2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
33 #include <net/bluetooth/mgmt.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 7
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
79 MGMT_OP_SET_ADVERTISING,
81 MGMT_OP_SET_STATIC_ADDRESS,
82 MGMT_OP_SET_SCAN_PARAMS,
83 MGMT_OP_SET_SECURE_CONN,
84 MGMT_OP_SET_DEBUG_KEYS,
87 MGMT_OP_GET_CONN_INFO,
88 MGMT_OP_GET_CLOCK_INFO,
90 MGMT_OP_REMOVE_DEVICE,
91 MGMT_OP_LOAD_CONN_PARAM,
92 MGMT_OP_READ_UNCONF_INDEX_LIST,
93 MGMT_OP_READ_CONFIG_INFO,
94 MGMT_OP_SET_EXTERNAL_CONFIG,
95 MGMT_OP_SET_PUBLIC_ADDRESS,
98 static const u16 mgmt_events[] = {
99 MGMT_EV_CONTROLLER_ERROR,
101 MGMT_EV_INDEX_REMOVED,
102 MGMT_EV_NEW_SETTINGS,
103 MGMT_EV_CLASS_OF_DEV_CHANGED,
104 MGMT_EV_LOCAL_NAME_CHANGED,
105 MGMT_EV_NEW_LINK_KEY,
106 MGMT_EV_NEW_LONG_TERM_KEY,
107 MGMT_EV_DEVICE_CONNECTED,
108 MGMT_EV_DEVICE_DISCONNECTED,
109 MGMT_EV_CONNECT_FAILED,
110 MGMT_EV_PIN_CODE_REQUEST,
111 MGMT_EV_USER_CONFIRM_REQUEST,
112 MGMT_EV_USER_PASSKEY_REQUEST,
114 MGMT_EV_DEVICE_FOUND,
116 MGMT_EV_DEVICE_BLOCKED,
117 MGMT_EV_DEVICE_UNBLOCKED,
118 MGMT_EV_DEVICE_UNPAIRED,
119 MGMT_EV_PASSKEY_NOTIFY,
122 MGMT_EV_DEVICE_ADDED,
123 MGMT_EV_DEVICE_REMOVED,
124 MGMT_EV_NEW_CONN_PARAM,
125 MGMT_EV_UNCONF_INDEX_ADDED,
126 MGMT_EV_UNCONF_INDEX_REMOVED,
127 MGMT_EV_NEW_CONFIG_OPTIONS,
130 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
133 struct list_head list;
141 /* HCI to MGMT error code conversion table */
142 static u8 mgmt_status_table[] = {
144 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
145 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
146 MGMT_STATUS_FAILED, /* Hardware Failure */
147 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
148 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
149 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
150 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
151 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
152 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
153 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
154 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
155 MGMT_STATUS_BUSY, /* Command Disallowed */
156 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
157 MGMT_STATUS_REJECTED, /* Rejected Security */
158 MGMT_STATUS_REJECTED, /* Rejected Personal */
159 MGMT_STATUS_TIMEOUT, /* Host Timeout */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
161 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
162 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
163 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
164 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
165 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
166 MGMT_STATUS_BUSY, /* Repeated Attempts */
167 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
168 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
169 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
170 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
171 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
172 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
173 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
174 MGMT_STATUS_FAILED, /* Unspecified Error */
175 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
176 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
177 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
178 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
179 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
180 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
181 MGMT_STATUS_FAILED, /* Unit Link Key Used */
182 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
183 MGMT_STATUS_TIMEOUT, /* Instant Passed */
184 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
185 MGMT_STATUS_FAILED, /* Transaction Collision */
186 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
187 MGMT_STATUS_REJECTED, /* QoS Rejected */
188 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
189 MGMT_STATUS_REJECTED, /* Insufficient Security */
190 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
191 MGMT_STATUS_BUSY, /* Role Switch Pending */
192 MGMT_STATUS_FAILED, /* Slot Violation */
193 MGMT_STATUS_FAILED, /* Role Switch Failed */
194 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
195 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
196 MGMT_STATUS_BUSY, /* Host Busy Pairing */
197 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
198 MGMT_STATUS_BUSY, /* Controller Busy */
199 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
200 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
201 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
202 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
203 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
206 static u8 mgmt_status(u8 hci_status)
208 if (hci_status < ARRAY_SIZE(mgmt_status_table))
209 return mgmt_status_table[hci_status];
211 return MGMT_STATUS_FAILED;
214 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
215 struct sock *skip_sk)
218 struct mgmt_hdr *hdr;
220 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
224 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = cpu_to_le16(event);
227 hdr->index = cpu_to_le16(hdev->id);
229 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
230 hdr->len = cpu_to_le16(data_len);
233 memcpy(skb_put(skb, data_len), data, data_len);
236 __net_timestamp(skb);
238 hci_send_to_control(skb, skip_sk);
244 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
247 struct mgmt_hdr *hdr;
248 struct mgmt_ev_cmd_status *ev;
251 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
253 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
257 hdr = (void *) skb_put(skb, sizeof(*hdr));
259 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
260 hdr->index = cpu_to_le16(index);
261 hdr->len = cpu_to_le16(sizeof(*ev));
263 ev = (void *) skb_put(skb, sizeof(*ev));
265 ev->opcode = cpu_to_le16(cmd);
267 err = sock_queue_rcv_skb(sk, skb);
274 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
275 void *rp, size_t rp_len)
278 struct mgmt_hdr *hdr;
279 struct mgmt_ev_cmd_complete *ev;
282 BT_DBG("sock %p", sk);
284 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
288 hdr = (void *) skb_put(skb, sizeof(*hdr));
290 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
291 hdr->index = cpu_to_le16(index);
292 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
294 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
295 ev->opcode = cpu_to_le16(cmd);
299 memcpy(ev->data, rp, rp_len);
301 err = sock_queue_rcv_skb(sk, skb);
308 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
311 struct mgmt_rp_read_version rp;
313 BT_DBG("sock %p", sk);
315 rp.version = MGMT_VERSION;
316 rp.revision = cpu_to_le16(MGMT_REVISION);
318 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
322 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
325 struct mgmt_rp_read_commands *rp;
326 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
327 const u16 num_events = ARRAY_SIZE(mgmt_events);
332 BT_DBG("sock %p", sk);
334 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
336 rp = kmalloc(rp_size, GFP_KERNEL);
340 rp->num_commands = cpu_to_le16(num_commands);
341 rp->num_events = cpu_to_le16(num_events);
343 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
344 put_unaligned_le16(mgmt_commands[i], opcode);
346 for (i = 0; i < num_events; i++, opcode++)
347 put_unaligned_le16(mgmt_events[i], opcode);
349 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
356 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
359 struct mgmt_rp_read_index_list *rp;
365 BT_DBG("sock %p", sk);
367 read_lock(&hci_dev_list_lock);
370 list_for_each_entry(d, &hci_dev_list, list) {
371 if (d->dev_type == HCI_BREDR &&
372 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
376 rp_len = sizeof(*rp) + (2 * count);
377 rp = kmalloc(rp_len, GFP_ATOMIC);
379 read_unlock(&hci_dev_list_lock);
384 list_for_each_entry(d, &hci_dev_list, list) {
385 if (test_bit(HCI_SETUP, &d->dev_flags) ||
386 test_bit(HCI_CONFIG, &d->dev_flags) ||
387 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
390 /* Devices marked as raw-only are neither configured
391 * nor unconfigured controllers.
393 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
396 if (d->dev_type == HCI_BREDR &&
397 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
398 rp->index[count++] = cpu_to_le16(d->id);
399 BT_DBG("Added hci%u", d->id);
403 rp->num_controllers = cpu_to_le16(count);
404 rp_len = sizeof(*rp) + (2 * count);
406 read_unlock(&hci_dev_list_lock);
408 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
416 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
417 void *data, u16 data_len)
419 struct mgmt_rp_read_unconf_index_list *rp;
425 BT_DBG("sock %p", sk);
427 read_lock(&hci_dev_list_lock);
430 list_for_each_entry(d, &hci_dev_list, list) {
431 if (d->dev_type == HCI_BREDR &&
432 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
436 rp_len = sizeof(*rp) + (2 * count);
437 rp = kmalloc(rp_len, GFP_ATOMIC);
439 read_unlock(&hci_dev_list_lock);
444 list_for_each_entry(d, &hci_dev_list, list) {
445 if (test_bit(HCI_SETUP, &d->dev_flags) ||
446 test_bit(HCI_CONFIG, &d->dev_flags) ||
447 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
450 /* Devices marked as raw-only are neither configured
451 * nor unconfigured controllers.
453 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
456 if (d->dev_type == HCI_BREDR &&
457 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
458 rp->index[count++] = cpu_to_le16(d->id);
459 BT_DBG("Added hci%u", d->id);
463 rp->num_controllers = cpu_to_le16(count);
464 rp_len = sizeof(*rp) + (2 * count);
466 read_unlock(&hci_dev_list_lock);
468 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
476 static bool is_configured(struct hci_dev *hdev)
478 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
479 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
482 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
483 !bacmp(&hdev->public_addr, BDADDR_ANY))
489 static __le32 get_missing_options(struct hci_dev *hdev)
493 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
494 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
495 options |= MGMT_OPTION_EXTERNAL_CONFIG;
497 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
498 !bacmp(&hdev->public_addr, BDADDR_ANY))
499 options |= MGMT_OPTION_PUBLIC_ADDRESS;
501 return cpu_to_le32(options);
504 static int new_options(struct hci_dev *hdev, struct sock *skip)
506 __le32 options = get_missing_options(hdev);
508 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
509 sizeof(options), skip);
512 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
514 __le32 options = get_missing_options(hdev);
516 return cmd_complete(sk, hdev->id, opcode, 0, &options,
520 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
521 void *data, u16 data_len)
523 struct mgmt_rp_read_config_info rp;
526 BT_DBG("sock %p %s", sk, hdev->name);
530 memset(&rp, 0, sizeof(rp));
531 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
533 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
534 options |= MGMT_OPTION_EXTERNAL_CONFIG;
536 if (hdev->set_bdaddr)
537 options |= MGMT_OPTION_PUBLIC_ADDRESS;
539 rp.supported_options = cpu_to_le32(options);
540 rp.missing_options = get_missing_options(hdev);
542 hci_dev_unlock(hdev);
544 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
548 static u32 get_supported_settings(struct hci_dev *hdev)
552 settings |= MGMT_SETTING_POWERED;
553 settings |= MGMT_SETTING_BONDABLE;
554 settings |= MGMT_SETTING_DEBUG_KEYS;
555 settings |= MGMT_SETTING_CONNECTABLE;
556 settings |= MGMT_SETTING_DISCOVERABLE;
558 if (lmp_bredr_capable(hdev)) {
559 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
560 settings |= MGMT_SETTING_FAST_CONNECTABLE;
561 settings |= MGMT_SETTING_BREDR;
562 settings |= MGMT_SETTING_LINK_SECURITY;
564 if (lmp_ssp_capable(hdev)) {
565 settings |= MGMT_SETTING_SSP;
566 settings |= MGMT_SETTING_HS;
569 if (lmp_sc_capable(hdev) ||
570 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
571 settings |= MGMT_SETTING_SECURE_CONN;
574 if (lmp_le_capable(hdev)) {
575 settings |= MGMT_SETTING_LE;
576 settings |= MGMT_SETTING_ADVERTISING;
577 settings |= MGMT_SETTING_PRIVACY;
580 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
582 settings |= MGMT_SETTING_CONFIGURATION;
587 static u32 get_current_settings(struct hci_dev *hdev)
591 if (hdev_is_powered(hdev))
592 settings |= MGMT_SETTING_POWERED;
594 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
595 settings |= MGMT_SETTING_CONNECTABLE;
597 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
598 settings |= MGMT_SETTING_FAST_CONNECTABLE;
600 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
601 settings |= MGMT_SETTING_DISCOVERABLE;
603 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
604 settings |= MGMT_SETTING_BONDABLE;
606 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
607 settings |= MGMT_SETTING_BREDR;
609 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
610 settings |= MGMT_SETTING_LE;
612 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
613 settings |= MGMT_SETTING_LINK_SECURITY;
615 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
616 settings |= MGMT_SETTING_SSP;
618 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
619 settings |= MGMT_SETTING_HS;
621 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
622 settings |= MGMT_SETTING_ADVERTISING;
624 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
625 settings |= MGMT_SETTING_SECURE_CONN;
627 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
628 settings |= MGMT_SETTING_DEBUG_KEYS;
630 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
631 settings |= MGMT_SETTING_PRIVACY;
636 #define PNP_INFO_SVCLASS_ID 0x1200
638 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
640 u8 *ptr = data, *uuids_start = NULL;
641 struct bt_uuid *uuid;
646 list_for_each_entry(uuid, &hdev->uuids, list) {
649 if (uuid->size != 16)
652 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
656 if (uuid16 == PNP_INFO_SVCLASS_ID)
662 uuids_start[1] = EIR_UUID16_ALL;
666 /* Stop if not enough space to put next UUID */
667 if ((ptr - data) + sizeof(u16) > len) {
668 uuids_start[1] = EIR_UUID16_SOME;
672 *ptr++ = (uuid16 & 0x00ff);
673 *ptr++ = (uuid16 & 0xff00) >> 8;
674 uuids_start[0] += sizeof(uuid16);
680 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
682 u8 *ptr = data, *uuids_start = NULL;
683 struct bt_uuid *uuid;
688 list_for_each_entry(uuid, &hdev->uuids, list) {
689 if (uuid->size != 32)
695 uuids_start[1] = EIR_UUID32_ALL;
699 /* Stop if not enough space to put next UUID */
700 if ((ptr - data) + sizeof(u32) > len) {
701 uuids_start[1] = EIR_UUID32_SOME;
705 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
707 uuids_start[0] += sizeof(u32);
713 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
715 u8 *ptr = data, *uuids_start = NULL;
716 struct bt_uuid *uuid;
721 list_for_each_entry(uuid, &hdev->uuids, list) {
722 if (uuid->size != 128)
728 uuids_start[1] = EIR_UUID128_ALL;
732 /* Stop if not enough space to put next UUID */
733 if ((ptr - data) + 16 > len) {
734 uuids_start[1] = EIR_UUID128_SOME;
738 memcpy(ptr, uuid->uuid, 16);
740 uuids_start[0] += 16;
746 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
748 struct pending_cmd *cmd;
750 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
751 if (cmd->opcode == opcode)
758 static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
759 struct hci_dev *hdev,
762 struct pending_cmd *cmd;
764 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
765 if (cmd->user_data != data)
767 if (cmd->opcode == opcode)
774 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
779 name_len = strlen(hdev->dev_name);
781 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
783 if (name_len > max_len) {
785 ptr[1] = EIR_NAME_SHORT;
787 ptr[1] = EIR_NAME_COMPLETE;
789 ptr[0] = name_len + 1;
791 memcpy(ptr + 2, hdev->dev_name, name_len);
793 ad_len += (name_len + 2);
794 ptr += (name_len + 2);
800 static void update_scan_rsp_data(struct hci_request *req)
802 struct hci_dev *hdev = req->hdev;
803 struct hci_cp_le_set_scan_rsp_data cp;
806 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
809 memset(&cp, 0, sizeof(cp));
811 len = create_scan_rsp_data(hdev, cp.data);
813 if (hdev->scan_rsp_data_len == len &&
814 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
817 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
818 hdev->scan_rsp_data_len = len;
822 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
825 static u8 get_adv_discov_flags(struct hci_dev *hdev)
827 struct pending_cmd *cmd;
829 /* If there's a pending mgmt command the flags will not yet have
830 * their final values, so check for this first.
