC)
3177 addr_type = ADDR_LE_DEV_PUBLIC;
3179 addr_type = ADDR_LE_DEV_RANDOM;
3181 /* When pairing a new device, it is expected to remember
3182 * this device for future connections. Adding the connection
3183 * parameter information ahead of time allows tracking
3184 * of the slave preferred values and will speed up any
3185 * further connection establishment.
3187 * If connection parameters already exist, then they
3188 * will be kept and this function does nothing.
3190 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3192 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3193 sec_level, HCI_LE_CONN_TIMEOUT,
3200 if (PTR_ERR(conn) == -EBUSY)
3201 status = MGMT_STATUS_BUSY;
3203 status = MGMT_STATUS_CONNECT_FAILED;
3205 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3211 if (conn->connect_cfm_cb) {
3212 hci_conn_drop(conn);
3213 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3214 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3218 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3221 hci_conn_drop(conn);
3225 /* For LE, just connecting isn't a proof that the pairing finished */
3226 if (cp->addr.type == BDADDR_BREDR) {
3227 conn->connect_cfm_cb = pairing_complete_cb;
3228 conn->security_cfm_cb = pairing_complete_cb;
3229 conn->disconn_cfm_cb = pairing_complete_cb;
3231 conn->connect_cfm_cb = le_pairing_complete_cb;
3232 conn->security_cfm_cb = le_pairing_complete_cb;
3233 conn->disconn_cfm_cb = le_pairing_complete_cb;
3236 conn->io_capability = cp->io_cap;
3237 cmd->user_data = hci_conn_get(conn);
3239 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3240 hci_conn_security(conn, sec_level, auth_type, true))
3241 pairing_complete(cmd, 0);
3246 hci_dev_unlock(hdev);
3250 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3253 struct mgmt_addr_info *addr = data;
3254 struct pending_cmd *cmd;
3255 struct hci_conn *conn;
3262 if (!hdev_is_powered(hdev)) {
3263 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3264 MGMT_STATUS_NOT_POWERED);
3268 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3270 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3271 MGMT_STATUS_INVALID_PARAMS);
3275 conn = cmd->user_data;
3277 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3278 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3279 MGMT_STATUS_INVALID_PARAMS);
3283 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3285 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3286 addr, sizeof(*addr));
3288 hci_dev_unlock(hdev);
3292 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3293 struct mgmt_addr_info *addr, u16 mgmt_op,
3294 u16 hci_op, __le32 passkey)
3296 struct pending_cmd *cmd;
3297 struct hci_conn *conn;
3302 if (!hdev_is_powered(hdev)) {
3303 err = cmd_complete(sk, hdev->id, mgmt_op,
3304 MGMT_STATUS_NOT_POWERED, addr,
3309 if (addr->type == BDADDR_BREDR)
3310 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3312 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3315 err = cmd_complete(sk, hdev->id, mgmt_op,
3316 MGMT_STATUS_NOT_CONNECTED, addr,
3321 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3322 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3324 err = cmd_complete(sk, hdev->id, mgmt_op,
3325 MGMT_STATUS_SUCCESS, addr,
3328 err = cmd_complete(sk, hdev->id, mgmt_op,
3329 MGMT_STATUS_FAILED, addr,
3335 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3341 /* Continue with pairing via HCI */
3342 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3343 struct hci_cp_user_passkey_reply cp;
3345 bacpy(&cp.bdaddr, &addr->bdaddr);
3346 cp.passkey = passkey;
3347 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3349 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3353 mgmt_pending_remove(cmd);
3356 hci_dev_unlock(hdev);
3360 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3361 void *data, u16 len)
3363 struct mgmt_cp_pin_code_neg_reply *cp = data;
3367 return user_pairing_resp(sk, hdev, &cp->addr,
3368 MGMT_OP_PIN_CODE_NEG_REPLY,
3369 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3372 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3375 struct mgmt_cp_user_confirm_reply *cp = data;
3379 if (len != sizeof(*cp))
3380 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3381 MGMT_STATUS_INVALID_PARAMS);
3383 return user_pairing_resp(sk, hdev, &cp->addr,
3384 MGMT_OP_USER_CONFIRM_REPLY,
3385 HCI_OP_USER_CONFIRM_REPLY, 0);
3388 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3389 void *data, u16 len)
3391 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3395 return user_pairing_resp(sk, hdev, &cp->addr,
3396 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3397 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3400 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3403 struct mgmt_cp_user_passkey_reply *cp = data;
3407 return user_pairing_resp(sk, hdev, &cp->addr,
3408 MGMT_OP_USER_PASSKEY_REPLY,
3409 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3412 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3413 void *data, u16 len)
3415 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3419 return user_pairing_resp(sk, hdev, &cp->addr,
3420 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3421 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3424 static void update_name(struct hci_request *req)
3426 struct hci_dev *hdev = req->hdev;
3427 struct hci_cp_write_local_name cp;
3429 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3431 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3434 static void set_name_complete(struct hci_dev *hdev, u8 status)
3436 struct mgmt_cp_set_local_name *cp;
3437 struct pending_cmd *cmd;
3439 BT_DBG("status 0x%02x", status);
3443 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3450 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3451 mgmt_status(status));
3453 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3456 mgmt_pending_remove(cmd);
3459 hci_dev_unlock(hdev);
3462 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3465 struct mgmt_cp_set_local_name *cp = data;
3466 struct pending_cmd *cmd;
3467 struct hci_request req;
3474 /* If the old values are the same as the new ones just return a
3475 * direct command complete event.
3477 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3478 !memcmp(hdev->short_name, cp->short_name,
3479 sizeof(hdev->short_name))) {
3480 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3485 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3487 if (!hdev_is_powered(hdev)) {
3488 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3490 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3495 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3501 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3507 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3509 hci_req_init(&req, hdev);
3511 if (lmp_bredr_capable(hdev)) {
3516 /* The name is stored in the scan response data and so
3517 * no need to udpate the advertising data here.
3519 if (lmp_le_capable(hdev))
3520 update_scan_rsp_data(&req);
3522 err = hci_req_run(&req, set_name_complete);
3524 mgmt_pending_remove(cmd);
3527 hci_dev_unlock(hdev);
3531 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3532 void *data, u16 data_len)
3534 struct pending_cmd *cmd;
3537 BT_DBG("%s", hdev->name);
3541 if (!hdev_is_powered(hdev)) {
3542 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3543 MGMT_STATUS_NOT_POWERED);
3547 if (!lmp_ssp_capable(hdev)) {
3548 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3549 MGMT_STATUS_NOT_SUPPORTED);
3553 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3554 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3559 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3565 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3566 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3569 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3572 mgmt_pending_remove(cmd);
3575 hci_dev_unlock(hdev);
3579 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3580 void *data, u16 len)
3584 BT_DBG("%s ", hdev->name);
3588 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3589 struct mgmt_cp_add_remote_oob_data *cp = data;
3592 if (cp->addr.type != BDADDR_BREDR) {
3593 err = cmd_complete(sk, hdev->id,
3594 MGMT_OP_ADD_REMOTE_OOB_DATA,
3595 MGMT_STATUS_INVALID_PARAMS,
3596 &cp->addr, sizeof(cp->addr));
3600 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3601 cp->hash, cp->rand);
3603 status = MGMT_STATUS_FAILED;
3605 status = MGMT_STATUS_SUCCESS;
3607 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3608 status, &cp->addr, sizeof(cp->addr));
3609 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3610 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3613 if (cp->addr.type != BDADDR_BREDR) {
3614 err = cmd_complete(sk, hdev->id,
3615 MGMT_OP_ADD_REMOTE_OOB_DATA,
3616 MGMT_STATUS_INVALID_PARAMS,
3617 &cp->addr, sizeof(cp->addr));
3621 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3622 cp->hash192, cp->rand192,
3623 cp->hash256, cp->rand256);
3625 status = MGMT_STATUS_FAILED;
3627 status = MGMT_STATUS_SUCCESS;
3629 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3630 status, &cp->addr, sizeof(cp->addr));
3632 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3633 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3634 MGMT_STATUS_INVALID_PARAMS);
3638 hci_dev_unlock(hdev);
