2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
33 #include <net/bluetooth/mgmt.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 7
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
79 MGMT_OP_SET_ADVERTISING,
81 MGMT_OP_SET_STATIC_ADDRESS,
82 MGMT_OP_SET_SCAN_PARAMS,
83 MGMT_OP_SET_SECURE_CONN,
84 MGMT_OP_SET_DEBUG_KEYS,
87 MGMT_OP_GET_CONN_INFO,
88 MGMT_OP_GET_CLOCK_INFO,
90 MGMT_OP_REMOVE_DEVICE,
91 MGMT_OP_LOAD_CONN_PARAM,
92 MGMT_OP_READ_UNCONF_INDEX_LIST,
93 MGMT_OP_READ_CONFIG_INFO,
94 MGMT_OP_SET_EXTERNAL_CONFIG,
95 MGMT_OP_SET_PUBLIC_ADDRESS,
98 static const u16 mgmt_events[] = {
99 MGMT_EV_CONTROLLER_ERROR,
101 MGMT_EV_INDEX_REMOVED,
102 MGMT_EV_NEW_SETTINGS,
103 MGMT_EV_CLASS_OF_DEV_CHANGED,
104 MGMT_EV_LOCAL_NAME_CHANGED,
105 MGMT_EV_NEW_LINK_KEY,
106 MGMT_EV_NEW_LONG_TERM_KEY,
107 MGMT_EV_DEVICE_CONNECTED,
108 MGMT_EV_DEVICE_DISCONNECTED,
109 MGMT_EV_CONNECT_FAILED,
110 MGMT_EV_PIN_CODE_REQUEST,
111 MGMT_EV_USER_CONFIRM_REQUEST,
112 MGMT_EV_USER_PASSKEY_REQUEST,
114 MGMT_EV_DEVICE_FOUND,
116 MGMT_EV_DEVICE_BLOCKED,
117 MGMT_EV_DEVICE_UNBLOCKED,
118 MGMT_EV_DEVICE_UNPAIRED,
119 MGMT_EV_PASSKEY_NOTIFY,
122 MGMT_EV_DEVICE_ADDED,
123 MGMT_EV_DEVICE_REMOVED,
124 MGMT_EV_NEW_CONN_PARAM,
125 MGMT_EV_UNCONF_INDEX_ADDED,
126 MGMT_EV_UNCONF_INDEX_REMOVED,
127 MGMT_EV_NEW_CONFIG_OPTIONS,
130 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
133 struct list_head list;
141 /* HCI to MGMT error code conversion table */
142 static u8 mgmt_status_table[] = {
144 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
145 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
146 MGMT_STATUS_FAILED, /* Hardware Failure */
147 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
148 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
149 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
150 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
151 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
152 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
153 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
154 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
155 MGMT_STATUS_BUSY, /* Command Disallowed */
156 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
157 MGMT_STATUS_REJECTED, /* Rejected Security */
158 MGMT_STATUS_REJECTED, /* Rejected Personal */
159 MGMT_STATUS_TIMEOUT, /* Host Timeout */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
161 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
162 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
163 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
164 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
165 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
166 MGMT_STATUS_BUSY, /* Repeated Attempts */
167 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
168 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
169 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
170 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
171 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
172 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
173 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
174 MGMT_STATUS_FAILED, /* Unspecified Error */
175 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
176 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
177 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
178 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
179 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
180 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
181 MGMT_STATUS_FAILED, /* Unit Link Key Used */
182 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
183 MGMT_STATUS_TIMEOUT, /* Instant Passed */
184 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
185 MGMT_STATUS_FAILED, /* Transaction Collision */
186 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
187 MGMT_STATUS_REJECTED, /* QoS Rejected */
188 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
189 MGMT_STATUS_REJECTED, /* Insufficient Security */
190 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
191 MGMT_STATUS_BUSY, /* Role Switch Pending */
192 MGMT_STATUS_FAILED, /* Slot Violation */
193 MGMT_STATUS_FAILED, /* Role Switch Failed */
194 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
195 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
196 MGMT_STATUS_BUSY, /* Host Busy Pairing */
197 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
198 MGMT_STATUS_BUSY, /* Controller Busy */
199 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
200 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
201 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
202 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
203 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
206 static u8 mgmt_status(u8 hci_status)
208 if (hci_status < ARRAY_SIZE(mgmt_status_table))
209 return mgmt_status_table[hci_status];
211 return MGMT_STATUS_FAILED;
214 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
215 struct sock *skip_sk)
218 struct mgmt_hdr *hdr;
220 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
224 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = cpu_to_le16(event);
227 hdr->index = cpu_to_le16(hdev->id);
229 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
230 hdr->len = cpu_to_le16(data_len);
233 memcpy(skb_put(skb, data_len), data, data_len);
236 __net_timestamp(skb);
238 hci_send_to_control(skb, skip_sk);
244 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
247 struct mgmt_hdr *hdr;
248 struct mgmt_ev_cmd_status *ev;
251 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
253 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
257 hdr = (void *) skb_put(skb, sizeof(*hdr));
259 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
260 hdr->index = cpu_to_le16(index);
261 hdr->len = cpu_to_le16(sizeof(*ev));
263 ev = (void *) skb_put(skb, sizeof(*ev));
265 ev->opcode = cpu_to_le16(cmd);
267 err = sock_queue_rcv_skb(sk, skb);
274 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
275 void *rp, size_t rp_len)
278 struct mgmt_hdr *hdr;
279 struct mgmt_ev_cmd_complete *ev;
282 BT_DBG("sock %p", sk);
284 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
288 hdr = (void *) skb_put(skb, sizeof(*hdr));
290 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
291 hdr->index = cpu_to_le16(index);
292 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
294 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
295 ev->opcode = cpu_to_le16(cmd);
299 memcpy(ev->data, rp, rp_len);
301 err = sock_queue_rcv_skb(sk, skb);
308 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
311 struct mgmt_rp_read_version rp;
313 BT_DBG("sock %p", sk);
315 rp.version = MGMT_VERSION;
316 rp.revision = cpu_to_le16(MGMT_REVISION);
318 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
322 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
325 struct mgmt_rp_read_commands *rp;
326 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
327 const u16 num_events = ARRAY_SIZE(mgmt_events);
332 BT_DBG("sock %p", sk);
334 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
336 rp = kmalloc(rp_size, GFP_KERNEL);
340 rp->num_commands = cpu_to_le16(num_commands);
341 rp->num_events = cpu_to_le16(num_events);
343 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
344 put_unaligned_le16(mgmt_commands[i], opcode);
346 for (i = 0; i < num_events; i++, opcode++)
347 put_unaligned_le16(mgmt_events[i], opcode);
349 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
356 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
359 struct mgmt_rp_read_index_list *rp;
365 BT_DBG("sock %p", sk);
367 read_lock(&hci_dev_list_lock);
370 list_for_each_entry(d, &hci_dev_list, list) {
371 if (d->dev_type == HCI_BREDR &&
372 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
376 rp_len = sizeof(*rp) + (2 * count);
377 rp = kmalloc(rp_len, GFP_ATOMIC);
379 read_unlock(&hci_dev_list_lock);
384 list_for_each_entry(d, &hci_dev_list, list) {
385 if (test_bit(HCI_SETUP, &d->dev_flags) ||
386 test_bit(HCI_CONFIG, &d->dev_flags) ||
387 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
390 /* Devices marked as raw-only are neither configured
391 * nor unconfigured controllers.
393 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
396 if (d->dev_type == HCI_BREDR &&
397 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
398 rp->index[count++] = cpu_to_le16(d->id);
399 BT_DBG("Added hci%u", d->id);
403 rp->num_controllers = cpu_to_le16(count);
404 rp_len = sizeof(*rp) + (2 * count);
406 read_unlock(&hci_dev_list_lock);
408 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
416 static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
417 void *data, u16 data_len)
419 struct mgmt_rp_read_unconf_index_list *rp;
425 BT_DBG("sock %p", sk);
427 read_lock(&hci_dev_list_lock);
430 list_for_each_entry(d, &hci_dev_list, list) {
431 if (d->dev_type == HCI_BREDR &&
432 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
436 rp_len = sizeof(*rp) + (2 * count);
437 rp = kmalloc(rp_len, GFP_ATOMIC);
439 read_unlock(&hci_dev_list_lock);
444 list_for_each_entry(d, &hci_dev_list, list) {
445 if (test_bit(HCI_SETUP, &d->dev_flags) ||
446 test_bit(HCI_CONFIG, &d->dev_flags) ||
447 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
450 /* Devices marked as raw-only are neither configured
451 * nor unconfigured controllers.