832 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
834 struct mgmt_mode *cp = cmd->param;
836 return LE_AD_GENERAL;
837 else if (cp->val == 0x02)
838 return LE_AD_LIMITED;
840 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
841 return LE_AD_LIMITED;
842 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
843 return LE_AD_GENERAL;
849 static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
851 u8 ad_len = 0, flags = 0;
853 flags |= get_adv_discov_flags(hdev);
855 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
856 flags |= LE_AD_NO_BREDR;
859 BT_DBG("adv flags 0x%02x", flags);
869 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
871 ptr[1] = EIR_TX_POWER;
872 ptr[2] = (u8) hdev->adv_tx_power;
881 static void update_adv_data(struct hci_request *req)
883 struct hci_dev *hdev = req->hdev;
884 struct hci_cp_le_set_adv_data cp;
887 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
890 memset(&cp, 0, sizeof(cp));
892 len = create_adv_data(hdev, cp.data);
894 if (hdev->adv_data_len == len &&
895 memcmp(cp.data, hdev->adv_data, len) == 0)
898 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
899 hdev->adv_data_len = len;
903 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
906 int mgmt_update_adv_data(struct hci_dev *hdev)
908 struct hci_request req;
910 hci_req_init(&req, hdev);
911 update_adv_data(&req);
913 return hci_req_run(&req, NULL);
916 static void create_eir(struct hci_dev *hdev, u8 *data)
921 name_len = strlen(hdev->dev_name);
927 ptr[1] = EIR_NAME_SHORT;
929 ptr[1] = EIR_NAME_COMPLETE;
931 /* EIR Data length */
932 ptr[0] = name_len + 1;
934 memcpy(ptr + 2, hdev->dev_name, name_len);
936 ptr += (name_len + 2);
939 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
941 ptr[1] = EIR_TX_POWER;
942 ptr[2] = (u8) hdev->inq_tx_power;
947 if (hdev->devid_source > 0) {
949 ptr[1] = EIR_DEVICE_ID;
951 put_unaligned_le16(hdev->devid_source, ptr + 2);
952 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
953 put_unaligned_le16(hdev->devid_product, ptr + 6);
954 put_unaligned_le16(hdev->devid_version, ptr + 8);
959 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
960 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
961 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
964 static void update_eir(struct hci_request *req)
966 struct hci_dev *hdev = req->hdev;
967 struct hci_cp_write_eir cp;
969 if (!hdev_is_powered(hdev))
972 if (!lmp_ext_inq_capable(hdev))
975 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
978 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
981 memset(&cp, 0, sizeof(cp));
983 create_eir(hdev, cp.data);
985 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
988 memcpy(hdev->eir, cp.data, sizeof(cp.data));
990 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
993 static u8 get_service_classes(struct hci_dev *hdev)
995 struct bt_uuid *uuid;
998 list_for_each_entry(uuid, &hdev->uuids, list)
999 val |= uuid->svc_hint;
1004 static void update_class(struct hci_request *req)
1006 struct hci_dev *hdev = req->hdev;
1009 BT_DBG("%s", hdev->name);
1011 if (!hdev_is_powered(hdev))
1014 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1017 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1020 cod[0] = hdev->minor_class;
1021 cod[1] = hdev->major_class;
1022 cod[2] = get_service_classes(hdev);
1024 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1027 if (memcmp(cod, hdev->dev_class, 3) == 0)
1030 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1033 static bool get_connectable(struct hci_dev *hdev)
1035 struct pending_cmd *cmd;
1037 /* If there's a pending mgmt command the flag will not yet have
1038 * it's final value, so check for this first.
1040 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1042 struct mgmt_mode *cp = cmd->param;
1046 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1049 static void disable_advertising(struct hci_request *req)
1053 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1056 static void enable_advertising(struct hci_request *req)
1058 struct hci_dev *hdev = req->hdev;
1059 struct hci_cp_le_set_adv_param cp;
1060 u8 own_addr_type, enable = 0x01;
1063 if (hci_conn_num(hdev, LE_LINK) > 0)
1066 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1067 disable_advertising(req);
1069 /* Clear the HCI_LE_ADV bit temporarily so that the
1070 * hci_update_random_address knows that it's safe to go ahead
1071 * and write a new random address. The flag will be set back on
1072 * as soon as the SET_ADV_ENABLE HCI command completes.
1074 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
1076 connectable = get_connectable(hdev);
1078 /* Set require_privacy to true only when non-connectable
1079 * advertising is used. In that case it is fine to use a
1080 * non-resolvable private address.
1082 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1085 memset(&cp, 0, sizeof(cp));
1086 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1087 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1088 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1089 cp.own_address_type = own_addr_type;
1090 cp.channel_map = hdev->le_adv_channel_map;
1092 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1094 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1097 static void service_cache_off(struct work_struct *work)
1099 struct hci_dev *hdev = container_of(work, struct hci_dev,
1100 service_cache.work);
1101 struct hci_request req;
1103 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1106 hci_req_init(&req, hdev);
1113 hci_dev_unlock(hdev);
1115 hci_req_run(&req, NULL);
1118 static void rpa_expired(struct work_struct *work)
1120 struct hci_dev *hdev = container_of(work, struct hci_dev,
1122 struct hci_request req;
1126 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1128 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1131 /* The generation of a new RPA and programming it into the
1132 * controller happens in the enable_advertising() function.
1134 hci_req_init(&req, hdev);
1135 enable_advertising(&req);
1136 hci_req_run(&req, NULL);
1139 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1141 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
1144 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1145 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1147 /* Non-mgmt controlled devices get this bit set
1148 * implicitly so that pairing works for them, however
1149 * for mgmt we require user-space to explicitly enable
1152 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1155 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1156 void *data, u16 data_len)
1158 struct mgmt_rp_read_info rp;
1160 BT_DBG("sock %p %s", sk, hdev->name);
1164 memset(&rp, 0, sizeof(rp));
1166 bacpy(&rp.bdaddr, &hdev->bdaddr);
1168 rp.version = hdev->hci_ver;
1169 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1171 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1172 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1174 memcpy(rp.dev_class, hdev->dev_class, 3);
1176 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1177 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1179 hci_dev_unlock(hdev);
1181 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1185 static void mgmt_pending_free(struct pending_cmd *cmd)
1192 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1193 struct hci_dev *hdev, void *data,
1196 struct pending_cmd *cmd;
1198 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1202 cmd->opcode = opcode;
1203 cmd->index = hdev->id;
1205 cmd->param = kmalloc(len, GFP_KERNEL);
1212 memcpy(cmd->param, data, len);
1217 list_add(&cmd->list, &hdev->mgmt_pending);
1222 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
1223 void (*cb)(struct pending_cmd *cmd,
1227 struct pending_cmd *cmd, *tmp;
1229 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
1230 if (opcode > 0 && cmd->opcode != opcode)
1237 static void mgmt_pending_remove(struct pending_cmd *cmd)
1239 list_del(&cmd->list);
1240 mgmt_pending_free(cmd);
1243 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1245 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1247 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
1251 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1253 BT_DBG("%s status 0x%02x", hdev->name, status);
1255 if (hci_conn_count(hdev) == 0) {
1256 cancel_delayed_work(&hdev->power_off);
1257 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1261 static bool hci_stop_discovery(struct hci_request *req)
1263 struct hci_dev *hdev = req->hdev;
1264 struct hci_cp_remote_name_req_cancel cp;
1265 struct inquiry_entry *e;
1267 switch (hdev->discovery.state) {
1268 case DISCOVERY_FINDING:
1269 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1270 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1272 cancel_delayed_work(&hdev->le_scan_disable);
1273 hci_req_add_le_scan_disable(req);
1278 case DISCOVERY_RESOLVING:
1279 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1284 bacpy(&cp.bdaddr, &e->data.bdaddr);
1285 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1291 /* Passive scanning */
1292 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
1293 hci_req_add_le_scan_disable(req);
1303 static int clean_up_hci_state(struct hci_dev *hdev)
1305 struct hci_request req;
1306 struct hci_conn *conn;
1307 bool discov_stopped;
1310 hci_req_init(&req, hdev);
1312 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1313 test_bit(HCI_PSCAN, &hdev->flags)) {
1315 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1318 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1319 disable_advertising(&req);
1321 discov_stopped = hci_stop_discovery(&req);
1323 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1324 struct hci_cp_disconnect dc;
1325 struct hci_cp_reject_conn_req rej;
1327 switch (conn->state) {
1330 dc.handle = cpu_to_le16(conn->handle);
1331 dc.reason = 0x15; /* Terminated due to Power Off */
1332 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1335 if (conn->type == LE_LINK)
1336 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1338 else if (conn->type == ACL_LINK)
1339 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1343 bacpy(&rej.bdaddr, &conn->dst);
1344 rej.reason = 0x15; /* Terminated due to Power Off */
1345 if (conn->type == ACL_LINK)
1346 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1348 else if (conn->type == SCO_LINK)
1349 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1355 err = hci_req_run(&req, clean_up_hci_complete);
1356 if (!err && discov_stopped)
1357 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1362 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1365 struct mgmt_mode *cp = data;
1366 struct pending_cmd *cmd;
1369 BT_DBG("request for %s", hdev->name);
1371 if (cp->val != 0x00 && cp->val != 0x01)
1372 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1373 MGMT_STATUS_INVALID_PARAMS);
1377 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1378 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1383 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1384 cancel_delayed_work(&hdev->power_off);
1387 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1389 err = mgmt_powered(hdev, 1);
1394 if (!!cp->val == hdev_is_powered(hdev)) {
1395 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1399 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1406 queue_work(hdev->req_workqueue, &hdev->power_on);
1409 /* Disconnect connections, stop scans, etc */
1410 err = clean_up_hci_state(hdev);
1412 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1413 HCI_POWER_OFF_TIMEOUT);
1415 /* ENODATA means there were no HCI commands queued */
1416 if (err == -ENODATA) {
1417 cancel_delayed_work(&hdev->power_off);
1418 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1424 hci_dev_unlock(hdev);
1428 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1432 ev = cpu_to_le32(get_current_settings(hdev));
1434 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1437 int mgmt_new_settings(struct hci_dev *hdev)
1439 return new_settings(hdev, NULL);
1444 struct hci_dev *hdev;
1448 static void settings_rsp(struct pending_cmd *cmd, void *data)
1450 struct cmd_lookup *match = data;
1452 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1454 list_del(&cmd->list);
1456 if (match->sk == NULL) {
1457 match->sk = cmd->sk;
1458 sock_hold(match->sk);
1461 mgmt_pending_free(cmd);
1464 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1468 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1469 mgmt_pending_remove(cmd);
1472 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1474 if (!lmp_bredr_capable(hdev))
1475 return MGMT_STATUS_NOT_SUPPORTED;
1476 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1477 return MGMT_STATUS_REJECTED;
1479 return MGMT_STATUS_SUCCESS;
1482 static u8 mgmt_le_support(struct hci_dev *hdev)
1484 if (!lmp_le_capable(hdev))
1485 return MGMT_STATUS_NOT_SUPPORTED;
1486 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1487 return MGMT_STATUS_REJECTED;
1489 return MGMT_STATUS_SUCCESS;
1492 static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1494 struct pending_cmd *cmd;
1495 struct mgmt_mode *cp;
1496 struct hci_request req;
1499 BT_DBG("status 0x%02x", status);
1503 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1508 u8 mgmt_err = mgmt_status(status);
1509 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1510 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1516 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1519 if (hdev->discov_timeout > 0) {
1520 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1521 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1525 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1529 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1532 new_settings(hdev, cmd->sk);
1534 /* When the discoverable mode gets changed, make sure
1535 * that class of device has the limited discoverable
1536 * bit correctly set. Also update page scan based on whitelist
1539 hci_req_init(&req, hdev);
1540 hci_update_page_scan(hdev, &req);
1542 hci_req_run(&req, NULL);
1545 mgmt_pending_remove(cmd);
1548 hci_dev_unlock(hdev);
1551 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1554 struct mgmt_cp_set_discoverable *cp = data;
1555 struct pending_cmd *cmd;
1556 struct hci_request req;
1561 BT_DBG("request for %s", hdev->name);
1563 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1564 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1565 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1566 MGMT_STATUS_REJECTED);
1568 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1569 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1570 MGMT_STATUS_INVALID_PARAMS);
1572 timeout = __le16_to_cpu(cp->timeout);
1574 /* Disabling discoverable requires that no timeout is set,
1575 * and enabling limited discoverable requires a timeout.
1577 if ((cp->val == 0x00 && timeout > 0) ||
1578 (cp->val == 0x02 && timeout == 0))
1579 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1580 MGMT_STATUS_INVALID_PARAMS);
1584 if (!hdev_is_powered(hdev) && timeout > 0) {
1585 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1586 MGMT_STATUS_NOT_POWERED);
1590 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1591 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1592 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1597 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1598 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1599 MGMT_STATUS_REJECTED);
1603 if (!hdev_is_powered(hdev)) {
1604 bool changed = false;
1606 /* Setting limited discoverable when powered off is
1607 * not a valid operation since it requires a timeout
1608 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1610 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1611 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1615 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1620 err = new_settings(hdev, sk);
1625 /* If the current mode is the same, then just update the timeout
1626 * value with the new value. And if only the timeout gets updated,
1627 * then no need for any HCI transactions.
1629 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1630 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1631 &hdev->dev_flags)) {
1632 cancel_delayed_work(&hdev->discov_off);
1633 hdev->discov_timeout = timeout;
1635 if (cp->val && hdev->discov_timeout > 0) {
1636 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1637 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1641 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1645 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1651 /* Cancel any potential discoverable timeout that might be
1652 * still active and store new timeout value. The arming of
1653 * the timeout happens in the complete handler.
1655 cancel_delayed_work(&hdev->discov_off);
1656 hdev->discov_timeout = timeout;
1658 /* Limited discoverable mode */
1659 if (cp->val == 0x02)
1660 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1662 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1664 hci_req_init(&req, hdev);
1666 /* The procedure for LE-only controllers is much simpler - just
1667 * update the advertising data.