3642 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3643 void *data, u16 len)
3645 struct mgmt_cp_remove_remote_oob_data *cp = data;
3649 BT_DBG("%s", hdev->name);
3651 if (cp->addr.type != BDADDR_BREDR)
3652 return cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3653 MGMT_STATUS_INVALID_PARAMS,
3654 &cp->addr, sizeof(cp->addr));
3658 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3659 hci_remote_oob_data_clear(hdev);
3660 status = MGMT_STATUS_SUCCESS;
3664 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
3666 status = MGMT_STATUS_INVALID_PARAMS;
3668 status = MGMT_STATUS_SUCCESS;
3671 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3672 status, &cp->addr, sizeof(cp->addr));
3674 hci_dev_unlock(hdev);
3678 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3680 struct pending_cmd *cmd;
3684 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3686 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3690 type = hdev->discovery.type;
3692 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3693 &type, sizeof(type));
3694 mgmt_pending_remove(cmd);
3699 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3701 unsigned long timeout = 0;
3703 BT_DBG("status %d", status);
3707 mgmt_start_discovery_failed(hdev, status);
3708 hci_dev_unlock(hdev);
3713 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3714 hci_dev_unlock(hdev);
3716 switch (hdev->discovery.type) {
3717 case DISCOV_TYPE_LE:
3718 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3721 case DISCOV_TYPE_INTERLEAVED:
3722 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3725 case DISCOV_TYPE_BREDR:
3729 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3735 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
3738 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3739 void *data, u16 len)
3741 struct mgmt_cp_start_discovery *cp = data;
3742 struct pending_cmd *cmd;
3743 struct hci_cp_le_set_scan_param param_cp;
3744 struct hci_cp_le_set_scan_enable enable_cp;
3745 struct hci_cp_inquiry inq_cp;
3746 struct hci_request req;
3747 /* General inquiry access code (GIAC) */
3748 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3749 u8 status, own_addr_type;
3752 BT_DBG("%s", hdev->name);
3756 if (!hdev_is_powered(hdev)) {
3757 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3758 MGMT_STATUS_NOT_POWERED,
3759 &cp->type, sizeof(cp->type));
3763 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3764 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3765 MGMT_STATUS_BUSY, &cp->type,
3770 if (hdev->discovery.state != DISCOVERY_STOPPED) {
3771 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3772 MGMT_STATUS_BUSY, &cp->type,
3777 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
3783 hdev->discovery.type = cp->type;
3785 hci_req_init(&req, hdev);
3787 switch (hdev->discovery.type) {
3788 case DISCOV_TYPE_BREDR:
3789 status = mgmt_bredr_support(hdev);
3791 err = cmd_complete(sk, hdev->id,
3792 MGMT_OP_START_DISCOVERY, status,
3793 &cp->type, sizeof(cp->type));
3794 mgmt_pending_remove(cmd);
3798 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3799 err = cmd_complete(sk, hdev->id,
3800 MGMT_OP_START_DISCOVERY,
3801 MGMT_STATUS_BUSY, &cp->type,
3803 mgmt_pending_remove(cmd);
3807 hci_inquiry_cache_flush(hdev);
3809 memset(&inq_cp, 0, sizeof(inq_cp));
3810 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3811 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3812 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3815 case DISCOV_TYPE_LE:
3816 case DISCOV_TYPE_INTERLEAVED:
3817 status = mgmt_le_support(hdev);
3819 err = cmd_complete(sk, hdev->id,
3820 MGMT_OP_START_DISCOVERY, status,
3821 &cp->type, sizeof(cp->type));
3822 mgmt_pending_remove(cmd);
3826 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3827 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3828 err = cmd_complete(sk, hdev->id,
3829 MGMT_OP_START_DISCOVERY,
3830 MGMT_STATUS_NOT_SUPPORTED,
3831 &cp->type, sizeof(cp->type));
3832 mgmt_pending_remove(cmd);
3836 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3837 /* Don't let discovery abort an outgoing
3838 * connection attempt that's using directed
3841 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3843 err = cmd_complete(sk, hdev->id,
3844 MGMT_OP_START_DISCOVERY,
3845 MGMT_STATUS_REJECTED,
3848 mgmt_pending_remove(cmd);
3852 disable_advertising(&req);
3855 /* If controller is scanning, it means the background scanning
3856 * is running. Thus, we should temporarily stop it in order to
3857 * set the discovery scanning parameters.
3859 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3860 hci_req_add_le_scan_disable(&req);
3862 memset(¶m_cp, 0, sizeof(param_cp));
3864 /* All active scans will be done with either a resolvable
3865 * private address (when privacy feature has been enabled)
3866 * or unresolvable private address.
3868 err = hci_update_random_address(&req, true, &own_addr_type);
3870 err = cmd_complete(sk, hdev->id,
3871 MGMT_OP_START_DISCOVERY,
3873 &cp->type, sizeof(cp->type));
3874 mgmt_pending_remove(cmd);
3878 param_cp.type = LE_SCAN_ACTIVE;
3879 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3880 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3881 param_cp.own_address_type = own_addr_type;
3882 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3885 memset(&enable_cp, 0, sizeof(enable_cp));
3886 enable_cp.enable = LE_SCAN_ENABLE;
3887 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3888 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3893 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3894 MGMT_STATUS_INVALID_PARAMS,
3895 &cp->type, sizeof(cp->type));
3896 mgmt_pending_remove(cmd);
3900 err = hci_req_run(&req, start_discovery_complete);
3902 mgmt_pending_remove(cmd);
3904 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3907 hci_dev_unlock(hdev);
3911 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3913 struct pending_cmd *cmd;
3916 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3920 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3921 &hdev->discovery.type, sizeof(hdev->discovery.type));
3922 mgmt_pending_remove(cmd);
3927 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3929 BT_DBG("status %d", status);
3934 mgmt_stop_discovery_failed(hdev, status);
3938 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3941 hci_dev_unlock(hdev);
3944 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3947 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3948 struct pending_cmd *cmd;
3949 struct hci_request req;
3952 BT_DBG("%s", hdev->name);
3956 if (!hci_discovery_active(hdev)) {
3957 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3958 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3959 sizeof(mgmt_cp->type));
3963 if (hdev->discovery.type != mgmt_cp->type) {
3964 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3965 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3966 sizeof(mgmt_cp->type));
3970 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3976 hci_req_init(&req, hdev);
3978 hci_stop_discovery(&req);
3980 err = hci_req_run(&req, stop_discovery_complete);
3982 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3986 mgmt_pending_remove(cmd);
3988 /* If no HCI commands were sent we're done */
3989 if (err == -ENODATA) {
3990 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3991 &mgmt_cp->type, sizeof(mgmt_cp->type));
3992 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3996 hci_dev_unlock(hdev);
4000 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
4003 struct mgmt_cp_confirm_name *cp = data;
4004 struct inquiry_entry *e;
4007 BT_DBG("%s", hdev->name);
4011 if (!hci_discovery_active(hdev)) {
4012 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4013 MGMT_STATUS_FAILED, &cp->addr,
4018 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
4020 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4021 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4026 if (cp->name_known) {
4027 e->name_state = NAME_KNOWN;
4030 e->name_state = NAME_NEEDED;
4031 hci_inquiry_cache_update_resolve(hdev, e);
4034 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4038 hci_dev_unlock(hdev);
4042 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4045 struct mgmt_cp_block_device *cp = data;
4049 BT_DBG("%s", hdev->name);
4051 if (!bdaddr_type_is_valid(cp->addr.type))
4052 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4053 MGMT_STATUS_INVALID_PARAMS,
4054 &cp->addr, sizeof(cp->addr));
4058 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4061 status = MGMT_STATUS_FAILED;
4065 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4067 status = MGMT_STATUS_SUCCESS;
4070 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4071 &cp->addr, sizeof(cp->addr));
4073 hci_dev_unlock(hdev);
4078 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4081 struct mgmt_cp_unblock_device *cp = data;
4085 BT_DBG("%s", hdev->name);
4087 if (!bdaddr_type_is_valid(cp->addr.type))
4088 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4089 MGMT_STATUS_INVALID_PARAMS,
4090 &cp->addr, sizeof(cp->addr));
4094 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4097 status = MGMT_STATUS_INVALID_PARAMS;
4101 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4103 status = MGMT_STATUS_SUCCESS;
4106 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4107 &cp->addr, sizeof(cp->addr));
4109 hci_dev_unlock(hdev);