453 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
456 if (d->dev_type == HCI_BREDR &&
457 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
458 rp->index[count++] = cpu_to_le16(d->id);
459 BT_DBG("Added hci%u", d->id);
463 rp->num_controllers = cpu_to_le16(count);
464 rp_len = sizeof(*rp) + (2 * count);
466 read_unlock(&hci_dev_list_lock);
468 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
476 static bool is_configured(struct hci_dev *hdev)
478 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
479 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
482 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
483 !bacmp(&hdev->public_addr, BDADDR_ANY))
489 static __le32 get_missing_options(struct hci_dev *hdev)
493 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
494 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
495 options |= MGMT_OPTION_EXTERNAL_CONFIG;
497 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
498 !bacmp(&hdev->public_addr, BDADDR_ANY))
499 options |= MGMT_OPTION_PUBLIC_ADDRESS;
501 return cpu_to_le32(options);
504 static int new_options(struct hci_dev *hdev, struct sock *skip)
506 __le32 options = get_missing_options(hdev);
508 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
509 sizeof(options), skip);
512 static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
514 __le32 options = get_missing_options(hdev);
516 return cmd_complete(sk, hdev->id, opcode, 0, &options,
520 static int read_config_info(struct sock *sk, struct hci_dev *hdev,
521 void *data, u16 data_len)
523 struct mgmt_rp_read_config_info rp;
526 BT_DBG("sock %p %s", sk, hdev->name);
530 memset(&rp, 0, sizeof(rp));
531 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
533 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
534 options |= MGMT_OPTION_EXTERNAL_CONFIG;
536 if (hdev->set_bdaddr)
537 options |= MGMT_OPTION_PUBLIC_ADDRESS;
539 rp.supported_options = cpu_to_le32(options);
540 rp.missing_options = get_missing_options(hdev);
542 hci_dev_unlock(hdev);
544 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
548 static u32 get_supported_settings(struct hci_dev *hdev)
552 settings |= MGMT_SETTING_POWERED;
553 settings |= MGMT_SETTING_BONDABLE;
554 settings |= MGMT_SETTING_DEBUG_KEYS;
555 settings |= MGMT_SETTING_CONNECTABLE;
556 settings |= MGMT_SETTING_DISCOVERABLE;
558 if (lmp_bredr_capable(hdev)) {
559 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
560 settings |= MGMT_SETTING_FAST_CONNECTABLE;
561 settings |= MGMT_SETTING_BREDR;
562 settings |= MGMT_SETTING_LINK_SECURITY;
564 if (lmp_ssp_capable(hdev)) {
565 settings |= MGMT_SETTING_SSP;
566 settings |= MGMT_SETTING_HS;
569 if (lmp_sc_capable(hdev) ||
570 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
571 settings |= MGMT_SETTING_SECURE_CONN;
574 if (lmp_le_capable(hdev)) {
575 settings |= MGMT_SETTING_LE;
576 settings |= MGMT_SETTING_ADVERTISING;
577 settings |= MGMT_SETTING_PRIVACY;
580 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
582 settings |= MGMT_SETTING_CONFIGURATION;
587 static u32 get_current_settings(struct hci_dev *hdev)
591 if (hdev_is_powered(hdev))
592 settings |= MGMT_SETTING_POWERED;
594 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
595 settings |= MGMT_SETTING_CONNECTABLE;
597 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
598 settings |= MGMT_SETTING_FAST_CONNECTABLE;
600 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
601 settings |= MGMT_SETTING_DISCOVERABLE;
603 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
604 settings |= MGMT_SETTING_BONDABLE;
606 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
607 settings |= MGMT_SETTING_BREDR;
609 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
610 settings |= MGMT_SETTING_LE;
612 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
613 settings |= MGMT_SETTING_LINK_SECURITY;
615 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
616 settings |= MGMT_SETTING_SSP;
618 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
619 settings |= MGMT_SETTING_HS;
621 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
622 settings |= MGMT_SETTING_ADVERTISING;
624 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
625 settings |= MGMT_SETTING_SECURE_CONN;
627 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
628 settings |= MGMT_SETTING_DEBUG_KEYS;
630 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
631 settings |= MGMT_SETTING_PRIVACY;
636 #define PNP_INFO_SVCLASS_ID 0x1200
638 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
640 u8 *ptr = data, *uuids_start = NULL;
641 struct bt_uuid *uuid;
646 list_for_each_entry(uuid, &hdev->uuids, list) {
649 if (uuid->size != 16)
652 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
656 if (uuid16 == PNP_INFO_SVCLASS_ID)
662 uuids_start[1] = EIR_UUID16_ALL;
666 /* Stop if not enough space to put next UUID */
667 if ((ptr - data) + sizeof(u16) > len) {
668 uuids_start[1] = EIR_UUID16_SOME;
672 *ptr++ = (uuid16 & 0x00ff);
673 *ptr++ = (uuid16 & 0xff00) >> 8;
674 uuids_start[0] += sizeof(uuid16);
680 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
682 u8 *ptr = data, *uuids_start = NULL;
683 struct bt_uuid *uuid;
688 list_for_each_entry(uuid, &hdev->uuids, list) {
689 if (uuid->size != 32)
695 uuids_start[1] = EIR_UUID32_ALL;
699 /* Stop if not enough space to put next UUID */
700 if ((ptr - data) + sizeof(u32) > len) {
701 uuids_start[1] = EIR_UUID32_SOME;
705 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
707 uuids_start[0] += sizeof(u32);
713 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
715 u8 *ptr = data, *uuids_start = NULL;
716 struct bt_uuid *uuid;
721 list_for_each_entry(uuid, &hdev->uuids, list) {
722 if (uuid->size != 128)
728 uuids_start[1] = EIR_UUID128_ALL;
732 /* Stop if not enough space to put next UUID */
733 if ((ptr - data) + 16 > len) {
734 uuids_start[1] = EIR_UUID128_SOME;
738 memcpy(ptr, uuid->uuid, 16);
740 uuids_start[0] += 16;
746 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
748 struct pending_cmd *cmd;
750 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
751 if (cmd->opcode == opcode)
758 static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
759 struct hci_dev *hdev,
762 struct pending_cmd *cmd;
764 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
765 if (cmd->user_data != data)
767 if (cmd->opcode == opcode)
774 static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
779 name_len = strlen(hdev->dev_name);
781 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
783 if (name_len > max_len) {
785 ptr[1] = EIR_NAME_SHORT;
787 ptr[1] = EIR_NAME_COMPLETE;
789 ptr[0] = name_len + 1;
791 memcpy(ptr + 2, hdev->dev_name, name_len);
793 ad_len += (name_len + 2);
794 ptr += (name_len + 2);
800 static void update_scan_rsp_data(struct hci_request *req)
802 struct hci_dev *hdev = req->hdev;
803 struct hci_cp_le_set_scan_rsp_data cp;
806 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
809 memset(&cp, 0, sizeof(cp));
811 len = create_scan_rsp_data(hdev, cp.data);
813 if (hdev->scan_rsp_data_len == len &&
814 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
817 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
818 hdev->scan_rsp_data_len = len;
822 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
825 static u8 get_adv_discov_flags(struct hci_dev *hdev)
827 struct pending_cmd *cmd;
829 /* If there's a pending mgmt command the flags will not yet have
830 * their final values, so check for this first.
832 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
834 struct mgmt_mode *cp = cmd->param;
836 return LE_AD_GENERAL;
837 else if (cp->val == 0x02)
838 return LE_AD_LIMITED;
840 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
841 return LE_AD_LIMITED;
842 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
843 return LE_AD_GENERAL;
849 static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
851 u8 ad_len = 0, flags = 0;
853 flags |= get_adv_discov_flags(hdev);
855 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
856 flags |= LE_AD_NO_BREDR;
859 BT_DBG("adv flags 0x%02x", flags);
869 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
871 ptr[1] = EIR_TX_POWER;
872 ptr[2] = (u8) hdev->adv_tx_power;
881 static void update_adv_data(struct hci_request *req)
883 struct hci_dev *hdev = req->hdev;
884 struct hci_cp_le_set_adv_data cp;
887 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
890 memset(&cp, 0, sizeof(cp));
892 len = create_adv_data(hdev, cp.data);
894 if (hdev->adv_data_len == len &&
895 memcmp(cp.data, hdev->adv_data, len) == 0)
898 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
899 hdev->adv_data_len = len;
903 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
906 int mgmt_update_adv_data(struct hci_dev *hdev)
908 struct hci_request req;
910 hci_req_init(&req, hdev);
911 update_adv_data(&req);
913 return hci_req_run(&req, NULL);
916 static void create_eir(struct hci_dev *hdev, u8 *data)
921 name_len = strlen(hdev->dev_name);
927 ptr[1] = EIR_NAME_SHORT;
929 ptr[1] = EIR_NAME_COMPLETE;
931 /* EIR Data length */
932 ptr[0] = name_len + 1;
934 memcpy(ptr + 2, hdev->dev_name, name_len);
936 ptr += (name_len + 2);
939 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
941 ptr[1] = EIR_TX_POWER;
942 ptr[2] = (u8) hdev->inq_tx_power;
947 if (hdev->devid_source > 0) {
949 ptr[1] = EIR_DEVICE_ID;
951 put_unaligned_le16(hdev->devid_source, ptr + 2);
952 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
953 put_unaligned_le16(hdev->devid_product, ptr + 6);
954 put_unaligned_le16(hdev->devid_version, ptr + 8);
959 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
960 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
961 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
964 static void update_eir(struct hci_request *req)
966 struct hci_dev *hdev = req->hdev;
967 struct hci_cp_write_eir cp;
969 if (!hdev_is_powered(hdev))
972 if (!lmp_ext_inq_capable(hdev))
975 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
978 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
981 memset(&cp, 0, sizeof(cp));
983 create_eir(hdev, cp.data);
985 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
988 memcpy(hdev->eir, cp.data, sizeof(cp.data));
990 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
993 static u8 get_service_classes(struct hci_dev *hdev)
995 struct bt_uuid *uuid;
998 list_for_each_entry(uuid, &hdev->uuids, list)
999 val |= uuid->svc_hint;
1004 static void update_class(struct hci_request *req)
1006 struct hci_dev *hdev = req->hdev;
1009 BT_DBG("%s", hdev->name);
1011 if (!hdev_is_powered(hdev))
1014 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1017 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1020 cod[0] = hdev->minor_class;
1021 cod[1] = hdev->major_class;
1022 cod[2] = get_service_classes(hdev);
1024 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1027 if (memcmp(cod, hdev->dev_class, 3) == 0)
1030 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
1033 static bool get_connectable(struct hci_dev *hdev)
1035 struct pending_cmd *cmd;
1037 /* If there's a pending mgmt command the flag will not yet have
1038 * it's final value, so check for this first.
