2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
33 #include <net/bluetooth/mgmt.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 7
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
79 MGMT_OP_SET_ADVERTISING,
81 MGMT_OP_SET_STATIC_ADDRESS,
82 MGMT_OP_SET_SCAN_PARAMS,
83 MGMT_OP_SET_SECURE_CONN,
84 MGMT_OP_SET_DEBUG_KEYS,
87 MGMT_OP_GET_CONN_INFO,
88 MGMT_OP_GET_CLOCK_INFO,
90 MGMT_OP_REMOVE_DEVICE,
91 MGMT_OP_LOAD_CONN_PARAM,
92 MGMT_OP_READ_UNCONF_INDEX_LIST,
93 MGMT_OP_READ_CONFIG_INFO,
94 MGMT_OP_SET_EXTERNAL_CONFIG,
95 MGMT_OP_SET_PUBLIC_ADDRESS,
98 static const u16 mgmt_events[] = {
99 MGMT_EV_CONTROLLER_ERROR,
101 MGMT_EV_INDEX_REMOVED,
102 MGMT_EV_NEW_SETTINGS,
103 MGMT_EV_CLASS_OF_DEV_CHANGED,
104 MGMT_EV_LOCAL_NAME_CHANGED,
105 MGMT_EV_NEW_LINK_KEY,
106 MGMT_EV_NEW_LONG_TERM_KEY,
107 MGMT_EV_DEVICE_CONNECTED,
108 MGMT_EV_DEVICE_DISCONNECTED,
109 MGMT_EV_CONNECT_FAILED,
110 MGMT_EV_PIN_CODE_REQUEST,
111 MGMT_EV_USER_CONFIRM_REQUEST,
112 MGMT_EV_USER_PASSKEY_REQUEST,
114 MGMT_EV_DEVICE_FOUND,
116 MGMT_EV_DEVICE_BLOCKED,
117 MGMT_EV_DEVICE_UNBLOCKED,
118 MGMT_EV_DEVICE_UNPAIRED,
119 MGMT_EV_PASSKEY_NOTIFY,
122 MGMT_EV_DEVICE_ADDED,
123 MGMT_EV_DEVICE_REMOVED,
124 MGMT_EV_NEW_CONN_PARAM,
125 MGMT_EV_UNCONF_INDEX_ADDED,
126 MGMT_EV_UNCONF_INDEX_REMOVED,
127 MGMT_EV_NEW_CONFIG_OPTIONS,
130 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
133 struct list_head list;
141 /* HCI to MGMT error code conversion table */
142 static u8 mgmt_status_table[] = {
144 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
145 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
146 MGMT_STATUS_FAILED, /* Hardware Failure */
147 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
148 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
149 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
150 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
151 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
152 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
153 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
154 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
155 MGMT_STATUS_BUSY, /* Command Disallowed */
156 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
157 MGMT_STATUS_REJECTED, /* Rejected Security */
158 MGMT_STATUS_REJECTED, /* Rejected Personal */
159 MGMT_STATUS_TIMEOUT, /* Host Timeout */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
161 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
162 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
163 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
164 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
165 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
166 MGMT_STATUS_BUSY, /* Repeated Attempts */
167 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
168 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
169 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
170 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
171 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
172 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
173 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
174 MGMT_STATUS_FAILED, /* Unspecified Error */
175 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
176 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
177 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
178 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
179 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
180 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
181 MGMT_STATUS_FAILED, /* Unit Link Key Used */
182 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
183 MGMT_STATUS_TIMEOUT, /* Instant Passed */
184 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
185 MGMT_STATUS_FAILED, /* Transaction Collision */
186 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
187 MGMT_STATUS_REJECTED, /* QoS Rejected */
188 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
189 MGMT_STATUS_REJECTED, /* Insufficient Security */
190 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
191 MGMT_STATUS_BUSY, /* Role Switch Pending */
192 MGMT_STATUS_FAILED, /* Slot Violation */
193 MGMT_STATUS_FAILED, /* Role Switch Failed */
194 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
195 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
196 MGMT_STATUS_BUSY, /* Host Busy Pairing */
197 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
198 MGMT_STATUS_BUSY, /* Controller Busy */
199 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
200 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
201 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
202 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
203 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
206 static u8 mgmt_status(u8 hci_status)
208 if (hci_status < ARRAY_SIZE(mgmt_status_table))
209 return mgmt_status_table[hci_status];
211 return MGMT_STATUS_FAILED;
214 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
215 struct sock *skip_sk)
218 struct mgmt_hdr *hdr;
220 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
224 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = cpu_to_le16(event);
227 hdr->index = cpu_to_le16(hdev->id);
229 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
230 hdr->len = cpu_to_le16(data_len);
233 memcpy(skb_put(skb, data_len), data, data_len);
236 __net_timestamp(skb);
238 hci_send_to_control(skb, skip_sk);
244 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
247 struct mgmt_hdr *hdr;
248 struct mgmt_ev_cmd_status *ev;
251 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
253 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
257 hdr = (void *) skb_put(skb, sizeof(*hdr));
259 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
260 hdr->index = cpu_to_le16(index);
261 hdr->len = cpu_to_le16(sizeof(*ev));
263 ev = (void *) skb_put(skb, sizeof(*ev));
265 ev->opcode = cpu_to_le16(cmd);
267 err = sock_queue_rcv_skb(sk, skb);
274 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
275 void *rp, size_t rp_len)
278 struct mgmt_hdr *hdr;
279 struct mgmt_ev_cmd_complete *ev;
282 BT_DBG("sock %p", sk);
284 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
288 hdr = (void *) skb_put(skb, sizeof(*hdr));
290 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
291 hdr->index = cpu_to_le16(index);
292 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
294 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
295 ev->opcode = cpu_to_le16(cmd);
299 memcpy(ev->data, rp, rp_len);
301 err = sock_queue_rcv_skb(sk, skb);
308 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
311 struct mgmt_rp_read_version rp;
313 BT_DBG("sock %p", sk);
315 rp.version = MGMT_VERSION;
316 rp.revision = cpu_to_le16(MGMT_REVISION);
318 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
322 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
325 struct mgmt_rp_read_commands *rp;
326 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
327 const u16 num_events = ARRAY_SIZE(mgmt_events);
332 BT_DBG("sock %p", sk);
334 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
336 rp = kmalloc(rp_size, GFP_KERNEL);
340 rp->num_commands = cpu_to_le16(num_commands);
341 rp->num_events = cpu_to_le16(num_events);
343 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
344 put_unaligned_le16(mgmt_commands[i], opcode);
346 for (i = 0; i < num_events; i++, opcode++)
347 put_unaligned_le16(mgmt_events[i], opcode);
349 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
356 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
359 struct mgmt_rp_read_index_list *rp;
365 BT_DBG("sock %p", sk);
367 read_lock(&hci_dev_list_lock);
370 list_for_each_entry(d, &hci_dev_list, list) {
371 if (d->dev_type == HCI_BREDR &&
372 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
376 rp_len = sizeof(*rp) + (2 * count);
377 rp = kmalloc(rp_len, GFP_ATOMIC);
379 read_unlock(&hci_dev_list_lock);
384 list_for_each_entry(d, &hci_dev_list, list) {
385 if (test_bit(HCI_SETUP, &d->dev_flags) ||
386 test_bit(HCI_CONFIG, &d->dev_flags) ||
387 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
390 /* Devices marked as raw-only are neither configured
391 * nor unconfigured controllers.
393 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
396 if (d->dev_type == HCI_BREDR &&
397 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
398 rp->index[count++] = cpu_to_le16(d->id);
399 BT_DBG("Added hci%u", d->id);
403 rp->num_controllers = cpu_to_le16(count);
404 rp_len = sizeof(*rp) + (2 * count);
406 read_unlock(&hci_dev_list_lock);
408 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
416 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
417 void *data, u16 data_len)
419 struct mgmt_rp_read_unconf_index_list *rp;
425 BT_DBG("sock %p", sk);
427 read_lock(&hci_dev_list_lock);
430 list_for_each_entry(d, &hci_dev_list, list) {
431 if (d->dev_type == HCI_BREDR &&
432 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
436 rp_len = sizeof(*rp) + (2 * count);
437 rp = kmalloc(rp_len, GFP_ATOMIC);
439 read_unlock(&hci_dev_list_lock);
444 list_for_each_entry(d, &hci_dev_list, list) {
445 if (test_bit(HCI_SETUP, &d->dev_flags) ||
446 test_bit(HCI_CONFIG, &d->dev_flags) ||
447 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
450 /* Devices marked as raw-only are neither configured
451 * nor unconfigured controllers.
453 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
456 if (d->dev_type == HCI_BREDR &&
457 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
458 rp->index[count++] = cpu_to_le16(d->id);
459 BT_DBG("Added hci%u", d->id);
463 rp->num_controllers = cpu_to_le16(count);
464 rp_len = sizeof(*rp) + (2 * count);
466 read_unlock(&hci_dev_list_lock);
468 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
476 static bool is_configured(struct hci_dev *hdev)
478 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
479 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
482 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
483 !bacmp(&hdev->public_addr, BDADDR_ANY))
489 static __le32 get_missing_options(struct hci_dev *hdev)
493 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
494 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
495 options |= MGMT_OPTION_EXTERNAL_CONFIG;
497 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
498 !bacmp(&hdev->public_addr, BDADDR_ANY))
499 options |= MGMT_OPTION_PUBLIC_ADDRESS;
501 return cpu_to_le32(options);
504 static int new_options(struct hci_dev *hdev, struct sock *skip)
506 __le32 options = get_missing_options(hdev);
508 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
509 sizeof(options), skip);
512 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
514 __le32 options = get_missing_options(hdev);
516 return cmd_complete(sk, hdev->id, opcode, 0, &options,
520 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
521 void *data, u16 data_len)
523 struct mgmt_rp_read_config_info rp;
526 BT_DBG("sock %p %s", sk, hdev->name);
530 memset(&rp, 0, sizeof(rp));
531 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
533 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
534 options |= MGMT_OPTION_EXTERNAL_CONFIG;
536 if (hdev->set_bdaddr)
537 options |= MGMT_OPTION_PUBLIC_ADDRESS;
539 rp.supported_options = cpu_to_le32(options);
540 rp.missing_options = get_missing_options(hdev);
542 hci_dev_unlock(hdev);
544 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
548 static u32 get_supported_settings(struct hci_dev *hdev)
552 settings |= MGMT_SETTING_POWERED;
553 settings |= MGMT_SETTING_BONDABLE;
554 settings |= MGMT_SETTING_DEBUG_KEYS;
555 settings |= MGMT_SETTING_CONNECTABLE;
556 settings |= MGMT_SETTING_DISCOVERABLE;
558 if (lmp_bredr_capable(hdev)) {
559 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
560 settings |= MGMT_SETTING_FAST_CONNECTABLE;
561 settings |= MGMT_SETTING_BREDR;
562 settings |= MGMT_SETTING_LINK_SECURITY;
564 if (lmp_ssp_capable(hdev)) {
565 settings |= MGMT_SETTING_SSP;
566 settings |= MGMT_SETTING_HS;
569 if (lmp_sc_capable(hdev) ||
570 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
571 settings |= MGMT_SETTING_SECURE_CONN;
574 if (lmp_le_capable(hdev)) {
575 settings |= MGMT_SETTING_LE;
576 settings |= MGMT_SETTING_ADVERTISING;
577 settings |= MGMT_SETTING_PRIVACY;
580 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
582 settings |= MGMT_SETTING_CONFIGURATION;
587 static u32 get_current_settings(struct hci_dev *hdev)
591 if (hdev_is_powered(hdev))
592 settings |= MGMT_SETTING_POWERED;
594 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
595 settings |= MGMT_SETTING_CONNECTABLE;
597 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
598 settings |= MGMT_SETTING_FAST_CONNECTABLE;
600 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
601 settings |= MGMT_SETTING_DISCOVERABLE;
603 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
604 settings |= MGMT_SETTING_BONDABLE;
606 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
607 settings |= MGMT_SETTING_BREDR;
609 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
610 settings |= MGMT_SETTING_LE;
612 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
613 settings |= MGMT_SETTING_LINK_SECURITY;
615 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
616 settings |= MGMT_SETTING_SSP;
618 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
619 settings |= MGMT_SETTING_HS;
621 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
622 settings |= MGMT_SETTING_ADVERTISING;
624 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
625 settings |= MGMT_SETTING_SECURE_CONN;
627 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
628 settings |= MGMT_SETTING_DEBUG_KEYS;
630 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
631 settings |= MGMT_SETTING_PRIVACY;
636 #define PNP_INFO_SVCLASS_ID 0x1200
638 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
640 u8 *ptr = data, *uuids_start = NULL;
641 struct bt_uuid *uuid;
646 list_for_each_entry(uuid, &hdev->uuids, list) {
649 if (uuid->size != 16)
652 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
656 if (uuid16 == PNP_INFO_SVCLASS_ID)
662 uuids_start[1] = EIR_UUID16_ALL;
666 /* Stop if not enough space to put next UUID */
667 if ((ptr - data) + sizeof(u16) > len) {
668 uuids_start[1] = EIR_UUID16_SOME;
672 *ptr++ = (uuid16 & 0x00ff);
673 *ptr++ = (uuid16 & 0xff00) >> 8;
674 uuids_start[0] += sizeof(uuid16);
680 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
682 u8 *ptr = data, *uuids_start = NULL;
683 struct bt_uuid *uuid;
688 list_for_each_entry(uuid, &hdev->uuids, list) {
689 if (uuid->size != 32)
695 uuids_start[1] = EIR_UUID32_ALL;
699 /* Stop if not enough space to put next UUID */
700 if ((ptr - data) + sizeof(u32) > len) {
701 uuids_start[1] = EIR_UUID32_SOME;
705 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
707 uuids_start[0] += sizeof(u32);
713 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
715 u8 *ptr = data, *uuids_start = NULL;
716 struct bt_uuid *uuid;
721 list_for_each_entry(uuid, &hdev->uuids, list) {
722 if (uuid->size != 128)
728 uuids_start[1] = EIR_UUID128_ALL;
732 /* Stop if not enough space to put next UUID */
733 if ((ptr - data) + 16 > len) {
734 uuids_start[1] = EIR_UUID128_SOME;
738 memcpy(ptr, uuid->uuid, 16);
740 uuids_start[0] += 16;
746 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
748 struct pending_cmd *cmd;
750 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
751 if (cmd->opcode == opcode)
758 static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
759 struct hci_dev *hdev,
762 struct pending_cmd *cmd;
764 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
765 if (cmd->user_data != data)
767 if (cmd->opcode == opcode)
774 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
779 name_len = strlen(hdev->dev_name);
781 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
783 if (name_len > max_len) {
785 ptr[1] = EIR_NAME_SHORT;
787 ptr[1] = EIR_NAME_COMPLETE;
789 ptr[0] = name_len + 1;
791 memcpy(ptr + 2, hdev->dev_name, name_len);
793 ad_len += (name_len + 2);
794 ptr += (name_len + 2);
800 static void update_scan_rsp_data(struct hci_request *req)
802 struct hci_dev *hdev = req->hdev;
803 struct hci_cp_le_set_scan_rsp_data cp;
806 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
809 memset(&cp, 0, sizeof(cp));
811 len = create_scan_rsp_data(hdev, cp.data);
813 if (hdev->scan_rsp_data_len == len &&
814 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
817 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
818 hdev->scan_rsp_data_len = len;
822 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
825 static u8 get_adv_discov_flags(struct hci_dev *hdev)
827 struct pending_cmd *cmd;
829 /* If there's a pending mgmt command the flags will not yet have
830 * their final values, so check for this first.