4114 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4117 struct mgmt_cp_set_device_id *cp = data;
4118 struct hci_request req;
4122 BT_DBG("%s", hdev->name);
4124 source = __le16_to_cpu(cp->source);
4126 if (source > 0x0002)
4127 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4128 MGMT_STATUS_INVALID_PARAMS);
4132 hdev->devid_source = source;
4133 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4134 hdev->devid_product = __le16_to_cpu(cp->product);
4135 hdev->devid_version = __le16_to_cpu(cp->version);
4137 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4139 hci_req_init(&req, hdev);
4141 hci_req_run(&req, NULL);
4143 hci_dev_unlock(hdev);
4148 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4150 struct cmd_lookup match = { NULL, hdev };
4153 u8 mgmt_err = mgmt_status(status);
4155 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4156 cmd_status_rsp, &mgmt_err);
4160 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4161 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4163 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4165 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4168 new_settings(hdev, match.sk);
4174 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4177 struct mgmt_mode *cp = data;
4178 struct pending_cmd *cmd;
4179 struct hci_request req;
4180 u8 val, enabled, status;
4183 BT_DBG("request for %s", hdev->name);
4185 status = mgmt_le_support(hdev);
4187 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4190 if (cp->val != 0x00 && cp->val != 0x01)
4191 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4192 MGMT_STATUS_INVALID_PARAMS);
4197 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4199 /* The following conditions are ones which mean that we should
4200 * not do any HCI communication but directly send a mgmt
4201 * response to user space (after toggling the flag if
4204 if (!hdev_is_powered(hdev) || val == enabled ||
4205 hci_conn_num(hdev, LE_LINK) > 0 ||
4206 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4207 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4208 bool changed = false;
4210 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4211 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4215 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4220 err = new_settings(hdev, sk);
4225 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4226 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4227 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4232 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4238 hci_req_init(&req, hdev);
4241 enable_advertising(&req);
4243 disable_advertising(&req);
4245 err = hci_req_run(&req, set_advertising_complete);
4247 mgmt_pending_remove(cmd);
4250 hci_dev_unlock(hdev);
4254 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4255 void *data, u16 len)
4257 struct mgmt_cp_set_static_address *cp = data;
4260 BT_DBG("%s", hdev->name);
4262 if (!lmp_le_capable(hdev))
4263 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4264 MGMT_STATUS_NOT_SUPPORTED);
4266 if (hdev_is_powered(hdev))
4267 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4268 MGMT_STATUS_REJECTED);
4270 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4271 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4272 return cmd_status(sk, hdev->id,
4273 MGMT_OP_SET_STATIC_ADDRESS,
4274 MGMT_STATUS_INVALID_PARAMS);
4276 /* Two most significant bits shall be set */
4277 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4278 return cmd_status(sk, hdev->id,
4279 MGMT_OP_SET_STATIC_ADDRESS,
4280 MGMT_STATUS_INVALID_PARAMS);
4285 bacpy(&hdev->static_addr, &cp->bdaddr);
4287 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4289 hci_dev_unlock(hdev);
4294 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4295 void *data, u16 len)
4297 struct mgmt_cp_set_scan_params *cp = data;
4298 __u16 interval, window;
4301 BT_DBG("%s", hdev->name);
4303 if (!lmp_le_capable(hdev))
4304 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4305 MGMT_STATUS_NOT_SUPPORTED);
4307 interval = __le16_to_cpu(cp->interval);
4309 if (interval < 0x0004 || interval > 0x4000)
4310 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4311 MGMT_STATUS_INVALID_PARAMS);
4313 window = __le16_to_cpu(cp->window);
4315 if (window < 0x0004 || window > 0x4000)
4316 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4317 MGMT_STATUS_INVALID_PARAMS);
4319 if (window > interval)
4320 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4321 MGMT_STATUS_INVALID_PARAMS);
4325 hdev->le_scan_interval = interval;
4326 hdev->le_scan_window = window;
4328 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4330 /* If background scan is running, restart it so new parameters are
4333 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4334 hdev->discovery.state == DISCOVERY_STOPPED) {
4335 struct hci_request req;
4337 hci_req_init(&req, hdev);
4339 hci_req_add_le_scan_disable(&req);
4340 hci_req_add_le_passive_scan(&req);
4342 hci_req_run(&req, NULL);
4345 hci_dev_unlock(hdev);
4350 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4352 struct pending_cmd *cmd;
4354 BT_DBG("status 0x%02x", status);
4358 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4363 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4364 mgmt_status(status));
4366 struct mgmt_mode *cp = cmd->param;
4369 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4371 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4373 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4374 new_settings(hdev, cmd->sk);
4377 mgmt_pending_remove(cmd);
4380 hci_dev_unlock(hdev);
4383 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4384 void *data, u16 len)
4386 struct mgmt_mode *cp = data;
4387 struct pending_cmd *cmd;
4388 struct hci_request req;
4391 BT_DBG("%s", hdev->name);
4393 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4394 hdev->hci_ver < BLUETOOTH_VER_1_2)
4395 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4396 MGMT_STATUS_NOT_SUPPORTED);
4398 if (cp->val != 0x00 && cp->val != 0x01)
4399 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4400 MGMT_STATUS_INVALID_PARAMS);
4402 if (!hdev_is_powered(hdev))
4403 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4404 MGMT_STATUS_NOT_POWERED);
4406 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4407 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4408 MGMT_STATUS_REJECTED);
4412 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4413 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4418 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4419 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4424 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4431 hci_req_init(&req, hdev);
4433 write_fast_connectable(&req, cp->val);
4435 err = hci_req_run(&req, fast_connectable_complete);
4437 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4438 MGMT_STATUS_FAILED);
4439 mgmt_pending_remove(cmd);
4443 hci_dev_unlock(hdev);
4448 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4450 struct pending_cmd *cmd;
4452 BT_DBG("status 0x%02x", status);
4456 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4461 u8 mgmt_err = mgmt_status(status);
4463 /* We need to restore the flag if related HCI commands
4466 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4468 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4470 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4471 new_settings(hdev, cmd->sk);
4474 mgmt_pending_remove(cmd);
4477 hci_dev_unlock(hdev);
4480 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4482 struct mgmt_mode *cp = data;
4483 struct pending_cmd *cmd;
4484 struct hci_request req;
4487 BT_DBG("request for %s", hdev->name);
4489 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4490 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4491 MGMT_STATUS_NOT_SUPPORTED);
4493 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4494 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4495 MGMT_STATUS_REJECTED);
4497 if (cp->val != 0x00 && cp->val != 0x01)
4498 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4499 MGMT_STATUS_INVALID_PARAMS);
4503 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4504 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4508 if (!hdev_is_powered(hdev)) {
4510 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4511 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4512 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4513 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4514 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4517 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4519 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4523 err = new_settings(hdev, sk);
4527 /* Reject disabling when powered on */
4529 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4530 MGMT_STATUS_REJECTED);
4534 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4535 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4540 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4546 /* We need to flip the bit already here so that update_adv_data
4547 * generates the correct flags.
4549 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4551 hci_req_init(&req, hdev);
4553 write_fast_connectable(&req, false);
4554 hci_update_page_scan(hdev, &req);
4556 /* Since only the advertising data flags will change, there
4557 * is no need to update the scan response data.