1040 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1042 struct mgmt_mode *cp = cmd->param;
1046 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1049 static void disable_advertising(struct hci_request *req)
1053 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1056 static void enable_advertising(struct hci_request *req)
1058 struct hci_dev *hdev = req->hdev;
1059 struct hci_cp_le_set_adv_param cp;
1060 u8 own_addr_type, enable = 0x01;
1063 if (hci_conn_num(hdev, LE_LINK) > 0)
1066 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1067 disable_advertising(req);
1069 /* Clear the HCI_LE_ADV bit temporarily so that the
1070 * hci_update_random_address knows that it's safe to go ahead
1071 * and write a new random address. The flag will be set back on
1072 * as soon as the SET_ADV_ENABLE HCI command completes.
1074 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
1076 connectable = get_connectable(hdev);
1078 /* Set require_privacy to true only when non-connectable
1079 * advertising is used. In that case it is fine to use a
1080 * non-resolvable private address.
1082 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
1085 memset(&cp, 0, sizeof(cp));
1086 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1087 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
1088 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1089 cp.own_address_type = own_addr_type;
1090 cp.channel_map = hdev->le_adv_channel_map;
1092 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1094 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1097 static void service_cache_off(struct work_struct *work)
1099 struct hci_dev *hdev = container_of(work, struct hci_dev,
1100 service_cache.work);
1101 struct hci_request req;
1103 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
1106 hci_req_init(&req, hdev);
1113 hci_dev_unlock(hdev);
1115 hci_req_run(&req, NULL);
1118 static void rpa_expired(struct work_struct *work)
1120 struct hci_dev *hdev = container_of(work, struct hci_dev,
1122 struct hci_request req;
1126 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1128 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1131 /* The generation of a new RPA and programming it into the
1132 * controller happens in the enable_advertising() function.
1134 hci_req_init(&req, hdev);
1135 enable_advertising(&req);
1136 hci_req_run(&req, NULL);
1139 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
1141 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
1144 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
1145 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
1147 /* Non-mgmt controlled devices get this bit set
1148 * implicitly so that pairing works for them, however
1149 * for mgmt we require user-space to explicitly enable
1152 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1155 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
1156 void *data, u16 data_len)
1158 struct mgmt_rp_read_info rp;
1160 BT_DBG("sock %p %s", sk, hdev->name);
1164 memset(&rp, 0, sizeof(rp));
1166 bacpy(&rp.bdaddr, &hdev->bdaddr);
1168 rp.version = hdev->hci_ver;
1169 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
1171 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1172 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
1174 memcpy(rp.dev_class, hdev->dev_class, 3);
1176 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
1177 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
1179 hci_dev_unlock(hdev);
1181 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1185 static void mgmt_pending_free(struct pending_cmd *cmd)
1192 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1193 struct hci_dev *hdev, void *data,
1196 struct pending_cmd *cmd;
1198 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1202 cmd->opcode = opcode;
1203 cmd->index = hdev->id;
1205 cmd->param = kmalloc(len, GFP_KERNEL);
1212 memcpy(cmd->param, data, len);
1217 list_add(&cmd->list, &hdev->mgmt_pending);
1222 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
1223 void (*cb)(struct pending_cmd *cmd,
1227 struct pending_cmd *cmd, *tmp;
1229 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
1230 if (opcode > 0 && cmd->opcode != opcode)
1237 static void mgmt_pending_remove(struct pending_cmd *cmd)
1239 list_del(&cmd->list);
1240 mgmt_pending_free(cmd);
1243 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
1245 __le32 settings = cpu_to_le32(get_current_settings(hdev));
1247 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
1251 static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1253 BT_DBG("%s status 0x%02x", hdev->name, status);
1255 if (hci_conn_count(hdev) == 0) {
1256 cancel_delayed_work(&hdev->power_off);
1257 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1261 static bool hci_stop_discovery(struct hci_request *req)
1263 struct hci_dev *hdev = req->hdev;
1264 struct hci_cp_remote_name_req_cancel cp;
1265 struct inquiry_entry *e;
1267 switch (hdev->discovery.state) {
1268 case DISCOVERY_FINDING:
1269 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1270 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1272 cancel_delayed_work(&hdev->le_scan_disable);
1273 hci_req_add_le_scan_disable(req);
1278 case DISCOVERY_RESOLVING:
1279 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1284 bacpy(&cp.bdaddr, &e->data.bdaddr);
1285 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1291 /* Passive scanning */
1292 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
1293 hci_req_add_le_scan_disable(req);
1303 static int clean_up_hci_state(struct hci_dev *hdev)
1305 struct hci_request req;
1306 struct hci_conn *conn;
1307 bool discov_stopped;
1310 hci_req_init(&req, hdev);
1312 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1313 test_bit(HCI_PSCAN, &hdev->flags)) {
1315 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1318 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1319 disable_advertising(&req);
1321 discov_stopped = hci_stop_discovery(&req);
1323 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1324 struct hci_cp_disconnect dc;
1325 struct hci_cp_reject_conn_req rej;
1327 switch (conn->state) {
1330 dc.handle = cpu_to_le16(conn->handle);
1331 dc.reason = 0x15; /* Terminated due to Power Off */
1332 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1335 if (conn->type == LE_LINK)
1336 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1338 else if (conn->type == ACL_LINK)
1339 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1343 bacpy(&rej.bdaddr, &conn->dst);
1344 rej.reason = 0x15; /* Terminated due to Power Off */
1345 if (conn->type == ACL_LINK)
1346 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1348 else if (conn->type == SCO_LINK)
1349 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1355 err = hci_req_run(&req, clean_up_hci_complete);
1356 if (!err && discov_stopped)
1357 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1362 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
1365 struct mgmt_mode *cp = data;
1366 struct pending_cmd *cmd;
1369 BT_DBG("request for %s", hdev->name);
1371 if (cp->val != 0x00 && cp->val != 0x01)
1372 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1373 MGMT_STATUS_INVALID_PARAMS);
1377 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1378 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1383 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1384 cancel_delayed_work(&hdev->power_off);
1387 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1389 err = mgmt_powered(hdev, 1);
1394 if (!!cp->val == hdev_is_powered(hdev)) {
1395 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
1399 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
1406 queue_work(hdev->req_workqueue, &hdev->power_on);
1409 /* Disconnect connections, stop scans, etc */
1410 err = clean_up_hci_state(hdev);
1412 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1413 HCI_POWER_OFF_TIMEOUT);
1415 /* ENODATA means there were no HCI commands queued */
1416 if (err == -ENODATA) {
1417 cancel_delayed_work(&hdev->power_off);
1418 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1424 hci_dev_unlock(hdev);
1428 static int new_settings(struct hci_dev *hdev, struct sock *skip)
1432 ev = cpu_to_le32(get_current_settings(hdev));
1434 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1437 int mgmt_new_settings(struct hci_dev *hdev)
1439 return new_settings(hdev, NULL);
1444 struct hci_dev *hdev;
1448 static void settings_rsp(struct pending_cmd *cmd, void *data)
1450 struct cmd_lookup *match = data;
1452 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1454 list_del(&cmd->list);
1456 if (match->sk == NULL) {
1457 match->sk = cmd->sk;
1458 sock_hold(match->sk);
1461 mgmt_pending_free(cmd);
1464 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1468 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1469 mgmt_pending_remove(cmd);
1472 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1474 if (!lmp_bredr_capable(hdev))
1475 return MGMT_STATUS_NOT_SUPPORTED;
1476 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1477 return MGMT_STATUS_REJECTED;
1479 return MGMT_STATUS_SUCCESS;
1482 static u8 mgmt_le_support(struct hci_dev *hdev)
1484 if (!lmp_le_capable(hdev))
1485 return MGMT_STATUS_NOT_SUPPORTED;
1486 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1487 return MGMT_STATUS_REJECTED;
1489 return MGMT_STATUS_SUCCESS;
1492 static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1494 struct pending_cmd *cmd;
1495 struct mgmt_mode *cp;
1496 struct hci_request req;
1499 BT_DBG("status 0x%02x", status);
1503 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1508 u8 mgmt_err = mgmt_status(status);
1509 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1510 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1516 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1519 if (hdev->discov_timeout > 0) {
1520 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1521 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1525 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1529 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1532 new_settings(hdev, cmd->sk);
1534 /* When the discoverable mode gets changed, make sure
1535 * that class of device has the limited discoverable
1536 * bit correctly set. Also update page scan based on whitelist
1539 hci_req_init(&req, hdev);
1540 hci_update_page_scan(hdev, &req);
1542 hci_req_run(&req, NULL);
1545 mgmt_pending_remove(cmd);
1548 hci_dev_unlock(hdev);
1551 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1554 struct mgmt_cp_set_discoverable *cp = data;
1555 struct pending_cmd *cmd;
1556 struct hci_request req;
1561 BT_DBG("request for %s", hdev->name);
1563 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1564 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1565 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1566 MGMT_STATUS_REJECTED);
1568 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
1569 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1570 MGMT_STATUS_INVALID_PARAMS);
1572 timeout = __le16_to_cpu(cp->timeout);
1574 /* Disabling discoverable requires that no timeout is set,
1575 * and enabling limited discoverable requires a timeout.