832 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
834 struct mgmt_mode *cp = cmd->param;
836 return LE_AD_GENERAL;
837 else if (cp->val == 0x02)
838 return LE_AD_LIMITED;
840 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
841 return LE_AD_LIMITED;
842 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
843 return LE_AD_GENERAL;
849 static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
851 u8 ad_len = 0, flags = 0;
853 flags |= get_adv_discov_flags(hdev);
855 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
856 flags |= LE_AD_NO_BREDR;
859 BT_DBG("adv flags 0x%02x", flags);
869 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
871 ptr[1] = EIR_TX_POWER;
872 ptr[2] = (u8) hdev->adv_tx_power;
881 static void update_adv_data(struct hci_request *req)
883 struct hci_dev *hdev = req->hdev;
884 struct hci_cp_le_set_adv_data cp;
887 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
890 memset(&cp, 0, sizeof(cp));
892 len = create_adv_data(hdev, cp.data);
894 if (hdev->adv_data_len == len &&
895 memcmp(cp.data, hdev->adv_data, len) == 0)
898 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
899 hdev->adv_data_len = len;
903 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
906 int mgmt_update_adv_data(struct hci_dev *hdev)
908 struct hci_request req;
910 hci_req_init(&req, hdev);
911 update_adv_data(&req);
913 return hci_req_run(&req, NULL);
916 static void create_eir(struct hci_dev *hdev, u8 *data)
921 name_len = strlen(hdev->dev_name);
927 ptr[1] = EIR_NAME_SHORT;
929 ptr[1] = EIR_NAME_COMPLETE;
931 /* EIR Data length */
932 ptr[0] = name_len + 1;
934 memcpy(ptr + 2, hdev->dev_name, name_len);
936 ptr += (name_len + 2);
939 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
941 ptr[1] = EIR_TX_POWER;
942 ptr[2] = (u8) hdev->inq_tx_power;
947 if (hdev->devid_source > 0) {
949 ptr[1] = EIR_DEVICE_ID;
951 put_unaligned_le16(hdev->devid_source, ptr + 2);
952 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
953 put_unaligned_le16(hdev->devid_product, ptr + 6);
954 put_unaligned_le16(hdev->devid_version, ptr + 8);
959 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
960 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
961 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
964 static void update_eir(struct hci_request *req)
966 struct hci_dev *hdev = req->hdev;
967 struct hci_cp_write_eir cp;
969 if (!hdev_is_powered(hdev))
972 if (!lmp_ext_inq_capable(hdev))
975 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
978 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
981 memset(&cp, 0, sizeof(cp));
983 create_eir(hdev, cp.data);
985 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
988 memcpy(hdev->eir, cp.data, sizeof(cp.data));
990 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
993 static u8 get_service_classes(struct hci_dev *hdev)
995 struct bt_uuid *uuid;
998 list_for_each_entry(uuid, &hdev->uuids, list)
999 val |= uuid->svc_hint;
1004 static void update_class(struct hci_request *req)
1006 struct hci_dev *hdev = req->hdev;
1009 BT_DBG("%s", hdev->name);
1011 if (!hdev_is_powered(hdev))
1014 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1017 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1020 cod[0] = hdev->minor_class;
1021 cod[1] = hdev->major_class;
1022 cod[2] = get_service_classes(hdev);
1024 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1027 if (memcmp(cod, hdev->dev_class, 3) == 0)
1030 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1033 static bool get_connectable(struct hci_dev *hdev)
1035 struct pending_cmd *cmd;
1037 /* If there's a pending mgmt command the flag will not yet have
1038 * it's final value, so check for this first.
1040 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1042 struct mgmt_mode *cp = cmd->param;
1046 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1049 static void disable_advertising(struct hci_request *req)
1053 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1056 static void enable_advertising(struct hci_request *req)
1058 struct hci_dev *hdev = req->hdev;
1059 struct hci_cp_le_set_adv_param cp;
1060 u8 own_addr_type, enable = 0x01;
1063 if (hci_conn_num(hdev, LE_LINK) > 0)
1066 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1067 disable_advertising(req);
1069 /* Clear the HCI_LE_ADV bit temporarily so that the
1070 * hci_update_random_address knows that it's safe to go ahead
1071 * and write a new random address. The flag will be set back on
1072 * as soon as the SET_ADV_ENABLE HCI command completes.
1074 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
1076 connectable = get_connectable(hdev);
1078 /* Set require_privacy to true only when non-connectable
1079 * advertising is used. In that case it is fine to use a
1080 * non-resolvable private address.
1082 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1085 memset(&cp, 0, sizeof(cp));
1086 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1087 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1088 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1089 cp.own_address_type = own_addr_type;
1090 cp.channel_map = hdev->le_adv_channel_map;
1092 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1094 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1097 static void service_cache_off(struct work_struct *work)
1099 struct hci_dev *hdev = container_of(work, struct hci_dev,
1100 service_cache.work);
1101 struct hci_request req;
1103 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1106 hci_req_init(&req, hdev);
1113 hci_dev_unlock(hdev);
1115 hci_req_run(&req, NULL);
1118 static void rpa_expired(struct work_struct *work)
1120 struct hci_dev *hdev = container_of(work, struct hci_dev,
1122 struct hci_request req;
1126 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1128 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1131 /* The generation of a new RPA and programming it into the
1132 * controller happens in the enable_advertising() function.
1134 hci_req_init(&req, hdev);
1135 enable_advertising(&req);
1136 hci_req_run(&req, NULL);
1139 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1141 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
1144 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1145 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1147 /* Non-mgmt controlled devices get this bit set
1148 * implicitly so that pairing works for them, however
1149 * for mgmt we require user-space to explicitly enable
1152 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1155 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1156 void *data, u16 data_len)
1158 struct mgmt_rp_read_info rp;
1160 BT_DBG("sock %p %s", sk, hdev->name);
1164 memset(&rp, 0, sizeof(rp));
1166 bacpy(&rp.bdaddr, &hdev->bdaddr);
1168 rp.version = hdev->hci_ver;
1169 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1171 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1172 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1174 memcpy(rp.dev_class, hdev->dev_class, 3);
1176 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1177 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1179 hci_dev_unlock(hdev);
1181 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1185 static void mgmt_pending_free(struct pending_cmd *cmd)
1192 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1193 struct hci_dev *hdev, void *data,
1196 struct pending_cmd *cmd;
1198 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1202 cmd->opcode = opcode;
1203 cmd->index = hdev->id;
1205 cmd->param = kmalloc(len, GFP_KERNEL);
1212 memcpy(cmd->param, data, len);
1217 list_add(&cmd->list, &hdev->mgmt_pending);
1222 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
1223 void (*cb)(struct pending_cmd *cmd,
1227 struct pending_cmd *cmd, *tmp;
1229 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
1230 if (opcode > 0 && cmd->opcode != opcode)
1237 static void mgmt_pending_remove(struct pending_cmd *cmd)
1239 list_del(&cmd->list);
1240 mgmt_pending_free(cmd);
1243 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1245 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1247 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
1251 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1253 BT_DBG("%s status 0x%02x", hdev->name, status);
1255 if (hci_conn_count(hdev) == 0) {
1256 cancel_delayed_work(&hdev->power_off);
1257 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1261 static bool hci_stop_discovery(struct hci_request *req)
1263 struct hci_dev *hdev = req->hdev;
1264 struct hci_cp_remote_name_req_cancel cp;
1265 struct inquiry_entry *e;
1267 switch (hdev->discovery.state) {
1268 case DISCOVERY_FINDING:
1269 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1270 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1272 cancel_delayed_work(&hdev->le_scan_disable);
1273 hci_req_add_le_scan_disable(req);
1278 case DISCOVERY_RESOLVING:
1279 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1284 bacpy(&cp.bdaddr, &e->data.bdaddr);
1285 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1291 /* Passive scanning */
1292 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
1293 hci_req_add_le_scan_disable(req);
1303 static int clean_up_hci_state(struct hci_dev *hdev)
1305 struct hci_request req;
1306 struct hci_conn *conn;
1307 bool discov_stopped;
1310 hci_req_init(&req, hdev);
1312 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1313 test_bit(HCI_PSCAN, &hdev->flags)) {
1315 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1318 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1319 disable_advertising(&req);
1321 discov_stopped = hci_stop_discovery(&req);
1323 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1324 struct hci_cp_disconnect dc;
1325 struct hci_cp_reject_conn_req rej;
1327 switch (conn->state) {
1330 dc.handle = cpu_to_le16(conn->handle);
1331 dc.reason = 0x15; /* Terminated due to Power Off */
1332 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1335 if (conn->type == LE_LINK)
1336 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1338 else if (conn->type == ACL_LINK)
1339 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1343 bacpy(&rej.bdaddr, &conn->dst);
1344 rej.reason = 0x15; /* Terminated due to Power Off */
1345 if (conn->type == ACL_LINK)
1346 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1348 else if (conn->type == SCO_LINK)
1349 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1355 err = hci_req_run(&req, clean_up_hci_complete);
1356 if (!err && discov_stopped)
1357 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1362 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1365 struct mgmt_mode *cp = data;
1366 struct pending_cmd *cmd;
1369 BT_DBG("request for %s", hdev->name);
1371 if (cp->val != 0x00 && cp->val != 0x01)
1372 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1373 MGMT_STATUS_INVALID_PARAMS);
1377 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1378 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1383 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1384 cancel_delayed_work(&hdev->power_off);
1387 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1389 err = mgmt_powered(hdev, 1);
1394 if (!!cp->val == hdev_is_powered(hdev)) {
1395 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1399 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1406 queue_work(hdev->req_workqueue, &hdev->power_on);
1409 /* Disconnect connections, stop scans, etc */
1410 err = clean_up_hci_state(hdev);
1412 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1413 HCI_POWER_OFF_TIMEOUT);
1415 /* ENODATA means there were no HCI commands queued */
1416 if (err == -ENODATA) {
1417 cancel_delayed_work(&hdev->power_off);
1418 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1424 hci_dev_unlock(hdev);
1428 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1432 ev = cpu_to_le32(get_current_settings(hdev));
1434 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1437 int mgmt_new_settings(struct hci_dev *hdev)
1439 return new_settings(hdev, NULL);
1444 struct hci_dev *hdev;
1448 static void settings_rsp(struct pending_cmd *cmd, void *data)
1450 struct cmd_lookup *match = data;
1452 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1454 list_del(&cmd->list);
1456 if (match->sk == NULL) {
1457 match->sk = cmd->sk;
1458 sock_hold(match->sk);
1461 mgmt_pending_free(cmd);
1464 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1468 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1469 mgmt_pending_remove(cmd);
1472 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1474 if (!lmp_bredr_capable(hdev))
1475 return MGMT_STATUS_NOT_SUPPORTED;
1476 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1477 return MGMT_STATUS_REJECTED;
1479 return MGMT_STATUS_SUCCESS;
1482 static u8 mgmt_le_support(struct hci_dev *hdev)
1484 if (!lmp_le_capable(hdev))
1485 return MGMT_STATUS_NOT_SUPPORTED;
1486 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1487 return MGMT_STATUS_REJECTED;
1489 return MGMT_STATUS_SUCCESS;
1492 static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1494 struct pending_cmd *cmd;
1495 struct mgmt_mode *cp;
1496 struct hci_request req;
1499 BT_DBG("status 0x%02x", status);
1503 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1508 u8 mgmt_err = mgmt_status(status);
1509 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1510 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1516 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1519 if (hdev->discov_timeout > 0) {
1520 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1521 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1525 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1529 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1532 new_settings(hdev, cmd->sk);
1534 /* When the discoverable mode gets changed, make sure
1535 * that class of device has the limited discoverable
1536 * bit correctly set. Also update page scan based on whitelist
1539 hci_req_init(&req, hdev);
1540 hci_update_page_scan(hdev, &req);
1542 hci_req_run(&req, NULL);
1545 mgmt_pending_remove(cmd);
1548 hci_dev_unlock(hdev);
1551 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1554 struct mgmt_cp_set_discoverable *cp = data;
1555 struct pending_cmd *cmd;
1556 struct hci_request req;
1561 BT_DBG("request for %s", hdev->name);
1563 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1564 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1565 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1566 MGMT_STATUS_REJECTED);
1568 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1569 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1570 MGMT_STATUS_INVALID_PARAMS);
1572 timeout = __le16_to_cpu(cp->timeout);
1574 /* Disabling discoverable requires that no timeout is set,
1575 * and enabling limited discoverable requires a timeout.
1577 if ((cp->val == 0x00 && timeout > 0) ||
1578 (cp->val == 0x02 && timeout == 0))
1579 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1580 MGMT_STATUS_INVALID_PARAMS);
1584 if (!hdev_is_powered(hdev) && timeout > 0) {
1585 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1586 MGMT_STATUS_NOT_POWERED);
1590 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1591 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1592 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1597 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1598 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1599 MGMT_STATUS_REJECTED);
1603 if (!hdev_is_powered(hdev)) {
1604 bool changed = false;
1606 /* Setting limited discoverable when powered off is
1607 * not a valid operation since it requires a timeout
1608 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1610 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1611 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1615 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1620 err = new_settings(hdev, sk);
1625 /* If the current mode is the same, then just update the timeout
1626 * value with the new value. And if only the timeout gets updated,
1627 * then no need for any HCI transactions.
1629 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1630 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1631 &hdev->dev_flags)) {
1632 cancel_delayed_work(&hdev->discov_off);
1633 hdev->discov_timeout = timeout;
1635 if (cp->val && hdev->discov_timeout > 0) {
1636 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1637 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1641 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1645 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1651 /* Cancel any potential discoverable timeout that might be
1652 * still active and store new timeout value. The arming of
1653 * the timeout happens in the complete handler.
1655 cancel_delayed_work(&hdev->discov_off);
1656 hdev->discov_timeout = timeout;
1658 /* Limited discoverable mode */
1659 if (cp->val == 0x02)
1660 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1662 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1664 hci_req_init(&req, hdev);
1666 /* The procedure for LE-only controllers is much simpler - just
1667 * update the advertising data.