4559 update_adv_data(&req);
4561 err = hci_req_run(&req, set_bredr_complete);
4563 mgmt_pending_remove(cmd);
4566 hci_dev_unlock(hdev);
4570 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4571 void *data, u16 len)
4573 struct mgmt_mode *cp = data;
4574 struct pending_cmd *cmd;
4578 BT_DBG("request for %s", hdev->name);
4580 status = mgmt_bredr_support(hdev);
4582 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4585 if (!lmp_sc_capable(hdev) &&
4586 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
4587 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4588 MGMT_STATUS_NOT_SUPPORTED);
4590 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4591 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4592 MGMT_STATUS_INVALID_PARAMS);
4596 if (!hdev_is_powered(hdev)) {
4600 changed = !test_and_set_bit(HCI_SC_ENABLED,
4602 if (cp->val == 0x02)
4603 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4605 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4607 changed = test_and_clear_bit(HCI_SC_ENABLED,
4609 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4612 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4617 err = new_settings(hdev, sk);
4622 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4623 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4630 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4631 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
4632 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4636 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4642 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4644 mgmt_pending_remove(cmd);
4648 if (cp->val == 0x02)
4649 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4651 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4654 hci_dev_unlock(hdev);
4658 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4659 void *data, u16 len)
4661 struct mgmt_mode *cp = data;
4662 bool changed, use_changed;
4665 BT_DBG("request for %s", hdev->name);
4667 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4668 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4669 MGMT_STATUS_INVALID_PARAMS);
4674 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4677 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4680 if (cp->val == 0x02)
4681 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4684 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4687 if (hdev_is_powered(hdev) && use_changed &&
4688 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4689 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4690 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4691 sizeof(mode), &mode);
4694 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4699 err = new_settings(hdev, sk);
4702 hci_dev_unlock(hdev);
4706 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4709 struct mgmt_cp_set_privacy *cp = cp_data;
4713 BT_DBG("request for %s", hdev->name);
4715 if (!lmp_le_capable(hdev))
4716 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4717 MGMT_STATUS_NOT_SUPPORTED);
4719 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4720 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4721 MGMT_STATUS_INVALID_PARAMS);
4723 if (hdev_is_powered(hdev))
4724 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4725 MGMT_STATUS_REJECTED);
4729 /* If user space supports this command it is also expected to
4730 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4732 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4735 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4736 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4737 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4739 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4740 memset(hdev->irk, 0, sizeof(hdev->irk));
4741 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4744 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4749 err = new_settings(hdev, sk);
4752 hci_dev_unlock(hdev);
4756 static bool irk_is_valid(struct mgmt_irk_info *irk)
4758 switch (irk->addr.type) {
4759 case BDADDR_LE_PUBLIC:
4762 case BDADDR_LE_RANDOM:
4763 /* Two most significant bits shall be set */
4764 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4772 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4775 struct mgmt_cp_load_irks *cp = cp_data;
4776 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4777 sizeof(struct mgmt_irk_info));
4778 u16 irk_count, expected_len;
4781 BT_DBG("request for %s", hdev->name);
4783 if (!lmp_le_capable(hdev))
4784 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4785 MGMT_STATUS_NOT_SUPPORTED);
4787 irk_count = __le16_to_cpu(cp->irk_count);
4788 if (irk_count > max_irk_count) {
4789 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4790 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4791 MGMT_STATUS_INVALID_PARAMS);
4794 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4795 if (expected_len != len) {
4796 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4798 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4799 MGMT_STATUS_INVALID_PARAMS);
4802 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4804 for (i = 0; i < irk_count; i++) {
4805 struct mgmt_irk_info *key = &cp->irks[i];
4807 if (!irk_is_valid(key))
4808 return cmd_status(sk, hdev->id,
4810 MGMT_STATUS_INVALID_PARAMS);
4815 hci_smp_irks_clear(hdev);
4817 for (i = 0; i < irk_count; i++) {
4818 struct mgmt_irk_info *irk = &cp->irks[i];
4821 if (irk->addr.type == BDADDR_LE_PUBLIC)
4822 addr_type = ADDR_LE_DEV_PUBLIC;
4824 addr_type = ADDR_LE_DEV_RANDOM;
4826 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4830 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4832 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4834 hci_dev_unlock(hdev);
4839 static bool ltk_is_valid(struct mgmt_ltk_info *key)
4841 if (key->master != 0x00 && key->master != 0x01)
4844 switch (key->addr.type) {
4845 case BDADDR_LE_PUBLIC:
4848 case BDADDR_LE_RANDOM:
4849 /* Two most significant bits shall be set */
4850 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4858 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4859 void *cp_data, u16 len)
4861 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4862 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4863 sizeof(struct mgmt_ltk_info));
4864 u16 key_count, expected_len;
4867 BT_DBG("request for %s", hdev->name);
4869 if (!lmp_le_capable(hdev))
4870 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4871 MGMT_STATUS_NOT_SUPPORTED);
4873 key_count = __le16_to_cpu(cp->key_count);
4874 if (key_count > max_key_count) {
4875 BT_ERR("load_ltks: too big key_count value %u", key_count);
4876 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4877 MGMT_STATUS_INVALID_PARAMS);
4880 expected_len = sizeof(*cp) + key_count *
4881 sizeof(struct mgmt_ltk_info);
4882 if (expected_len != len) {
4883 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4885 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4886 MGMT_STATUS_INVALID_PARAMS);
4889 BT_DBG("%s key_count %u", hdev->name, key_count);
4891 for (i = 0; i < key_count; i++) {
4892 struct mgmt_ltk_info *key = &cp->keys[i];
4894 if (!ltk_is_valid(key))
4895 return cmd_status(sk, hdev->id,
4896 MGMT_OP_LOAD_LONG_TERM_KEYS,
4897 MGMT_STATUS_INVALID_PARAMS);
4902 hci_smp_ltks_clear(hdev);
4904 for (i = 0; i < key_count; i++) {
4905 struct mgmt_ltk_info *key = &cp->keys[i];
4906 u8 type, addr_type, authenticated;
4908 if (key->addr.type == BDADDR_LE_PUBLIC)
4909 addr_type = ADDR_LE_DEV_PUBLIC;
4911 addr_type = ADDR_LE_DEV_RANDOM;
4916 type = SMP_LTK_SLAVE;
4918 switch (key->type) {
4919 case MGMT_LTK_UNAUTHENTICATED:
4920 authenticated = 0x00;
4922 case MGMT_LTK_AUTHENTICATED:
4923 authenticated = 0x01;
4929 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4930 authenticated, key->val, key->enc_size, key->ediv,
4934 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4937 hci_dev_unlock(hdev);
4942 struct cmd_conn_lookup {
4943 struct hci_conn *conn;
4944 bool valid_tx_power;
4948 static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4950 struct cmd_conn_lookup *match = data;
4951 struct mgmt_cp_get_conn_info *cp;
4952 struct mgmt_rp_get_conn_info rp;
4953 struct hci_conn *conn = cmd->user_data;
4955 if (conn != match->conn)
4958 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4960 memset(&rp, 0, sizeof(rp));
4961 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4962 rp.addr.type = cp->addr.type;
4964 if (!match->mgmt_status) {
4965 rp.rssi = conn->rssi;
4967 if (match->valid_tx_power) {
4968 rp.tx_power = conn->tx_power;
4969 rp.max_tx_power = conn->max_tx_power;
4971 rp.tx_power = HCI_TX_POWER_INVALID;
4972 rp.max_tx_power = HCI_TX_POWER_INVALID;
4976 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4977 match->mgmt_status, &rp, sizeof(rp));
4979 hci_conn_drop(conn);
4982 mgmt_pending_remove(cmd);
4985 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4987 struct hci_cp_read_rssi *cp;
4988 struct hci_conn *conn;
4989 struct cmd_conn_lookup match;
4992 BT_DBG("status 0x%02x", status);
4996 /* TX power data is valid in case request completed successfully,
4997 * otherwise we assume it's not valid. At the moment we assume that
4998 * either both or none of current and max values are valid to keep code
5001 match.valid_tx_power = !status;
5003 /* Commands sent in request are either Read RSSI or Read Transmit Power
5004 * Level so we check which one was last sent to retrieve connection
5005 * handle. Both commands have handle as first parameter so it's safe to
5006 * cast data on the same command struct.
5008 * First command sent is always Read RSSI and we fail only if it fails.
5009 * In other case we simply override error to indicate success as we
5010 * already remembered if TX power value is actually valid.
5012 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5014 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
5019 BT_ERR("invalid sent_cmd in response");
5023 handle = __le16_to_cpu(cp->handle);
5024 conn = hci_conn_hash_lookup_handle(hdev, handle);
5026 BT_ERR("unknown handle (%d) in response", handle);
5031 match.mgmt_status = mgmt_status(status);
5033 /* Cache refresh is complete, now reply for mgmt request for given
5036 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
5037 get_conn_info_complete, &match);
5040 hci_dev_unlock(hdev);
5043 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5046 struct mgmt_cp_get_conn_info *cp = data;
5047 struct mgmt_rp_get_conn_info rp;
5048 struct hci_conn *conn;
5049 unsigned long conn_info_age;
5052 BT_DBG("%s", hdev->name);
5054 memset(&rp, 0, sizeof(rp));
5055 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5056 rp.addr.type = cp->addr.type;
5058 if (!bdaddr_type_is_valid(cp->addr.type))
5059 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5060 MGMT_STATUS_INVALID_PARAMS,
5065 if (!hdev_is_powered(hdev)) {
5066 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5067 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5071 if (cp->addr.type == BDADDR_BREDR)
5072 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5075 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5077 if (!conn || conn->state != BT_CONNECTED) {
5078 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5079 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5083 /* To avoid client trying to guess when to poll again for information we
5084 * calculate conn info age as random value between min/max set in hdev.
5086 conn_info_age = hdev->conn_info_min_age +
5087 prandom_u32_max(hdev->conn_info_max_age -
5088 hdev->conn_info_min_age);
5090 /* Query controller to refresh cached values if they are too old or were
5093 if (time_after(jiffies, conn->conn_info_timestamp +
5094 msecs_to_jiffies(conn_info_age)) ||
5095 !conn->conn_info_timestamp) {
5096 struct hci_request req;
5097 struct hci_cp_read_tx_power req_txp_cp;
5098 struct hci_cp_read_rssi req_rssi_cp;
5099 struct pending_cmd *cmd;
5101 hci_req_init(&req, hdev);
5102 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5103 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5106 /* For LE links TX power does not change thus we don't need to
5107 * query for it once value is known.