1577 if ((cp->val == 0x00 && timeout > 0) ||
1578 (cp->val == 0x02 && timeout == 0))
1579 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1580 MGMT_STATUS_INVALID_PARAMS);
1584 if (!hdev_is_powered(hdev) && timeout > 0) {
1585 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1586 MGMT_STATUS_NOT_POWERED);
1590 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1591 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1592 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1597 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1598 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1599 MGMT_STATUS_REJECTED);
1603 if (!hdev_is_powered(hdev)) {
1604 bool changed = false;
1606 /* Setting limited discoverable when powered off is
1607 * not a valid operation since it requires a timeout
1608 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1610 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1611 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1615 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1620 err = new_settings(hdev, sk);
1625 /* If the current mode is the same, then just update the timeout
1626 * value with the new value. And if only the timeout gets updated,
1627 * then no need for any HCI transactions.
1629 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1630 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1631 &hdev->dev_flags)) {
1632 cancel_delayed_work(&hdev->discov_off);
1633 hdev->discov_timeout = timeout;
1635 if (cp->val && hdev->discov_timeout > 0) {
1636 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1637 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1641 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1645 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1651 /* Cancel any potential discoverable timeout that might be
1652 * still active and store new timeout value. The arming of
1653 * the timeout happens in the complete handler.
1655 cancel_delayed_work(&hdev->discov_off);
1656 hdev->discov_timeout = timeout;
1658 /* Limited discoverable mode */
1659 if (cp->val == 0x02)
1660 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1662 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1664 hci_req_init(&req, hdev);
1666 /* The procedure for LE-only controllers is much simpler - just
1667 * update the advertising data.
1669 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1675 struct hci_cp_write_current_iac_lap hci_cp;
1677 if (cp->val == 0x02) {
1678 /* Limited discoverable mode */
1679 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
1680 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1681 hci_cp.iac_lap[1] = 0x8b;
1682 hci_cp.iac_lap[2] = 0x9e;
1683 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1684 hci_cp.iac_lap[4] = 0x8b;
1685 hci_cp.iac_lap[5] = 0x9e;
1687 /* General discoverable mode */
1689 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1690 hci_cp.iac_lap[1] = 0x8b;
1691 hci_cp.iac_lap[2] = 0x9e;
1694 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1695 (hci_cp.num_iac * 3) + 1, &hci_cp);
1697 scan |= SCAN_INQUIRY;
1699 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1702 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
1705 update_adv_data(&req);
1707 err = hci_req_run(&req, set_discoverable_complete);
1709 mgmt_pending_remove(cmd);
1712 hci_dev_unlock(hdev);
1716 static void write_fast_connectable(struct hci_request *req, bool enable)
1718 struct hci_dev *hdev = req->hdev;
1719 struct hci_cp_write_page_scan_activity acp;
1722 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1725 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1729 type = PAGE_SCAN_TYPE_INTERLACED;
1731 /* 160 msec page scan interval */
1732 acp.interval = cpu_to_le16(0x0100);
1734 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1736 /* default 1.28 sec page scan */
1737 acp.interval = cpu_to_le16(0x0800);
1740 acp.window = cpu_to_le16(0x0012);
1742 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1743 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1744 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1747 if (hdev->page_scan_type != type)
1748 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1751 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1753 struct pending_cmd *cmd;
1754 struct mgmt_mode *cp;
1755 bool conn_changed, discov_changed;
1757 BT_DBG("status 0x%02x", status);
1761 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1766 u8 mgmt_err = mgmt_status(status);
1767 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1773 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1775 discov_changed = false;
1777 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1779 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1783 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1785 if (conn_changed || discov_changed) {
1786 new_settings(hdev, cmd->sk);
1787 hci_update_page_scan(hdev, NULL);
1789 mgmt_update_adv_data(hdev);
1790 hci_update_background_scan(hdev);
1794 mgmt_pending_remove(cmd);
1797 hci_dev_unlock(hdev);
1800 static int set_connectable_update_settings(struct hci_dev *hdev,
1801 struct sock *sk, u8 val)
1803 bool changed = false;
1806 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1810 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1812 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1813 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1816 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1821 hci_update_page_scan(hdev, NULL);
1822 hci_update_background_scan(hdev);
1823 return new_settings(hdev, sk);
1829 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1832 struct mgmt_mode *cp = data;
1833 struct pending_cmd *cmd;
1834 struct hci_request req;
1838 BT_DBG("request for %s", hdev->name);
1840 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1841 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1842 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1843 MGMT_STATUS_REJECTED);
1845 if (cp->val != 0x00 && cp->val != 0x01)
1846 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1847 MGMT_STATUS_INVALID_PARAMS);
1851 if (!hdev_is_powered(hdev)) {
1852 err = set_connectable_update_settings(hdev, sk, cp->val);
1856 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1857 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1858 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1863 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1869 hci_req_init(&req, hdev);
1871 /* If BR/EDR is not enabled and we disable advertising as a
1872 * by-product of disabling connectable, we need to update the
1873 * advertising flags.
1875 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1877 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1878 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1880 update_adv_data(&req);
1881 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1885 /* If we don't have any whitelist entries just
1886 * disable all scanning. If there are entries
1887 * and we had both page and inquiry scanning
1888 * enabled then fall back to only page scanning.
1889 * Otherwise no changes are needed.