1669 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1675 struct hci_cp_write_current_iac_lap hci_cp;
1677 if (cp->val == 0x02) {
1678 /* Limited discoverable mode */
1679 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1680 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1681 hci_cp.iac_lap[1] = 0x8b;
1682 hci_cp.iac_lap[2] = 0x9e;
1683 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1684 hci_cp.iac_lap[4] = 0x8b;
1685 hci_cp.iac_lap[5] = 0x9e;
1687 /* General discoverable mode */
1689 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1690 hci_cp.iac_lap[1] = 0x8b;
1691 hci_cp.iac_lap[2] = 0x9e;
1694 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1695 (hci_cp.num_iac * 3) + 1, &hci_cp);
1697 scan |= SCAN_INQUIRY;
1699 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1702 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1705 update_adv_data(&req);
1707 err = hci_req_run(&req, set_discoverable_complete);
1709 mgmt_pending_remove(cmd);
1712 hci_dev_unlock(hdev);
1716 static void write_fast_connectable(struct hci_request *req, bool enable)
1718 struct hci_dev *hdev = req->hdev;
1719 struct hci_cp_write_page_scan_activity acp;
1722 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1725 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1729 type = PAGE_SCAN_TYPE_INTERLACED;
1731 /* 160 msec page scan interval */
1732 acp.interval = cpu_to_le16(0x0100);
1734 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1736 /* default 1.28 sec page scan */
1737 acp.interval = cpu_to_le16(0x0800);
1740 acp.window = cpu_to_le16(0x0012);
1742 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1743 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1744 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1747 if (hdev->page_scan_type != type)
1748 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1751 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1753 struct pending_cmd *cmd;
1754 struct mgmt_mode *cp;
1755 bool conn_changed, discov_changed;
1757 BT_DBG("status 0x%02x", status);
1761 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1766 u8 mgmt_err = mgmt_status(status);
1767 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1773 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1775 discov_changed = false;
1777 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1779 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1783 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1785 if (conn_changed || discov_changed) {
1786 new_settings(hdev, cmd->sk);
1787 hci_update_page_scan(hdev, NULL);
1789 mgmt_update_adv_data(hdev);
1790 hci_update_background_scan(hdev);
1794 mgmt_pending_remove(cmd);
1797 hci_dev_unlock(hdev);
1800 static int set_connectable_update_settings(struct hci_dev *hdev,
1801 struct sock *sk, u8 val)
1803 bool changed = false;
1806 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1810 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1812 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1813 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1816 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1821 hci_update_page_scan(hdev, NULL);
1822 hci_update_background_scan(hdev);
1823 return new_settings(hdev, sk);
1829 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1832 struct mgmt_mode *cp = data;
1833 struct pending_cmd *cmd;
1834 struct hci_request req;
1838 BT_DBG("request for %s", hdev->name);
1840 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1841 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1842 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1843 MGMT_STATUS_REJECTED);
1845 if (cp->val != 0x00 && cp->val != 0x01)
1846 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1847 MGMT_STATUS_INVALID_PARAMS);
1851 if (!hdev_is_powered(hdev)) {
1852 err = set_connectable_update_settings(hdev, sk, cp->val);
1856 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1857 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1858 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1863 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1869 hci_req_init(&req, hdev);
1871 /* If BR/EDR is not enabled and we disable advertising as a
1872 * by-product of disabling connectable, we need to update the
1873 * advertising flags.
1875 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1877 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1878 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1880 update_adv_data(&req);
1881 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1885 /* If we don't have any whitelist entries just
1886 * disable all scanning. If there are entries
1887 * and we had both page and inquiry scanning
1888 * enabled then fall back to only page scanning.
1889 * Otherwise no changes are needed.
1891 if (list_empty(&hdev->whitelist))
1892 scan = SCAN_DISABLED;
1893 else if (test_bit(HCI_ISCAN, &hdev->flags))
1896 goto no_scan_update;
1898 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1899 hdev->discov_timeout > 0)
1900 cancel_delayed_work(&hdev->discov_off);
1903 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1907 /* If we're going from non-connectable to connectable or
1908 * vice-versa when fast connectable is enabled ensure that fast
1909 * connectable gets disabled. write_fast_connectable won't do
1910 * anything if the page scan parameters are already what they
1913 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1914 write_fast_connectable(&req, false);
1916 /* Update the advertising parameters if necessary */
1917 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1918 enable_advertising(&req);
1920 err = hci_req_run(&req, set_connectable_complete);
1922 mgmt_pending_remove(cmd);
1923 if (err == -ENODATA)
1924 err = set_connectable_update_settings(hdev, sk,
1930 hci_dev_unlock(hdev);
1934 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1937 struct mgmt_mode *cp = data;
1941 BT_DBG("request for %s", hdev->name);
1943 if (cp->val != 0x00 && cp->val != 0x01)
1944 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1945 MGMT_STATUS_INVALID_PARAMS);
1950 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
1952 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1954 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1959 err = new_settings(hdev, sk);
1962 hci_dev_unlock(hdev);
1966 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1969 struct mgmt_mode *cp = data;
1970 struct pending_cmd *cmd;
1974 BT_DBG("request for %s", hdev->name);
1976 status = mgmt_bredr_support(hdev);
1978 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1981 if (cp->val != 0x00 && cp->val != 0x01)
1982 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1983 MGMT_STATUS_INVALID_PARAMS);
1987 if (!hdev_is_powered(hdev)) {
1988 bool changed = false;
1990 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1991 &hdev->dev_flags)) {
1992 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1996 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2001 err = new_settings(hdev, sk);
2006 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2007 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2014 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2015 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2019 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2025 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2027 mgmt_pending_remove(cmd);
2032 hci_dev_unlock(hdev);
2036 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2038 struct mgmt_mode *cp = data;
2039 struct pending_cmd *cmd;
2043 BT_DBG("request for %s", hdev->name);
2045 status = mgmt_bredr_support(hdev);
2047 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2049 if (!lmp_ssp_capable(hdev))
2050 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2051 MGMT_STATUS_NOT_SUPPORTED);
2053 if (cp->val != 0x00 && cp->val != 0x01)
2054 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2055 MGMT_STATUS_INVALID_PARAMS);
2059 if (!hdev_is_powered(hdev)) {
2063 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2066 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2069 changed = test_and_clear_bit(HCI_HS_ENABLED,
2072 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2075 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2080 err = new_settings(hdev, sk);
2085 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2086 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
2087 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2092 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2093 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2097 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2103 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2104 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2105 sizeof(cp->val), &cp->val);
2107 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2109 mgmt_pending_remove(cmd);
2114 hci_dev_unlock(hdev);
2118 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2120 struct mgmt_mode *cp = data;
2125 BT_DBG("request for %s", hdev->name);
2127 status = mgmt_bredr_support(hdev);
2129 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2131 if (!lmp_ssp_capable(hdev))
2132 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2133 MGMT_STATUS_NOT_SUPPORTED);
2135 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2136 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2137 MGMT_STATUS_REJECTED);
2139 if (cp->val != 0x00 && cp->val != 0x01)
2140 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2141 MGMT_STATUS_INVALID_PARAMS);
2146 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2148 if (hdev_is_powered(hdev)) {
2149 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2150 MGMT_STATUS_REJECTED);
2154 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2157 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2162 err = new_settings(hdev, sk);
2165 hci_dev_unlock(hdev);
2169 static void le_enable_complete(struct hci_dev *hdev, u8 status)
2171 struct cmd_lookup match = { NULL, hdev };
2174 u8 mgmt_err = mgmt_status(status);
2176 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2181 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2183 new_settings(hdev, match.sk);
2188 /* Make sure the controller has a good default for
2189 * advertising data. Restrict the update to when LE
2190 * has actually been enabled. During power on, the
2191 * update in powered_update_hci will take care of it.
2193 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2194 struct hci_request req;
2198 hci_req_init(&req, hdev);
2199 update_adv_data(&req);
2200 update_scan_rsp_data(&req);
2201 hci_req_run(&req, NULL);
2203 hci_update_background_scan(hdev);
2205 hci_dev_unlock(hdev);
2209 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2211 struct mgmt_mode *cp = data;
2212 struct hci_cp_write_le_host_supported hci_cp;
2213 struct pending_cmd *cmd;
2214 struct hci_request req;
2218 BT_DBG("request for %s", hdev->name);
2220 if (!lmp_le_capable(hdev))
2221 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2222 MGMT_STATUS_NOT_SUPPORTED);
2224 if (cp->val != 0x00 && cp->val != 0x01)
2225 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2226 MGMT_STATUS_INVALID_PARAMS);
2228 /* LE-only devices do not allow toggling LE on/off */
2229 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
2230 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2231 MGMT_STATUS_REJECTED);
2236 enabled = lmp_host_le_capable(hdev);
2238 if (!hdev_is_powered(hdev) || val == enabled) {
2239 bool changed = false;
2241 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2242 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2246 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2247 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
2251 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2256 err = new_settings(hdev, sk);
2261 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2262 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2263 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2268 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2274 hci_req_init(&req, hdev);
2276 memset(&hci_cp, 0, sizeof(hci_cp));
2280 hci_cp.simul = 0x00;
2282 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
2283 disable_advertising(&req);
2286 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2289 err = hci_req_run(&req, le_enable_complete);
2291 mgmt_pending_remove(cmd);
2294 hci_dev_unlock(hdev);
2298 /* This is a helper function to test for pending mgmt commands that can
2299 * cause CoD or EIR HCI commands. We can only allow one such pending
2300 * mgmt command at a time since otherwise we cannot easily track what
2301 * the current values are, will be, and based on that calculate if a new
2302 * HCI command needs to be sent and if yes with what value.
2304 static bool pending_eir_or_class(struct hci_dev *hdev)
2306 struct pending_cmd *cmd;
2308 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2309 switch (cmd->opcode) {
2310 case MGMT_OP_ADD_UUID:
2311 case MGMT_OP_REMOVE_UUID:
2312 case MGMT_OP_SET_DEV_CLASS:
2313 case MGMT_OP_SET_POWERED:
2321 static const u8 bluetooth_base_uuid[] = {
2322 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2323 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2326 static u8 get_uuid_size(const u8 *uuid)
2330 if (memcmp(uuid, bluetooth_base_uuid, 12))
2333 val = get_unaligned_le32(&uuid[12]);
2340 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2342 struct pending_cmd *cmd;
2346 cmd = mgmt_pending_find(mgmt_op, hdev);
2350 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2351 hdev->dev_class, 3);
2353 mgmt_pending_remove(cmd);
2356 hci_dev_unlock(hdev);
2359 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2361 BT_DBG("status 0x%02x", status);
2363 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2366 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2368 struct mgmt_cp_add_uuid *cp = data;
2369 struct pending_cmd *cmd;
2370 struct hci_request req;
2371 struct bt_uuid *uuid;
2374 BT_DBG("request for %s", hdev->name);
2378 if (pending_eir_or_class(hdev)) {
2379 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2384 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2390 memcpy(uuid->uuid, cp->uuid, 16);
2391 uuid->svc_hint = cp->svc_hint;
2392 uuid->size = get_uuid_size(cp->uuid);
2394 list_add_tail(&uuid->list, &hdev->uuids);
2396 hci_req_init(&req, hdev);
2401 err = hci_req_run(&req, add_uuid_complete);
2403 if (err != -ENODATA)
2406 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2407 hdev->dev_class, 3);
2411 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2420 hci_dev_unlock(hdev);
2424 static bool enable_service_cache(struct hci_dev *hdev)
2426 if (!hdev_is_powered(hdev))
2429 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2430 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2438 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2440 BT_DBG("status 0x%02x", status);
2442 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2445 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2448 struct mgmt_cp_remove_uuid *cp = data;
2449 struct pending_cmd *cmd;
2450 struct bt_uuid *match, *tmp;
2451 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2452 struct hci_request req;
2455 BT_DBG("request for %s", hdev->name);
2459 if (pending_eir_or_class(hdev)) {
2460 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2465 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2466 hci_uuids_clear(hdev);
2468 if (enable_service_cache(hdev)) {
2469 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2470 0, hdev->dev_class, 3);
2479 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2480 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2483 list_del(&match->list);
2489 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2490 MGMT_STATUS_INVALID_PARAMS);
2495 hci_req_init(&req, hdev);
2500 err = hci_req_run(&req, remove_uuid_complete);
2502 if (err != -ENODATA)
2505 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2506 hdev->dev_class, 3);
2510 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2519 hci_dev_unlock(hdev);
2523 static void set_class_complete(struct hci_dev *hdev, u8 status)
2525 BT_DBG("status 0x%02x", status);
2527 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2530 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2533 struct mgmt_cp_set_dev_class *cp = data;
2534 struct pending_cmd *cmd;
2535 struct hci_request req;
2538 BT_DBG("request for %s", hdev->name);
2540 if (!lmp_bredr_capable(hdev))
2541 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2542 MGMT_STATUS_NOT_SUPPORTED);
2546 if (pending_eir_or_class(hdev)) {
2547 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2552 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2553 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2554 MGMT_STATUS_INVALID_PARAMS);
2558 hdev->major_class = cp->major;
2559 hdev->minor_class = cp->minor;
2561 if (!hdev_is_powered(hdev)) {
2562 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2563 hdev->dev_class, 3);
2567 hci_req_init(&req, hdev);
2569 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2570 hci_dev_unlock(hdev);
2571 cancel_delayed_work_sync(&hdev->service_cache);
2578 err = hci_req_run(&req, set_class_complete);
2580 if (err != -ENODATA)
2583 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2584 hdev->dev_class, 3);
2588 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2597 hci_dev_unlock(hdev);
2601 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2604 struct mgmt_cp_load_link_keys *cp = data;
2605 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2606 sizeof(struct mgmt_link_key_info));
2607 u16 key_count, expected_len;
2611 BT_DBG("request for %s", hdev->name);
2613 if (!lmp_bredr_capable(hdev))
2614 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2615 MGMT_STATUS_NOT_SUPPORTED);
2617 key_count = __le16_to_cpu(cp->key_count);
2618 if (key_count > max_key_count) {
2619 BT_ERR("load_link_keys: too big key_count value %u",
2621 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2622 MGMT_STATUS_INVALID_PARAMS);
2625 expected_len = sizeof(*cp) + key_count *
2626 sizeof(struct mgmt_link_key_info);
2627 if (expected_len != len) {
2628 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2630 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2631 MGMT_STATUS_INVALID_PARAMS);
2634 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2635 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2636 MGMT_STATUS_INVALID_PARAMS);
2638 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2641 for (i = 0; i < key_count; i++) {
2642 struct mgmt_link_key_info *key = &cp->keys[i];
2644 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2645 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2646 MGMT_STATUS_INVALID_PARAMS);
2651 hci_link_keys_clear(hdev);
2654 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2657 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2661 new_settings(hdev, NULL);
2663 for (i = 0; i < key_count; i++) {
2664 struct mgmt_link_key_info *key = &cp->keys[i];
2666 /* Always ignore debug keys and require a new pairing if
2667 * the user wants to use them.