1669 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1675 struct hci_cp_write_current_iac_lap hci_cp;
1677 if (cp->val == 0x02) {
1678 /* Limited discoverable mode */
1679 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1680 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1681 hci_cp.iac_lap[1] = 0x8b;
1682 hci_cp.iac_lap[2] = 0x9e;
1683 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1684 hci_cp.iac_lap[4] = 0x8b;
1685 hci_cp.iac_lap[5] = 0x9e;
1687 /* General discoverable mode */
1689 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1690 hci_cp.iac_lap[1] = 0x8b;
1691 hci_cp.iac_lap[2] = 0x9e;
1694 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1695 (hci_cp.num_iac * 3) + 1, &hci_cp);
1697 scan |= SCAN_INQUIRY;
1699 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1702 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1705 update_adv_data(&req);
1707 err = hci_req_run(&req, set_discoverable_complete);
1709 mgmt_pending_remove(cmd);
1712 hci_dev_unlock(hdev);
1716 static void write_fast_connectable(struct hci_request *req, bool enable)
1718 struct hci_dev *hdev = req->hdev;
1719 struct hci_cp_write_page_scan_activity acp;
1722 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1725 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1729 type = PAGE_SCAN_TYPE_INTERLACED;
1731 /* 160 msec page scan interval */
1732 acp.interval = cpu_to_le16(0x0100);
1734 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1736 /* default 1.28 sec page scan */
1737 acp.interval = cpu_to_le16(0x0800);
1740 acp.window = cpu_to_le16(0x0012);
1742 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1743 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1744 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1747 if (hdev->page_scan_type != type)
1748 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1751 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1753 struct pending_cmd *cmd;
1754 struct mgmt_mode *cp;
1755 bool conn_changed, discov_changed;
1757 BT_DBG("status 0x%02x", status);
1761 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1766 u8 mgmt_err = mgmt_status(status);
1767 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1773 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1775 discov_changed = false;
1777 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1779 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1783 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1785 if (conn_changed || discov_changed) {
1786 new_settings(hdev, cmd->sk);
1787 hci_update_page_scan(hdev, NULL);
1789 mgmt_update_adv_data(hdev);
1790 hci_update_background_scan(hdev);
1794 mgmt_pending_remove(cmd);
1797 hci_dev_unlock(hdev);
1800 static int set_connectable_update_settings(struct hci_dev *hdev,
1801 struct sock *sk, u8 val)
1803 bool changed = false;
1806 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1810 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1812 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1813 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1816 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1821 hci_update_page_scan(hdev, NULL);
1822 hci_update_background_scan(hdev);
1823 return new_settings(hdev, sk);
1829 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1832 struct mgmt_mode *cp = data;
1833 struct pending_cmd *cmd;
1834 struct hci_request req;
1838 BT_DBG("request for %s", hdev->name);
1840 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1841 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1842 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1843 MGMT_STATUS_REJECTED);
1845 if (cp->val != 0x00 && cp->val != 0x01)
1846 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1847 MGMT_STATUS_INVALID_PARAMS);
1851 if (!hdev_is_powered(hdev)) {
1852 err = set_connectable_update_settings(hdev, sk, cp->val);
1856 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1857 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1858 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1863 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1869 hci_req_init(&req, hdev);
1871 /* If BR/EDR is not enabled and we disable advertising as a
1872 * by-product of disabling connectable, we need to update the
1873 * advertising flags.
1875 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1877 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1878 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1880 update_adv_data(&req);
1881 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1885 /* If we don't have any whitelist entries just
1886 * disable all scanning. If there are entries
1887 * and we had both page and inquiry scanning
1888 * enabled then fall back to only page scanning.
1889 * Otherwise no changes are needed.
1891 if (list_empty(&hdev->whitelist))
1892 scan = SCAN_DISABLED;
1893 else if (test_bit(HCI_ISCAN, &hdev->flags))
1896 goto no_scan_update;
1898 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1899 hdev->discov_timeout > 0)
1900 cancel_delayed_work(&hdev->discov_off);
1903 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1907 /* If we're going from non-connectable to connectable or
1908 * vice-versa when fast connectable is enabled ensure that fast
1909 * connectable gets disabled. write_fast_connectable won't do
1910 * anything if the page scan parameters are already what they
1913 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1914 write_fast_connectable(&req, false);
1916 /* Update the advertising parameters if necessary */
1917 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1918 enable_advertising(&req);
1920 err = hci_req_run(&req, set_connectable_complete);
1922 mgmt_pending_remove(cmd);
1923 if (err == -ENODATA)
1924 err = set_connectable_update_settings(hdev, sk,
1930 hci_dev_unlock(hdev);
1934 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1937 struct mgmt_mode *cp = data;
1941 BT_DBG("request for %s", hdev->name);
1943 if (cp->val != 0x00 && cp->val != 0x01)
1944 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1945 MGMT_STATUS_INVALID_PARAMS);
1950 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
1952 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1954 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1959 err = new_settings(hdev, sk);
1962 hci_dev_unlock(hdev);
1966 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1969 struct mgmt_mode *cp = data;
1970 struct pending_cmd *cmd;
1974 BT_DBG("request for %s", hdev->name);
1976 status = mgmt_bredr_support(hdev);
1978 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1981 if (cp->val != 0x00 && cp->val != 0x01)
1982 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1983 MGMT_STATUS_INVALID_PARAMS);
1987 if (!hdev_is_powered(hdev)) {
1988 bool changed = false;
1990 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1991 &hdev->dev_flags)) {
1992 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1996 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2001 err = new_settings(hdev, sk);
2006 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2007 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2014 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2015 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2019 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2025 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2027 mgmt_pending_remove(cmd);
2032 hci_dev_unlock(hdev);
2036 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2038 struct mgmt_mode *cp = data;
2039 struct pending_cmd *cmd;
2043 BT_DBG("request for %s", hdev->name);
2045 status = mgmt_bredr_support(hdev);
2047 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2049 if (!lmp_ssp_capable(hdev))
2050 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2051 MGMT_STATUS_NOT_SUPPORTED);
2053 if (cp->val != 0x00 && cp->val != 0x01)
2054 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2055 MGMT_STATUS_INVALID_PARAMS);
2059 if (!hdev_is_powered(hdev)) {
2063 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2066 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2069 changed = test_and_clear_bit(HCI_HS_ENABLED,
2072 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2075 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2080 err = new_settings(hdev, sk);
2085 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2086 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
2087 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2092 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2093 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2097 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2103 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2104 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2105 sizeof(cp->val), &cp->val);
2107 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2109 mgmt_pending_remove(cmd);
2114 hci_dev_unlock(hdev);
2118 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2120 struct mgmt_mode *cp = data;
2125 BT_DBG("request for %s", hdev->name);
2127 status = mgmt_bredr_support(hdev);
2129 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2131 if (!lmp_ssp_capable(hdev))
2132 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2133 MGMT_STATUS_NOT_SUPPORTED);
2135 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2136 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2137 MGMT_STATUS_REJECTED);
2139 if (cp->val != 0x00 && cp->val != 0x01)
2140 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2141 MGMT_STATUS_INVALID_PARAMS);
2146 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2148 if (hdev_is_powered(hdev)) {
2149 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2150 MGMT_STATUS_REJECTED);
2154 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2157 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2162 err = new_settings(hdev, sk);
2165 hci_dev_unlock(hdev);
2169 static void le_enable_complete(struct hci_dev *hdev, u8 status)
2171 struct cmd_lookup match = { NULL, hdev };
2174 u8 mgmt_err = mgmt_status(status);
2176 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2181 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2183 new_settings(hdev, match.sk);
2188 /* Make sure the controller has a good default for
2189 * advertising data. Restrict the update to when LE
2190 * has actually been enabled. During power on, the
2191 * update in powered_update_hci will take care of it.
2193 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2194 struct hci_request req;
2198 hci_req_init(&req, hdev);
2199 update_adv_data(&req);
2200 update_scan_rsp_data(&req);
2201 hci_req_run(&req, NULL);
2203 hci_update_background_scan(hdev);
2205 hci_dev_unlock(hdev);
2209 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2211 struct mgmt_mode *cp = data;
2212 struct hci_cp_write_le_host_supported hci_cp;
2213 struct pending_cmd *cmd;
2214 struct hci_request req;
2218 BT_DBG("request for %s", hdev->name);
2220 if (!lmp_le_capable(hdev))
2221 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2222 MGMT_STATUS_NOT_SUPPORTED);
2224 if (cp->val != 0x00 && cp->val != 0x01)
2225 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2226 MGMT_STATUS_INVALID_PARAMS);
2228 /* LE-only devices do not allow toggling LE on/off */
2229 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
2230 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2231 MGMT_STATUS_REJECTED);
2236 enabled = lmp_host_le_capable(hdev);
2238 if (!hdev_is_powered(hdev) || val == enabled) {
2239 bool changed = false;
2241 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2242 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2246 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2247 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
2251 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2256 err = new_settings(hdev, sk);
2261 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2262 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2263 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2268 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2274 hci_req_init(&req, hdev);
2276 memset(&hci_cp, 0, sizeof(hci_cp));
2280 hci_cp.simul = 0x00;
2282 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
2283 disable_advertising(&req);
2286 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2289 err = hci_req_run(&req, le_enable_complete);
2291 mgmt_pending_remove(cmd);
2294 hci_dev_unlock(hdev);
2298 /* This is a helper function to test for pending mgmt commands that can
2299 * cause CoD or EIR HCI commands. We can only allow one such pending
2300 * mgmt command at a time since otherwise we cannot easily track what
2301 * the current values are, will be, and based on that calculate if a new
2302 * HCI command needs to be sent and if yes with what value.
2304 static bool pending_eir_or_class(struct hci_dev *hdev)
2306 struct pending_cmd *cmd;
2308 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2309 switch (cmd->opcode) {
2310 case MGMT_OP_ADD_UUID:
2311 case MGMT_OP_REMOVE_UUID:
2312 case MGMT_OP_SET_DEV_CLASS:
2313 case MGMT_OP_SET_POWERED:
2321 static const u8 bluetooth_base_uuid[] = {
2322 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2323 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2326 static u8 get_uuid_size(const u8 *uuid)
2330 if (memcmp(uuid, bluetooth_base_uuid, 12))
2333 val = get_unaligned_le32(&uuid[12]);
2340 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2342 struct pending_cmd *cmd;
2346 cmd = mgmt_pending_find(mgmt_op, hdev);
2350 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2351 hdev->dev_class, 3);
2353 mgmt_pending_remove(cmd);
2356 hci_dev_unlock(hdev);
2359 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2361 BT_DBG("status 0x%02x", status);
2363 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2366 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2368 struct mgmt_cp_add_uuid *cp = data;
2369 struct pending_cmd *cmd;
2370 struct hci_request req;
2371 struct bt_uuid *uuid;
2374 BT_DBG("request for %s", hdev->name);
2378 if (pending_eir_or_class(hdev)) {
2379 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2384 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2390 memcpy(uuid->uuid, cp->uuid, 16);
2391 uuid->svc_hint = cp->svc_hint;
2392 uuid->size = get_uuid_size(cp->uuid);
2394 list_add_tail(&uuid->list, &hdev->uuids);
2396 hci_req_init(&req, hdev);
2401 err = hci_req_run(&req, add_uuid_complete);
2403 if (err != -ENODATA)
2406 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2407 hdev->dev_class, 3);
2411 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2420 hci_dev_unlock(hdev);
2424 static bool enable_service_cache(struct hci_dev *hdev)
2426 if (!hdev_is_powered(hdev))
2429 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2430 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2438 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2440 BT_DBG("status 0x%02x", status);
2442 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2445 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2448 struct mgmt_cp_remove_uuid *cp = data;
2449 struct pending_cmd *cmd;
2450 struct bt_uuid *match, *tmp;
2451 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2452 struct hci_request req;
2455 BT_DBG("request for %s", hdev->name);
2459 if (pending_eir_or_class(hdev)) {
2460 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2465 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2466 hci_uuids_clear(hdev);
2468 if (enable_service_cache(hdev)) {
2469 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2470 0, hdev->dev_class, 3);
2479 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2480 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2483 list_del(&match->list);
2489 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2490 MGMT_STATUS_INVALID_PARAMS);
2495 hci_req_init(&req, hdev);
2500 err = hci_req_run(&req, remove_uuid_complete);
2502 if (err != -ENODATA)
2505 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2506 hdev->dev_class, 3);
2510 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2519 hci_dev_unlock(hdev);
2523 static void set_class_complete(struct hci_dev *hdev, u8 status)
2525 BT_DBG("status 0x%02x", status);
2527 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2530 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2533 struct mgmt_cp_set_dev_class *cp = data;
2534 struct pending_cmd *cmd;
2535 struct hci_request req;
2538 BT_DBG("request for %s", hdev->name);
2540 if (!lmp_bredr_capable(hdev))
2541 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2542 MGMT_STATUS_NOT_SUPPORTED);
2546 if (pending_eir_or_class(hdev)) {
2547 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2552 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2553 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2554 MGMT_STATUS_INVALID_PARAMS);
2558 hdev->major_class = cp->major;
2559 hdev->minor_class = cp->minor;
2561 if (!hdev_is_powered(hdev)) {
2562 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2563 hdev->dev_class, 3);
2567 hci_req_init(&req, hdev);
2569 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2570 hci_dev_unlock(hdev);
2571 cancel_delayed_work_sync(&hdev->service_cache);
2578 err = hci_req_run(&req, set_class_complete);
2580 if (err != -ENODATA)
2583 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2584 hdev->dev_class, 3);
2588 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2597 hci_dev_unlock(hdev);
2601 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2604 struct mgmt_cp_load_link_keys *cp = data;
2605 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2606 sizeof(struct mgmt_link_key_info));
2607 u16 key_count, expected_len;
2611 BT_DBG("request for %s", hdev->name);
2613 if (!lmp_bredr_capable(hdev))
2614 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2615 MGMT_STATUS_NOT_SUPPORTED);
2617 key_count = __le16_to_cpu(cp->key_count);
2618 if (key_count > max_key_count) {
2619 BT_ERR("load_link_keys: too big key_count value %u",
2621 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2622 MGMT_STATUS_INVALID_PARAMS);
2625 expected_len = sizeof(*cp) + key_count *
2626 sizeof(struct mgmt_link_key_info);
2627 if (expected_len != len) {
2628 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2630 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2631 MGMT_STATUS_INVALID_PARAMS);
2634 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2635 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2636 MGMT_STATUS_INVALID_PARAMS);
2638 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2641 for (i = 0; i < key_count; i++) {
2642 struct mgmt_link_key_info *key = &cp->keys[i];
2644 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2645 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2646 MGMT_STATUS_INVALID_PARAMS);
2651 hci_link_keys_clear(hdev);
2654 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2657 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2661 new_settings(hdev, NULL);
2663 for (i = 0; i < key_count; i++) {
2664 struct mgmt_link_key_info *key = &cp->keys[i];
2666 /* Always ignore debug keys and require a new pairing if
2667 * the user wants to use them.