1891 if (list_empty(&hdev->whitelist))
1892 scan = SCAN_DISABLED;
1893 else if (test_bit(HCI_ISCAN, &hdev->flags))
1896 goto no_scan_update;
1898 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1899 hdev->discov_timeout > 0)
1900 cancel_delayed_work(&hdev->discov_off);
1903 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1907 /* If we're going from non-connectable to connectable or
1908 * vice-versa when fast connectable is enabled ensure that fast
1909 * connectable gets disabled. write_fast_connectable won't do
1910 * anything if the page scan parameters are already what they
1913 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1914 write_fast_connectable(&req, false);
1916 /* Update the advertising parameters if necessary */
1917 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1918 enable_advertising(&req);
1920 err = hci_req_run(&req, set_connectable_complete);
1922 mgmt_pending_remove(cmd);
1923 if (err == -ENODATA)
1924 err = set_connectable_update_settings(hdev, sk,
1930 hci_dev_unlock(hdev);
1934 static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
1937 struct mgmt_mode *cp = data;
1941 BT_DBG("request for %s", hdev->name);
1943 if (cp->val != 0x00 && cp->val != 0x01)
1944 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1945 MGMT_STATUS_INVALID_PARAMS);
1950 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
1952 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
1954 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
1959 err = new_settings(hdev, sk);
1962 hci_dev_unlock(hdev);
1966 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1969 struct mgmt_mode *cp = data;
1970 struct pending_cmd *cmd;
1974 BT_DBG("request for %s", hdev->name);
1976 status = mgmt_bredr_support(hdev);
1978 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1981 if (cp->val != 0x00 && cp->val != 0x01)
1982 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1983 MGMT_STATUS_INVALID_PARAMS);
1987 if (!hdev_is_powered(hdev)) {
1988 bool changed = false;
1990 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1991 &hdev->dev_flags)) {
1992 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1996 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2001 err = new_settings(hdev, sk);
2006 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
2007 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2014 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2015 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2019 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2025 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2027 mgmt_pending_remove(cmd);
2032 hci_dev_unlock(hdev);
2036 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2038 struct mgmt_mode *cp = data;
2039 struct pending_cmd *cmd;
2043 BT_DBG("request for %s", hdev->name);
2045 status = mgmt_bredr_support(hdev);
2047 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2049 if (!lmp_ssp_capable(hdev))
2050 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2051 MGMT_STATUS_NOT_SUPPORTED);
2053 if (cp->val != 0x00 && cp->val != 0x01)
2054 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2055 MGMT_STATUS_INVALID_PARAMS);
2059 if (!hdev_is_powered(hdev)) {
2063 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2066 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2069 changed = test_and_clear_bit(HCI_HS_ENABLED,
2072 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2075 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2080 err = new_settings(hdev, sk);
2085 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2086 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
2087 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2092 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2093 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2097 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2103 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2104 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2105 sizeof(cp->val), &cp->val);
2107 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
2109 mgmt_pending_remove(cmd);
2114 hci_dev_unlock(hdev);
2118 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2120 struct mgmt_mode *cp = data;
2125 BT_DBG("request for %s", hdev->name);
2127 status = mgmt_bredr_support(hdev);
2129 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
2131 if (!lmp_ssp_capable(hdev))
2132 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2133 MGMT_STATUS_NOT_SUPPORTED);
2135 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2136 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2137 MGMT_STATUS_REJECTED);
2139 if (cp->val != 0x00 && cp->val != 0x01)
2140 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2141 MGMT_STATUS_INVALID_PARAMS);
2146 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2148 if (hdev_is_powered(hdev)) {
2149 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2150 MGMT_STATUS_REJECTED);
2154 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
2157 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2162 err = new_settings(hdev, sk);
2165 hci_dev_unlock(hdev);
2169 static void le_enable_complete(struct hci_dev *hdev, u8 status)
2171 struct cmd_lookup match = { NULL, hdev };
2174 u8 mgmt_err = mgmt_status(status);
2176 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2181 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2183 new_settings(hdev, match.sk);
2188 /* Make sure the controller has a good default for
2189 * advertising data. Restrict the update to when LE
2190 * has actually been enabled. During power on, the
2191 * update in powered_update_hci will take care of it.
2193 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2194 struct hci_request req;
2198 hci_req_init(&req, hdev);
2199 update_adv_data(&req);
2200 update_scan_rsp_data(&req);
2201 hci_req_run(&req, NULL);
2203 hci_update_background_scan(hdev);
2205 hci_dev_unlock(hdev);
2209 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2211 struct mgmt_mode *cp = data;
2212 struct hci_cp_write_le_host_supported hci_cp;
2213 struct pending_cmd *cmd;
2214 struct hci_request req;
2218 BT_DBG("request for %s", hdev->name);
2220 if (!lmp_le_capable(hdev))
2221 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2222 MGMT_STATUS_NOT_SUPPORTED);
2224 if (cp->val != 0x00 && cp->val != 0x01)
2225 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2226 MGMT_STATUS_INVALID_PARAMS);
2228 /* LE-only devices do not allow toggling LE on/off */
2229 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
2230 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2231 MGMT_STATUS_REJECTED);
2236 enabled = lmp_host_le_capable(hdev);
2238 if (!hdev_is_powered(hdev) || val == enabled) {
2239 bool changed = false;
2241 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2242 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2246 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2247 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
2251 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2256 err = new_settings(hdev, sk);
2261 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2262 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
2263 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2268 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2274 hci_req_init(&req, hdev);
2276 memset(&hci_cp, 0, sizeof(hci_cp));
2280 hci_cp.simul = 0x00;
2282 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
2283 disable_advertising(&req);
2286 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2289 err = hci_req_run(&req, le_enable_complete);
2291 mgmt_pending_remove(cmd);
2294 hci_dev_unlock(hdev);
2298 /* This is a helper function to test for pending mgmt commands that can
2299 * cause CoD or EIR HCI commands. We can only allow one such pending
2300 * mgmt command at a time since otherwise we cannot easily track what
2301 * the current values are, will be, and based on that calculate if a new
2302 * HCI command needs to be sent and if yes with what value.
2304 static bool pending_eir_or_class(struct hci_dev *hdev)
2306 struct pending_cmd *cmd;
2308 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2309 switch (cmd->opcode) {
2310 case MGMT_OP_ADD_UUID:
2311 case MGMT_OP_REMOVE_UUID:
2312 case MGMT_OP_SET_DEV_CLASS:
2313 case MGMT_OP_SET_POWERED:
2321 static const u8 bluetooth_base_uuid[] = {
2322 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2323 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2326 static u8 get_uuid_size(const u8 *uuid)
2330 if (memcmp(uuid, bluetooth_base_uuid, 12))
2333 val = get_unaligned_le32(&uuid[12]);
2340 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2342 struct pending_cmd *cmd;
2346 cmd = mgmt_pending_find(mgmt_op, hdev);
2350 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2351 hdev->dev_class, 3);
2353 mgmt_pending_remove(cmd);
2356 hci_dev_unlock(hdev);
2359 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2361 BT_DBG("status 0x%02x", status);
2363 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2366 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2368 struct mgmt_cp_add_uuid *cp = data;
2369 struct pending_cmd *cmd;
2370 struct hci_request req;
2371 struct bt_uuid *uuid;
2374 BT_DBG("request for %s", hdev->name);
2378 if (pending_eir_or_class(hdev)) {
2379 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2384 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2390 memcpy(uuid->uuid, cp->uuid, 16);
2391 uuid->svc_hint = cp->svc_hint;
2392 uuid->size = get_uuid_size(cp->uuid);
2394 list_add_tail(&uuid->list, &hdev->uuids);
2396 hci_req_init(&req, hdev);
2401 err = hci_req_run(&req, add_uuid_complete);
2403 if (err != -ENODATA)
2406 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2407 hdev->dev_class, 3);
2411 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
2420 hci_dev_unlock(hdev);
2424 static bool enable_service_cache(struct hci_dev *hdev)
2426 if (!hdev_is_powered(hdev))
2429 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2430 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2438 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2440 BT_DBG("status 0x%02x", status);
2442 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2445 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
2448 struct mgmt_cp_remove_uuid *cp = data;
2449 struct pending_cmd *cmd;
2450 struct bt_uuid *match, *tmp;
2451 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2452 struct hci_request req;
2455 BT_DBG("request for %s", hdev->name);
2459 if (pending_eir_or_class(hdev)) {
2460 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2465 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2466 hci_uuids_clear(hdev);
2468 if (enable_service_cache(hdev)) {
2469 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2470 0, hdev->dev_class, 3);
2479 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2480 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2483 list_del(&match->list);
2489 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2490 MGMT_STATUS_INVALID_PARAMS);
2495 hci_req_init(&req, hdev);
2500 err = hci_req_run(&req, remove_uuid_complete);
2502 if (err != -ENODATA)
2505 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2506 hdev->dev_class, 3);
2510 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
2519 hci_dev_unlock(hdev);
2523 static void set_class_complete(struct hci_dev *hdev, u8 status)
2525 BT_DBG("status 0x%02x", status);
2527 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2530 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
2533 struct mgmt_cp_set_dev_class *cp = data;
2534 struct pending_cmd *cmd;
2535 struct hci_request req;
2538 BT_DBG("request for %s", hdev->name);
2540 if (!lmp_bredr_capable(hdev))
2541 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2542 MGMT_STATUS_NOT_SUPPORTED);
2546 if (pending_eir_or_class(hdev)) {
2547 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2552 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2553 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2554 MGMT_STATUS_INVALID_PARAMS);
2558 hdev->major_class = cp->major;
2559 hdev->minor_class = cp->minor;
2561 if (!hdev_is_powered(hdev)) {
2562 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2563 hdev->dev_class, 3);
2567 hci_req_init(&req, hdev);
2569 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2570 hci_dev_unlock(hdev);
2571 cancel_delayed_work_sync(&hdev->service_cache);
2578 err = hci_req_run(&req, set_class_complete);
2580 if (err != -ENODATA)
2583 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2584 hdev->dev_class, 3);
2588 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2597 hci_dev_unlock(hdev);
2601 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2604 struct mgmt_cp_load_link_keys *cp = data;
2605 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2606 sizeof(struct mgmt_link_key_info));
2607 u16 key_count, expected_len;
2611 BT_DBG("request for %s", hdev->name);
2613 if (!lmp_bredr_capable(hdev))
2614 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2615 MGMT_STATUS_NOT_SUPPORTED);
2617 key_count = __le16_to_cpu(cp->key_count);
2618 if (key_count > max_key_count) {
2619 BT_ERR("load_link_keys: too big key_count value %u",
2621 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2622 MGMT_STATUS_INVALID_PARAMS);
2625 expected_len = sizeof(*cp) + key_count *
2626 sizeof(struct mgmt_link_key_info);
2627 if (expected_len != len) {
2628 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2630 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2631 MGMT_STATUS_INVALID_PARAMS);
2634 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2635 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2636 MGMT_STATUS_INVALID_PARAMS);
2638 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2641 for (i = 0; i < key_count; i++) {
2642 struct mgmt_link_key_info *key = &cp->keys[i];
2644 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2645 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2646 MGMT_STATUS_INVALID_PARAMS);
2651 hci_link_keys_clear(hdev);
2654 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2657 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2661 new_settings(hdev, NULL);
2663 for (i = 0; i < key_count; i++) {
2664 struct mgmt_link_key_info *key = &cp->keys[i];
2666 /* Always ignore debug keys and require a new pairing if
2667 * the user wants to use them.