2669 if (key->type == HCI_LK_DEBUG_COMBINATION)
2672 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2673 key->type, key->pin_len, NULL);
2676 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2678 hci_dev_unlock(hdev);
2683 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2684 u8 addr_type, struct sock *skip_sk)
2686 struct mgmt_ev_device_unpaired ev;
2688 bacpy(&ev.addr.bdaddr, bdaddr);
2689 ev.addr.type = addr_type;
2691 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2695 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2698 struct mgmt_cp_unpair_device *cp = data;
2699 struct mgmt_rp_unpair_device rp;
2700 struct hci_cp_disconnect dc;
2701 struct pending_cmd *cmd;
2702 struct hci_conn *conn;
2705 memset(&rp, 0, sizeof(rp));
2706 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2707 rp.addr.type = cp->addr.type;
2709 if (!bdaddr_type_is_valid(cp->addr.type))
2710 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2711 MGMT_STATUS_INVALID_PARAMS,
2714 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2715 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2716 MGMT_STATUS_INVALID_PARAMS,
2721 if (!hdev_is_powered(hdev)) {
2722 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2723 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2727 if (cp->addr.type == BDADDR_BREDR) {
2728 /* If disconnection is requested, then look up the
2729 * connection. If the remote device is connected, it
2730 * will be later used to terminate the link.
2732 * Setting it to NULL explicitly will cause no
2733 * termination of the link.
2736 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2741 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2745 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2748 /* Defer clearing up the connection parameters
2749 * until closing to give a chance of keeping
2750 * them if a repairing happens.
2752 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2754 /* If disconnection is not requested, then
2755 * clear the connection variable so that the
2756 * link is not terminated.
2758 if (!cp->disconnect)
2762 if (cp->addr.type == BDADDR_LE_PUBLIC)
2763 addr_type = ADDR_LE_DEV_PUBLIC;
2765 addr_type = ADDR_LE_DEV_RANDOM;
2767 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2769 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2773 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2774 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2778 /* If the connection variable is set, then termination of the
2779 * link is requested.
2782 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2784 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2788 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2795 dc.handle = cpu_to_le16(conn->handle);
2796 dc.reason = 0x13; /* Remote User Terminated Connection */
2797 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2799 mgmt_pending_remove(cmd);
2802 hci_dev_unlock(hdev);
2806 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2809 struct mgmt_cp_disconnect *cp = data;
2810 struct mgmt_rp_disconnect rp;
2811 struct pending_cmd *cmd;
2812 struct hci_conn *conn;
2817 memset(&rp, 0, sizeof(rp));
2818 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2819 rp.addr.type = cp->addr.type;
2821 if (!bdaddr_type_is_valid(cp->addr.type))
2822 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2823 MGMT_STATUS_INVALID_PARAMS,
2828 if (!test_bit(HCI_UP, &hdev->flags)) {
2829 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2830 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2834 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2835 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2836 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2840 if (cp->addr.type == BDADDR_BREDR)
2841 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2844 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2846 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2847 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2848 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2852 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2858 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
2860 mgmt_pending_remove(cmd);
2863 hci_dev_unlock(hdev);
2867 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2869 switch (link_type) {
2871 switch (addr_type) {
2872 case ADDR_LE_DEV_PUBLIC:
2873 return BDADDR_LE_PUBLIC;
2876 /* Fallback to LE Random address type */
2877 return BDADDR_LE_RANDOM;
2881 /* Fallback to BR/EDR type */
2882 return BDADDR_BREDR;
2886 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2889 struct mgmt_rp_get_connections *rp;
2899 if (!hdev_is_powered(hdev)) {
2900 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2901 MGMT_STATUS_NOT_POWERED);
2906 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2907 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2911 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2912 rp = kmalloc(rp_len, GFP_KERNEL);
2919 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2920 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2922 bacpy(&rp->addr[i].bdaddr, &c->dst);
2923 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2924 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2929 rp->conn_count = cpu_to_le16(i);
2931 /* Recalculate length in case of filtered SCO connections, etc */
2932 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2934 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2940 hci_dev_unlock(hdev);
2944 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2945 struct mgmt_cp_pin_code_neg_reply *cp)
2947 struct pending_cmd *cmd;
2950 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2955 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2956 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2958 mgmt_pending_remove(cmd);
2963 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2966 struct hci_conn *conn;
2967 struct mgmt_cp_pin_code_reply *cp = data;
2968 struct hci_cp_pin_code_reply reply;
2969 struct pending_cmd *cmd;
2976 if (!hdev_is_powered(hdev)) {
2977 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2978 MGMT_STATUS_NOT_POWERED);
2982 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2984 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2985 MGMT_STATUS_NOT_CONNECTED);
2989 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2990 struct mgmt_cp_pin_code_neg_reply ncp;
2992 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2994 BT_ERR("PIN code is not 16 bytes long");
2996 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2998 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2999 MGMT_STATUS_INVALID_PARAMS);
3004 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
3010 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
3011 reply.pin_len = cp->pin_len;
3012 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
3014 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3016 mgmt_pending_remove(cmd);
3019 hci_dev_unlock(hdev);
3023 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3026 struct mgmt_cp_set_io_capability *cp = data;
3030 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3031 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3032 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3036 hdev->io_capability = cp->io_capability;
3038 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3039 hdev->io_capability);
3041 hci_dev_unlock(hdev);
3043 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3047 static struct pending_cmd *find_pairing(struct hci_conn *conn)
3049 struct hci_dev *hdev = conn->hdev;
3050 struct pending_cmd *cmd;
3052 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3053 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3056 if (cmd->user_data != conn)
3065 static void pairing_complete(struct pending_cmd *cmd, u8 status)
3067 struct mgmt_rp_pair_device rp;
3068 struct hci_conn *conn = cmd->user_data;
3070 bacpy(&rp.addr.bdaddr, &conn->dst);
3071 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3073 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
3076 /* So we don't get further callbacks for this connection */
3077 conn->connect_cfm_cb = NULL;
3078 conn->security_cfm_cb = NULL;
3079 conn->disconn_cfm_cb = NULL;
3081 hci_conn_drop(conn);
3084 mgmt_pending_remove(cmd);
3086 /* The device is paired so there is no need to remove
3087 * its connection parameters anymore.
3089 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3092 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3094 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3095 struct pending_cmd *cmd;
3097 cmd = find_pairing(conn);
3099 pairing_complete(cmd, status);
3102 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3104 struct pending_cmd *cmd;
3106 BT_DBG("status %u", status);
3108 cmd = find_pairing(conn);
3110 BT_DBG("Unable to find a pending command");
3112 pairing_complete(cmd, mgmt_status(status));
3115 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3117 struct pending_cmd *cmd;
3119 BT_DBG("status %u", status);
3124 cmd = find_pairing(conn);
3126 BT_DBG("Unable to find a pending command");
3128 pairing_complete(cmd, mgmt_status(status));
3131 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3134 struct mgmt_cp_pair_device *cp = data;
3135 struct mgmt_rp_pair_device rp;
3136 struct pending_cmd *cmd;
3137 u8 sec_level, auth_type;
3138 struct hci_conn *conn;
3143 memset(&rp, 0, sizeof(rp));
3144 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3145 rp.addr.type = cp->addr.type;
3147 if (!bdaddr_type_is_valid(cp->addr.type))
3148 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3149 MGMT_STATUS_INVALID_PARAMS,
3152 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3153 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3154 MGMT_STATUS_INVALID_PARAMS,
3159 if (!hdev_is_powered(hdev)) {
3160 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3161 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
3165 sec_level = BT_SECURITY_MEDIUM;
3166 auth_type = HCI_AT_DEDICATED_BONDING;
3168 if (cp->addr.type == BDADDR_BREDR) {
3169 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3174 /* Convert from L2CAP channel address type to HCI address type
3176 if (cp->addr.type == BDADDR_LE_PUBLIC)
3177 addr_type = ADDR_LE_DEV_PUBLIC;
3179 addr_type = ADDR_LE_DEV_RANDOM;
3181 /* When pairing a new device, it is expected to remember
3182 * this device for future connections. Adding the connection
3183 * parameter information ahead of time allows tracking
3184 * of the slave preferred values and will speed up any
3185 * further connection establishment.
3187 * If connection parameters already exist, then they
3188 * will be kept and this function does nothing.
3190 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3192 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3193 sec_level, HCI_LE_CONN_TIMEOUT,
3200 if (PTR_ERR(conn) == -EBUSY)
3201 status = MGMT_STATUS_BUSY;
3203 status = MGMT_STATUS_CONNECT_FAILED;
3205 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3211 if (conn->connect_cfm_cb) {
3212 hci_conn_drop(conn);
3213 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3214 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3218 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3221 hci_conn_drop(conn);
3225 /* For LE, just connecting isn't a proof that the pairing finished */
3226 if (cp->addr.type == BDADDR_BREDR) {
3227 conn->connect_cfm_cb = pairing_complete_cb;
3228 conn->security_cfm_cb = pairing_complete_cb;
3229 conn->disconn_cfm_cb = pairing_complete_cb;
3231 conn->connect_cfm_cb = le_pairing_complete_cb;
3232 conn->security_cfm_cb = le_pairing_complete_cb;
3233 conn->disconn_cfm_cb = le_pairing_complete_cb;
3236 conn->io_capability = cp->io_cap;
3237 cmd->user_data = hci_conn_get(conn);
3239 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3240 hci_conn_security(conn, sec_level, auth_type, true))
3241 pairing_complete(cmd, 0);
3246 hci_dev_unlock(hdev);
3250 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3253 struct mgmt_addr_info *addr = data;
3254 struct pending_cmd *cmd;
3255 struct hci_conn *conn;
3262 if (!hdev_is_powered(hdev)) {
3263 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3264 MGMT_STATUS_NOT_POWERED);
3268 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3270 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3271 MGMT_STATUS_INVALID_PARAMS);
3275 conn = cmd->user_data;
3277 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3278 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3279 MGMT_STATUS_INVALID_PARAMS);
3283 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3285 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3286 addr, sizeof(*addr));
3288 hci_dev_unlock(hdev);
3292 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3293 struct mgmt_addr_info *addr, u16 mgmt_op,
3294 u16 hci_op, __le32 passkey)
3296 struct pending_cmd *cmd;
3297 struct hci_conn *conn;
3302 if (!hdev_is_powered(hdev)) {
3303 err = cmd_complete(sk, hdev->id, mgmt_op,
3304 MGMT_STATUS_NOT_POWERED, addr,
3309 if (addr->type == BDADDR_BREDR)
3310 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3312 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3315 err = cmd_complete(sk, hdev->id, mgmt_op,
3316 MGMT_STATUS_NOT_CONNECTED, addr,
3321 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3322 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3324 err = cmd_complete(sk, hdev->id, mgmt_op,
3325 MGMT_STATUS_SUCCESS, addr,
3328 err = cmd_complete(sk, hdev->id, mgmt_op,
3329 MGMT_STATUS_FAILED, addr,
3335 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3341 /* Continue with pairing via HCI */
3342 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3343 struct hci_cp_user_passkey_reply cp;
3345 bacpy(&cp.bdaddr, &addr->bdaddr);
3346 cp.passkey = passkey;
3347 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3349 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3353 mgmt_pending_remove(cmd);
3356 hci_dev_unlock(hdev);
3360 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3361 void *data, u16 len)
3363 struct mgmt_cp_pin_code_neg_reply *cp = data;
3367 return user_pairing_resp(sk, hdev, &cp->addr,
3368 MGMT_OP_PIN_CODE_NEG_REPLY,
3369 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3372 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3375 struct mgmt_cp_user_confirm_reply *cp = data;
3379 if (len != sizeof(*cp))
3380 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3381 MGMT_STATUS_INVALID_PARAMS);
3383 return user_pairing_resp(sk, hdev, &cp->addr,
3384 MGMT_OP_USER_CONFIRM_REPLY,
3385 HCI_OP_USER_CONFIRM_REPLY, 0);
3388 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3389 void *data, u16 len)
3391 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3395 return user_pairing_resp(sk, hdev, &cp->addr,
3396 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3397 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3400 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3403 struct mgmt_cp_user_passkey_reply *cp = data;
3407 return user_pairing_resp(sk, hdev, &cp->addr,
3408 MGMT_OP_USER_PASSKEY_REPLY,
3409 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3412 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3413 void *data, u16 len)
3415 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3419 return user_pairing_resp(sk, hdev, &cp->addr,
3420 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3421 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3424 static void update_name(struct hci_request *req)
3426 struct hci_dev *hdev = req->hdev;
3427 struct hci_cp_write_local_name cp;
3429 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3431 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3434 static void set_name_complete(struct hci_dev *hdev, u8 status)
3436 struct mgmt_cp_set_local_name *cp;
3437 struct pending_cmd *cmd;
3439 BT_DBG("status 0x%02x", status);
3443 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3450 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3451 mgmt_status(status));
3453 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3456 mgmt_pending_remove(cmd);
3459 hci_dev_unlock(hdev);
3462 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3465 struct mgmt_cp_set_local_name *cp = data;
3466 struct pending_cmd *cmd;
3467 struct hci_request req;
3474 /* If the old values are the same as the new ones just return a
3475 * direct command complete event.
3477 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3478 !memcmp(hdev->short_name, cp->short_name,
3479 sizeof(hdev->short_name))) {
3480 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3485 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3487 if (!hdev_is_powered(hdev)) {
3488 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3490 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3495 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3501 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3507 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3509 hci_req_init(&req, hdev);
3511 if (lmp_bredr_capable(hdev)) {
3516 /* The name is stored in the scan response data and so
3517 * no need to udpate the advertising data here.