5109 if (!bdaddr_type_is_le(cp->addr.type) ||
5110 conn->tx_power == HCI_TX_POWER_INVALID) {
5111 req_txp_cp.handle = cpu_to_le16(conn->handle);
5112 req_txp_cp.type = 0x00;
5113 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5114 sizeof(req_txp_cp), &req_txp_cp);
5117 /* Max TX power needs to be read only once per connection */
5118 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5119 req_txp_cp.handle = cpu_to_le16(conn->handle);
5120 req_txp_cp.type = 0x01;
5121 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5122 sizeof(req_txp_cp), &req_txp_cp);
5125 err = hci_req_run(&req, conn_info_refresh_complete);
5129 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5136 hci_conn_hold(conn);
5137 cmd->user_data = hci_conn_get(conn);
5139 conn->conn_info_timestamp = jiffies;
5141 /* Cache is valid, just reply with values cached in hci_conn */
5142 rp.rssi = conn->rssi;
5143 rp.tx_power = conn->tx_power;
5144 rp.max_tx_power = conn->max_tx_power;
5146 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5147 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5151 hci_dev_unlock(hdev);
5155 static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5157 struct mgmt_cp_get_clock_info *cp;
5158 struct mgmt_rp_get_clock_info rp;
5159 struct hci_cp_read_clock *hci_cp;
5160 struct pending_cmd *cmd;
5161 struct hci_conn *conn;
5163 BT_DBG("%s status %u", hdev->name, status);
5167 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5171 if (hci_cp->which) {
5172 u16 handle = __le16_to_cpu(hci_cp->handle);
5173 conn = hci_conn_hash_lookup_handle(hdev, handle);
5178 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5184 memset(&rp, 0, sizeof(rp));
5185 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5190 rp.local_clock = cpu_to_le32(hdev->clock);
5193 rp.piconet_clock = cpu_to_le32(conn->clock);
5194 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5198 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5200 mgmt_pending_remove(cmd);
5202 hci_conn_drop(conn);
5207 hci_dev_unlock(hdev);
5210 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5213 struct mgmt_cp_get_clock_info *cp = data;
5214 struct mgmt_rp_get_clock_info rp;
5215 struct hci_cp_read_clock hci_cp;
5216 struct pending_cmd *cmd;
5217 struct hci_request req;
5218 struct hci_conn *conn;
5221 BT_DBG("%s", hdev->name);
5223 memset(&rp, 0, sizeof(rp));
5224 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5225 rp.addr.type = cp->addr.type;
5227 if (cp->addr.type != BDADDR_BREDR)
5228 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5229 MGMT_STATUS_INVALID_PARAMS,
5234 if (!hdev_is_powered(hdev)) {
5235 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5236 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5240 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5241 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5243 if (!conn || conn->state != BT_CONNECTED) {
5244 err = cmd_complete(sk, hdev->id,
5245 MGMT_OP_GET_CLOCK_INFO,
5246 MGMT_STATUS_NOT_CONNECTED,
5254 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5260 hci_req_init(&req, hdev);
5262 memset(&hci_cp, 0, sizeof(hci_cp));
5263 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5266 hci_conn_hold(conn);
5267 cmd->user_data = hci_conn_get(conn);
5269 hci_cp.handle = cpu_to_le16(conn->handle);
5270 hci_cp.which = 0x01; /* Piconet clock */
5271 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5274 err = hci_req_run(&req, get_clock_info_complete);
5276 mgmt_pending_remove(cmd);
5279 hci_dev_unlock(hdev);
5283 static void device_added(struct sock *sk, struct hci_dev *hdev,
5284 bdaddr_t *bdaddr, u8 type, u8 action)
5286 struct mgmt_ev_device_added ev;
5288 bacpy(&ev.addr.bdaddr, bdaddr);
5289 ev.addr.type = type;
5292 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5295 static int add_device(struct sock *sk, struct hci_dev *hdev,
5296 void *data, u16 len)
5298 struct mgmt_cp_add_device *cp = data;
5299 u8 auto_conn, addr_type;
5302 BT_DBG("%s", hdev->name);
5304 if (!bdaddr_type_is_valid(cp->addr.type) ||
5305 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5306 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5307 MGMT_STATUS_INVALID_PARAMS,
5308 &cp->addr, sizeof(cp->addr));
5310 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5311 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5312 MGMT_STATUS_INVALID_PARAMS,
5313 &cp->addr, sizeof(cp->addr));
5317 if (cp->addr.type == BDADDR_BREDR) {
5318 /* Only incoming connections action is supported for now */
5319 if (cp->action != 0x01) {
5320 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5321 MGMT_STATUS_INVALID_PARAMS,
5322 &cp->addr, sizeof(cp->addr));
5326 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5331 hci_update_page_scan(hdev, NULL);
5336 if (cp->addr.type == BDADDR_LE_PUBLIC)
5337 addr_type = ADDR_LE_DEV_PUBLIC;
5339 addr_type = ADDR_LE_DEV_RANDOM;
5341 if (cp->action == 0x02)
5342 auto_conn = HCI_AUTO_CONN_ALWAYS;
5343 else if (cp->action == 0x01)
5344 auto_conn = HCI_AUTO_CONN_DIRECT;
5346 auto_conn = HCI_AUTO_CONN_REPORT;
5348 /* If the connection parameters don't exist for this device,
5349 * they will be created and configured with defaults.
5351 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5353 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5355 &cp->addr, sizeof(cp->addr));
5360 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5362 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5363 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5366 hci_dev_unlock(hdev);
5370 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5371 bdaddr_t *bdaddr, u8 type)
5373 struct mgmt_ev_device_removed ev;
5375 bacpy(&ev.addr.bdaddr, bdaddr);
5376 ev.addr.type = type;
5378 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5381 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5382 void *data, u16 len)
5384 struct mgmt_cp_remove_device *cp = data;
5387 BT_DBG("%s", hdev->name);
5391 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5392 struct hci_conn_params *params;
5395 if (!bdaddr_type_is_valid(cp->addr.type)) {
5396 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5397 MGMT_STATUS_INVALID_PARAMS,
5398 &cp->addr, sizeof(cp->addr));
5402 if (cp->addr.type == BDADDR_BREDR) {
5403 err = hci_bdaddr_list_del(&hdev->whitelist,
5407 err = cmd_complete(sk, hdev->id,
5408 MGMT_OP_REMOVE_DEVICE,
5409 MGMT_STATUS_INVALID_PARAMS,
5410 &cp->addr, sizeof(cp->addr));
5414 hci_update_page_scan(hdev, NULL);
5416 device_removed(sk, hdev, &cp->addr.bdaddr,
5421 if (cp->addr.type == BDADDR_LE_PUBLIC)
5422 addr_type = ADDR_LE_DEV_PUBLIC;
5424 addr_type = ADDR_LE_DEV_RANDOM;
5426 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5429 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5430 MGMT_STATUS_INVALID_PARAMS,
5431 &cp->addr, sizeof(cp->addr));
5435 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5436 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5437 MGMT_STATUS_INVALID_PARAMS,
5438 &cp->addr, sizeof(cp->addr));
5442 list_del(¶ms->action);
5443 list_del(¶ms->list);
5445 hci_update_background_scan(hdev);
5447 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5449 struct hci_conn_params *p, *tmp;
5450 struct bdaddr_list *b, *btmp;
5452 if (cp->addr.type) {
5453 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5454 MGMT_STATUS_INVALID_PARAMS,
5455 &cp->addr, sizeof(cp->addr));
5459 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5460 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5465 hci_update_page_scan(hdev, NULL);
5467 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5468 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5470 device_removed(sk, hdev, &p->addr, p->addr_type);
5471 list_del(&p->action);
5476 BT_DBG("All LE connection parameters were removed");
5478 hci_update_background_scan(hdev);
5482 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5483 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5486 hci_dev_unlock(hdev);
5490 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5493 struct mgmt_cp_load_conn_param *cp = data;
5494 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5495 sizeof(struct mgmt_conn_param));
5496 u16 param_count, expected_len;
5499 if (!lmp_le_capable(hdev))
5500 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5501 MGMT_STATUS_NOT_SUPPORTED);
5503 param_count = __le16_to_cpu(cp->param_count);
5504 if (param_count > max_param_count) {
5505 BT_ERR("load_conn_param: too big param_count value %u",
5507 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5508 MGMT_STATUS_INVALID_PARAMS);
5511 expected_len = sizeof(*cp) + param_count *
5512 sizeof(struct mgmt_conn_param);
5513 if (expected_len != len) {
5514 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5516 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5517 MGMT_STATUS_INVALID_PARAMS);
5520 BT_DBG("%s param_count %u", hdev->name, param_count);
5524 hci_conn_params_clear_disabled(hdev);
5526 for (i = 0; i < param_count; i++) {
5527 struct mgmt_conn_param *param = &cp->params[i];
5528 struct hci_conn_params *hci_param;
5529 u16 min, max, latency, timeout;
5532 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5535 if (param->addr.type == BDADDR_LE_PUBLIC) {
5536 addr_type = ADDR_LE_DEV_PUBLIC;
5537 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5538 addr_type = ADDR_LE_DEV_RANDOM;
5540 BT_ERR("Ignoring invalid connection parameters");
5544 min = le16_to_cpu(param->min_interval);
5545 max = le16_to_cpu(param->max_interval);
5546 latency = le16_to_cpu(param->latency);
5547 timeout = le16_to_cpu(param->timeout);
5549 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5550 min, max, latency, timeout);
5552 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5553 BT_ERR("Ignoring invalid connection parameters");
5557 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5560 BT_ERR("Failed to add connection parameters");
5564 hci_param->conn_min_interval = min;
5565 hci_param->conn_max_interval = max;
5566 hci_param->conn_latency = latency;
5567 hci_param->supervision_timeout = timeout;
5570 hci_dev_unlock(hdev);
5572 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5575 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5576 void *data, u16 len)