2669 if (key->type == HCI_LK_DEBUG_COMBINATION)
2672 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2673 key->type, key->pin_len, NULL);
2676 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2678 hci_dev_unlock(hdev);
2683 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2684 u8 addr_type, struct sock *skip_sk)
2686 struct mgmt_ev_device_unpaired ev;
2688 bacpy(&ev.addr.bdaddr, bdaddr);
2689 ev.addr.type = addr_type;
2691 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2695 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2698 struct mgmt_cp_unpair_device *cp = data;
2699 struct mgmt_rp_unpair_device rp;
2700 struct hci_cp_disconnect dc;
2701 struct pending_cmd *cmd;
2702 struct hci_conn *conn;
2705 memset(&rp, 0, sizeof(rp));
2706 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2707 rp.addr.type = cp->addr.type;
2709 if (!bdaddr_type_is_valid(cp->addr.type))
2710 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2711 MGMT_STATUS_INVALID_PARAMS,
2714 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2715 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2716 MGMT_STATUS_INVALID_PARAMS,
2721 if (!hdev_is_powered(hdev)) {
2722 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2723 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2727 if (cp->addr.type == BDADDR_BREDR) {
2728 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2732 if (cp->addr.type == BDADDR_LE_PUBLIC)
2733 addr_type = ADDR_LE_DEV_PUBLIC;
2735 addr_type = ADDR_LE_DEV_RANDOM;
2737 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2739 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2741 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2745 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2746 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2750 if (cp->disconnect) {
2751 if (cp->addr.type == BDADDR_BREDR)
2752 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2755 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2762 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2764 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2768 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2775 dc.handle = cpu_to_le16(conn->handle);
2776 dc.reason = 0x13; /* Remote User Terminated Connection */
2777 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2779 mgmt_pending_remove(cmd);
2782 hci_dev_unlock(hdev);
2786 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2789 struct mgmt_cp_disconnect *cp = data;
2790 struct mgmt_rp_disconnect rp;
2791 struct hci_cp_disconnect dc;
2792 struct pending_cmd *cmd;
2793 struct hci_conn *conn;
2798 memset(&rp, 0, sizeof(rp));
2799 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2800 rp.addr.type = cp->addr.type;
2802 if (!bdaddr_type_is_valid(cp->addr.type))
2803 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2804 MGMT_STATUS_INVALID_PARAMS,
2809 if (!test_bit(HCI_UP, &hdev->flags)) {
2810 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2811 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2815 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2816 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2817 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2821 if (cp->addr.type == BDADDR_BREDR)
2822 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2825 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2827 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2828 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2829 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2833 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2839 dc.handle = cpu_to_le16(conn->handle);
2840 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2842 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2844 mgmt_pending_remove(cmd);
2847 hci_dev_unlock(hdev);
2851 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2853 switch (link_type) {
2855 switch (addr_type) {
2856 case ADDR_LE_DEV_PUBLIC:
2857 return BDADDR_LE_PUBLIC;
2860 /* Fallback to LE Random address type */
2861 return BDADDR_LE_RANDOM;
2865 /* Fallback to BR/EDR type */
2866 return BDADDR_BREDR;
2870 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2873 struct mgmt_rp_get_connections *rp;
2883 if (!hdev_is_powered(hdev)) {
2884 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2885 MGMT_STATUS_NOT_POWERED);
2890 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2891 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2895 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2896 rp = kmalloc(rp_len, GFP_KERNEL);
2903 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2904 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2906 bacpy(&rp->addr[i].bdaddr, &c->dst);
2907 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2908 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2913 rp->conn_count = cpu_to_le16(i);
2915 /* Recalculate length in case of filtered SCO connections, etc */
2916 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2918 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2924 hci_dev_unlock(hdev);
2928 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2929 struct mgmt_cp_pin_code_neg_reply *cp)
2931 struct pending_cmd *cmd;
2934 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2939 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2940 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2942 mgmt_pending_remove(cmd);
2947 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2950 struct hci_conn *conn;
2951 struct mgmt_cp_pin_code_reply *cp = data;
2952 struct hci_cp_pin_code_reply reply;
2953 struct pending_cmd *cmd;
2960 if (!hdev_is_powered(hdev)) {
2961 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2962 MGMT_STATUS_NOT_POWERED);
2966 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2968 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2969 MGMT_STATUS_NOT_CONNECTED);
2973 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2974 struct mgmt_cp_pin_code_neg_reply ncp;
2976 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2978 BT_ERR("PIN code is not 16 bytes long");
2980 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2982 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2983 MGMT_STATUS_INVALID_PARAMS);
2988 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2994 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2995 reply.pin_len = cp->pin_len;
2996 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2998 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3000 mgmt_pending_remove(cmd);
3003 hci_dev_unlock(hdev);
3007 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3010 struct mgmt_cp_set_io_capability *cp = data;
3014 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3015 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3016 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3020 hdev->io_capability = cp->io_capability;
3022 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
3023 hdev->io_capability);
3025 hci_dev_unlock(hdev);
3027 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3031 static struct pending_cmd *find_pairing(struct hci_conn *conn)
3033 struct hci_dev *hdev = conn->hdev;
3034 struct pending_cmd *cmd;
3036 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
3037 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3040 if (cmd->user_data != conn)
3049 static void pairing_complete(struct pending_cmd *cmd, u8 status)
3051 struct mgmt_rp_pair_device rp;
3052 struct hci_conn *conn = cmd->user_data;
3054 bacpy(&rp.addr.bdaddr, &conn->dst);
3055 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
3057 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
3060 /* So we don't get further callbacks for this connection */
3061 conn->connect_cfm_cb = NULL;
3062 conn->security_cfm_cb = NULL;
3063 conn->disconn_cfm_cb = NULL;
3065 hci_conn_drop(conn);
3067 mgmt_pending_remove(cmd);
3070 void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3072 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3073 struct pending_cmd *cmd;
3075 cmd = find_pairing(conn);
3077 pairing_complete(cmd, status);
3080 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3082 struct pending_cmd *cmd;
3084 BT_DBG("status %u", status);
3086 cmd = find_pairing(conn);
3088 BT_DBG("Unable to find a pending command");
3090 pairing_complete(cmd, mgmt_status(status));
3093 static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
3095 struct pending_cmd *cmd;
3097 BT_DBG("status %u", status);
3102 cmd = find_pairing(conn);
3104 BT_DBG("Unable to find a pending command");
3106 pairing_complete(cmd, mgmt_status(status));
3109 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3112 struct mgmt_cp_pair_device *cp = data;
3113 struct mgmt_rp_pair_device rp;
3114 struct pending_cmd *cmd;
3115 u8 sec_level, auth_type;
3116 struct hci_conn *conn;
3121 memset(&rp, 0, sizeof(rp));
3122 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3123 rp.addr.type = cp->addr.type;
3125 if (!bdaddr_type_is_valid(cp->addr.type))
3126 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3127 MGMT_STATUS_INVALID_PARAMS,
3130 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3131 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3132 MGMT_STATUS_INVALID_PARAMS,
3137 if (!hdev_is_powered(hdev)) {
3138 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3139 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
3143 sec_level = BT_SECURITY_MEDIUM;
3144 auth_type = HCI_AT_DEDICATED_BONDING;
3146 if (cp->addr.type == BDADDR_BREDR) {
3147 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3152 /* Convert from L2CAP channel address type to HCI address type
3154 if (cp->addr.type == BDADDR_LE_PUBLIC)
3155 addr_type = ADDR_LE_DEV_PUBLIC;
3157 addr_type = ADDR_LE_DEV_RANDOM;
3159 /* When pairing a new device, it is expected to remember
3160 * this device for future connections. Adding the connection
3161 * parameter information ahead of time allows tracking
3162 * of the slave preferred values and will speed up any
3163 * further connection establishment.