3519 if (lmp_le_capable(hdev))
3520 update_scan_rsp_data(&req);
3522 err = hci_req_run(&req, set_name_complete);
3524 mgmt_pending_remove(cmd);
3527 hci_dev_unlock(hdev);
3531 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3532 void *data, u16 data_len)
3534 struct pending_cmd *cmd;
3537 BT_DBG("%s", hdev->name);
3541 if (!hdev_is_powered(hdev)) {
3542 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3543 MGMT_STATUS_NOT_POWERED);
3547 if (!lmp_ssp_capable(hdev)) {
3548 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3549 MGMT_STATUS_NOT_SUPPORTED);
3553 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3554 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3559 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3565 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3566 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3569 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3572 mgmt_pending_remove(cmd);
3575 hci_dev_unlock(hdev);
3579 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3580 void *data, u16 len)
3584 BT_DBG("%s ", hdev->name);
3588 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3589 struct mgmt_cp_add_remote_oob_data *cp = data;
3592 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3593 cp->hash, cp->randomizer);
3595 status = MGMT_STATUS_FAILED;
3597 status = MGMT_STATUS_SUCCESS;
3599 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3600 status, &cp->addr, sizeof(cp->addr));
3601 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3602 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3605 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3611 status = MGMT_STATUS_FAILED;
3613 status = MGMT_STATUS_SUCCESS;
3615 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3616 status, &cp->addr, sizeof(cp->addr));
3618 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3619 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3620 MGMT_STATUS_INVALID_PARAMS);
3623 hci_dev_unlock(hdev);
3627 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3628 void *data, u16 len)
3630 struct mgmt_cp_remove_remote_oob_data *cp = data;
3634 BT_DBG("%s", hdev->name);
3638 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
3640 status = MGMT_STATUS_INVALID_PARAMS;
3642 status = MGMT_STATUS_SUCCESS;
3644 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3645 status, &cp->addr, sizeof(cp->addr));
3647 hci_dev_unlock(hdev);
3651 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3653 struct pending_cmd *cmd;
3657 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3659 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3663 type = hdev->discovery.type;
3665 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3666 &type, sizeof(type));
3667 mgmt_pending_remove(cmd);
3672 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3674 unsigned long timeout = 0;
3676 BT_DBG("status %d", status);
3680 mgmt_start_discovery_failed(hdev, status);
3681 hci_dev_unlock(hdev);
3686 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3687 hci_dev_unlock(hdev);
3689 switch (hdev->discovery.type) {
3690 case DISCOV_TYPE_LE:
3691 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3694 case DISCOV_TYPE_INTERLEAVED:
3695 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3698 case DISCOV_TYPE_BREDR:
3702 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3708 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
3711 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3712 void *data, u16 len)
3714 struct mgmt_cp_start_discovery *cp = data;
3715 struct pending_cmd *cmd;
3716 struct hci_cp_le_set_scan_param param_cp;
3717 struct hci_cp_le_set_scan_enable enable_cp;
3718 struct hci_cp_inquiry inq_cp;
3719 struct hci_request req;
3720 /* General inquiry access code (GIAC) */
3721 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3722 u8 status, own_addr_type;
3725 BT_DBG("%s", hdev->name);
3729 if (!hdev_is_powered(hdev)) {
3730 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3731 MGMT_STATUS_NOT_POWERED);
3735 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3736 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3741 if (hdev->discovery.state != DISCOVERY_STOPPED) {
3742 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3747 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
3753 hdev->discovery.type = cp->type;
3755 hci_req_init(&req, hdev);
3757 switch (hdev->discovery.type) {
3758 case DISCOV_TYPE_BREDR:
3759 status = mgmt_bredr_support(hdev);
3761 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3763 mgmt_pending_remove(cmd);
3767 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3768 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3770 mgmt_pending_remove(cmd);
3774 hci_inquiry_cache_flush(hdev);
3776 memset(&inq_cp, 0, sizeof(inq_cp));
3777 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3778 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3779 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3782 case DISCOV_TYPE_LE:
3783 case DISCOV_TYPE_INTERLEAVED:
3784 status = mgmt_le_support(hdev);
3786 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3788 mgmt_pending_remove(cmd);
3792 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3793 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3794 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3795 MGMT_STATUS_NOT_SUPPORTED);
3796 mgmt_pending_remove(cmd);
3800 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3801 /* Don't let discovery abort an outgoing
3802 * connection attempt that's using directed
3805 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3807 err = cmd_status(sk, hdev->id,
3808 MGMT_OP_START_DISCOVERY,
3809 MGMT_STATUS_REJECTED);
3810 mgmt_pending_remove(cmd);
3814 disable_advertising(&req);
3817 /* If controller is scanning, it means the background scanning
3818 * is running. Thus, we should temporarily stop it in order to
3819 * set the discovery scanning parameters.
3821 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3822 hci_req_add_le_scan_disable(&req);
3824 memset(¶m_cp, 0, sizeof(param_cp));
3826 /* All active scans will be done with either a resolvable
3827 * private address (when privacy feature has been enabled)
3828 * or unresolvable private address.
3830 err = hci_update_random_address(&req, true, &own_addr_type);
3832 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3833 MGMT_STATUS_FAILED);
3834 mgmt_pending_remove(cmd);
3838 param_cp.type = LE_SCAN_ACTIVE;
3839 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3840 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3841 param_cp.own_address_type = own_addr_type;
3842 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3845 memset(&enable_cp, 0, sizeof(enable_cp));
3846 enable_cp.enable = LE_SCAN_ENABLE;
3847 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3848 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3853 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3854 MGMT_STATUS_INVALID_PARAMS);
3855 mgmt_pending_remove(cmd);
3859 err = hci_req_run(&req, start_discovery_complete);
3861 mgmt_pending_remove(cmd);
3863 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3866 hci_dev_unlock(hdev);
3870 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3872 struct pending_cmd *cmd;
3875 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3879 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3880 &hdev->discovery.type, sizeof(hdev->discovery.type));
3881 mgmt_pending_remove(cmd);
3886 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3888 BT_DBG("status %d", status);
3893 mgmt_stop_discovery_failed(hdev, status);
3897 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3900 hci_dev_unlock(hdev);
3903 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3906 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3907 struct pending_cmd *cmd;
3908 struct hci_request req;
3911 BT_DBG("%s", hdev->name);
3915 if (!hci_discovery_active(hdev)) {
3916 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3917 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3918 sizeof(mgmt_cp->type));
3922 if (hdev->discovery.type != mgmt_cp->type) {
3923 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3924 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3925 sizeof(mgmt_cp->type));
3929 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3935 hci_req_init(&req, hdev);
3937 hci_stop_discovery(&req);
3939 err = hci_req_run(&req, stop_discovery_complete);
3941 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3945 mgmt_pending_remove(cmd);
3947 /* If no HCI commands were sent we're done */
3948 if (err == -ENODATA) {
3949 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3950 &mgmt_cp->type, sizeof(mgmt_cp->type));
3951 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3955 hci_dev_unlock(hdev);
3959 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3962 struct mgmt_cp_confirm_name *cp = data;
3963 struct inquiry_entry *e;
3966 BT_DBG("%s", hdev->name);
3970 if (!hci_discovery_active(hdev)) {
3971 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3972 MGMT_STATUS_FAILED, &cp->addr,
3977 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3979 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3980 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3985 if (cp->name_known) {
3986 e->name_state = NAME_KNOWN;
3989 e->name_state = NAME_NEEDED;
3990 hci_inquiry_cache_update_resolve(hdev, e);
3993 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3997 hci_dev_unlock(hdev);
4001 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
4004 struct mgmt_cp_block_device *cp = data;
4008 BT_DBG("%s", hdev->name);
4010 if (!bdaddr_type_is_valid(cp->addr.type))
4011 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4012 MGMT_STATUS_INVALID_PARAMS,
4013 &cp->addr, sizeof(cp->addr));
4017 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4020 status = MGMT_STATUS_FAILED;
4024 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4026 status = MGMT_STATUS_SUCCESS;
4029 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4030 &cp->addr, sizeof(cp->addr));
4032 hci_dev_unlock(hdev);
4037 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4040 struct mgmt_cp_unblock_device *cp = data;
4044 BT_DBG("%s", hdev->name);
4046 if (!bdaddr_type_is_valid(cp->addr.type))
4047 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4048 MGMT_STATUS_INVALID_PARAMS,
4049 &cp->addr, sizeof(cp->addr));
4053 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4056 status = MGMT_STATUS_INVALID_PARAMS;
4060 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4062 status = MGMT_STATUS_SUCCESS;
4065 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4066 &cp->addr, sizeof(cp->addr));
4068 hci_dev_unlock(hdev);
4073 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4076 struct mgmt_cp_set_device_id *cp = data;
4077 struct hci_request req;
4081 BT_DBG("%s", hdev->name);
4083 source = __le16_to_cpu(cp->source);
4085 if (source > 0x0002)
4086 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4087 MGMT_STATUS_INVALID_PARAMS);
4091 hdev->devid_source = source;
4092 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4093 hdev->devid_product = __le16_to_cpu(cp->product);
4094 hdev->devid_version = __le16_to_cpu(cp->version);
4096 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4098 hci_req_init(&req, hdev);
4100 hci_req_run(&req, NULL);
4102 hci_dev_unlock(hdev);
4107 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4109 struct cmd_lookup match = { NULL, hdev };
4112 u8 mgmt_err = mgmt_status(status);
4114 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4115 cmd_status_rsp, &mgmt_err);
4119 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4120 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4122 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4124 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4127 new_settings(hdev, match.sk);
4133 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4136 struct mgmt_mode *cp = data;
4137 struct pending_cmd *cmd;
4138 struct hci_request req;
4139 u8 val, enabled, status;
4142 BT_DBG("request for %s", hdev->name);
4144 status = mgmt_le_support(hdev);
4146 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4149 if (cp->val != 0x00 && cp->val != 0x01)
4150 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4151 MGMT_STATUS_INVALID_PARAMS);
4156 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4158 /* The following conditions are ones which mean that we should
4159 * not do any HCI communication but directly send a mgmt
4160 * response to user space (after toggling the flag if
4163 if (!hdev_is_powered(hdev) || val == enabled ||
4164 hci_conn_num(hdev, LE_LINK) > 0 ||
4165 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4166 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4167 bool changed = false;
4169 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4170 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4174 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4179 err = new_settings(hdev, sk);
4184 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4185 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4186 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4191 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4197 hci_req_init(&req, hdev);
4200 enable_advertising(&req);
4202 disable_advertising(&req);
4204 err = hci_req_run(&req, set_advertising_complete);
4206 mgmt_pending_remove(cmd);
4209 hci_dev_unlock(hdev);
4213 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4214 void *data, u16 len)
4216 struct mgmt_cp_set_static_address *cp = data;
4219 BT_DBG("%s", hdev->name);
4221 if (!lmp_le_capable(hdev))
4222 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4223 MGMT_STATUS_NOT_SUPPORTED);
4225 if (hdev_is_powered(hdev))
4226 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4227 MGMT_STATUS_REJECTED);
4229 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4230 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4231 return cmd_status(sk, hdev->id,
4232 MGMT_OP_SET_STATIC_ADDRESS,
4233 MGMT_STATUS_INVALID_PARAMS);
4235 /* Two most significant bits shall be set */
4236 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4237 return cmd_status(sk, hdev->id,
4238 MGMT_OP_SET_STATIC_ADDRESS,
4239 MGMT_STATUS_INVALID_PARAMS);
4244 bacpy(&hdev->static_addr, &cp->bdaddr);
4246 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4248 hci_dev_unlock(hdev);
4253 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4254 void *data, u16 len)
4256 struct mgmt_cp_set_scan_params *cp = data;
4257 __u16 interval, window;
4260 BT_DBG("%s", hdev->name);
4262 if (!lmp_le_capable(hdev))
4263 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4264 MGMT_STATUS_NOT_SUPPORTED);
4266 interval = __le16_to_cpu(cp->interval);
4268 if (interval < 0x0004 || interval > 0x4000)
4269 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4270 MGMT_STATUS_INVALID_PARAMS);
4272 window = __le16_to_cpu(cp->window);
4274 if (window < 0x0004 || window > 0x4000)
4275 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4276 MGMT_STATUS_INVALID_PARAMS);
4278 if (window > interval)
4279 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4280 MGMT_STATUS_INVALID_PARAMS);
4284 hdev->le_scan_interval = interval;
4285 hdev->le_scan_window = window;
4287 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4289 /* If background scan is running, restart it so new parameters are
4292 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4293 hdev->discovery.state == DISCOVERY_STOPPED) {
4294 struct hci_request req;
4296 hci_req_init(&req, hdev);
4298 hci_req_add_le_scan_disable(&req);
4299 hci_req_add_le_passive_scan(&req);
4301 hci_req_run(&req, NULL);
4304 hci_dev_unlock(hdev);
4309 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4311 struct pending_cmd *cmd;
4313 BT_DBG("status 0x%02x", status);
4317 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4322 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4323 mgmt_status(status));
4325 struct mgmt_mode *cp = cmd->param;
4328 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4330 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4332 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4333 new_settings(hdev, cmd->sk);
4336 mgmt_pending_remove(cmd);
4339 hci_dev_unlock(hdev);
4342 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4343 void *data, u16 len)
4345 struct mgmt_mode *cp = data;
4346 struct pending_cmd *cmd;
4347 struct hci_request req;
4350 BT_DBG("%s", hdev->name);
4352 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4353 hdev->hci_ver < BLUETOOTH_VER_1_2)
4354 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4355 MGMT_STATUS_NOT_SUPPORTED);
4357 if (cp->val != 0x00 && cp->val != 0x01)
4358 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4359 MGMT_STATUS_INVALID_PARAMS);
4361 if (!hdev_is_powered(hdev))
4362 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4363 MGMT_STATUS_NOT_POWERED);
4365 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4366 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4367 MGMT_STATUS_REJECTED);
4371 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4372 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4377 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4378 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4383 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4390 hci_req_init(&req, hdev);
4392 write_fast_connectable(&req, cp->val);
4394 err = hci_req_run(&req, fast_connectable_complete);
4396 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4397 MGMT_STATUS_FAILED);
4398 mgmt_pending_remove(cmd);
4402 hci_dev_unlock(hdev);
4407 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4409 struct pending_cmd *cmd;
4411 BT_DBG("status 0x%02x", status);
4415 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4420 u8 mgmt_err = mgmt_status(status);
4422 /* We need to restore the flag if related HCI commands
4425 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4427 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4429 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4430 new_settings(hdev, cmd->sk);
4433 mgmt_pending_remove(cmd);
4436 hci_dev_unlock(hdev);
4439 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4441 struct mgmt_mode *cp = data;
4442 struct pending_cmd *cmd;
4443 struct hci_request req;
4446 BT_DBG("request for %s", hdev->name);
4448 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4449 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4450 MGMT_STATUS_NOT_SUPPORTED);
4452 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4453 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4454 MGMT_STATUS_REJECTED);
4456 if (cp->val != 0x00 && cp->val != 0x01)
4457 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4458 MGMT_STATUS_INVALID_PARAMS);
4462 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4463 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4467 if (!hdev_is_powered(hdev)) {
4469 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4470 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4471 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4472 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4473 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4476 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4478 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4482 err = new_settings(hdev, sk);
4486 /* Reject disabling when powered on */
4488 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4489 MGMT_STATUS_REJECTED);
4493 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4494 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4499 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4505 /* We need to flip the bit already here so that update_adv_data
4506 * generates the correct flags.
4508 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4510 hci_req_init(&req, hdev);
4512 write_fast_connectable(&req, false);
4513 hci_update_page_scan(hdev, &req);
4515 /* Since only the advertising data flags will change, there
4516 * is no need to update the scan response data.