2669 if (key->type == HCI_LK_DEBUG_COMBINATION)
2672 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2673 key->type, key->pin_len, NULL);
2676 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2678 hci_dev_unlock(hdev);
2683 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2684 u8 addr_type, struct sock *skip_sk)
2686 struct mgmt_ev_device_unpaired ev;
2688 bacpy(&ev.addr.bdaddr, bdaddr);
2689 ev.addr.type = addr_type;
2691 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2695 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2698 struct mgmt_cp_unpair_device *cp = data;
2699 struct mgmt_rp_unpair_device rp;
2700 struct hci_cp_disconnect dc;
2701 struct pending_cmd *cmd;
2702 struct hci_conn *conn;
2705 memset(&rp, 0, sizeof(rp));
2706 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2707 rp.addr.type = cp->addr.type;
2709 if (!bdaddr_type_is_valid(cp->addr.type))
2710 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2711 MGMT_STATUS_INVALID_PARAMS,
2714 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2715 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2716 MGMT_STATUS_INVALID_PARAMS,
2721 if (!hdev_is_powered(hdev)) {
2722 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2723 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2727 if (cp->addr.type == BDADDR_BREDR) {
2728 /* If disconnection is requested, then look up the
2729 * connection. If the remote device is connected, it
2730 * will be later used to terminate the link.
2732 * Setting it to NULL explicitly will cause no
2733 * termination of the link.
2736 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2741 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2745 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2748 /* Defer clearing up the connection parameters
2749 * until closing to give a chance of keeping
2750 * them if a repairing happens.
2752 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2754 /* If disconnection is not requested, then
2755 * clear the connection variable so that the
2756 * link is not terminated.
2758 if (!cp->disconnect)
2762 if (cp->addr.type == BDADDR_LE_PUBLIC)
2763 addr_type = ADDR_LE_DEV_PUBLIC;
2765 addr_type = ADDR_LE_DEV_RANDOM;
2767 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2769 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2773 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2774 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2778 /* If the connection variable is set, then termination of the
2779 * link is requested.
2782 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2784 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2788 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2795 dc.handle = cpu_to_le16(conn->handle);
2796 dc.reason = 0x13; /* Remote User Terminated Connection */
2797 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2799 mgmt_pending_remove(cmd);
2802 hci_dev_unlock(hdev);
2806 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2809 struct mgmt_cp_disconnect *cp = data;
2810 struct mgmt_rp_disconnect rp;
2811 struct pending_cmd *cmd;
2812 struct hci_conn *conn;
2817 memset(&rp, 0, sizeof(rp));
2818 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2819 rp.addr.type = cp->addr.type;
2821 if (!bdaddr_type_is_valid(cp->addr.type))
2822 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2823 MGMT_STATUS_INVALID_PARAMS,
2828 if (!test_bit(HCI_UP, &hdev->flags)) {
2829 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2830 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2834 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2835 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2836 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2840 if (cp->addr.type == BDADDR_BREDR)
2841 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2844 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2846 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2847 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2848 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2852 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2858 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2860 mgmt_pending_remove(cmd);
2863 hci_dev_unlock(hdev);
2867 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2869 switch (link_type) {
2871 switch (addr_type) {
2872 case ADDR_LE_DEV_PUBLIC:
2873 return BDADDR_LE_PUBLIC;
2876 /* Fallback to LE Random address type */
2877 return BDADDR_LE_RANDOM;
2881 /* Fallback to BR/EDR type */
2882 return BDADDR_BREDR;
2886 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2889 struct mgmt_rp_get_connections *rp;
2899 if (!hdev_is_powered(hdev)) {
2900 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2901 MGMT_STATUS_NOT_POWERED);
2906 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2907 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2911 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2912 rp = kmalloc(rp_len, GFP_KERNEL);
2919 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2920 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2922 bacpy(&rp->addr[i].bdaddr, &c->dst);
2923 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2924 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2929 rp->conn_count = cpu_to_le16(i);
2931 /* Recalculate length in case of filtered SCO connections, etc */
2932 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2934 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2940 hci_dev_unlock(hdev);
2944 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2945 struct mgmt_cp_pin_code_neg_reply *cp)
2947 struct pending_cmd *cmd;
2950 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2955 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2956 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2958 mgmt_pending_remove(cmd);
2963 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2966 struct hci_conn *conn;
2967 struct mgmt_cp_pin_code_reply *cp = data;
2968 struct hci_cp_pin_code_reply reply;
2969 struct pending_cmd *cmd;
2976 if (!hdev_is_powered(hdev)) {
2977 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2978 MGMT_STATUS_NOT_POWERED);
2982 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2984 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2985 MGMT_STATUS_NOT_CONNECTED);
2989 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2990 struct mgmt_cp_pin_code_neg_reply ncp;
2992 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2994 BT_ERR("PIN code is not 16 bytes long");
2996 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2998 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2999 MGMT_STATUS_INVALID_PARAMS);
3004 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3010 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3011 reply.pin_len = cp->pin_len;
3012 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3014 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3016 mgmt_pending_remove(cmd);
3019 hci_dev_unlock(hdev);
3023 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3026 struct mgmt_cp_set_io_capability *cp = data;
3030 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3031 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3032 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3036 hdev->io_capability = cp->io_capability;
3038 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3039 hdev->io_capability);
3041 hci_dev_unlock(hdev);
3043 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3047 static struct pending_cmd *find_pairing(struct hci_conn *conn)
3049 struct hci_dev *hdev = conn->hdev;
3050 struct pending_cmd *cmd;
3052 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3053 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3056 if (cmd->user_data != conn)
3065 static void pairing_complete(struct pending_cmd *cmd, u8 status)
3067 struct mgmt_rp_pair_device rp;
3068 struct hci_conn *conn = cmd->user_data;
3070 bacpy(&rp.addr.bdaddr, &conn->dst);
3071 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3073 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
3076 /* So we don't get further callbacks for this connection */
3077 conn->connect_cfm_cb = NULL;
3078 conn->security_cfm_cb = NULL;
3079 conn->disconn_cfm_cb = NULL;
3081 hci_conn_drop(conn);
3084 mgmt_pending_remove(cmd);
3086 /* The device is paired so there is no need to remove
3087 * its connection parameters anymore.
3089 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3092 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3094 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3095 struct pending_cmd *cmd;
3097 cmd = find_pairing(conn);
3099 pairing_complete(cmd, status);
3102 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3104 struct pending_cmd *cmd;
3106 BT_DBG("status %u", status);
3108 cmd = find_pairing(conn);
3110 BT_DBG("Unable to find a pending command");
3112 pairing_complete(cmd, mgmt_status(status));
3115 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3117 struct pending_cmd *cmd;
3119 BT_DBG("status %u", status);
3124 cmd = find_pairing(conn);
3126 BT_DBG("Unable to find a pending command");
3128 pairing_complete(cmd, mgmt_status(status));
3131 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3134 struct mgmt_cp_pair_device *cp = data;
3135 struct mgmt_rp_pair_device rp;
3136 struct pending_cmd *cmd;
3137 u8 sec_level, auth_type;
3138 struct hci_conn *conn;
3143 memset(&rp, 0, sizeof(rp));
3144 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3145 rp.addr.type = cp->addr.type;
3147 if (!bdaddr_type_is_valid(cp->addr.type))
3148 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3149 MGMT_STATUS_INVALID_PARAMS,
3152 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3153 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3154 MGMT_STATUS_INVALID_PARAMS,
3159 if (!hdev_is_powered(hdev)) {
3160 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3161 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
3165 sec_level = BT_SECURITY_MEDIUM;
3166 auth_type = HCI_AT_DEDICATED_BONDING;
3168 if (cp->addr.type == BDADDR_BREDR) {
3169 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3174 /* Convert from L2CAP channel address type to HCI address type
3176 if (cp->addr.type == BDADDR_LE_PUBLIC)
3177 addr_type = ADDR_LE_DEV_PUBLIC;
3179 addr_type = ADDR_LE_DEV_RANDOM;
3181 /* When pairing a new device, it is expected to remember
3182 * this device for future connections. Adding the connection
3183 * parameter information ahead of time allows tracking
3184 * of the slave preferred values and will speed up any
3185 * further connection establishment.
3187 * If connection parameters already exist, then they
3188 * will be kept and this function does nothing.
3190 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3192 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3193 sec_level, HCI_LE_CONN_TIMEOUT,
3200 if (PTR_ERR(conn) == -EBUSY)
3201 status = MGMT_STATUS_BUSY;
3203 status = MGMT_STATUS_CONNECT_FAILED;
3205 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3211 if (conn->connect_cfm_cb) {
3212 hci_conn_drop(conn);
3213 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3214 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3218 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3221 hci_conn_drop(conn);
3225 /* For LE, just connecting isn't a proof that the pairing finished */
3226 if (cp->addr.type == BDADDR_BREDR) {
3227 conn->connect_cfm_cb = pairing_complete_cb;
3228 conn->security_cfm_cb = pairing_complete_cb;
3229 conn->disconn_cfm_cb = pairing_complete_cb;
3231 conn->connect_cfm_cb = le_pairing_complete_cb;
3232 conn->security_cfm_cb = le_pairing_complete_cb;
3233 conn->disconn_cfm_cb = le_pairing_complete_cb;
3236 conn->io_capability = cp->io_cap;
3237 cmd->user_data = hci_conn_get(conn);
3239 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3240 hci_conn_security(conn, sec_level, auth_type, true))
3241 pairing_complete(cmd, 0);
3246 hci_dev_unlock(hdev);
3250 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3253 struct mgmt_addr_info *addr = data;
3254 struct pending_cmd *cmd;
3255 struct hci_conn *conn;
3262 if (!hdev_is_powered(hdev)) {
3263 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3264 MGMT_STATUS_NOT_POWERED);
3268 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3270 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3271 MGMT_STATUS_INVALID_PARAMS);
3275 conn = cmd->user_data;
3277 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3278 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3279 MGMT_STATUS_INVALID_PARAMS);
3283 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3285 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3286 addr, sizeof(*addr));
3288 hci_dev_unlock(hdev);
3292 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3293 struct mgmt_addr_info *addr, u16 mgmt_op,
3294 u16 hci_op, __le32 passkey)
3296 struct pending_cmd *cmd;
3297 struct hci_conn *conn;
3302 if (!hdev_is_powered(hdev)) {
3303 err = cmd_complete(sk, hdev->id, mgmt_op,
3304 MGMT_STATUS_NOT_POWERED, addr,
3309 if (addr->type == BDADDR_BREDR)
3310 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3312 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3315 err = cmd_complete(sk, hdev->id, mgmt_op,
3316 MGMT_STATUS_NOT_CONNECTED, addr,
3321 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3322 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3324 err = cmd_complete(sk, hdev->id, mgmt_op,
3325 MGMT_STATUS_SUCCESS, addr,
3328 err = cmd_complete(sk, hdev->id, mgmt_op,
3329 MGMT_STATUS_FAILED, addr,
3335 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3341 /* Continue with pairing via HCI */
3342 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3343 struct hci_cp_user_passkey_reply cp;
3345 bacpy(&cp.bdaddr, &addr->bdaddr);
3346 cp.passkey = passkey;
3347 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3349 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3353 mgmt_pending_remove(cmd);
3356 hci_dev_unlock(hdev);
3360 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3361 void *data, u16 len)
3363 struct mgmt_cp_pin_code_neg_reply *cp = data;
3367 return user_pairing_resp(sk, hdev, &cp->addr,
3368 MGMT_OP_PIN_CODE_NEG_REPLY,
3369 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3372 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3375 struct mgmt_cp_user_confirm_reply *cp = data;
3379 if (len != sizeof(*cp))
3380 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3381 MGMT_STATUS_INVALID_PARAMS);
3383 return user_pairing_resp(sk, hdev, &cp->addr,
3384 MGMT_OP_USER_CONFIRM_REPLY,
3385 HCI_OP_USER_CONFIRM_REPLY, 0);
3388 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3389 void *data, u16 len)
3391 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3395 return user_pairing_resp(sk, hdev, &cp->addr,
3396 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3397 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3400 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3403 struct mgmt_cp_user_passkey_reply *cp = data;
3407 return user_pairing_resp(sk, hdev, &cp->addr,
3408 MGMT_OP_USER_PASSKEY_REPLY,
3409 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3412 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3413 void *data, u16 len)
3415 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3419 return user_pairing_resp(sk, hdev, &cp->addr,
3420 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3421 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3424 static void update_name(struct hci_request *req)
3426 struct hci_dev *hdev = req->hdev;
3427 struct hci_cp_write_local_name cp;
3429 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3431 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3434 static void set_name_complete(struct hci_dev *hdev, u8 status)
3436 struct mgmt_cp_set_local_name *cp;
3437 struct pending_cmd *cmd;
3439 BT_DBG("status 0x%02x", status);
3443 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3450 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3451 mgmt_status(status));
3453 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3456 mgmt_pending_remove(cmd);
3459 hci_dev_unlock(hdev);
3462 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3465 struct mgmt_cp_set_local_name *cp = data;
3466 struct pending_cmd *cmd;
3467 struct hci_request req;
3474 /* If the old values are the same as the new ones just return a
3475 * direct command complete event.
3477 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3478 !memcmp(hdev->short_name, cp->short_name,
3479 sizeof(hdev->short_name))) {
3480 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3485 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3487 if (!hdev_is_powered(hdev)) {
3488 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3490 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3495 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3501 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3507 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3509 hci_req_init(&req, hdev);
3511 if (lmp_bredr_capable(hdev)) {
3516 /* The name is stored in the scan response data and so
3517 * no need to udpate the advertising data here.