3165 * If connection parameters already exist, then they
3166 * will be kept and this function does nothing.
3168 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3170 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
3171 sec_level, HCI_LE_CONN_TIMEOUT,
3178 if (PTR_ERR(conn) == -EBUSY)
3179 status = MGMT_STATUS_BUSY;
3181 status = MGMT_STATUS_CONNECT_FAILED;
3183 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3189 if (conn->connect_cfm_cb) {
3190 hci_conn_drop(conn);
3191 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3192 MGMT_STATUS_BUSY, &rp, sizeof(rp));
3196 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
3199 hci_conn_drop(conn);
3203 /* For LE, just connecting isn't a proof that the pairing finished */
3204 if (cp->addr.type == BDADDR_BREDR) {
3205 conn->connect_cfm_cb = pairing_complete_cb;
3206 conn->security_cfm_cb = pairing_complete_cb;
3207 conn->disconn_cfm_cb = pairing_complete_cb;
3209 conn->connect_cfm_cb = le_pairing_complete_cb;
3210 conn->security_cfm_cb = le_pairing_complete_cb;
3211 conn->disconn_cfm_cb = le_pairing_complete_cb;
3214 conn->io_capability = cp->io_cap;
3215 cmd->user_data = conn;
3217 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
3218 hci_conn_security(conn, sec_level, auth_type, true))
3219 pairing_complete(cmd, 0);
3224 hci_dev_unlock(hdev);
3228 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3231 struct mgmt_addr_info *addr = data;
3232 struct pending_cmd *cmd;
3233 struct hci_conn *conn;
3240 if (!hdev_is_powered(hdev)) {
3241 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3242 MGMT_STATUS_NOT_POWERED);
3246 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3248 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3249 MGMT_STATUS_INVALID_PARAMS);
3253 conn = cmd->user_data;
3255 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
3256 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3257 MGMT_STATUS_INVALID_PARAMS);
3261 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3263 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3264 addr, sizeof(*addr));
3266 hci_dev_unlock(hdev);
3270 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
3271 struct mgmt_addr_info *addr, u16 mgmt_op,
3272 u16 hci_op, __le32 passkey)
3274 struct pending_cmd *cmd;
3275 struct hci_conn *conn;
3280 if (!hdev_is_powered(hdev)) {
3281 err = cmd_complete(sk, hdev->id, mgmt_op,
3282 MGMT_STATUS_NOT_POWERED, addr,
3287 if (addr->type == BDADDR_BREDR)
3288 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
3290 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
3293 err = cmd_complete(sk, hdev->id, mgmt_op,
3294 MGMT_STATUS_NOT_CONNECTED, addr,
3299 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
3300 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3302 err = cmd_complete(sk, hdev->id, mgmt_op,
3303 MGMT_STATUS_SUCCESS, addr,
3306 err = cmd_complete(sk, hdev->id, mgmt_op,
3307 MGMT_STATUS_FAILED, addr,
3313 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
3319 /* Continue with pairing via HCI */
3320 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3321 struct hci_cp_user_passkey_reply cp;
3323 bacpy(&cp.bdaddr, &addr->bdaddr);
3324 cp.passkey = passkey;
3325 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3327 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3331 mgmt_pending_remove(cmd);
3334 hci_dev_unlock(hdev);
3338 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3339 void *data, u16 len)
3341 struct mgmt_cp_pin_code_neg_reply *cp = data;
3345 return user_pairing_resp(sk, hdev, &cp->addr,
3346 MGMT_OP_PIN_CODE_NEG_REPLY,
3347 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3350 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3353 struct mgmt_cp_user_confirm_reply *cp = data;
3357 if (len != sizeof(*cp))
3358 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3359 MGMT_STATUS_INVALID_PARAMS);
3361 return user_pairing_resp(sk, hdev, &cp->addr,
3362 MGMT_OP_USER_CONFIRM_REPLY,
3363 HCI_OP_USER_CONFIRM_REPLY, 0);
3366 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
3367 void *data, u16 len)
3369 struct mgmt_cp_user_confirm_neg_reply *cp = data;
3373 return user_pairing_resp(sk, hdev, &cp->addr,
3374 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3375 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
3378 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3381 struct mgmt_cp_user_passkey_reply *cp = data;
3385 return user_pairing_resp(sk, hdev, &cp->addr,
3386 MGMT_OP_USER_PASSKEY_REPLY,
3387 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
3390 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
3391 void *data, u16 len)
3393 struct mgmt_cp_user_passkey_neg_reply *cp = data;
3397 return user_pairing_resp(sk, hdev, &cp->addr,
3398 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3399 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
3402 static void update_name(struct hci_request *req)
3404 struct hci_dev *hdev = req->hdev;
3405 struct hci_cp_write_local_name cp;
3407 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
3409 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
3412 static void set_name_complete(struct hci_dev *hdev, u8 status)
3414 struct mgmt_cp_set_local_name *cp;
3415 struct pending_cmd *cmd;
3417 BT_DBG("status 0x%02x", status);
3421 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3428 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3429 mgmt_status(status));
3431 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3434 mgmt_pending_remove(cmd);
3437 hci_dev_unlock(hdev);
3440 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
3443 struct mgmt_cp_set_local_name *cp = data;
3444 struct pending_cmd *cmd;
3445 struct hci_request req;
3452 /* If the old values are the same as the new ones just return a
3453 * direct command complete event.
3455 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3456 !memcmp(hdev->short_name, cp->short_name,
3457 sizeof(hdev->short_name))) {
3458 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3463 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
3465 if (!hdev_is_powered(hdev)) {
3466 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3468 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3473 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
3479 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
3485 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3487 hci_req_init(&req, hdev);
3489 if (lmp_bredr_capable(hdev)) {
3494 /* The name is stored in the scan response data and so
3495 * no need to udpate the advertising data here.
3497 if (lmp_le_capable(hdev))
3498 update_scan_rsp_data(&req);
3500 err = hci_req_run(&req, set_name_complete);
3502 mgmt_pending_remove(cmd);
3505 hci_dev_unlock(hdev);
3509 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
3510 void *data, u16 data_len)
3512 struct pending_cmd *cmd;
3515 BT_DBG("%s", hdev->name);
3519 if (!hdev_is_powered(hdev)) {
3520 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3521 MGMT_STATUS_NOT_POWERED);
3525 if (!lmp_ssp_capable(hdev)) {
3526 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3527 MGMT_STATUS_NOT_SUPPORTED);
3531 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
3532 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3537 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
3543 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3544 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3547 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3550 mgmt_pending_remove(cmd);
3553 hci_dev_unlock(hdev);
3557 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3558 void *data, u16 len)
3562 BT_DBG("%s ", hdev->name);
3566 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3567 struct mgmt_cp_add_remote_oob_data *cp = data;
3570 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3571 cp->hash, cp->randomizer);
3573 status = MGMT_STATUS_FAILED;
3575 status = MGMT_STATUS_SUCCESS;
3577 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3578 status, &cp->addr, sizeof(cp->addr));
3579 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3580 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3583 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3589 status = MGMT_STATUS_FAILED;
3591 status = MGMT_STATUS_SUCCESS;
3593 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3594 status, &cp->addr, sizeof(cp->addr));
3596 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3597 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3598 MGMT_STATUS_INVALID_PARAMS);
3601 hci_dev_unlock(hdev);
3605 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
3606 void *data, u16 len)
3608 struct mgmt_cp_remove_remote_oob_data *cp = data;
3612 BT_DBG("%s", hdev->name);
3616 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
3618 status = MGMT_STATUS_INVALID_PARAMS;
3620 status = MGMT_STATUS_SUCCESS;
3622 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3623 status, &cp->addr, sizeof(cp->addr));
3625 hci_dev_unlock(hdev);
3629 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3631 struct pending_cmd *cmd;
3635 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3637 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3641 type = hdev->discovery.type;
3643 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3644 &type, sizeof(type));
3645 mgmt_pending_remove(cmd);
3650 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3652 unsigned long timeout = 0;
3654 BT_DBG("status %d", status);
3658 mgmt_start_discovery_failed(hdev, status);
3659 hci_dev_unlock(hdev);
3664 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3665 hci_dev_unlock(hdev);
3667 switch (hdev->discovery.type) {
3668 case DISCOV_TYPE_LE:
3669 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
3672 case DISCOV_TYPE_INTERLEAVED:
3673 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
3676 case DISCOV_TYPE_BREDR:
3680 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3686 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
3689 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3690 void *data, u16 len)
3692 struct mgmt_cp_start_discovery *cp = data;
3693 struct pending_cmd *cmd;
3694 struct hci_cp_le_set_scan_param param_cp;
3695 struct hci_cp_le_set_scan_enable enable_cp;
3696 struct hci_cp_inquiry inq_cp;
3697 struct hci_request req;
3698 /* General inquiry access code (GIAC) */
3699 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3700 u8 status, own_addr_type;
3703 BT_DBG("%s", hdev->name);
3707 if (!hdev_is_powered(hdev)) {
3708 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3709 MGMT_STATUS_NOT_POWERED);
3713 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3714 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3719 if (hdev->discovery.state != DISCOVERY_STOPPED) {
3720 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3725 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
3731 hdev->discovery.type = cp->type;
3733 hci_req_init(&req, hdev);
3735 switch (hdev->discovery.type) {
3736 case DISCOV_TYPE_BREDR:
3737 status = mgmt_bredr_support(hdev);
3739 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3741 mgmt_pending_remove(cmd);
3745 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3746 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3748 mgmt_pending_remove(cmd);
3752 hci_inquiry_cache_flush(hdev);
3754 memset(&inq_cp, 0, sizeof(inq_cp));
3755 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3756 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3757 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3760 case DISCOV_TYPE_LE:
3761 case DISCOV_TYPE_INTERLEAVED:
3762 status = mgmt_le_support(hdev);
3764 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3766 mgmt_pending_remove(cmd);
3770 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3771 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3772 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3773 MGMT_STATUS_NOT_SUPPORTED);
3774 mgmt_pending_remove(cmd);
3778 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3779 /* Don't let discovery abort an outgoing
3780 * connection attempt that's using directed
3783 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3785 err = cmd_status(sk, hdev->id,
3786 MGMT_OP_START_DISCOVERY,
3787 MGMT_STATUS_REJECTED);
3788 mgmt_pending_remove(cmd);
3792 disable_advertising(&req);
3795 /* If controller is scanning, it means the background scanning
3796 * is running. Thus, we should temporarily stop it in order to
3797 * set the discovery scanning parameters.