5578 struct mgmt_cp_set_external_config *cp = data;
5582 BT_DBG("%s", hdev->name);
5584 if (hdev_is_powered(hdev))
5585 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5586 MGMT_STATUS_REJECTED);
5588 if (cp->config != 0x00 && cp->config != 0x01)
5589 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5590 MGMT_STATUS_INVALID_PARAMS);
5592 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5593 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5594 MGMT_STATUS_NOT_SUPPORTED);
5599 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5602 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5605 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5612 err = new_options(hdev, sk);
5614 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5615 mgmt_index_removed(hdev);
5617 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5618 set_bit(HCI_CONFIG, &hdev->dev_flags);
5619 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5621 queue_work(hdev->req_workqueue, &hdev->power_on);
5623 set_bit(HCI_RAW, &hdev->flags);
5624 mgmt_index_added(hdev);
5629 hci_dev_unlock(hdev);
5633 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5634 void *data, u16 len)
5636 struct mgmt_cp_set_public_address *cp = data;
5640 BT_DBG("%s", hdev->name);
5642 if (hdev_is_powered(hdev))
5643 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5644 MGMT_STATUS_REJECTED);
5646 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5647 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5648 MGMT_STATUS_INVALID_PARAMS);
5650 if (!hdev->set_bdaddr)
5651 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5652 MGMT_STATUS_NOT_SUPPORTED);
5656 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5657 bacpy(&hdev->public_addr, &cp->bdaddr);
5659 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5666 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5667 err = new_options(hdev, sk);
5669 if (is_configured(hdev)) {
5670 mgmt_index_removed(hdev);
5672 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5674 set_bit(HCI_CONFIG, &hdev->dev_flags);
5675 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5677 queue_work(hdev->req_workqueue, &hdev->power_on);
5681 hci_dev_unlock(hdev);
5685 static const struct mgmt_handler {
5686 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5690 } mgmt_handlers[] = {
5691 { NULL }, /* 0x0000 (no command) */
5692 { read_version, false, MGMT_READ_VERSION_SIZE },
5693 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5694 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5695 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5696 { set_powered, false, MGMT_SETTING_SIZE },
5697 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5698 { set_connectable, false, MGMT_SETTING_SIZE },
5699 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5700 { set_bondable, false, MGMT_SETTING_SIZE },
5701 { set_link_security, false, MGMT_SETTING_SIZE },
5702 { set_ssp, false, MGMT_SETTING_SIZE },
5703 { set_hs, false, MGMT_SETTING_SIZE },
5704 { set_le, false, MGMT_SETTING_SIZE },
5705 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5706 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5707 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5708 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5709 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5710 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5711 { disconnect, false, MGMT_DISCONNECT_SIZE },
5712 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5713 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5714 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5715 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5716 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5717 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5718 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5719 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5720 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5721 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5722 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5723 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
5724 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
5725 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5726 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5727 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5728 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5729 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5730 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
5731 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
5732 { set_advertising, false, MGMT_SETTING_SIZE },
5733 { set_bredr, false, MGMT_SETTING_SIZE },
5734 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
5735 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
5736 { set_secure_conn, false, MGMT_SETTING_SIZE },
5737 { set_debug_keys, false, MGMT_SETTING_SIZE },
5738 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
5739 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
5740 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
5741 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
5742 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5743 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
5744 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5745 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
5746 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
5747 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
5748 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
5751 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5755 struct mgmt_hdr *hdr;
5756 u16 opcode, index, len;
5757 struct hci_dev *hdev = NULL;
5758 const struct mgmt_handler *handler;
5761 BT_DBG("got %zu bytes", msglen);
5763 if (msglen < sizeof(*hdr))
5766 buf = kmalloc(msglen, GFP_KERNEL);
5770 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5776 opcode = __le16_to_cpu(hdr->opcode);
5777 index = __le16_to_cpu(hdr->index);
5778 len = __le16_to_cpu(hdr->len);
5780 if (len != msglen - sizeof(*hdr)) {
5785 if (index != MGMT_INDEX_NONE) {
5786 hdev = hci_dev_get(index);
5788 err = cmd_status(sk, index, opcode,
5789 MGMT_STATUS_INVALID_INDEX);
5793 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
5794 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
5795 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
5796 err = cmd_status(sk, index, opcode,
5797 MGMT_STATUS_INVALID_INDEX);
5801 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
5802 opcode != MGMT_OP_READ_CONFIG_INFO &&
5803 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
5804 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
5805 err = cmd_status(sk, index, opcode,
5806 MGMT_STATUS_INVALID_INDEX);
5811 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
5812 mgmt_handlers[opcode].func == NULL) {
5813 BT_DBG("Unknown op %u", opcode);
5814 err = cmd_status(sk, index, opcode,
5815 MGMT_STATUS_UNKNOWN_COMMAND);
5819 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5820 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5821 err = cmd_status(sk, index, opcode,
5822 MGMT_STATUS_INVALID_INDEX);
5826 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5827 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5828 err = cmd_status(sk, index, opcode,
5829 MGMT_STATUS_INVALID_INDEX);
5833 handler = &mgmt_handlers[opcode];
5835 if ((handler->var_len && len < handler->data_len) ||
5836 (!handler->var_len && len != handler->data_len)) {
5837 err = cmd_status(sk, index, opcode,
5838 MGMT_STATUS_INVALID_PARAMS);
5843 mgmt_init_hdev(sk, hdev);
5845 cp = buf + sizeof(*hdr);
5847 err = handler->func(sk, hdev, cp, len);
5861 void mgmt_index_added(struct hci_dev *hdev)
5863 if (hdev->dev_type != HCI_BREDR)
5866 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5869 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5870 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5872 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
5875 void mgmt_index_removed(struct hci_dev *hdev)
5877 u8 status = MGMT_STATUS_INVALID_INDEX;
5879 if (hdev->dev_type != HCI_BREDR)
5882 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5885 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
5887 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5888 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5890 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
5893 /* This function requires the caller holds hdev->lock */
5894 static void restart_le_actions(struct hci_dev *hdev)
5896 struct hci_conn_params *p;
5898 list_for_each_entry(p, &hdev->le_conn_params, list) {
5899 /* Needed for AUTO_OFF case where might not "really"
5900 * have been powered off.
5902 list_del_init(&p->action);
5904 switch (p->auto_connect) {
5905 case HCI_AUTO_CONN_DIRECT:
5906 case HCI_AUTO_CONN_ALWAYS:
5907 list_add(&p->action, &hdev->pend_le_conns);
5909 case HCI_AUTO_CONN_REPORT:
5910 list_add(&p->action, &hdev->pend_le_reports);
5917 hci_update_background_scan(hdev);
5920 static void powered_complete(struct hci_dev *hdev, u8 status)
5922 struct cmd_lookup match = { NULL, hdev };
5924 BT_DBG("status 0x%02x", status);
5928 restart_le_actions(hdev);
5930 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5932 new_settings(hdev, match.sk);
5934 hci_dev_unlock(hdev);
5940 static int powered_update_hci(struct hci_dev *hdev)
5942 struct hci_request req;
5945 hci_req_init(&req, hdev);
5947 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5948 !lmp_host_ssp_capable(hdev)) {
5951 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
5954 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5955 lmp_bredr_capable(hdev)) {
5956 struct hci_cp_write_le_host_supported cp;
5961 /* Check first if we already have the right
5962 * host state (host features set)
5964 if (cp.le != lmp_host_le_capable(hdev) ||
5965 cp.simul != lmp_host_le_br_capable(hdev))
5966 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5970 if (lmp_le_capable(hdev)) {
5971 /* Make sure the controller has a good default for
5972 * advertising data. This also applies to the case
5973 * where BR/EDR was toggled during the AUTO_OFF phase.