4518 update_adv_data(&req);
4520 err = hci_req_run(&req, set_bredr_complete);
4522 mgmt_pending_remove(cmd);
4525 hci_dev_unlock(hdev);
4529 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4530 void *data, u16 len)
4532 struct mgmt_mode *cp = data;
4533 struct pending_cmd *cmd;
4537 BT_DBG("request for %s", hdev->name);
4539 status = mgmt_bredr_support(hdev);
4541 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4544 if (!lmp_sc_capable(hdev) &&
4545 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
4546 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4547 MGMT_STATUS_NOT_SUPPORTED);
4549 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4550 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4551 MGMT_STATUS_INVALID_PARAMS);
4555 if (!hdev_is_powered(hdev)) {
4559 changed = !test_and_set_bit(HCI_SC_ENABLED,
4561 if (cp->val == 0x02)
4562 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4564 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4566 changed = test_and_clear_bit(HCI_SC_ENABLED,
4568 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4571 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4576 err = new_settings(hdev, sk);
4581 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4582 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4589 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4590 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
4591 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4595 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4601 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4603 mgmt_pending_remove(cmd);
4607 if (cp->val == 0x02)
4608 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4610 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4613 hci_dev_unlock(hdev);
4617 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4618 void *data, u16 len)
4620 struct mgmt_mode *cp = data;
4621 bool changed, use_changed;
4624 BT_DBG("request for %s", hdev->name);
4626 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4627 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4628 MGMT_STATUS_INVALID_PARAMS);
4633 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4636 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4639 if (cp->val == 0x02)
4640 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4643 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4646 if (hdev_is_powered(hdev) && use_changed &&
4647 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4648 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4649 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4650 sizeof(mode), &mode);
4653 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4658 err = new_settings(hdev, sk);
4661 hci_dev_unlock(hdev);
4665 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4668 struct mgmt_cp_set_privacy *cp = cp_data;
4672 BT_DBG("request for %s", hdev->name);
4674 if (!lmp_le_capable(hdev))
4675 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4676 MGMT_STATUS_NOT_SUPPORTED);
4678 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4679 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4680 MGMT_STATUS_INVALID_PARAMS);
4682 if (hdev_is_powered(hdev))
4683 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4684 MGMT_STATUS_REJECTED);
4688 /* If user space supports this command it is also expected to
4689 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4691 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4694 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4695 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4696 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4698 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4699 memset(hdev->irk, 0, sizeof(hdev->irk));
4700 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4703 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4708 err = new_settings(hdev, sk);
4711 hci_dev_unlock(hdev);
4715 static bool irk_is_valid(struct mgmt_irk_info *irk)
4717 switch (irk->addr.type) {
4718 case BDADDR_LE_PUBLIC:
4721 case BDADDR_LE_RANDOM:
4722 /* Two most significant bits shall be set */
4723 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4731 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4734 struct mgmt_cp_load_irks *cp = cp_data;
4735 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4736 sizeof(struct mgmt_irk_info));
4737 u16 irk_count, expected_len;
4740 BT_DBG("request for %s", hdev->name);
4742 if (!lmp_le_capable(hdev))
4743 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4744 MGMT_STATUS_NOT_SUPPORTED);
4746 irk_count = __le16_to_cpu(cp->irk_count);
4747 if (irk_count > max_irk_count) {
4748 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4749 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4750 MGMT_STATUS_INVALID_PARAMS);
4753 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4754 if (expected_len != len) {
4755 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4757 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4758 MGMT_STATUS_INVALID_PARAMS);
4761 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4763 for (i = 0; i < irk_count; i++) {
4764 struct mgmt_irk_info *key = &cp->irks[i];
4766 if (!irk_is_valid(key))
4767 return cmd_status(sk, hdev->id,
4769 MGMT_STATUS_INVALID_PARAMS);
4774 hci_smp_irks_clear(hdev);
4776 for (i = 0; i < irk_count; i++) {
4777 struct mgmt_irk_info *irk = &cp->irks[i];
4780 if (irk->addr.type == BDADDR_LE_PUBLIC)
4781 addr_type = ADDR_LE_DEV_PUBLIC;
4783 addr_type = ADDR_LE_DEV_RANDOM;
4785 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4789 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4791 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4793 hci_dev_unlock(hdev);
4798 static bool ltk_is_valid(struct mgmt_ltk_info *key)
4800 if (key->master != 0x00 && key->master != 0x01)
4803 switch (key->addr.type) {
4804 case BDADDR_LE_PUBLIC:
4807 case BDADDR_LE_RANDOM:
4808 /* Two most significant bits shall be set */
4809 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4817 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4818 void *cp_data, u16 len)
4820 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4821 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4822 sizeof(struct mgmt_ltk_info));
4823 u16 key_count, expected_len;
4826 BT_DBG("request for %s", hdev->name);
4828 if (!lmp_le_capable(hdev))
4829 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4830 MGMT_STATUS_NOT_SUPPORTED);
4832 key_count = __le16_to_cpu(cp->key_count);
4833 if (key_count > max_key_count) {
4834 BT_ERR("load_ltks: too big key_count value %u", key_count);
4835 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4836 MGMT_STATUS_INVALID_PARAMS);
4839 expected_len = sizeof(*cp) + key_count *
4840 sizeof(struct mgmt_ltk_info);
4841 if (expected_len != len) {
4842 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4844 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4845 MGMT_STATUS_INVALID_PARAMS);
4848 BT_DBG("%s key_count %u", hdev->name, key_count);
4850 for (i = 0; i < key_count; i++) {
4851 struct mgmt_ltk_info *key = &cp->keys[i];
4853 if (!ltk_is_valid(key))
4854 return cmd_status(sk, hdev->id,
4855 MGMT_OP_LOAD_LONG_TERM_KEYS,
4856 MGMT_STATUS_INVALID_PARAMS);
4861 hci_smp_ltks_clear(hdev);
4863 for (i = 0; i < key_count; i++) {
4864 struct mgmt_ltk_info *key = &cp->keys[i];
4865 u8 type, addr_type, authenticated;
4867 if (key->addr.type == BDADDR_LE_PUBLIC)
4868 addr_type = ADDR_LE_DEV_PUBLIC;
4870 addr_type = ADDR_LE_DEV_RANDOM;
4875 type = SMP_LTK_SLAVE;
4877 switch (key->type) {
4878 case MGMT_LTK_UNAUTHENTICATED:
4879 authenticated = 0x00;
4881 case MGMT_LTK_AUTHENTICATED:
4882 authenticated = 0x01;
4888 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4889 authenticated, key->val, key->enc_size, key->ediv,
4893 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4896 hci_dev_unlock(hdev);
4901 struct cmd_conn_lookup {
4902 struct hci_conn *conn;
4903 bool valid_tx_power;
4907 static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4909 struct cmd_conn_lookup *match = data;
4910 struct mgmt_cp_get_conn_info *cp;
4911 struct mgmt_rp_get_conn_info rp;
4912 struct hci_conn *conn = cmd->user_data;
4914 if (conn != match->conn)
4917 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4919 memset(&rp, 0, sizeof(rp));
4920 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4921 rp.addr.type = cp->addr.type;
4923 if (!match->mgmt_status) {
4924 rp.rssi = conn->rssi;
4926 if (match->valid_tx_power) {
4927 rp.tx_power = conn->tx_power;
4928 rp.max_tx_power = conn->max_tx_power;
4930 rp.tx_power = HCI_TX_POWER_INVALID;
4931 rp.max_tx_power = HCI_TX_POWER_INVALID;
4935 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4936 match->mgmt_status, &rp, sizeof(rp));
4938 hci_conn_drop(conn);
4941 mgmt_pending_remove(cmd);
4944 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4946 struct hci_cp_read_rssi *cp;
4947 struct hci_conn *conn;
4948 struct cmd_conn_lookup match;
4951 BT_DBG("status 0x%02x", status);
4955 /* TX power data is valid in case request completed successfully,
4956 * otherwise we assume it's not valid. At the moment we assume that
4957 * either both or none of current and max values are valid to keep code
4960 match.valid_tx_power = !status;
4962 /* Commands sent in request are either Read RSSI or Read Transmit Power
4963 * Level so we check which one was last sent to retrieve connection
4964 * handle. Both commands have handle as first parameter so it's safe to
4965 * cast data on the same command struct.
4967 * First command sent is always Read RSSI and we fail only if it fails.
4968 * In other case we simply override error to indicate success as we
4969 * already remembered if TX power value is actually valid.
4971 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4973 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4978 BT_ERR("invalid sent_cmd in response");
4982 handle = __le16_to_cpu(cp->handle);
4983 conn = hci_conn_hash_lookup_handle(hdev, handle);
4985 BT_ERR("unknown handle (%d) in response", handle);
4990 match.mgmt_status = mgmt_status(status);
4992 /* Cache refresh is complete, now reply for mgmt request for given
4995 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4996 get_conn_info_complete, &match);
4999 hci_dev_unlock(hdev);
5002 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5005 struct mgmt_cp_get_conn_info *cp = data;
5006 struct mgmt_rp_get_conn_info rp;
5007 struct hci_conn *conn;
5008 unsigned long conn_info_age;
5011 BT_DBG("%s", hdev->name);
5013 memset(&rp, 0, sizeof(rp));
5014 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5015 rp.addr.type = cp->addr.type;
5017 if (!bdaddr_type_is_valid(cp->addr.type))
5018 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5019 MGMT_STATUS_INVALID_PARAMS,
5024 if (!hdev_is_powered(hdev)) {
5025 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5026 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5030 if (cp->addr.type == BDADDR_BREDR)
5031 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5034 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5036 if (!conn || conn->state != BT_CONNECTED) {
5037 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5038 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5042 /* To avoid client trying to guess when to poll again for information we
5043 * calculate conn info age as random value between min/max set in hdev.
5045 conn_info_age = hdev->conn_info_min_age +
5046 prandom_u32_max(hdev->conn_info_max_age -
5047 hdev->conn_info_min_age);
5049 /* Query controller to refresh cached values if they are too old or were
5052 if (time_after(jiffies, conn->conn_info_timestamp +
5053 msecs_to_jiffies(conn_info_age)) ||
5054 !conn->conn_info_timestamp) {
5055 struct hci_request req;
5056 struct hci_cp_read_tx_power req_txp_cp;
5057 struct hci_cp_read_rssi req_rssi_cp;
5058 struct pending_cmd *cmd;
5060 hci_req_init(&req, hdev);
5061 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5062 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5065 /* For LE links TX power does not change thus we don't need to
5066 * query for it once value is known.
5068 if (!bdaddr_type_is_le(cp->addr.type) ||
5069 conn->tx_power == HCI_TX_POWER_INVALID) {
5070 req_txp_cp.handle = cpu_to_le16(conn->handle);
5071 req_txp_cp.type = 0x00;
5072 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5073 sizeof(req_txp_cp), &req_txp_cp);
5076 /* Max TX power needs to be read only once per connection */
5077 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5078 req_txp_cp.handle = cpu_to_le16(conn->handle);
5079 req_txp_cp.type = 0x01;
5080 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5081 sizeof(req_txp_cp), &req_txp_cp);
5084 err = hci_req_run(&req, conn_info_refresh_complete);
5088 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5095 hci_conn_hold(conn);
5096 cmd->user_data = hci_conn_get(conn);
5098 conn->conn_info_timestamp = jiffies;
5100 /* Cache is valid, just reply with values cached in hci_conn */
5101 rp.rssi = conn->rssi;
5102 rp.tx_power = conn->tx_power;
5103 rp.max_tx_power = conn->max_tx_power;
5105 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5106 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5110 hci_dev_unlock(hdev);
5114 static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5116 struct mgmt_cp_get_clock_info *cp;
5117 struct mgmt_rp_get_clock_info rp;
5118 struct hci_cp_read_clock *hci_cp;
5119 struct pending_cmd *cmd;
5120 struct hci_conn *conn;
5122 BT_DBG("%s status %u", hdev->name, status);
5126 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5130 if (hci_cp->which) {
5131 u16 handle = __le16_to_cpu(hci_cp->handle);
5132 conn = hci_conn_hash_lookup_handle(hdev, handle);
5137 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5143 memset(&rp, 0, sizeof(rp));
5144 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5149 rp.local_clock = cpu_to_le32(hdev->clock);
5152 rp.piconet_clock = cpu_to_le32(conn->clock);
5153 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5157 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5159 mgmt_pending_remove(cmd);
5161 hci_conn_drop(conn);
5166 hci_dev_unlock(hdev);
5169 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5172 struct mgmt_cp_get_clock_info *cp = data;
5173 struct mgmt_rp_get_clock_info rp;
5174 struct hci_cp_read_clock hci_cp;
5175 struct pending_cmd *cmd;
5176 struct hci_request req;
5177 struct hci_conn *conn;
5180 BT_DBG("%s", hdev->name);
5182 memset(&rp, 0, sizeof(rp));
5183 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5184 rp.addr.type = cp->addr.type;
5186 if (cp->addr.type != BDADDR_BREDR)
5187 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5188 MGMT_STATUS_INVALID_PARAMS,
5193 if (!hdev_is_powered(hdev)) {
5194 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5195 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5199 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5200 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5202 if (!conn || conn->state != BT_CONNECTED) {
5203 err = cmd_complete(sk, hdev->id,
5204 MGMT_OP_GET_CLOCK_INFO,
5205 MGMT_STATUS_NOT_CONNECTED,
5213 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5219 hci_req_init(&req, hdev);
5221 memset(&hci_cp, 0, sizeof(hci_cp));
5222 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5225 hci_conn_hold(conn);
5226 cmd->user_data = hci_conn_get(conn);
5228 hci_cp.handle = cpu_to_le16(conn->handle);
5229 hci_cp.which = 0x01; /* Piconet clock */
5230 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5233 err = hci_req_run(&req, get_clock_info_complete);
5235 mgmt_pending_remove(cmd);
5238 hci_dev_unlock(hdev);
5242 static void device_added(struct sock *sk, struct hci_dev *hdev,
5243 bdaddr_t *bdaddr, u8 type, u8 action)
5245 struct mgmt_ev_device_added ev;
5247 bacpy(&ev.addr.bdaddr, bdaddr);
5248 ev.addr.type = type;
5251 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5254 static int add_device(struct sock *sk, struct hci_dev *hdev,
5255 void *data, u16 len)
5257 struct mgmt_cp_add_device *cp = data;
5258 u8 auto_conn, addr_type;
5261 BT_DBG("%s", hdev->name);
5263 if (!bdaddr_type_is_valid(cp->addr.type) ||
5264 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5265 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5266 MGMT_STATUS_INVALID_PARAMS,
5267 &cp->addr, sizeof(cp->addr));
5269 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5270 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5271 MGMT_STATUS_INVALID_PARAMS,
5272 &cp->addr, sizeof(cp->addr));
5276 if (cp->addr.type == BDADDR_BREDR) {
5277 /* Only incoming connections action is supported for now */
5278 if (cp->action != 0x01) {
5279 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5280 MGMT_STATUS_INVALID_PARAMS,
5281 &cp->addr, sizeof(cp->addr));
5285 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5290 hci_update_page_scan(hdev, NULL);
5295 if (cp->addr.type == BDADDR_LE_PUBLIC)
5296 addr_type = ADDR_LE_DEV_PUBLIC;
5298 addr_type = ADDR_LE_DEV_RANDOM;
5300 if (cp->action == 0x02)
5301 auto_conn = HCI_AUTO_CONN_ALWAYS;
5302 else if (cp->action == 0x01)
5303 auto_conn = HCI_AUTO_CONN_DIRECT;
5305 auto_conn = HCI_AUTO_CONN_REPORT;
5307 /* If the connection parameters don't exist for this device,
5308 * they will be created and configured with defaults.