3519 if (lmp_le_capable(hdev))
3520 update_scan_rsp_data(&req);
3522 err = hci_req_run(&req, set_name_complete);
3524 mgmt_pending_remove(cmd);
3527 hci_dev_unlock(hdev);
3531 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3532 void *data, u16 data_len)
3534 struct pending_cmd *cmd;
3537 BT_DBG("%s", hdev->name);
3541 if (!hdev_is_powered(hdev)) {
3542 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3543 MGMT_STATUS_NOT_POWERED);
3547 if (!lmp_ssp_capable(hdev)) {
3548 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3549 MGMT_STATUS_NOT_SUPPORTED);
3553 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3554 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3559 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3565 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3566 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3569 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3572 mgmt_pending_remove(cmd);
3575 hci_dev_unlock(hdev);
3579 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3580 void *data, u16 len)
3584 BT_DBG("%s ", hdev->name);
3588 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3589 struct mgmt_cp_add_remote_oob_data *cp = data;
3592 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3593 cp->hash, cp->randomizer);
3595 status = MGMT_STATUS_FAILED;
3597 status = MGMT_STATUS_SUCCESS;
3599 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3600 status, &cp->addr, sizeof(cp->addr));
3601 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3602 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3605 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3611 status = MGMT_STATUS_FAILED;
3613 status = MGMT_STATUS_SUCCESS;
3615 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3616 status, &cp->addr, sizeof(cp->addr));
3618 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3619 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3620 MGMT_STATUS_INVALID_PARAMS);
3623 hci_dev_unlock(hdev);
3627 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3628 void *data, u16 len)
3630 struct mgmt_cp_remove_remote_oob_data *cp = data;
3634 BT_DBG("%s", hdev->name);
3638 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
3640 status = MGMT_STATUS_INVALID_PARAMS;
3642 status = MGMT_STATUS_SUCCESS;
3644 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3645 status, &cp->addr, sizeof(cp->addr));
3647 hci_dev_unlock(hdev);
3651 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3653 struct pending_cmd *cmd;
3657 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3659 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3663 type = hdev->discovery.type;
3665 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3666 &type, sizeof(type));
3667 mgmt_pending_remove(cmd);
3672 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3674 unsigned long timeout = 0;
3676 BT_DBG("status %d", status);
3680 mgmt_start_discovery_failed(hdev, status);
3681 hci_dev_unlock(hdev);
3686 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3687 hci_dev_unlock(hdev);
3689 switch (hdev->discovery.type) {
3690 case DISCOV_TYPE_LE:
3691 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3694 case DISCOV_TYPE_INTERLEAVED:
3695 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3698 case DISCOV_TYPE_BREDR:
3702 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3708 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
3711 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3712 void *data, u16 len)
3714 struct mgmt_cp_start_discovery *cp = data;
3715 struct pending_cmd *cmd;
3716 struct hci_cp_le_set_scan_param param_cp;
3717 struct hci_cp_le_set_scan_enable enable_cp;
3718 struct hci_cp_inquiry inq_cp;
3719 struct hci_request req;
3720 /* General inquiry access code (GIAC) */
3721 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3722 u8 status, own_addr_type;
3725 BT_DBG("%s", hdev->name);
3729 if (!hdev_is_powered(hdev)) {
3730 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3731 MGMT_STATUS_NOT_POWERED,
3732 &cp->type, sizeof(cp->type));
3736 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3737 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3738 MGMT_STATUS_BUSY, &cp->type,
3743 if (hdev->discovery.state != DISCOVERY_STOPPED) {
3744 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3745 MGMT_STATUS_BUSY, &cp->type,
3750 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
3756 hdev->discovery.type = cp->type;
3758 hci_req_init(&req, hdev);
3760 switch (hdev->discovery.type) {
3761 case DISCOV_TYPE_BREDR:
3762 status = mgmt_bredr_support(hdev);
3764 err = cmd_complete(sk, hdev->id,
3765 MGMT_OP_START_DISCOVERY, status,
3766 &cp->type, sizeof(cp->type));
3767 mgmt_pending_remove(cmd);
3771 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3772 err = cmd_complete(sk, hdev->id,
3773 MGMT_OP_START_DISCOVERY,
3774 MGMT_STATUS_BUSY, &cp->type,
3776 mgmt_pending_remove(cmd);
3780 hci_inquiry_cache_flush(hdev);
3782 memset(&inq_cp, 0, sizeof(inq_cp));
3783 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3784 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3785 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3788 case DISCOV_TYPE_LE:
3789 case DISCOV_TYPE_INTERLEAVED:
3790 status = mgmt_le_support(hdev);
3792 err = cmd_complete(sk, hdev->id,
3793 MGMT_OP_START_DISCOVERY, status,
3794 &cp->type, sizeof(cp->type));
3795 mgmt_pending_remove(cmd);
3799 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3800 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3801 err = cmd_complete(sk, hdev->id,
3802 MGMT_OP_START_DISCOVERY,
3803 MGMT_STATUS_NOT_SUPPORTED,
3804 &cp->type, sizeof(cp->type));
3805 mgmt_pending_remove(cmd);
3809 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3810 /* Don't let discovery abort an outgoing
3811 * connection attempt that's using directed
3814 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3816 err = cmd_complete(sk, hdev->id,
3817 MGMT_OP_START_DISCOVERY,
3818 MGMT_STATUS_REJECTED,
3821 mgmt_pending_remove(cmd);
3825 disable_advertising(&req);
3828 /* If controller is scanning, it means the background scanning
3829 * is running. Thus, we should temporarily stop it in order to
3830 * set the discovery scanning parameters.
3832 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3833 hci_req_add_le_scan_disable(&req);
3835 memset(¶m_cp, 0, sizeof(param_cp));
3837 /* All active scans will be done with either a resolvable
3838 * private address (when privacy feature has been enabled)
3839 * or unresolvable private address.
3841 err = hci_update_random_address(&req, true, &own_addr_type);
3843 err = cmd_complete(sk, hdev->id,
3844 MGMT_OP_START_DISCOVERY,
3846 &cp->type, sizeof(cp->type));
3847 mgmt_pending_remove(cmd);
3851 param_cp.type = LE_SCAN_ACTIVE;
3852 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3853 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3854 param_cp.own_address_type = own_addr_type;
3855 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3858 memset(&enable_cp, 0, sizeof(enable_cp));
3859 enable_cp.enable = LE_SCAN_ENABLE;
3860 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3861 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3866 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3867 MGMT_STATUS_INVALID_PARAMS,
3868 &cp->type, sizeof(cp->type));
3869 mgmt_pending_remove(cmd);
3873 err = hci_req_run(&req, start_discovery_complete);
3875 mgmt_pending_remove(cmd);
3877 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3880 hci_dev_unlock(hdev);
3884 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3886 struct pending_cmd *cmd;
3889 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3893 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3894 &hdev->discovery.type, sizeof(hdev->discovery.type));
3895 mgmt_pending_remove(cmd);
3900 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3902 BT_DBG("status %d", status);
3907 mgmt_stop_discovery_failed(hdev, status);
3911 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3914 hci_dev_unlock(hdev);
3917 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3920 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3921 struct pending_cmd *cmd;
3922 struct hci_request req;
3925 BT_DBG("%s", hdev->name);
3929 if (!hci_discovery_active(hdev)) {
3930 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3931 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3932 sizeof(mgmt_cp->type));
3936 if (hdev->discovery.type != mgmt_cp->type) {
3937 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3938 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3939 sizeof(mgmt_cp->type));
3943 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3949 hci_req_init(&req, hdev);
3951 hci_stop_discovery(&req);
3953 err = hci_req_run(&req, stop_discovery_complete);
3955 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3959 mgmt_pending_remove(cmd);
3961 /* If no HCI commands were sent we're done */
3962 if (err == -ENODATA) {
3963 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3964 &mgmt_cp->type, sizeof(mgmt_cp->type));
3965 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3969 hci_dev_unlock(hdev);
3973 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3976 struct mgmt_cp_confirm_name *cp = data;
3977 struct inquiry_entry *e;
3980 BT_DBG("%s", hdev->name);
3984 if (!hci_discovery_active(hdev)) {
3985 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3986 MGMT_STATUS_FAILED, &cp->addr,
3991 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3993 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3994 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3999 if (cp->name_known) {
4000 e->name_state = NAME_KNOWN;
4003 e->name_state = NAME_NEEDED;
4004 hci_inquiry_cache_update_resolve(hdev, e);
4007 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4011 hci_dev_unlock(hdev);
4015 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4018 struct mgmt_cp_block_device *cp = data;
4022 BT_DBG("%s", hdev->name);
4024 if (!bdaddr_type_is_valid(cp->addr.type))
4025 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4026 MGMT_STATUS_INVALID_PARAMS,
4027 &cp->addr, sizeof(cp->addr));
4031 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4034 status = MGMT_STATUS_FAILED;
4038 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4040 status = MGMT_STATUS_SUCCESS;
4043 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4044 &cp->addr, sizeof(cp->addr));
4046 hci_dev_unlock(hdev);
4051 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4054 struct mgmt_cp_unblock_device *cp = data;
4058 BT_DBG("%s", hdev->name);
4060 if (!bdaddr_type_is_valid(cp->addr.type))
4061 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4062 MGMT_STATUS_INVALID_PARAMS,
4063 &cp->addr, sizeof(cp->addr));
4067 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4070 status = MGMT_STATUS_INVALID_PARAMS;
4074 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4076 status = MGMT_STATUS_SUCCESS;
4079 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4080 &cp->addr, sizeof(cp->addr));
4082 hci_dev_unlock(hdev);
4087 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4090 struct mgmt_cp_set_device_id *cp = data;
4091 struct hci_request req;
4095 BT_DBG("%s", hdev->name);
4097 source = __le16_to_cpu(cp->source);
4099 if (source > 0x0002)
4100 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4101 MGMT_STATUS_INVALID_PARAMS);
4105 hdev->devid_source = source;
4106 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4107 hdev->devid_product = __le16_to_cpu(cp->product);
4108 hdev->devid_version = __le16_to_cpu(cp->version);
4110 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4112 hci_req_init(&req, hdev);
4114 hci_req_run(&req, NULL);
4116 hci_dev_unlock(hdev);
4121 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4123 struct cmd_lookup match = { NULL, hdev };
4126 u8 mgmt_err = mgmt_status(status);
4128 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4129 cmd_status_rsp, &mgmt_err);
4133 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4134 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4136 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4138 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4141 new_settings(hdev, match.sk);
4147 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4150 struct mgmt_mode *cp = data;
4151 struct pending_cmd *cmd;
4152 struct hci_request req;
4153 u8 val, enabled, status;
4156 BT_DBG("request for %s", hdev->name);
4158 status = mgmt_le_support(hdev);
4160 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4163 if (cp->val != 0x00 && cp->val != 0x01)
4164 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4165 MGMT_STATUS_INVALID_PARAMS);
4170 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4172 /* The following conditions are ones which mean that we should
4173 * not do any HCI communication but directly send a mgmt
4174 * response to user space (after toggling the flag if
4177 if (!hdev_is_powered(hdev) || val == enabled ||
4178 hci_conn_num(hdev, LE_LINK) > 0 ||
4179 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4180 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4181 bool changed = false;
4183 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4184 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4188 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4193 err = new_settings(hdev, sk);
4198 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4199 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4200 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4205 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4211 hci_req_init(&req, hdev);
4214 enable_advertising(&req);
4216 disable_advertising(&req);
4218 err = hci_req_run(&req, set_advertising_complete);
4220 mgmt_pending_remove(cmd);
4223 hci_dev_unlock(hdev);
4227 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4228 void *data, u16 len)
4230 struct mgmt_cp_set_static_address *cp = data;
4233 BT_DBG("%s", hdev->name);
4235 if (!lmp_le_capable(hdev))
4236 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4237 MGMT_STATUS_NOT_SUPPORTED);
4239 if (hdev_is_powered(hdev))
4240 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4241 MGMT_STATUS_REJECTED);
4243 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4244 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4245 return cmd_status(sk, hdev->id,
4246 MGMT_OP_SET_STATIC_ADDRESS,
4247 MGMT_STATUS_INVALID_PARAMS);
4249 /* Two most significant bits shall be set */
4250 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4251 return cmd_status(sk, hdev->id,
4252 MGMT_OP_SET_STATIC_ADDRESS,
4253 MGMT_STATUS_INVALID_PARAMS);
4258 bacpy(&hdev->static_addr, &cp->bdaddr);
4260 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4262 hci_dev_unlock(hdev);
4267 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4268 void *data, u16 len)
4270 struct mgmt_cp_set_scan_params *cp = data;
4271 __u16 interval, window;
4274 BT_DBG("%s", hdev->name);
4276 if (!lmp_le_capable(hdev))
4277 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4278 MGMT_STATUS_NOT_SUPPORTED);
4280 interval = __le16_to_cpu(cp->interval);
4282 if (interval < 0x0004 || interval > 0x4000)
4283 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4284 MGMT_STATUS_INVALID_PARAMS);
4286 window = __le16_to_cpu(cp->window);
4288 if (window < 0x0004 || window > 0x4000)
4289 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4290 MGMT_STATUS_INVALID_PARAMS);
4292 if (window > interval)
4293 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4294 MGMT_STATUS_INVALID_PARAMS);
4298 hdev->le_scan_interval = interval;
4299 hdev->le_scan_window = window;
4301 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4303 /* If background scan is running, restart it so new parameters are
4306 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4307 hdev->discovery.state == DISCOVERY_STOPPED) {
4308 struct hci_request req;
4310 hci_req_init(&req, hdev);
4312 hci_req_add_le_scan_disable(&req);
4313 hci_req_add_le_passive_scan(&req);
4315 hci_req_run(&req, NULL);
4318 hci_dev_unlock(hdev);
4323 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4325 struct pending_cmd *cmd;
4327 BT_DBG("status 0x%02x", status);
4331 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4336 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4337 mgmt_status(status));
4339 struct mgmt_mode *cp = cmd->param;
4342 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4344 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4346 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4347 new_settings(hdev, cmd->sk);
4350 mgmt_pending_remove(cmd);
4353 hci_dev_unlock(hdev);
4356 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4357 void *data, u16 len)
4359 struct mgmt_mode *cp = data;
4360 struct pending_cmd *cmd;
4361 struct hci_request req;
4364 BT_DBG("%s", hdev->name);
4366 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4367 hdev->hci_ver < BLUETOOTH_VER_1_2)
4368 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4369 MGMT_STATUS_NOT_SUPPORTED);
4371 if (cp->val != 0x00 && cp->val != 0x01)
4372 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4373 MGMT_STATUS_INVALID_PARAMS);
4375 if (!hdev_is_powered(hdev))
4376 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4377 MGMT_STATUS_NOT_POWERED);
4379 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4380 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4381 MGMT_STATUS_REJECTED);
4385 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4386 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4391 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4392 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4397 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4404 hci_req_init(&req, hdev);
4406 write_fast_connectable(&req, cp->val);
4408 err = hci_req_run(&req, fast_connectable_complete);
4410 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4411 MGMT_STATUS_FAILED);
4412 mgmt_pending_remove(cmd);
4416 hci_dev_unlock(hdev);
4421 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4423 struct pending_cmd *cmd;
4425 BT_DBG("status 0x%02x", status);
4429 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4434 u8 mgmt_err = mgmt_status(status);
4436 /* We need to restore the flag if related HCI commands
4439 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4441 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4443 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4444 new_settings(hdev, cmd->sk);
4447 mgmt_pending_remove(cmd);
4450 hci_dev_unlock(hdev);
4453 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4455 struct mgmt_mode *cp = data;
4456 struct pending_cmd *cmd;
4457 struct hci_request req;
4460 BT_DBG("request for %s", hdev->name);
4462 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4463 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4464 MGMT_STATUS_NOT_SUPPORTED);
4466 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4467 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4468 MGMT_STATUS_REJECTED);
4470 if (cp->val != 0x00 && cp->val != 0x01)
4471 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4472 MGMT_STATUS_INVALID_PARAMS);
4476 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4477 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4481 if (!hdev_is_powered(hdev)) {
4483 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4484 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4485 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4486 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4487 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4490 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4492 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4496 err = new_settings(hdev, sk);
4500 /* Reject disabling when powered on */
4502 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4503 MGMT_STATUS_REJECTED);
4507 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4508 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4513 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4519 /* We need to flip the bit already here so that update_adv_data
4520 * generates the correct flags.
4522 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4524 hci_req_init(&req, hdev);
4526 write_fast_connectable(&req, false);
4527 hci_update_page_scan(hdev, &req);
4529 /* Since only the advertising data flags will change, there
4530 * is no need to update the scan response data.