5975 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5976 update_adv_data(&req);
5977 update_scan_rsp_data(&req);
5980 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5981 enable_advertising(&req);
5984 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5985 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
5986 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5987 sizeof(link_sec), &link_sec);
5989 if (lmp_bredr_capable(hdev)) {
5990 write_fast_connectable(&req, false);
5991 hci_update_page_scan(hdev, &req);
5997 return hci_req_run(&req, powered_complete);
6000 int mgmt_powered(struct hci_dev *hdev, u8 powered)
6002 struct cmd_lookup match = { NULL, hdev };
6003 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
6004 u8 zero_cod[] = { 0, 0, 0 };
6007 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
6011 if (powered_update_hci(hdev) == 0)
6014 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6019 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6020 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
6022 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6023 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6024 zero_cod, sizeof(zero_cod), NULL);
6027 err = new_settings(hdev, match.sk);
6035 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
6037 struct pending_cmd *cmd;
6040 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6044 if (err == -ERFKILL)
6045 status = MGMT_STATUS_RFKILLED;
6047 status = MGMT_STATUS_FAILED;
6049 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
6051 mgmt_pending_remove(cmd);
6054 void mgmt_discoverable_timeout(struct hci_dev *hdev)
6056 struct hci_request req;
6060 /* When discoverable timeout triggers, then just make sure
6061 * the limited discoverable flag is cleared. Even in the case
6062 * of a timeout triggered from general discoverable, it is
6063 * safe to unconditionally clear the flag.
6065 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
6066 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
6068 hci_req_init(&req, hdev);
6069 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6070 u8 scan = SCAN_PAGE;
6071 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6072 sizeof(scan), &scan);
6075 update_adv_data(&req);
6076 hci_req_run(&req, NULL);
6078 hdev->discov_timeout = 0;
6080 new_settings(hdev, NULL);
6082 hci_dev_unlock(hdev);
6085 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6088 struct mgmt_ev_new_link_key ev;
6090 memset(&ev, 0, sizeof(ev));
6092 ev.store_hint = persistent;
6093 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6094 ev.key.addr.type = BDADDR_BREDR;
6095 ev.key.type = key->type;
6096 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
6097 ev.key.pin_len = key->pin_len;
6099 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
6102 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6104 if (ltk->authenticated)
6105 return MGMT_LTK_AUTHENTICATED;
6107 return MGMT_LTK_UNAUTHENTICATED;
6110 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
6112 struct mgmt_ev_new_long_term_key ev;
6114 memset(&ev, 0, sizeof(ev));
6116 /* Devices using resolvable or non-resolvable random addresses
6117 * without providing an indentity resolving key don't require
6118 * to store long term keys. Their addresses will change the
6121 * Only when a remote device provides an identity address
6122 * make sure the long term key is stored. If the remote
6123 * identity is known, the long term keys are internally
6124 * mapped to the identity address. So allow static random
6125 * and public addresses here.
6127 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6128 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6129 ev.store_hint = 0x00;
6131 ev.store_hint = persistent;
6133 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6134 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
6135 ev.key.type = mgmt_ltk_type(key);
6136 ev.key.enc_size = key->enc_size;
6137 ev.key.ediv = key->ediv;
6138 ev.key.rand = key->rand;
6140 if (key->type == SMP_LTK)
6143 memcpy(ev.key.val, key->val, sizeof(key->val));
6145 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
6148 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6150 struct mgmt_ev_new_irk ev;
6152 memset(&ev, 0, sizeof(ev));
6154 /* For identity resolving keys from devices that are already
6155 * using a public address or static random address, do not
6156 * ask for storing this key. The identity resolving key really
6157 * is only mandatory for devices using resovlable random
6160 * Storing all identity resolving keys has the downside that
6161 * they will be also loaded on next boot of they system. More
6162 * identity resolving keys, means more time during scanning is
6163 * needed to actually resolve these addresses.
6165 if (bacmp(&irk->rpa, BDADDR_ANY))
6166 ev.store_hint = 0x01;
6168 ev.store_hint = 0x00;
6170 bacpy(&ev.rpa, &irk->rpa);
6171 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6172 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6173 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6175 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6178 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6181 struct mgmt_ev_new_csrk ev;
6183 memset(&ev, 0, sizeof(ev));
6185 /* Devices using resolvable or non-resolvable random addresses
6186 * without providing an indentity resolving key don't require
6187 * to store signature resolving keys. Their addresses will change
6188 * the next time around.
6190 * Only when a remote device provides an identity address
6191 * make sure the signature resolving key is stored. So allow
6192 * static random and public addresses here.
6194 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6195 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6196 ev.store_hint = 0x00;
6198 ev.store_hint = persistent;
6200 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6201 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6202 ev.key.master = csrk->master;
6203 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6205 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6208 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
6209 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6210 u16 max_interval, u16 latency, u16 timeout)
6212 struct mgmt_ev_new_conn_param ev;
6214 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6217 memset(&ev, 0, sizeof(ev));
6218 bacpy(&ev.addr.bdaddr, bdaddr);
6219 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
6220 ev.store_hint = store_hint;
6221 ev.min_interval = cpu_to_le16(min_interval);
6222 ev.max_interval = cpu_to_le16(max_interval);
6223 ev.latency = cpu_to_le16(latency);
6224 ev.timeout = cpu_to_le16(timeout);
6226 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6229 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6232 eir[eir_len++] = sizeof(type) + data_len;
6233 eir[eir_len++] = type;
6234 memcpy(&eir[eir_len], data, data_len);
6235 eir_len += data_len;
6240 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6241 u32 flags, u8 *name, u8 name_len)
6244 struct mgmt_ev_device_connected *ev = (void *) buf;
6247 bacpy(&ev->addr.bdaddr, &conn->dst);
6248 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6250 ev->flags = __cpu_to_le32(flags);
6252 /* We must ensure that the EIR Data fields are ordered and
6253 * unique. Keep it simple for now and avoid the problem by not
6254 * adding any BR/EDR data to the LE adv.
6256 if (conn->le_adv_data_len > 0) {
6257 memcpy(&ev->eir[eir_len],
6258 conn->le_adv_data, conn->le_adv_data_len);
6259 eir_len = conn->le_adv_data_len;
6262 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6265 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
6266 eir_len = eir_append_data(ev->eir, eir_len,
6268 conn->dev_class, 3);
6271 ev->eir_len = cpu_to_le16(eir_len);
6273 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6274 sizeof(*ev) + eir_len, NULL);
6277 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6279 struct mgmt_cp_disconnect *cp = cmd->param;
6280 struct sock **sk = data;
6281 struct mgmt_rp_disconnect rp;
6283 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6284 rp.addr.type = cp->addr.type;
6286 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
6292 mgmt_pending_remove(cmd);
6295 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
6297 struct hci_dev *hdev = data;
6298 struct mgmt_cp_unpair_device *cp = cmd->param;
6299 struct mgmt_rp_unpair_device rp;
6301 memset(&rp, 0, sizeof(rp));
6302 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6303 rp.addr.type = cp->addr.type;
6305 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6307 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
6309 mgmt_pending_remove(cmd);
6312 bool mgmt_powering_down(struct hci_dev *hdev)
6314 struct pending_cmd *cmd;
6315 struct mgmt_mode *cp;
6317 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6328 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
6329 u8 link_type, u8 addr_type, u8 reason,
6330 bool mgmt_connected)
6332 struct mgmt_ev_device_disconnected ev;
6333 struct sock *sk = NULL;
6335 /* The connection is still in hci_conn_hash so test for 1
6336 * instead of 0 to know if this is the last one.
6338 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6339 cancel_delayed_work(&hdev->power_off);
6340 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6343 if (!mgmt_connected)
6346 if (link_type != ACL_LINK && link_type != LE_LINK)
6349 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
6351 bacpy(&ev.addr.bdaddr, bdaddr);
6352 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6355 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
6360 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6364 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6365 u8 link_type, u8 addr_type, u8 status)
6367 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6368 struct mgmt_cp_disconnect *cp;
6369 struct mgmt_rp_disconnect rp;
6370 struct pending_cmd *cmd;
6372 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6375 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
6381 if (bacmp(bdaddr, &cp->addr.bdaddr))
6384 if (cp->addr.type != bdaddr_type)
6387 bacpy(&rp.addr.bdaddr, bdaddr);
6388 rp.addr.type = bdaddr_type;
6390 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6391 mgmt_status(status), &rp, sizeof(rp));
6393 mgmt_pending_remove(cmd);
6396 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6397 u8 addr_type, u8 status)
6399 struct mgmt_ev_connect_failed ev;
6401 /* The connection is still in hci_conn_hash so test for 1
6402 * instead of 0 to know if this is the last one.