5310 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5312 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5314 &cp->addr, sizeof(cp->addr));
5319 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5321 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5322 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5325 hci_dev_unlock(hdev);
5329 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5330 bdaddr_t *bdaddr, u8 type)
5332 struct mgmt_ev_device_removed ev;
5334 bacpy(&ev.addr.bdaddr, bdaddr);
5335 ev.addr.type = type;
5337 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5340 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5341 void *data, u16 len)
5343 struct mgmt_cp_remove_device *cp = data;
5346 BT_DBG("%s", hdev->name);
5350 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5351 struct hci_conn_params *params;
5354 if (!bdaddr_type_is_valid(cp->addr.type)) {
5355 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5356 MGMT_STATUS_INVALID_PARAMS,
5357 &cp->addr, sizeof(cp->addr));
5361 if (cp->addr.type == BDADDR_BREDR) {
5362 err = hci_bdaddr_list_del(&hdev->whitelist,
5366 err = cmd_complete(sk, hdev->id,
5367 MGMT_OP_REMOVE_DEVICE,
5368 MGMT_STATUS_INVALID_PARAMS,
5369 &cp->addr, sizeof(cp->addr));
5373 hci_update_page_scan(hdev, NULL);
5375 device_removed(sk, hdev, &cp->addr.bdaddr,
5380 if (cp->addr.type == BDADDR_LE_PUBLIC)
5381 addr_type = ADDR_LE_DEV_PUBLIC;
5383 addr_type = ADDR_LE_DEV_RANDOM;
5385 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5388 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5389 MGMT_STATUS_INVALID_PARAMS,
5390 &cp->addr, sizeof(cp->addr));
5394 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5395 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5396 MGMT_STATUS_INVALID_PARAMS,
5397 &cp->addr, sizeof(cp->addr));
5401 list_del(¶ms->action);
5402 list_del(¶ms->list);
5404 hci_update_background_scan(hdev);
5406 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5408 struct hci_conn_params *p, *tmp;
5409 struct bdaddr_list *b, *btmp;
5411 if (cp->addr.type) {
5412 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5413 MGMT_STATUS_INVALID_PARAMS,
5414 &cp->addr, sizeof(cp->addr));
5418 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5419 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5424 hci_update_page_scan(hdev, NULL);
5426 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5427 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5429 device_removed(sk, hdev, &p->addr, p->addr_type);
5430 list_del(&p->action);
5435 BT_DBG("All LE connection parameters were removed");
5437 hci_update_background_scan(hdev);
5441 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5442 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5445 hci_dev_unlock(hdev);
5449 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5452 struct mgmt_cp_load_conn_param *cp = data;
5453 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5454 sizeof(struct mgmt_conn_param));
5455 u16 param_count, expected_len;
5458 if (!lmp_le_capable(hdev))
5459 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5460 MGMT_STATUS_NOT_SUPPORTED);
5462 param_count = __le16_to_cpu(cp->param_count);
5463 if (param_count > max_param_count) {
5464 BT_ERR("load_conn_param: too big param_count value %u",
5466 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5467 MGMT_STATUS_INVALID_PARAMS);
5470 expected_len = sizeof(*cp) + param_count *
5471 sizeof(struct mgmt_conn_param);
5472 if (expected_len != len) {
5473 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5475 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5476 MGMT_STATUS_INVALID_PARAMS);
5479 BT_DBG("%s param_count %u", hdev->name, param_count);
5483 hci_conn_params_clear_disabled(hdev);
5485 for (i = 0; i < param_count; i++) {
5486 struct mgmt_conn_param *param = &cp->params[i];
5487 struct hci_conn_params *hci_param;
5488 u16 min, max, latency, timeout;
5491 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5494 if (param->addr.type == BDADDR_LE_PUBLIC) {
5495 addr_type = ADDR_LE_DEV_PUBLIC;
5496 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5497 addr_type = ADDR_LE_DEV_RANDOM;
5499 BT_ERR("Ignoring invalid connection parameters");
5503 min = le16_to_cpu(param->min_interval);
5504 max = le16_to_cpu(param->max_interval);
5505 latency = le16_to_cpu(param->latency);
5506 timeout = le16_to_cpu(param->timeout);
5508 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5509 min, max, latency, timeout);
5511 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5512 BT_ERR("Ignoring invalid connection parameters");
5516 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5519 BT_ERR("Failed to add connection parameters");
5523 hci_param->conn_min_interval = min;
5524 hci_param->conn_max_interval = max;
5525 hci_param->conn_latency = latency;
5526 hci_param->supervision_timeout = timeout;
5529 hci_dev_unlock(hdev);
5531 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5534 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5535 void *data, u16 len)
5537 struct mgmt_cp_set_external_config *cp = data;
5541 BT_DBG("%s", hdev->name);
5543 if (hdev_is_powered(hdev))
5544 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5545 MGMT_STATUS_REJECTED);
5547 if (cp->config != 0x00 && cp->config != 0x01)
5548 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5549 MGMT_STATUS_INVALID_PARAMS);
5551 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5552 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5553 MGMT_STATUS_NOT_SUPPORTED);
5558 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5561 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5564 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5571 err = new_options(hdev, sk);
5573 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5574 mgmt_index_removed(hdev);
5576 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5577 set_bit(HCI_CONFIG, &hdev->dev_flags);
5578 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5580 queue_work(hdev->req_workqueue, &hdev->power_on);
5582 set_bit(HCI_RAW, &hdev->flags);
5583 mgmt_index_added(hdev);
5588 hci_dev_unlock(hdev);
5592 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5593 void *data, u16 len)
5595 struct mgmt_cp_set_public_address *cp = data;
5599 BT_DBG("%s", hdev->name);
5601 if (hdev_is_powered(hdev))
5602 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5603 MGMT_STATUS_REJECTED);
5605 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5606 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5607 MGMT_STATUS_INVALID_PARAMS);
5609 if (!hdev->set_bdaddr)
5610 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5611 MGMT_STATUS_NOT_SUPPORTED);
5615 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5616 bacpy(&hdev->public_addr, &cp->bdaddr);
5618 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5625 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5626 err = new_options(hdev, sk);
5628 if (is_configured(hdev)) {
5629 mgmt_index_removed(hdev);
5631 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5633 set_bit(HCI_CONFIG, &hdev->dev_flags);
5634 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5636 queue_work(hdev->req_workqueue, &hdev->power_on);
5640 hci_dev_unlock(hdev);
5644 static const struct mgmt_handler {
5645 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5649 } mgmt_handlers[] = {
5650 { NULL }, /* 0x0000 (no command) */
5651 { read_version, false, MGMT_READ_VERSION_SIZE },
5652 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5653 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5654 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5655 { set_powered, false, MGMT_SETTING_SIZE },
5656 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5657 { set_connectable, false, MGMT_SETTING_SIZE },
5658 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5659 { set_bondable, false, MGMT_SETTING_SIZE },
5660 { set_link_security, false, MGMT_SETTING_SIZE },
5661 { set_ssp, false, MGMT_SETTING_SIZE },
5662 { set_hs, false, MGMT_SETTING_SIZE },
5663 { set_le, false, MGMT_SETTING_SIZE },
5664 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5665 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5666 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5667 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5668 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5669 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5670 { disconnect, false, MGMT_DISCONNECT_SIZE },
5671 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5672 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5673 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5674 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5675 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5676 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5677 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5678 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5679 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5680 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5681 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5682 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
5683 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
5684 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5685 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5686 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5687 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5688 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5689 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
5690 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
5691 { set_advertising, false, MGMT_SETTING_SIZE },
5692 { set_bredr, false, MGMT_SETTING_SIZE },
5693 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
5694 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
5695 { set_secure_conn, false, MGMT_SETTING_SIZE },
5696 { set_debug_keys, false, MGMT_SETTING_SIZE },
5697 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
5698 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
5699 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
5700 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
5701 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5702 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
5703 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5704 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
5705 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
5706 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
5707 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
5710 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5714 struct mgmt_hdr *hdr;
5715 u16 opcode, index, len;
5716 struct hci_dev *hdev = NULL;
5717 const struct mgmt_handler *handler;
5720 BT_DBG("got %zu bytes", msglen);
5722 if (msglen < sizeof(*hdr))
5725 buf = kmalloc(msglen, GFP_KERNEL);
5729 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5735 opcode = __le16_to_cpu(hdr->opcode);
5736 index = __le16_to_cpu(hdr->index);
5737 len = __le16_to_cpu(hdr->len);
5739 if (len != msglen - sizeof(*hdr)) {
5744 if (index != MGMT_INDEX_NONE) {
5745 hdev = hci_dev_get(index);
5747 err = cmd_status(sk, index, opcode,
5748 MGMT_STATUS_INVALID_INDEX);
5752 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
5753 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
5754 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
5755 err = cmd_status(sk, index, opcode,
5756 MGMT_STATUS_INVALID_INDEX);
5760 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
5761 opcode != MGMT_OP_READ_CONFIG_INFO &&
5762 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
5763 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
5764 err = cmd_status(sk, index, opcode,
5765 MGMT_STATUS_INVALID_INDEX);
5770 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
5771 mgmt_handlers[opcode].func == NULL) {
5772 BT_DBG("Unknown op %u", opcode);
5773 err = cmd_status(sk, index, opcode,
5774 MGMT_STATUS_UNKNOWN_COMMAND);
5778 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5779 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5780 err = cmd_status(sk, index, opcode,
5781 MGMT_STATUS_INVALID_INDEX);
5785 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5786 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5787 err = cmd_status(sk, index, opcode,
5788 MGMT_STATUS_INVALID_INDEX);
5792 handler = &mgmt_handlers[opcode];
5794 if ((handler->var_len && len < handler->data_len) ||
5795 (!handler->var_len && len != handler->data_len)) {
5796 err = cmd_status(sk, index, opcode,
5797 MGMT_STATUS_INVALID_PARAMS);
5802 mgmt_init_hdev(sk, hdev);
5804 cp = buf + sizeof(*hdr);
5806 err = handler->func(sk, hdev, cp, len);
5820 void mgmt_index_added(struct hci_dev *hdev)
5822 if (hdev->dev_type != HCI_BREDR)
5825 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5828 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5829 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5831 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
5834 void mgmt_index_removed(struct hci_dev *hdev)
5836 u8 status = MGMT_STATUS_INVALID_INDEX;
5838 if (hdev->dev_type != HCI_BREDR)
5841 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5844 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
5846 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5847 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5849 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
5852 /* This function requires the caller holds hdev->lock */
5853 static void restart_le_actions(struct hci_dev *hdev)
5855 struct hci_conn_params *p;
5857 list_for_each_entry(p, &hdev->le_conn_params, list) {
5858 /* Needed for AUTO_OFF case where might not "really"
5859 * have been powered off.
5861 list_del_init(&p->action);
5863 switch (p->auto_connect) {
5864 case HCI_AUTO_CONN_DIRECT:
5865 case HCI_AUTO_CONN_ALWAYS:
5866 list_add(&p->action, &hdev->pend_le_conns);
5868 case HCI_AUTO_CONN_REPORT:
5869 list_add(&p->action, &hdev->pend_le_reports);
5876 hci_update_background_scan(hdev);
5879 static void powered_complete(struct hci_dev *hdev, u8 status)
5881 struct cmd_lookup match = { NULL, hdev };
5883 BT_DBG("status 0x%02x", status);
5887 restart_le_actions(hdev);
5889 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5891 new_settings(hdev, match.sk);
5893 hci_dev_unlock(hdev);
5899 static int powered_update_hci(struct hci_dev *hdev)
5901 struct hci_request req;
5904 hci_req_init(&req, hdev);
5906 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5907 !lmp_host_ssp_capable(hdev)) {
5910 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
5913 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5914 lmp_bredr_capable(hdev)) {
5915 struct hci_cp_write_le_host_supported cp;
5920 /* Check first if we already have the right
5921 * host state (host features set)
5923 if (cp.le != lmp_host_le_capable(hdev) ||
5924 cp.simul != lmp_host_le_br_capable(hdev))
5925 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5929 if (lmp_le_capable(hdev)) {
5930 /* Make sure the controller has a good default for
5931 * advertising data. This also applies to the case
5932 * where BR/EDR was toggled during the AUTO_OFF phase.
5934 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5935 update_adv_data(&req);
5936 update_scan_rsp_data(&req);
5939 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5940 enable_advertising(&req);
5943 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5944 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
5945 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5946 sizeof(link_sec), &link_sec);
5948 if (lmp_bredr_capable(hdev)) {
5949 write_fast_connectable(&req, false);
5950 hci_update_page_scan(hdev, &req);
5956 return hci_req_run(&req, powered_complete);
5959 int mgmt_powered(struct hci_dev *hdev, u8 powered)
5961 struct cmd_lookup match = { NULL, hdev };
5962 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5963 u8 zero_cod[] = { 0, 0, 0 };
5966 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5970 if (powered_update_hci(hdev) == 0)
5973 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5978 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5979 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5981 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5982 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5983 zero_cod, sizeof(zero_cod), NULL);
5986 err = new_settings(hdev, match.sk);
5994 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
5996 struct pending_cmd *cmd;
5999 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6003 if (err == -ERFKILL)
6004 status = MGMT_STATUS_RFKILLED;
6006 status = MGMT_STATUS_FAILED;
6008 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
6010 mgmt_pending_remove(cmd);
6013 void mgmt_discoverable_timeout(struct hci_dev *hdev)
6015 struct hci_request req;
6019 /* When discoverable timeout triggers, then just make sure
6020 * the limited discoverable flag is cleared. Even in the case
6021 * of a timeout triggered from general discoverable, it is
6022 * safe to unconditionally clear the flag.
6024 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
6025 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
6027 hci_req_init(&req, hdev);
6028 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6029 u8 scan = SCAN_PAGE;
6030 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6031 sizeof(scan), &scan);
6034 update_adv_data(&req);
6035 hci_req_run(&req, NULL);
6037 hdev->discov_timeout = 0;
6039 new_settings(hdev, NULL);
6041 hci_dev_unlock(hdev);
6044 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6047 struct mgmt_ev_new_link_key ev;
6049 memset(&ev, 0, sizeof(ev));
6051 ev.store_hint = persistent;
6052 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6053 ev.key.addr.type = BDADDR_BREDR;
6054 ev.key.type = key->type;
6055 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
6056 ev.key.pin_len = key->pin_len;
6058 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
6061 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6063 if (ltk->authenticated)
6064 return MGMT_LTK_AUTHENTICATED;
6066 return MGMT_LTK_UNAUTHENTICATED;
6069 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
6071 struct mgmt_ev_new_long_term_key ev;
6073 memset(&ev, 0, sizeof(ev));
6075 /* Devices using resolvable or non-resolvable random addresses
6076 * without providing an indentity resolving key don't require
6077 * to store long term keys. Their addresses will change the
6080 * Only when a remote device provides an identity address
6081 * make sure the long term key is stored. If the remote
6082 * identity is known, the long term keys are internally
6083 * mapped to the identity address. So allow static random
6084 * and public addresses here.