4532 update_adv_data(&req);
4534 err = hci_req_run(&req, set_bredr_complete);
4536 mgmt_pending_remove(cmd);
4539 hci_dev_unlock(hdev);
4543 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4544 void *data, u16 len)
4546 struct mgmt_mode *cp = data;
4547 struct pending_cmd *cmd;
4551 BT_DBG("request for %s", hdev->name);
4553 status = mgmt_bredr_support(hdev);
4555 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4558 if (!lmp_sc_capable(hdev) &&
4559 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
4560 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4561 MGMT_STATUS_NOT_SUPPORTED);
4563 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4564 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4565 MGMT_STATUS_INVALID_PARAMS);
4569 if (!hdev_is_powered(hdev)) {
4573 changed = !test_and_set_bit(HCI_SC_ENABLED,
4575 if (cp->val == 0x02)
4576 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4578 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4580 changed = test_and_clear_bit(HCI_SC_ENABLED,
4582 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4585 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4590 err = new_settings(hdev, sk);
4595 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4596 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4603 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4604 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
4605 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4609 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4615 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4617 mgmt_pending_remove(cmd);
4621 if (cp->val == 0x02)
4622 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4624 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4627 hci_dev_unlock(hdev);
4631 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4632 void *data, u16 len)
4634 struct mgmt_mode *cp = data;
4635 bool changed, use_changed;
4638 BT_DBG("request for %s", hdev->name);
4640 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4641 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4642 MGMT_STATUS_INVALID_PARAMS);
4647 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4650 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4653 if (cp->val == 0x02)
4654 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4657 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4660 if (hdev_is_powered(hdev) && use_changed &&
4661 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4662 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4663 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4664 sizeof(mode), &mode);
4667 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4672 err = new_settings(hdev, sk);
4675 hci_dev_unlock(hdev);
4679 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4682 struct mgmt_cp_set_privacy *cp = cp_data;
4686 BT_DBG("request for %s", hdev->name);
4688 if (!lmp_le_capable(hdev))
4689 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4690 MGMT_STATUS_NOT_SUPPORTED);
4692 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4693 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4694 MGMT_STATUS_INVALID_PARAMS);
4696 if (hdev_is_powered(hdev))
4697 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4698 MGMT_STATUS_REJECTED);
4702 /* If user space supports this command it is also expected to
4703 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4705 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4708 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4709 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4710 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4712 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4713 memset(hdev->irk, 0, sizeof(hdev->irk));
4714 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4717 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4722 err = new_settings(hdev, sk);
4725 hci_dev_unlock(hdev);
4729 static bool irk_is_valid(struct mgmt_irk_info *irk)
4731 switch (irk->addr.type) {
4732 case BDADDR_LE_PUBLIC:
4735 case BDADDR_LE_RANDOM:
4736 /* Two most significant bits shall be set */
4737 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4745 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4748 struct mgmt_cp_load_irks *cp = cp_data;
4749 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4750 sizeof(struct mgmt_irk_info));
4751 u16 irk_count, expected_len;
4754 BT_DBG("request for %s", hdev->name);
4756 if (!lmp_le_capable(hdev))
4757 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4758 MGMT_STATUS_NOT_SUPPORTED);
4760 irk_count = __le16_to_cpu(cp->irk_count);
4761 if (irk_count > max_irk_count) {
4762 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4763 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4764 MGMT_STATUS_INVALID_PARAMS);
4767 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4768 if (expected_len != len) {
4769 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4771 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4772 MGMT_STATUS_INVALID_PARAMS);
4775 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4777 for (i = 0; i < irk_count; i++) {
4778 struct mgmt_irk_info *key = &cp->irks[i];
4780 if (!irk_is_valid(key))
4781 return cmd_status(sk, hdev->id,
4783 MGMT_STATUS_INVALID_PARAMS);
4788 hci_smp_irks_clear(hdev);
4790 for (i = 0; i < irk_count; i++) {
4791 struct mgmt_irk_info *irk = &cp->irks[i];
4794 if (irk->addr.type == BDADDR_LE_PUBLIC)
4795 addr_type = ADDR_LE_DEV_PUBLIC;
4797 addr_type = ADDR_LE_DEV_RANDOM;
4799 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4803 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4805 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4807 hci_dev_unlock(hdev);
4812 static bool ltk_is_valid(struct mgmt_ltk_info *key)
4814 if (key->master != 0x00 && key->master != 0x01)
4817 switch (key->addr.type) {
4818 case BDADDR_LE_PUBLIC:
4821 case BDADDR_LE_RANDOM:
4822 /* Two most significant bits shall be set */
4823 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4831 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4832 void *cp_data, u16 len)
4834 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4835 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4836 sizeof(struct mgmt_ltk_info));
4837 u16 key_count, expected_len;
4840 BT_DBG("request for %s", hdev->name);
4842 if (!lmp_le_capable(hdev))
4843 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4844 MGMT_STATUS_NOT_SUPPORTED);
4846 key_count = __le16_to_cpu(cp->key_count);
4847 if (key_count > max_key_count) {
4848 BT_ERR("load_ltks: too big key_count value %u", key_count);
4849 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4850 MGMT_STATUS_INVALID_PARAMS);
4853 expected_len = sizeof(*cp) + key_count *
4854 sizeof(struct mgmt_ltk_info);
4855 if (expected_len != len) {
4856 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4858 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4859 MGMT_STATUS_INVALID_PARAMS);
4862 BT_DBG("%s key_count %u", hdev->name, key_count);
4864 for (i = 0; i < key_count; i++) {
4865 struct mgmt_ltk_info *key = &cp->keys[i];
4867 if (!ltk_is_valid(key))
4868 return cmd_status(sk, hdev->id,
4869 MGMT_OP_LOAD_LONG_TERM_KEYS,
4870 MGMT_STATUS_INVALID_PARAMS);
4875 hci_smp_ltks_clear(hdev);
4877 for (i = 0; i < key_count; i++) {
4878 struct mgmt_ltk_info *key = &cp->keys[i];
4879 u8 type, addr_type, authenticated;
4881 if (key->addr.type == BDADDR_LE_PUBLIC)
4882 addr_type = ADDR_LE_DEV_PUBLIC;
4884 addr_type = ADDR_LE_DEV_RANDOM;
4889 type = SMP_LTK_SLAVE;
4891 switch (key->type) {
4892 case MGMT_LTK_UNAUTHENTICATED:
4893 authenticated = 0x00;
4895 case MGMT_LTK_AUTHENTICATED:
4896 authenticated = 0x01;
4902 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4903 authenticated, key->val, key->enc_size, key->ediv,
4907 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4910 hci_dev_unlock(hdev);
4915 struct cmd_conn_lookup {
4916 struct hci_conn *conn;
4917 bool valid_tx_power;
4921 static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4923 struct cmd_conn_lookup *match = data;
4924 struct mgmt_cp_get_conn_info *cp;
4925 struct mgmt_rp_get_conn_info rp;
4926 struct hci_conn *conn = cmd->user_data;
4928 if (conn != match->conn)
4931 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4933 memset(&rp, 0, sizeof(rp));
4934 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4935 rp.addr.type = cp->addr.type;
4937 if (!match->mgmt_status) {
4938 rp.rssi = conn->rssi;
4940 if (match->valid_tx_power) {
4941 rp.tx_power = conn->tx_power;
4942 rp.max_tx_power = conn->max_tx_power;
4944 rp.tx_power = HCI_TX_POWER_INVALID;
4945 rp.max_tx_power = HCI_TX_POWER_INVALID;
4949 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4950 match->mgmt_status, &rp, sizeof(rp));
4952 hci_conn_drop(conn);
4955 mgmt_pending_remove(cmd);
4958 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4960 struct hci_cp_read_rssi *cp;
4961 struct hci_conn *conn;
4962 struct cmd_conn_lookup match;
4965 BT_DBG("status 0x%02x", status);
4969 /* TX power data is valid in case request completed successfully,
4970 * otherwise we assume it's not valid. At the moment we assume that
4971 * either both or none of current and max values are valid to keep code
4974 match.valid_tx_power = !status;
4976 /* Commands sent in request are either Read RSSI or Read Transmit Power
4977 * Level so we check which one was last sent to retrieve connection
4978 * handle. Both commands have handle as first parameter so it's safe to
4979 * cast data on the same command struct.
4981 * First command sent is always Read RSSI and we fail only if it fails.
4982 * In other case we simply override error to indicate success as we
4983 * already remembered if TX power value is actually valid.
4985 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4987 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4992 BT_ERR("invalid sent_cmd in response");
4996 handle = __le16_to_cpu(cp->handle);
4997 conn = hci_conn_hash_lookup_handle(hdev, handle);
4999 BT_ERR("unknown handle (%d) in response", handle);
5004 match.mgmt_status = mgmt_status(status);
5006 /* Cache refresh is complete, now reply for mgmt request for given
5009 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
5010 get_conn_info_complete, &match);
5013 hci_dev_unlock(hdev);
5016 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5019 struct mgmt_cp_get_conn_info *cp = data;
5020 struct mgmt_rp_get_conn_info rp;
5021 struct hci_conn *conn;
5022 unsigned long conn_info_age;
5025 BT_DBG("%s", hdev->name);
5027 memset(&rp, 0, sizeof(rp));
5028 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5029 rp.addr.type = cp->addr.type;
5031 if (!bdaddr_type_is_valid(cp->addr.type))
5032 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5033 MGMT_STATUS_INVALID_PARAMS,
5038 if (!hdev_is_powered(hdev)) {
5039 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5040 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5044 if (cp->addr.type == BDADDR_BREDR)
5045 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5048 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5050 if (!conn || conn->state != BT_CONNECTED) {
5051 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5052 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5056 /* To avoid client trying to guess when to poll again for information we
5057 * calculate conn info age as random value between min/max set in hdev.
5059 conn_info_age = hdev->conn_info_min_age +
5060 prandom_u32_max(hdev->conn_info_max_age -
5061 hdev->conn_info_min_age);
5063 /* Query controller to refresh cached values if they are too old or were
5066 if (time_after(jiffies, conn->conn_info_timestamp +
5067 msecs_to_jiffies(conn_info_age)) ||
5068 !conn->conn_info_timestamp) {
5069 struct hci_request req;
5070 struct hci_cp_read_tx_power req_txp_cp;
5071 struct hci_cp_read_rssi req_rssi_cp;
5072 struct pending_cmd *cmd;
5074 hci_req_init(&req, hdev);
5075 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5076 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5079 /* For LE links TX power does not change thus we don't need to
5080 * query for it once value is known.
5082 if (!bdaddr_type_is_le(cp->addr.type) ||
5083 conn->tx_power == HCI_TX_POWER_INVALID) {
5084 req_txp_cp.handle = cpu_to_le16(conn->handle);
5085 req_txp_cp.type = 0x00;
5086 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5087 sizeof(req_txp_cp), &req_txp_cp);
5090 /* Max TX power needs to be read only once per connection */
5091 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5092 req_txp_cp.handle = cpu_to_le16(conn->handle);
5093 req_txp_cp.type = 0x01;
5094 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5095 sizeof(req_txp_cp), &req_txp_cp);
5098 err = hci_req_run(&req, conn_info_refresh_complete);
5102 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5109 hci_conn_hold(conn);
5110 cmd->user_data = hci_conn_get(conn);
5112 conn->conn_info_timestamp = jiffies;
5114 /* Cache is valid, just reply with values cached in hci_conn */
5115 rp.rssi = conn->rssi;
5116 rp.tx_power = conn->tx_power;
5117 rp.max_tx_power = conn->max_tx_power;
5119 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5120 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5124 hci_dev_unlock(hdev);
5128 static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5130 struct mgmt_cp_get_clock_info *cp;
5131 struct mgmt_rp_get_clock_info rp;
5132 struct hci_cp_read_clock *hci_cp;
5133 struct pending_cmd *cmd;
5134 struct hci_conn *conn;
5136 BT_DBG("%s status %u", hdev->name, status);
5140 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5144 if (hci_cp->which) {
5145 u16 handle = __le16_to_cpu(hci_cp->handle);
5146 conn = hci_conn_hash_lookup_handle(hdev, handle);
5151 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5157 memset(&rp, 0, sizeof(rp));
5158 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5163 rp.local_clock = cpu_to_le32(hdev->clock);
5166 rp.piconet_clock = cpu_to_le32(conn->clock);
5167 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5171 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5173 mgmt_pending_remove(cmd);
5175 hci_conn_drop(conn);
5180 hci_dev_unlock(hdev);
5183 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5186 struct mgmt_cp_get_clock_info *cp = data;
5187 struct mgmt_rp_get_clock_info rp;
5188 struct hci_cp_read_clock hci_cp;
5189 struct pending_cmd *cmd;
5190 struct hci_request req;
5191 struct hci_conn *conn;
5194 BT_DBG("%s", hdev->name);
5196 memset(&rp, 0, sizeof(rp));
5197 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5198 rp.addr.type = cp->addr.type;
5200 if (cp->addr.type != BDADDR_BREDR)
5201 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5202 MGMT_STATUS_INVALID_PARAMS,
5207 if (!hdev_is_powered(hdev)) {
5208 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5209 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5213 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5214 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5216 if (!conn || conn->state != BT_CONNECTED) {
5217 err = cmd_complete(sk, hdev->id,
5218 MGMT_OP_GET_CLOCK_INFO,
5219 MGMT_STATUS_NOT_CONNECTED,
5227 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5233 hci_req_init(&req, hdev);
5235 memset(&hci_cp, 0, sizeof(hci_cp));
5236 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5239 hci_conn_hold(conn);
5240 cmd->user_data = hci_conn_get(conn);
5242 hci_cp.handle = cpu_to_le16(conn->handle);
5243 hci_cp.which = 0x01; /* Piconet clock */
5244 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5247 err = hci_req_run(&req, get_clock_info_complete);
5249 mgmt_pending_remove(cmd);
5252 hci_dev_unlock(hdev);
5256 static void device_added(struct sock *sk, struct hci_dev *hdev,
5257 bdaddr_t *bdaddr, u8 type, u8 action)
5259 struct mgmt_ev_device_added ev;
5261 bacpy(&ev.addr.bdaddr, bdaddr);
5262 ev.addr.type = type;
5265 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5268 static int add_device(struct sock *sk, struct hci_dev *hdev,
5269 void *data, u16 len)
5271 struct mgmt_cp_add_device *cp = data;
5272 u8 auto_conn, addr_type;
5275 BT_DBG("%s", hdev->name);
5277 if (!bdaddr_type_is_valid(cp->addr.type) ||
5278 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5279 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5280 MGMT_STATUS_INVALID_PARAMS,
5281 &cp->addr, sizeof(cp->addr));
5283 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5284 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5285 MGMT_STATUS_INVALID_PARAMS,
5286 &cp->addr, sizeof(cp->addr));
5290 if (cp->addr.type == BDADDR_BREDR) {
5291 /* Only incoming connections action is supported for now */
5292 if (cp->action != 0x01) {
5293 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5294 MGMT_STATUS_INVALID_PARAMS,
5295 &cp->addr, sizeof(cp->addr));
5299 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5304 hci_update_page_scan(hdev, NULL);
5309 if (cp->addr.type == BDADDR_LE_PUBLIC)
5310 addr_type = ADDR_LE_DEV_PUBLIC;
5312 addr_type = ADDR_LE_DEV_RANDOM;
5314 if (cp->action == 0x02)
5315 auto_conn = HCI_AUTO_CONN_ALWAYS;
5316 else if (cp->action == 0x01)
5317 auto_conn = HCI_AUTO_CONN_DIRECT;
5319 auto_conn = HCI_AUTO_CONN_REPORT;
5321 /* If the connection parameters don't exist for this device,
5322 * they will be created and configured with defaults.