6404 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6405 cancel_delayed_work(&hdev->power_off);
6406 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6409 bacpy(&ev.addr.bdaddr, bdaddr);
6410 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6411 ev.status = mgmt_status(status);
6413 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
6416 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
6418 struct mgmt_ev_pin_code_request ev;
6420 bacpy(&ev.addr.bdaddr, bdaddr);
6421 ev.addr.type = BDADDR_BREDR;
6424 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
6427 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6430 struct pending_cmd *cmd;
6431 struct mgmt_rp_pin_code_reply rp;
6433 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
6437 bacpy(&rp.addr.bdaddr, bdaddr);
6438 rp.addr.type = BDADDR_BREDR;
6440 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6441 mgmt_status(status), &rp, sizeof(rp));
6443 mgmt_pending_remove(cmd);
6446 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6449 struct pending_cmd *cmd;
6450 struct mgmt_rp_pin_code_reply rp;
6452 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
6456 bacpy(&rp.addr.bdaddr, bdaddr);
6457 rp.addr.type = BDADDR_BREDR;
6459 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6460 mgmt_status(status), &rp, sizeof(rp));
6462 mgmt_pending_remove(cmd);
6465 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
6466 u8 link_type, u8 addr_type, u32 value,
6469 struct mgmt_ev_user_confirm_request ev;
6471 BT_DBG("%s", hdev->name);
6473 bacpy(&ev.addr.bdaddr, bdaddr);
6474 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6475 ev.confirm_hint = confirm_hint;
6476 ev.value = cpu_to_le32(value);
6478 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
6482 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
6483 u8 link_type, u8 addr_type)
6485 struct mgmt_ev_user_passkey_request ev;
6487 BT_DBG("%s", hdev->name);
6489 bacpy(&ev.addr.bdaddr, bdaddr);
6490 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6492 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
6496 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6497 u8 link_type, u8 addr_type, u8 status,
6500 struct pending_cmd *cmd;
6501 struct mgmt_rp_user_confirm_reply rp;
6504 cmd = mgmt_pending_find(opcode, hdev);
6508 bacpy(&rp.addr.bdaddr, bdaddr);
6509 rp.addr.type = link_to_bdaddr(link_type, addr_type);
6510 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
6513 mgmt_pending_remove(cmd);
6518 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6519 u8 link_type, u8 addr_type, u8 status)
6521 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6522 status, MGMT_OP_USER_CONFIRM_REPLY);
6525 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6526 u8 link_type, u8 addr_type, u8 status)
6528 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6530 MGMT_OP_USER_CONFIRM_NEG_REPLY);
6533 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6534 u8 link_type, u8 addr_type, u8 status)
6536 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6537 status, MGMT_OP_USER_PASSKEY_REPLY);
6540 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6541 u8 link_type, u8 addr_type, u8 status)
6543 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6545 MGMT_OP_USER_PASSKEY_NEG_REPLY);
6548 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6549 u8 link_type, u8 addr_type, u32 passkey,
6552 struct mgmt_ev_passkey_notify ev;
6554 BT_DBG("%s", hdev->name);
6556 bacpy(&ev.addr.bdaddr, bdaddr);
6557 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6558 ev.passkey = __cpu_to_le32(passkey);
6559 ev.entered = entered;
6561 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6564 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
6566 struct mgmt_ev_auth_failed ev;
6567 struct pending_cmd *cmd;
6568 u8 status = mgmt_status(hci_status);
6570 bacpy(&ev.addr.bdaddr, &conn->dst);
6571 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6574 cmd = find_pairing(conn);
6576 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
6577 cmd ? cmd->sk : NULL);
6580 pairing_complete(cmd, status);
6583 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
6585 struct cmd_lookup match = { NULL, hdev };
6589 u8 mgmt_err = mgmt_status(status);
6590 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
6591 cmd_status_rsp, &mgmt_err);
6595 if (test_bit(HCI_AUTH, &hdev->flags))
6596 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6599 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6602 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
6606 new_settings(hdev, match.sk);
6612 static void clear_eir(struct hci_request *req)
6614 struct hci_dev *hdev = req->hdev;
6615 struct hci_cp_write_eir cp;
6617 if (!lmp_ext_inq_capable(hdev))
6620 memset(hdev->eir, 0, sizeof(hdev->eir));
6622 memset(&cp, 0, sizeof(cp));
6624 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
6627 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6629 struct cmd_lookup match = { NULL, hdev };
6630 struct hci_request req;
6631 bool changed = false;
6634 u8 mgmt_err = mgmt_status(status);
6636 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
6637 &hdev->dev_flags)) {
6638 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
6639 new_settings(hdev, NULL);
6642 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6648 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6650 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6652 changed = test_and_clear_bit(HCI_HS_ENABLED,
6655 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
6658 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6661 new_settings(hdev, match.sk);
6666 hci_req_init(&req, hdev);
6668 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6669 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6670 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6671 sizeof(enable), &enable);
6677 hci_req_run(&req, NULL);
6680 void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6682 struct cmd_lookup match = { NULL, hdev };
6683 bool changed = false;
6686 u8 mgmt_err = mgmt_status(status);
6689 if (test_and_clear_bit(HCI_SC_ENABLED,
6691 new_settings(hdev, NULL);
6692 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6695 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6696 cmd_status_rsp, &mgmt_err);
6701 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
6703 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
6704 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6707 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6708 settings_rsp, &match);
6711 new_settings(hdev, match.sk);
6717 static void sk_lookup(struct pending_cmd *cmd, void *data)
6719 struct cmd_lookup *match = data;
6721 if (match->sk == NULL) {
6722 match->sk = cmd->sk;
6723 sock_hold(match->sk);
6727 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6730 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
6732 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6733 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6734 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
6737 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6744 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
6746 struct mgmt_cp_set_local_name ev;
6747 struct pending_cmd *cmd;
6752 memset(&ev, 0, sizeof(ev));
6753 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
6754 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
6756 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
6758 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
6760 /* If this is a HCI command related to powering on the
6761 * HCI dev don't send any mgmt signals.
6763 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
6767 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6768 cmd ? cmd->sk : NULL);
6771 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6772 u8 *rand192, u8 *hash256, u8 *rand256,
6775 struct pending_cmd *cmd;
6777 BT_DBG("%s status %u", hdev->name, status);
6779 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
6784 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6785 mgmt_status(status));
6787 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6788 hash256 && rand256) {
6789 struct mgmt_rp_read_local_oob_ext_data rp;
6791 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6792 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
6794 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6795 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
6797 cmd_complete(cmd->sk, hdev->id,
6798 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6801 struct mgmt_rp_read_local_oob_data rp;
6803 memcpy(rp.hash, hash192, sizeof(rp.hash));
6804 memcpy(rp.rand, rand192, sizeof(rp.rand));
6806 cmd_complete(cmd->sk, hdev->id,
6807 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6812 mgmt_pending_remove(cmd);
6815 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6816 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6817 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
6820 struct mgmt_ev_device_found *ev = (void *) buf;
6823 /* Don't send events for a non-kernel initiated discovery. With
6824 * LE one exception is if we have pend_le_reports > 0 in which
6825 * case we're doing passive scanning and want these events.
6827 if (!hci_discovery_active(hdev)) {
6828 if (link_type == ACL_LINK)
6830 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
6834 /* Make sure that the buffer is big enough. The 5 extra bytes
6835 * are for the potential CoD field.
6837 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
6840 memset(buf, 0, sizeof(buf));
6842 bacpy(&ev->addr.bdaddr, bdaddr);
6843 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6845 ev->flags = cpu_to_le32(flags);
6848 memcpy(ev->eir, eir, eir_len);
6850 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6851 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
6854 if (scan_rsp_len > 0)
6855 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6857 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6858 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
6860 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
6863 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6864 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
6866 struct mgmt_ev_device_found *ev;
6867 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6870 ev = (struct mgmt_ev_device_found *) buf;
6872 memset(buf, 0, sizeof(buf));
6874 bacpy(&ev->addr.bdaddr, bdaddr);
6875 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6878 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
6881 ev->eir_len = cpu_to_le16(eir_len);
6883 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
6886 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
6888 struct mgmt_ev_discovering ev;
6889 struct pending_cmd *cmd;
6891 BT_DBG("%s discovering %u", hdev->name, discovering);
6894 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
6896 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
6899 u8 type = hdev->discovery.type;
6901 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6903 mgmt_pending_remove(cmd);
6906 memset(&ev, 0, sizeof(ev));
6907 ev.type = hdev->discovery.type;
6908 ev.discovering = discovering;
6910 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
6913 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6915 BT_DBG("%s status %u", hdev->name, status);
6918 void mgmt_reenable_advertising(struct hci_dev *hdev)
6920 struct hci_request req;
6922 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6925 hci_req_init(&req, hdev);
6926 enable_advertising(&req);
6927 hci_req_run(&req, adv_enable_complete);
projects / cascardo / linux.git / blob