6086 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6087 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6088 ev.store_hint = 0x00;
6090 ev.store_hint = persistent;
6092 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6093 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
6094 ev.key.type = mgmt_ltk_type(key);
6095 ev.key.enc_size = key->enc_size;
6096 ev.key.ediv = key->ediv;
6097 ev.key.rand = key->rand;
6099 if (key->type == SMP_LTK)
6102 memcpy(ev.key.val, key->val, sizeof(key->val));
6104 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
6107 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6109 struct mgmt_ev_new_irk ev;
6111 memset(&ev, 0, sizeof(ev));
6113 /* For identity resolving keys from devices that are already
6114 * using a public address or static random address, do not
6115 * ask for storing this key. The identity resolving key really
6116 * is only mandatory for devices using resovlable random
6119 * Storing all identity resolving keys has the downside that
6120 * they will be also loaded on next boot of they system. More
6121 * identity resolving keys, means more time during scanning is
6122 * needed to actually resolve these addresses.
6124 if (bacmp(&irk->rpa, BDADDR_ANY))
6125 ev.store_hint = 0x01;
6127 ev.store_hint = 0x00;
6129 bacpy(&ev.rpa, &irk->rpa);
6130 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6131 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6132 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6134 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6137 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6140 struct mgmt_ev_new_csrk ev;
6142 memset(&ev, 0, sizeof(ev));
6144 /* Devices using resolvable or non-resolvable random addresses
6145 * without providing an indentity resolving key don't require
6146 * to store signature resolving keys. Their addresses will change
6147 * the next time around.
6149 * Only when a remote device provides an identity address
6150 * make sure the signature resolving key is stored. So allow
6151 * static random and public addresses here.
6153 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6154 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6155 ev.store_hint = 0x00;
6157 ev.store_hint = persistent;
6159 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6160 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6161 ev.key.master = csrk->master;
6162 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6164 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6167 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
6168 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6169 u16 max_interval, u16 latency, u16 timeout)
6171 struct mgmt_ev_new_conn_param ev;
6173 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6176 memset(&ev, 0, sizeof(ev));
6177 bacpy(&ev.addr.bdaddr, bdaddr);
6178 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
6179 ev.store_hint = store_hint;
6180 ev.min_interval = cpu_to_le16(min_interval);
6181 ev.max_interval = cpu_to_le16(max_interval);
6182 ev.latency = cpu_to_le16(latency);
6183 ev.timeout = cpu_to_le16(timeout);
6185 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6188 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6191 eir[eir_len++] = sizeof(type) + data_len;
6192 eir[eir_len++] = type;
6193 memcpy(&eir[eir_len], data, data_len);
6194 eir_len += data_len;
6199 void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6200 u32 flags, u8 *name, u8 name_len)
6203 struct mgmt_ev_device_connected *ev = (void *) buf;
6206 bacpy(&ev->addr.bdaddr, &conn->dst);
6207 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6209 ev->flags = __cpu_to_le32(flags);
6211 /* We must ensure that the EIR Data fields are ordered and
6212 * unique. Keep it simple for now and avoid the problem by not
6213 * adding any BR/EDR data to the LE adv.
6215 if (conn->le_adv_data_len > 0) {
6216 memcpy(&ev->eir[eir_len],
6217 conn->le_adv_data, conn->le_adv_data_len);
6218 eir_len = conn->le_adv_data_len;
6221 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6224 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
6225 eir_len = eir_append_data(ev->eir, eir_len,
6227 conn->dev_class, 3);
6230 ev->eir_len = cpu_to_le16(eir_len);
6232 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6233 sizeof(*ev) + eir_len, NULL);
6236 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6238 struct mgmt_cp_disconnect *cp = cmd->param;
6239 struct sock **sk = data;
6240 struct mgmt_rp_disconnect rp;
6242 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6243 rp.addr.type = cp->addr.type;
6245 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
6251 mgmt_pending_remove(cmd);
6254 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
6256 struct hci_dev *hdev = data;
6257 struct mgmt_cp_unpair_device *cp = cmd->param;
6258 struct mgmt_rp_unpair_device rp;
6260 memset(&rp, 0, sizeof(rp));
6261 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6262 rp.addr.type = cp->addr.type;
6264 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6266 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
6268 mgmt_pending_remove(cmd);
6271 bool mgmt_powering_down(struct hci_dev *hdev)
6273 struct pending_cmd *cmd;
6274 struct mgmt_mode *cp;
6276 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6287 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
6288 u8 link_type, u8 addr_type, u8 reason,
6289 bool mgmt_connected)
6291 struct mgmt_ev_device_disconnected ev;
6292 struct sock *sk = NULL;
6294 /* The connection is still in hci_conn_hash so test for 1
6295 * instead of 0 to know if this is the last one.
6297 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6298 cancel_delayed_work(&hdev->power_off);
6299 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6302 if (!mgmt_connected)
6305 if (link_type != ACL_LINK && link_type != LE_LINK)
6308 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
6310 bacpy(&ev.addr.bdaddr, bdaddr);
6311 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6314 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
6319 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6323 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6324 u8 link_type, u8 addr_type, u8 status)
6326 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6327 struct mgmt_cp_disconnect *cp;
6328 struct mgmt_rp_disconnect rp;
6329 struct pending_cmd *cmd;
6331 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6334 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
6340 if (bacmp(bdaddr, &cp->addr.bdaddr))
6343 if (cp->addr.type != bdaddr_type)
6346 bacpy(&rp.addr.bdaddr, bdaddr);
6347 rp.addr.type = bdaddr_type;
6349 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6350 mgmt_status(status), &rp, sizeof(rp));
6352 mgmt_pending_remove(cmd);
6355 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6356 u8 addr_type, u8 status)
6358 struct mgmt_ev_connect_failed ev;
6360 /* The connection is still in hci_conn_hash so test for 1
6361 * instead of 0 to know if this is the last one.
6363 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6364 cancel_delayed_work(&hdev->power_off);
6365 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6368 bacpy(&ev.addr.bdaddr, bdaddr);
6369 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6370 ev.status = mgmt_status(status);
6372 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
6375 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
6377 struct mgmt_ev_pin_code_request ev;
6379 bacpy(&ev.addr.bdaddr, bdaddr);
6380 ev.addr.type = BDADDR_BREDR;
6383 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
6386 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6389 struct pending_cmd *cmd;
6390 struct mgmt_rp_pin_code_reply rp;
6392 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
6396 bacpy(&rp.addr.bdaddr, bdaddr);
6397 rp.addr.type = BDADDR_BREDR;
6399 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6400 mgmt_status(status), &rp, sizeof(rp));
6402 mgmt_pending_remove(cmd);
6405 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6408 struct pending_cmd *cmd;
6409 struct mgmt_rp_pin_code_reply rp;
6411 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
6415 bacpy(&rp.addr.bdaddr, bdaddr);
6416 rp.addr.type = BDADDR_BREDR;
6418 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6419 mgmt_status(status), &rp, sizeof(rp));
6421 mgmt_pending_remove(cmd);
6424 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
6425 u8 link_type, u8 addr_type, u32 value,
6428 struct mgmt_ev_user_confirm_request ev;
6430 BT_DBG("%s", hdev->name);
6432 bacpy(&ev.addr.bdaddr, bdaddr);
6433 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6434 ev.confirm_hint = confirm_hint;
6435 ev.value = cpu_to_le32(value);
6437 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
6441 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
6442 u8 link_type, u8 addr_type)
6444 struct mgmt_ev_user_passkey_request ev;
6446 BT_DBG("%s", hdev->name);
6448 bacpy(&ev.addr.bdaddr, bdaddr);
6449 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6451 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
6455 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6456 u8 link_type, u8 addr_type, u8 status,
6459 struct pending_cmd *cmd;
6460 struct mgmt_rp_user_confirm_reply rp;
6463 cmd = mgmt_pending_find(opcode, hdev);
6467 bacpy(&rp.addr.bdaddr, bdaddr);
6468 rp.addr.type = link_to_bdaddr(link_type, addr_type);
6469 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
6472 mgmt_pending_remove(cmd);
6477 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6478 u8 link_type, u8 addr_type, u8 status)
6480 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6481 status, MGMT_OP_USER_CONFIRM_REPLY);
6484 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6485 u8 link_type, u8 addr_type, u8 status)
6487 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6489 MGMT_OP_USER_CONFIRM_NEG_REPLY);
6492 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6493 u8 link_type, u8 addr_type, u8 status)
6495 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6496 status, MGMT_OP_USER_PASSKEY_REPLY);
6499 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6500 u8 link_type, u8 addr_type, u8 status)
6502 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6504 MGMT_OP_USER_PASSKEY_NEG_REPLY);
6507 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6508 u8 link_type, u8 addr_type, u32 passkey,
6511 struct mgmt_ev_passkey_notify ev;
6513 BT_DBG("%s", hdev->name);
6515 bacpy(&ev.addr.bdaddr, bdaddr);
6516 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6517 ev.passkey = __cpu_to_le32(passkey);
6518 ev.entered = entered;
6520 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6523 void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
6525 struct mgmt_ev_auth_failed ev;
6526 struct pending_cmd *cmd;
6527 u8 status = mgmt_status(hci_status);
6529 bacpy(&ev.addr.bdaddr, &conn->dst);
6530 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6533 cmd = find_pairing(conn);
6535 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
6536 cmd ? cmd->sk : NULL);
6539 pairing_complete(cmd, status);
6542 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
6544 struct cmd_lookup match = { NULL, hdev };
6548 u8 mgmt_err = mgmt_status(status);
6549 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
6550 cmd_status_rsp, &mgmt_err);
6554 if (test_bit(HCI_AUTH, &hdev->flags))
6555 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6558 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6561 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
6565 new_settings(hdev, match.sk);
6571 static void clear_eir(struct hci_request *req)
6573 struct hci_dev *hdev = req->hdev;
6574 struct hci_cp_write_eir cp;
6576 if (!lmp_ext_inq_capable(hdev))
6579 memset(hdev->eir, 0, sizeof(hdev->eir));
6581 memset(&cp, 0, sizeof(cp));
6583 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
6586 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6588 struct cmd_lookup match = { NULL, hdev };
6589 struct hci_request req;
6590 bool changed = false;
6593 u8 mgmt_err = mgmt_status(status);
6595 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
6596 &hdev->dev_flags)) {
6597 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
6598 new_settings(hdev, NULL);
6601 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6607 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6609 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6611 changed = test_and_clear_bit(HCI_HS_ENABLED,
6614 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
6617 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6620 new_settings(hdev, match.sk);
6625 hci_req_init(&req, hdev);
6627 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6628 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6629 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6630 sizeof(enable), &enable);
6636 hci_req_run(&req, NULL);
6639 void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6641 struct cmd_lookup match = { NULL, hdev };
6642 bool changed = false;
6645 u8 mgmt_err = mgmt_status(status);
6648 if (test_and_clear_bit(HCI_SC_ENABLED,
6650 new_settings(hdev, NULL);
6651 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6654 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6655 cmd_status_rsp, &mgmt_err);
6660 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
6662 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
6663 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6666 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6667 settings_rsp, &match);
6670 new_settings(hdev, match.sk);
6676 static void sk_lookup(struct pending_cmd *cmd, void *data)
6678 struct cmd_lookup *match = data;
6680 if (match->sk == NULL) {
6681 match->sk = cmd->sk;
6682 sock_hold(match->sk);
6686 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6689 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
6691 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6692 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6693 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
6696 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6703 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
6705 struct mgmt_cp_set_local_name ev;
6706 struct pending_cmd *cmd;
6711 memset(&ev, 0, sizeof(ev));
6712 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
6713 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
6715 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
6717 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
6719 /* If this is a HCI command related to powering on the
6720 * HCI dev don't send any mgmt signals.
6722 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
6726 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6727 cmd ? cmd->sk : NULL);
6730 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6731 u8 *randomizer192, u8 *hash256,
6732 u8 *randomizer256, u8 status)
6734 struct pending_cmd *cmd;
6736 BT_DBG("%s status %u", hdev->name, status);
6738 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
6743 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6744 mgmt_status(status));
6746 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6747 hash256 && randomizer256) {
6748 struct mgmt_rp_read_local_oob_ext_data rp;
6750 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6751 memcpy(rp.randomizer192, randomizer192,
6752 sizeof(rp.randomizer192));
6754 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6755 memcpy(rp.randomizer256, randomizer256,
6756 sizeof(rp.randomizer256));
6758 cmd_complete(cmd->sk, hdev->id,
6759 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6762 struct mgmt_rp_read_local_oob_data rp;
6764 memcpy(rp.hash, hash192, sizeof(rp.hash));
6765 memcpy(rp.randomizer, randomizer192,
6766 sizeof(rp.randomizer));
6768 cmd_complete(cmd->sk, hdev->id,
6769 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6774 mgmt_pending_remove(cmd);
6777 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6778 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6779 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
6782 struct mgmt_ev_device_found *ev = (void *) buf;
6785 /* Don't send events for a non-kernel initiated discovery. With
6786 * LE one exception is if we have pend_le_reports > 0 in which
6787 * case we're doing passive scanning and want these events.
6789 if (!hci_discovery_active(hdev)) {
6790 if (link_type == ACL_LINK)
6792 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
6796 /* Make sure that the buffer is big enough. The 5 extra bytes
6797 * are for the potential CoD field.
6799 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
6802 memset(buf, 0, sizeof(buf));
6804 bacpy(&ev->addr.bdaddr, bdaddr);
6805 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6807 ev->flags = cpu_to_le32(flags);
6810 memcpy(ev->eir, eir, eir_len);
6812 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6813 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
6816 if (scan_rsp_len > 0)
6817 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6819 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6820 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
6822 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
6825 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6826 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
6828 struct mgmt_ev_device_found *ev;
6829 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6832 ev = (struct mgmt_ev_device_found *) buf;
6834 memset(buf, 0, sizeof(buf));
6836 bacpy(&ev->addr.bdaddr, bdaddr);
6837 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6840 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
6843 ev->eir_len = cpu_to_le16(eir_len);
6845 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
6848 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
6850 struct mgmt_ev_discovering ev;
6851 struct pending_cmd *cmd;
6853 BT_DBG("%s discovering %u", hdev->name, discovering);
6856 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
6858 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
6861 u8 type = hdev->discovery.type;
6863 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6865 mgmt_pending_remove(cmd);
6868 memset(&ev, 0, sizeof(ev));
6869 ev.type = hdev->discovery.type;
6870 ev.discovering = discovering;
6872 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
6875 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6877 BT_DBG("%s status %u", hdev->name, status);
6880 void mgmt_reenable_advertising(struct hci_dev *hdev)
6882 struct hci_request req;
6884 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6887 hci_req_init(&req, hdev);
6888 enable_advertising(&req);
6889 hci_req_run(&req, adv_enable_complete);
projects / karo-tx-linux.git / blob