5324 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5326 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5328 &cp->addr, sizeof(cp->addr));
5333 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5335 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5336 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5339 hci_dev_unlock(hdev);
5343 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5344 bdaddr_t *bdaddr, u8 type)
5346 struct mgmt_ev_device_removed ev;
5348 bacpy(&ev.addr.bdaddr, bdaddr);
5349 ev.addr.type = type;
5351 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5354 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5355 void *data, u16 len)
5357 struct mgmt_cp_remove_device *cp = data;
5360 BT_DBG("%s", hdev->name);
5364 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5365 struct hci_conn_params *params;
5368 if (!bdaddr_type_is_valid(cp->addr.type)) {
5369 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5370 MGMT_STATUS_INVALID_PARAMS,
5371 &cp->addr, sizeof(cp->addr));
5375 if (cp->addr.type == BDADDR_BREDR) {
5376 err = hci_bdaddr_list_del(&hdev->whitelist,
5380 err = cmd_complete(sk, hdev->id,
5381 MGMT_OP_REMOVE_DEVICE,
5382 MGMT_STATUS_INVALID_PARAMS,
5383 &cp->addr, sizeof(cp->addr));
5387 hci_update_page_scan(hdev, NULL);
5389 device_removed(sk, hdev, &cp->addr.bdaddr,
5394 if (cp->addr.type == BDADDR_LE_PUBLIC)
5395 addr_type = ADDR_LE_DEV_PUBLIC;
5397 addr_type = ADDR_LE_DEV_RANDOM;
5399 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5402 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5403 MGMT_STATUS_INVALID_PARAMS,
5404 &cp->addr, sizeof(cp->addr));
5408 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5409 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5410 MGMT_STATUS_INVALID_PARAMS,
5411 &cp->addr, sizeof(cp->addr));
5415 list_del(¶ms->action);
5416 list_del(¶ms->list);
5418 hci_update_background_scan(hdev);
5420 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5422 struct hci_conn_params *p, *tmp;
5423 struct bdaddr_list *b, *btmp;
5425 if (cp->addr.type) {
5426 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5427 MGMT_STATUS_INVALID_PARAMS,
5428 &cp->addr, sizeof(cp->addr));
5432 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5433 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5438 hci_update_page_scan(hdev, NULL);
5440 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5441 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5443 device_removed(sk, hdev, &p->addr, p->addr_type);
5444 list_del(&p->action);
5449 BT_DBG("All LE connection parameters were removed");
5451 hci_update_background_scan(hdev);
5455 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5456 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5459 hci_dev_unlock(hdev);
5463 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5466 struct mgmt_cp_load_conn_param *cp = data;
5467 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5468 sizeof(struct mgmt_conn_param));
5469 u16 param_count, expected_len;
5472 if (!lmp_le_capable(hdev))
5473 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5474 MGMT_STATUS_NOT_SUPPORTED);
5476 param_count = __le16_to_cpu(cp->param_count);
5477 if (param_count > max_param_count) {
5478 BT_ERR("load_conn_param: too big param_count value %u",
5480 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5481 MGMT_STATUS_INVALID_PARAMS);
5484 expected_len = sizeof(*cp) + param_count *
5485 sizeof(struct mgmt_conn_param);
5486 if (expected_len != len) {
5487 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5489 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5490 MGMT_STATUS_INVALID_PARAMS);
5493 BT_DBG("%s param_count %u", hdev->name, param_count);
5497 hci_conn_params_clear_disabled(hdev);
5499 for (i = 0; i < param_count; i++) {
5500 struct mgmt_conn_param *param = &cp->params[i];
5501 struct hci_conn_params *hci_param;
5502 u16 min, max, latency, timeout;
5505 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5508 if (param->addr.type == BDADDR_LE_PUBLIC) {
5509 addr_type = ADDR_LE_DEV_PUBLIC;
5510 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5511 addr_type = ADDR_LE_DEV_RANDOM;
5513 BT_ERR("Ignoring invalid connection parameters");
5517 min = le16_to_cpu(param->min_interval);
5518 max = le16_to_cpu(param->max_interval);
5519 latency = le16_to_cpu(param->latency);
5520 timeout = le16_to_cpu(param->timeout);
5522 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5523 min, max, latency, timeout);
5525 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5526 BT_ERR("Ignoring invalid connection parameters");
5530 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5533 BT_ERR("Failed to add connection parameters");
5537 hci_param->conn_min_interval = min;
5538 hci_param->conn_max_interval = max;
5539 hci_param->conn_latency = latency;
5540 hci_param->supervision_timeout = timeout;
5543 hci_dev_unlock(hdev);
5545 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5548 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5549 void *data, u16 len)
5551 struct mgmt_cp_set_external_config *cp = data;
5555 BT_DBG("%s", hdev->name);
5557 if (hdev_is_powered(hdev))
5558 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5559 MGMT_STATUS_REJECTED);
5561 if (cp->config != 0x00 && cp->config != 0x01)
5562 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5563 MGMT_STATUS_INVALID_PARAMS);
5565 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5566 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5567 MGMT_STATUS_NOT_SUPPORTED);
5572 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5575 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5578 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5585 err = new_options(hdev, sk);
5587 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5588 mgmt_index_removed(hdev);
5590 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5591 set_bit(HCI_CONFIG, &hdev->dev_flags);
5592 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5594 queue_work(hdev->req_workqueue, &hdev->power_on);
5596 set_bit(HCI_RAW, &hdev->flags);
5597 mgmt_index_added(hdev);
5602 hci_dev_unlock(hdev);
5606 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5607 void *data, u16 len)
5609 struct mgmt_cp_set_public_address *cp = data;
5613 BT_DBG("%s", hdev->name);
5615 if (hdev_is_powered(hdev))
5616 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5617 MGMT_STATUS_REJECTED);
5619 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5620 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5621 MGMT_STATUS_INVALID_PARAMS);
5623 if (!hdev->set_bdaddr)
5624 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5625 MGMT_STATUS_NOT_SUPPORTED);
5629 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5630 bacpy(&hdev->public_addr, &cp->bdaddr);
5632 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5639 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5640 err = new_options(hdev, sk);
5642 if (is_configured(hdev)) {
5643 mgmt_index_removed(hdev);
5645 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5647 set_bit(HCI_CONFIG, &hdev->dev_flags);
5648 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5650 queue_work(hdev->req_workqueue, &hdev->power_on);
5654 hci_dev_unlock(hdev);
5658 static const struct mgmt_handler {
5659 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5663 } mgmt_handlers[] = {
5664 { NULL }, /* 0x0000 (no command) */
5665 { read_version, false, MGMT_READ_VERSION_SIZE },
5666 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5667 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5668 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5669 { set_powered, false, MGMT_SETTING_SIZE },
5670 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5671 { set_connectable, false, MGMT_SETTING_SIZE },
5672 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5673 { set_bondable, false, MGMT_SETTING_SIZE },
5674 { set_link_security, false, MGMT_SETTING_SIZE },
5675 { set_ssp, false, MGMT_SETTING_SIZE },
5676 { set_hs, false, MGMT_SETTING_SIZE },
5677 { set_le, false, MGMT_SETTING_SIZE },
5678 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5679 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5680 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5681 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5682 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5683 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5684 { disconnect, false, MGMT_DISCONNECT_SIZE },
5685 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5686 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5687 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5688 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5689 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5690 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5691 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5692 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5693 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5694 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5695 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5696 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
5697 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
5698 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5699 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5700 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5701 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5702 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5703 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
5704 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
5705 { set_advertising, false, MGMT_SETTING_SIZE },
5706 { set_bredr, false, MGMT_SETTING_SIZE },
5707 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
5708 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
5709 { set_secure_conn, false, MGMT_SETTING_SIZE },
5710 { set_debug_keys, false, MGMT_SETTING_SIZE },
5711 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
5712 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
5713 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
5714 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
5715 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5716 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
5717 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5718 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
5719 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
5720 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
5721 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
5724 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5728 struct mgmt_hdr *hdr;
5729 u16 opcode, index, len;
5730 struct hci_dev *hdev = NULL;
5731 const struct mgmt_handler *handler;
5734 BT_DBG("got %zu bytes", msglen);
5736 if (msglen < sizeof(*hdr))
5739 buf = kmalloc(msglen, GFP_KERNEL);
5743 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5749 opcode = __le16_to_cpu(hdr->opcode);
5750 index = __le16_to_cpu(hdr->index);
5751 len = __le16_to_cpu(hdr->len);
5753 if (len != msglen - sizeof(*hdr)) {
5758 if (index != MGMT_INDEX_NONE) {
5759 hdev = hci_dev_get(index);
5761 err = cmd_status(sk, index, opcode,
5762 MGMT_STATUS_INVALID_INDEX);
5766 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
5767 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
5768 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
5769 err = cmd_status(sk, index, opcode,
5770 MGMT_STATUS_INVALID_INDEX);
5774 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
5775 opcode != MGMT_OP_READ_CONFIG_INFO &&
5776 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
5777 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
5778 err = cmd_status(sk, index, opcode,
5779 MGMT_STATUS_INVALID_INDEX);
5784 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
5785 mgmt_handlers[opcode].func == NULL) {
5786 BT_DBG("Unknown op %u", opcode);
5787 err = cmd_status(sk, index, opcode,
5788 MGMT_STATUS_UNKNOWN_COMMAND);
5792 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5793 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5794 err = cmd_status(sk, index, opcode,
5795 MGMT_STATUS_INVALID_INDEX);
5799 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5800 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5801 err = cmd_status(sk, index, opcode,
5802 MGMT_STATUS_INVALID_INDEX);
5806 handler = &mgmt_handlers[opcode];
5808 if ((handler->var_len && len < handler->data_len) ||
5809 (!handler->var_len && len != handler->data_len)) {
5810 err = cmd_status(sk, index, opcode,
5811 MGMT_STATUS_INVALID_PARAMS);
5816 mgmt_init_hdev(sk, hdev);
5818 cp = buf + sizeof(*hdr);
5820 err = handler->func(sk, hdev, cp, len);
5834 void mgmt_index_added(struct hci_dev *hdev)
5836 if (hdev->dev_type != HCI_BREDR)
5839 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5842 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5843 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5845 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
5848 void mgmt_index_removed(struct hci_dev *hdev)
5850 u8 status = MGMT_STATUS_INVALID_INDEX;
5852 if (hdev->dev_type != HCI_BREDR)
5855 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5858 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
5860 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5861 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5863 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
5866 /* This function requires the caller holds hdev->lock */
5867 static void restart_le_actions(struct hci_dev *hdev)
5869 struct hci_conn_params *p;
5871 list_for_each_entry(p, &hdev->le_conn_params, list) {
5872 /* Needed for AUTO_OFF case where might not "really"
5873 * have been powered off.
5875 list_del_init(&p->action);
5877 switch (p->auto_connect) {
5878 case HCI_AUTO_CONN_DIRECT:
5879 case HCI_AUTO_CONN_ALWAYS:
5880 list_add(&p->action, &hdev->pend_le_conns);
5882 case HCI_AUTO_CONN_REPORT:
5883 list_add(&p->action, &hdev->pend_le_reports);
5890 hci_update_background_scan(hdev);
5893 static void powered_complete(struct hci_dev *hdev, u8 status)
5895 struct cmd_lookup match = { NULL, hdev };
5897 BT_DBG("status 0x%02x", status);
5901 restart_le_actions(hdev);
5903 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5905 new_settings(hdev, match.sk);
5907 hci_dev_unlock(hdev);
5913 static int powered_update_hci(struct hci_dev *hdev)
5915 struct hci_request req;
5918 hci_req_init(&req, hdev);
5920 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5921 !lmp_host_ssp_capable(hdev)) {
5924 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
5927 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5928 lmp_bredr_capable(hdev)) {
5929 struct hci_cp_write_le_host_supported cp;
5934 /* Check first if we already have the right
5935 * host state (host features set)
5937 if (cp.le != lmp_host_le_capable(hdev) ||
5938 cp.simul != lmp_host_le_br_capable(hdev))
5939 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5943 if (lmp_le_capable(hdev)) {
5944 /* Make sure the controller has a good default for
5945 * advertising data. This also applies to the case
5946 * where BR/EDR was toggled during the AUTO_OFF phase.
5948 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5949 update_adv_data(&req);
5950 update_scan_rsp_data(&req);
5953 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5954 enable_advertising(&req);
5957 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5958 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
5959 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5960 sizeof(link_sec), &link_sec);
5962 if (lmp_bredr_capable(hdev)) {
5963 write_fast_connectable(&req, false);
5964 hci_update_page_scan(hdev, &req);
5970 return hci_req_run(&req, powered_complete);
5973 int mgmt_powered(struct hci_dev *hdev, u8 powered)
5975 struct cmd_lookup match = { NULL, hdev };
5976 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5977 u8 zero_cod[] = { 0, 0, 0 };
5980 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5984 if (powered_update_hci(hdev) == 0)
5987 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5992 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5993 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5995 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5996 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5997 zero_cod, sizeof(zero_cod), NULL);
6000 err = new_settings(hdev, match.sk);
6008 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
6010 struct pending_cmd *cmd;
6013 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6017 if (err == -ERFKILL)
6018 status = MGMT_STATUS_RFKILLED;
6020 status = MGMT_STATUS_FAILED;
6022 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
6024 mgmt_pending_remove(cmd);
6027 void mgmt_discoverable_timeout(struct hci_dev *hdev)
6029 struct hci_request req;
6033 /* When discoverable timeout triggers, then just make sure
6034 * the limited discoverable flag is cleared. Even in the case
6035 * of a timeout triggered from general discoverable, it is
6036 * safe to unconditionally clear the flag.
6038 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
6039 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
6041 hci_req_init(&req, hdev);
6042 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6043 u8 scan = SCAN_PAGE;
6044 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6045 sizeof(scan), &scan);
6048 update_adv_data(&req);
6049 hci_req_run(&req, NULL);
6051 hdev->discov_timeout = 0;
6053 new_settings(hdev, NULL);
6055 hci_dev_unlock(hdev);
6058 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6061 struct mgmt_ev_new_link_key ev;
6063 memset(&ev, 0, sizeof(ev));
6065 ev.store_hint = persistent;
6066 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6067 ev.key.addr.type = BDADDR_BREDR;
6068 ev.key.type = key->type;
6069 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
6070 ev.key.pin_len = key->pin_len;
6072 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
6075 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6077 if (ltk->authenticated)
6078 return MGMT_LTK_AUTHENTICATED;
6080 return MGMT_LTK_UNAUTHENTICATED;
6083 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
6085 struct mgmt_ev_new_long_term_key ev;
6087 memset(&ev, 0, sizeof(ev));
6089 /* Devices using resolvable or non-resolvable random addresses
6090 * without providing an indentity resolving key don't require
6091 * to store long term keys. Their addresses will change the
6094 * Only when a remote device provides an identity address
6095 * make sure the long term key is stored. If the remote
6096 * identity is known, the long term keys are internally
6097 * mapped to the identity address. So allow static random
6098 * and public addresses here.
6100 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6101 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6102 ev.store_hint = 0x00;
6104 ev.store_hint = persistent;
6106 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6107 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
6108 ev.key.type = mgmt_ltk_type(key);
6109 ev.key.enc_size = key->enc_size;
6110 ev.key.ediv = key->ediv;
6111 ev.key.rand = key->rand;
6113 if (key->type == SMP_LTK)
6116 memcpy(ev.key.val, key->val, sizeof(key->val));
6118 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
6121 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6123 struct mgmt_ev_new_irk ev;
6125 memset(&ev, 0, sizeof(ev));
6127 /* For identity resolving keys from devices that are already
6128 * using a public address or static random address, do not
6129 * ask for storing this key. The identity resolving key really
6130 * is only mandatory for devices using resovlable random
6133 * Storing all identity resolving keys has the downside that
6134 * they will be also loaded on next boot of they system. More
6135 * identity resolving keys, means more time during scanning is
6136 * needed to actually resolve these addresses.
6138 if (bacmp(&irk->rpa, BDADDR_ANY))
6139 ev.store_hint = 0x01;
6141 ev.store_hint = 0x00;
6143 bacpy(&ev.rpa, &irk->rpa);
6144 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6145 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6146 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6148 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6151 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6154 struct mgmt_ev_new_csrk ev;
6156 memset(&ev, 0, sizeof(ev));
6158 /* Devices using resolvable or non-resolvable random addresses
6159 * without providing an indentity resolving key don't require
6160 * to store signature resolving keys. Their addresses will change
6161 * the next time around.
6163 * Only when a remote device provides an identity address
6164 * make sure the signature resolving key is stored. So allow
6165 * static random and public addresses here.
6167 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6168 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6169 ev.store_hint = 0x00;
6171 ev.store_hint = persistent;
6173 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6174 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6175 ev.key.master = csrk->master;
6176 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6178 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6181 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
6182 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6183 u16 max_interval, u16 latency, u16 timeout)
6185 struct mgmt_ev_new_conn_param ev;
6187 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6190 memset(&ev, 0, sizeof(ev));
6191 bacpy(&ev.addr.bdaddr, bdaddr);
6192 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
6193 ev.store_hint = store_hint;
6194 ev.min_interval = cpu_to_le16(min_interval);
6195 ev.max_interval = cpu_to_le16(max_interval);
6196 ev.latency = cpu_to_le16(latency);
6197 ev.timeout = cpu_to_le16(timeout);
6199 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6202 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6205 eir[eir_len++] = sizeof(type) + data_len;
6206 eir[eir_len++] = type;
6207 memcpy(&eir[eir_len], data, data_len);
6208 eir_len += data_len;
6213 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6214 u32 flags, u8 *name, u8 name_len)
6217 struct mgmt_ev_device_connected *ev = (void *) buf;
6220 bacpy(&ev->addr.bdaddr, &conn->dst);
6221 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6223 ev->flags = __cpu_to_le32(flags);
6225 /* We must ensure that the EIR Data fields are ordered and
6226 * unique. Keep it simple for now and avoid the problem by not
6227 * adding any BR/EDR data to the LE adv.
6229 if (conn->le_adv_data_len > 0) {
6230 memcpy(&ev->eir[eir_len],
6231 conn->le_adv_data, conn->le_adv_data_len);
6232 eir_len = conn->le_adv_data_len;
6235 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6238 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
6239 eir_len = eir_append_data(ev->eir, eir_len,
6241 conn->dev_class, 3);
6244 ev->eir_len = cpu_to_le16(eir_len);
6246 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6247 sizeof(*ev) + eir_len, NULL);
6250 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6252 struct mgmt_cp_disconnect *cp = cmd->param;
6253 struct sock **sk = data;
6254 struct mgmt_rp_disconnect rp;
6256 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6257 rp.addr.type = cp->addr.type;
6259 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
6265 mgmt_pending_remove(cmd);
6268 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
6270 struct hci_dev *hdev = data;
6271 struct mgmt_cp_unpair_device *cp = cmd->param;
6272 struct mgmt_rp_unpair_device rp;
6274 memset(&rp, 0, sizeof(rp));
6275 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6276 rp.addr.type = cp->addr.type;
6278 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6280 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
6282 mgmt_pending_remove(cmd);
6285 bool mgmt_powering_down(struct hci_dev *hdev)
6287 struct pending_cmd *cmd;
6288 struct mgmt_mode *cp;
6290 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6301 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
6302 u8 link_type, u8 addr_type, u8 reason,
6303 bool mgmt_connected)
6305 struct mgmt_ev_device_disconnected ev;
6306 struct sock *sk = NULL;
6308 /* The connection is still in hci_conn_hash so test for 1
6309 * instead of 0 to know if this is the last one.
6311 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6312 cancel_delayed_work(&hdev->power_off);
6313 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6316 if (!mgmt_connected)
6319 if (link_type != ACL_LINK && link_type != LE_LINK)
6322 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
6324 bacpy(&ev.addr.bdaddr, bdaddr);
6325 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6328 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
6333 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6337 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6338 u8 link_type, u8 addr_type, u8 status)
6340 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6341 struct mgmt_cp_disconnect *cp;
6342 struct mgmt_rp_disconnect rp;
6343 struct pending_cmd *cmd;
6345 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6348 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
6354 if (bacmp(bdaddr, &cp->addr.bdaddr))
6357 if (cp->addr.type != bdaddr_type)
6360 bacpy(&rp.addr.bdaddr, bdaddr);
6361 rp.addr.type = bdaddr_type;
6363 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6364 mgmt_status(status), &rp, sizeof(rp));
6366 mgmt_pending_remove(cmd);
6369 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6370 u8 addr_type, u8 status)
6372 struct mgmt_ev_connect_failed ev;
6374 /* The connection is still in hci_conn_hash so test for 1
6375 * instead of 0 to know if this is the last one.
6377 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6378 cancel_delayed_work(&hdev->power_off);
6379 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6382 bacpy(&ev.addr.bdaddr, bdaddr);
6383 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6384 ev.status = mgmt_status(status);
6386 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
6389 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
6391 struct mgmt_ev_pin_code_request ev;
6393 bacpy(&ev.addr.bdaddr, bdaddr);
6394 ev.addr.type = BDADDR_BREDR;
6397 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
6400 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6403 struct pending_cmd *cmd;
6404 struct mgmt_rp_pin_code_reply rp;
6406 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
6410 bacpy(&rp.addr.bdaddr, bdaddr);
6411 rp.addr.type = BDADDR_BREDR;
6413 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6414 mgmt_status(status), &rp, sizeof(rp));
6416 mgmt_pending_remove(cmd);
6419 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6422 struct pending_cmd *cmd;
6423 struct mgmt_rp_pin_code_reply rp;
6425 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
6429 bacpy(&rp.addr.bdaddr, bdaddr);
6430 rp.addr.type = BDADDR_BREDR;
6432 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6433 mgmt_status(status), &rp, sizeof(rp));
6435 mgmt_pending_remove(cmd);
6438 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
6439 u8 link_type, u8 addr_type, u32 value,
6442 struct mgmt_ev_user_confirm_request ev;
6444 BT_DBG("%s", hdev->name);
6446 bacpy(&ev.addr.bdaddr, bdaddr);
6447 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6448 ev.confirm_hint = confirm_hint;
6449 ev.value = cpu_to_le32(value);
6451 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
6455 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
6456 u8 link_type, u8 addr_type)
6458 struct mgmt_ev_user_passkey_request ev;
6460 BT_DBG("%s", hdev->name);
6462 bacpy(&ev.addr.bdaddr, bdaddr);
6463 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6465 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
6469 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6470 u8 link_type, u8 addr_type, u8 status,
6473 struct pending_cmd *cmd;
6474 struct mgmt_rp_user_confirm_reply rp;
6477 cmd = mgmt_pending_find(opcode, hdev);
6481 bacpy(&rp.addr.bdaddr, bdaddr);
6482 rp.addr.type = link_to_bdaddr(link_type, addr_type);
6483 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
6486 mgmt_pending_remove(cmd);
6491 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6492 u8 link_type, u8 addr_type, u8 status)
6494 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6495 status, MGMT_OP_USER_CONFIRM_REPLY);
6498 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6499 u8 link_type, u8 addr_type, u8 status)
6501 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6503 MGMT_OP_USER_CONFIRM_NEG_REPLY);
6506 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6507 u8 link_type, u8 addr_type, u8 status)
6509 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6510 status, MGMT_OP_USER_PASSKEY_REPLY);
6513 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6514 u8 link_type, u8 addr_type, u8 status)
6516 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6518 MGMT_OP_USER_PASSKEY_NEG_REPLY);
6521 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6522 u8 link_type, u8 addr_type, u32 passkey,
6525 struct mgmt_ev_passkey_notify ev;
6527 BT_DBG("%s", hdev->name);
6529 bacpy(&ev.addr.bdaddr, bdaddr);
6530 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6531 ev.passkey = __cpu_to_le32(passkey);
6532 ev.entered = entered;
6534 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6537 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
6539 struct mgmt_ev_auth_failed ev;
6540 struct pending_cmd *cmd;
6541 u8 status = mgmt_status(hci_status);
6543 bacpy(&ev.addr.bdaddr, &conn->dst);
6544 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6547 cmd = find_pairing(conn);
6549 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
6550 cmd ? cmd->sk : NULL);
6553 pairing_complete(cmd, status);
6556 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
6558 struct cmd_lookup match = { NULL, hdev };
6562 u8 mgmt_err = mgmt_status(status);
6563 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
6564 cmd_status_rsp, &mgmt_err);
6568 if (test_bit(HCI_AUTH, &hdev->flags))
6569 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6572 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6575 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
6579 new_settings(hdev, match.sk);
6585 static void clear_eir(struct hci_request *req)
6587 struct hci_dev *hdev = req->hdev;
6588 struct hci_cp_write_eir cp;
6590 if (!lmp_ext_inq_capable(hdev))
6593 memset(hdev->eir, 0, sizeof(hdev->eir));
6595 memset(&cp, 0, sizeof(cp));
6597 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
6600 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6602 struct cmd_lookup match = { NULL, hdev };
6603 struct hci_request req;
6604 bool changed = false;
6607 u8 mgmt_err = mgmt_status(status);
6609 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
6610 &hdev->dev_flags)) {
6611 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
6612 new_settings(hdev, NULL);
6615 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6621 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6623 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6625 changed = test_and_clear_bit(HCI_HS_ENABLED,
6628 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
6631 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6634 new_settings(hdev, match.sk);
6639 hci_req_init(&req, hdev);
6641 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6642 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6643 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6644 sizeof(enable), &enable);
6650 hci_req_run(&req, NULL);
6653 void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6655 struct cmd_lookup match = { NULL, hdev };
6656 bool changed = false;
6659 u8 mgmt_err = mgmt_status(status);
6662 if (test_and_clear_bit(HCI_SC_ENABLED,
6664 new_settings(hdev, NULL);
6665 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6668 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6669 cmd_status_rsp, &mgmt_err);
6674 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
6676 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
6677 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6680 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6681 settings_rsp, &match);
6684 new_settings(hdev, match.sk);
6690 static void sk_lookup(struct pending_cmd *cmd, void *data)
6692 struct cmd_lookup *match = data;
6694 if (match->sk == NULL) {
6695 match->sk = cmd->sk;
6696 sock_hold(match->sk);
6700 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6703 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
6705 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6706 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6707 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
6710 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6717 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
6719 struct mgmt_cp_set_local_name ev;
6720 struct pending_cmd *cmd;
6725 memset(&ev, 0, sizeof(ev));
6726 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
6727 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
6729 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
6731 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
6733 /* If this is a HCI command related to powering on the
6734 * HCI dev don't send any mgmt signals.
6736 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
6740 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6741 cmd ? cmd->sk : NULL);
6744 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6745 u8 *randomizer192, u8 *hash256,
6746 u8 *randomizer256, u8 status)
6748 struct pending_cmd *cmd;
6750 BT_DBG("%s status %u", hdev->name, status);
6752 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
6757 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6758 mgmt_status(status));
6760 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6761 hash256 && randomizer256) {
6762 struct mgmt_rp_read_local_oob_ext_data rp;
6764 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6765 memcpy(rp.randomizer192, randomizer192,
6766 sizeof(rp.randomizer192));
6768 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6769 memcpy(rp.randomizer256, randomizer256,
6770 sizeof(rp.randomizer256));
6772 cmd_complete(cmd->sk, hdev->id,
6773 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6776 struct mgmt_rp_read_local_oob_data rp;
6778 memcpy(rp.hash, hash192, sizeof(rp.hash));
6779 memcpy(rp.randomizer, randomizer192,
6780 sizeof(rp.randomizer));
6782 cmd_complete(cmd->sk, hdev->id,
6783 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6788 mgmt_pending_remove(cmd);
6791 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6792 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6793 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
6796 struct mgmt_ev_device_found *ev = (void *) buf;
6799 /* Don't send events for a non-kernel initiated discovery. With
6800 * LE one exception is if we have pend_le_reports > 0 in which
6801 * case we're doing passive scanning and want these events.
6803 if (!hci_discovery_active(hdev)) {
6804 if (link_type == ACL_LINK)
6806 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
6810 /* Make sure that the buffer is big enough. The 5 extra bytes
6811 * are for the potential CoD field.
6813 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
6816 memset(buf, 0, sizeof(buf));
6818 bacpy(&ev->addr.bdaddr, bdaddr);
6819 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6821 ev->flags = cpu_to_le32(flags);
6824 memcpy(ev->eir, eir, eir_len);
6826 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6827 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
6830 if (scan_rsp_len > 0)
6831 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6833 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6834 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
6836 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
6839 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6840 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
6842 struct mgmt_ev_device_found *ev;
6843 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6846 ev = (struct mgmt_ev_device_found *) buf;
6848 memset(buf, 0, sizeof(buf));
6850 bacpy(&ev->addr.bdaddr, bdaddr);
6851 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6854 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
6857 ev->eir_len = cpu_to_le16(eir_len);
6859 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
6862 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
6864 struct mgmt_ev_discovering ev;
6865 struct pending_cmd *cmd;
6867 BT_DBG("%s discovering %u", hdev->name, discovering);
6870 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
6872 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
6875 u8 type = hdev->discovery.type;
6877 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6879 mgmt_pending_remove(cmd);
6882 memset(&ev, 0, sizeof(ev));
6883 ev.type = hdev->discovery.type;
6884 ev.discovering = discovering;
6886 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
6889 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6891 BT_DBG("%s status %u", hdev->name, status);
6894 void mgmt_reenable_advertising(struct hci_dev *hdev)
6896 struct hci_request req;
6898 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6901 hci_req_init(&req, hdev);
6902 enable_advertising(&req);
6903 hci_req_run(&req, adv_enable_complete);
projects / linux-2.6-block.git / blob