3799 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3800 hci_req_add_le_scan_disable(&req);
3802 memset(¶m_cp, 0, sizeof(param_cp));
3804 /* All active scans will be done with either a resolvable
3805 * private address (when privacy feature has been enabled)
3806 * or unresolvable private address.
3808 err = hci_update_random_address(&req, true, &own_addr_type);
3810 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3811 MGMT_STATUS_FAILED);
3812 mgmt_pending_remove(cmd);
3816 param_cp.type = LE_SCAN_ACTIVE;
3817 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3818 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3819 param_cp.own_address_type = own_addr_type;
3820 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3823 memset(&enable_cp, 0, sizeof(enable_cp));
3824 enable_cp.enable = LE_SCAN_ENABLE;
3825 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3826 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3831 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3832 MGMT_STATUS_INVALID_PARAMS);
3833 mgmt_pending_remove(cmd);
3837 err = hci_req_run(&req, start_discovery_complete);
3839 mgmt_pending_remove(cmd);
3841 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3844 hci_dev_unlock(hdev);
3848 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3850 struct pending_cmd *cmd;
3853 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3857 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3858 &hdev->discovery.type, sizeof(hdev->discovery.type));
3859 mgmt_pending_remove(cmd);
3864 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3866 BT_DBG("status %d", status);
3871 mgmt_stop_discovery_failed(hdev, status);
3875 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3878 hci_dev_unlock(hdev);
3881 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3884 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3885 struct pending_cmd *cmd;
3886 struct hci_request req;
3889 BT_DBG("%s", hdev->name);
3893 if (!hci_discovery_active(hdev)) {
3894 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3895 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3896 sizeof(mgmt_cp->type));
3900 if (hdev->discovery.type != mgmt_cp->type) {
3901 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3902 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3903 sizeof(mgmt_cp->type));
3907 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3913 hci_req_init(&req, hdev);
3915 hci_stop_discovery(&req);
3917 err = hci_req_run(&req, stop_discovery_complete);
3919 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3923 mgmt_pending_remove(cmd);
3925 /* If no HCI commands were sent we're done */
3926 if (err == -ENODATA) {
3927 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3928 &mgmt_cp->type, sizeof(mgmt_cp->type));
3929 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3933 hci_dev_unlock(hdev);
3937 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3940 struct mgmt_cp_confirm_name *cp = data;
3941 struct inquiry_entry *e;
3944 BT_DBG("%s", hdev->name);
3948 if (!hci_discovery_active(hdev)) {
3949 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3950 MGMT_STATUS_FAILED, &cp->addr,
3955 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3957 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3958 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3963 if (cp->name_known) {
3964 e->name_state = NAME_KNOWN;
3967 e->name_state = NAME_NEEDED;
3968 hci_inquiry_cache_update_resolve(hdev, e);
3971 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3975 hci_dev_unlock(hdev);
3979 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3982 struct mgmt_cp_block_device *cp = data;
3986 BT_DBG("%s", hdev->name);
3988 if (!bdaddr_type_is_valid(cp->addr.type))
3989 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3990 MGMT_STATUS_INVALID_PARAMS,
3991 &cp->addr, sizeof(cp->addr));
3995 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3998 status = MGMT_STATUS_FAILED;
4002 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4004 status = MGMT_STATUS_SUCCESS;
4007 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4008 &cp->addr, sizeof(cp->addr));
4010 hci_dev_unlock(hdev);
4015 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
4018 struct mgmt_cp_unblock_device *cp = data;
4022 BT_DBG("%s", hdev->name);
4024 if (!bdaddr_type_is_valid(cp->addr.type))
4025 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4026 MGMT_STATUS_INVALID_PARAMS,
4027 &cp->addr, sizeof(cp->addr));
4031 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4034 status = MGMT_STATUS_INVALID_PARAMS;
4038 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4040 status = MGMT_STATUS_SUCCESS;
4043 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4044 &cp->addr, sizeof(cp->addr));
4046 hci_dev_unlock(hdev);
4051 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4054 struct mgmt_cp_set_device_id *cp = data;
4055 struct hci_request req;
4059 BT_DBG("%s", hdev->name);
4061 source = __le16_to_cpu(cp->source);
4063 if (source > 0x0002)
4064 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4065 MGMT_STATUS_INVALID_PARAMS);
4069 hdev->devid_source = source;
4070 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4071 hdev->devid_product = __le16_to_cpu(cp->product);
4072 hdev->devid_version = __le16_to_cpu(cp->version);
4074 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4076 hci_req_init(&req, hdev);
4078 hci_req_run(&req, NULL);
4080 hci_dev_unlock(hdev);
4085 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4087 struct cmd_lookup match = { NULL, hdev };
4090 u8 mgmt_err = mgmt_status(status);
4092 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4093 cmd_status_rsp, &mgmt_err);
4097 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4098 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4100 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4102 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4105 new_settings(hdev, match.sk);
4111 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4114 struct mgmt_mode *cp = data;
4115 struct pending_cmd *cmd;
4116 struct hci_request req;
4117 u8 val, enabled, status;
4120 BT_DBG("request for %s", hdev->name);
4122 status = mgmt_le_support(hdev);
4124 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4127 if (cp->val != 0x00 && cp->val != 0x01)
4128 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4129 MGMT_STATUS_INVALID_PARAMS);
4134 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4136 /* The following conditions are ones which mean that we should
4137 * not do any HCI communication but directly send a mgmt
4138 * response to user space (after toggling the flag if
4141 if (!hdev_is_powered(hdev) || val == enabled ||
4142 hci_conn_num(hdev, LE_LINK) > 0 ||
4143 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4144 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4145 bool changed = false;
4147 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4148 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4152 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4157 err = new_settings(hdev, sk);
4162 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4163 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4164 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4169 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4175 hci_req_init(&req, hdev);
4178 enable_advertising(&req);
4180 disable_advertising(&req);
4182 err = hci_req_run(&req, set_advertising_complete);
4184 mgmt_pending_remove(cmd);
4187 hci_dev_unlock(hdev);
4191 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4192 void *data, u16 len)
4194 struct mgmt_cp_set_static_address *cp = data;
4197 BT_DBG("%s", hdev->name);
4199 if (!lmp_le_capable(hdev))
4200 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4201 MGMT_STATUS_NOT_SUPPORTED);
4203 if (hdev_is_powered(hdev))
4204 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4205 MGMT_STATUS_REJECTED);
4207 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4208 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4209 return cmd_status(sk, hdev->id,
4210 MGMT_OP_SET_STATIC_ADDRESS,
4211 MGMT_STATUS_INVALID_PARAMS);
4213 /* Two most significant bits shall be set */
4214 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4215 return cmd_status(sk, hdev->id,
4216 MGMT_OP_SET_STATIC_ADDRESS,
4217 MGMT_STATUS_INVALID_PARAMS);
4222 bacpy(&hdev->static_addr, &cp->bdaddr);
4224 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4226 hci_dev_unlock(hdev);
4231 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4232 void *data, u16 len)
4234 struct mgmt_cp_set_scan_params *cp = data;
4235 __u16 interval, window;
4238 BT_DBG("%s", hdev->name);
4240 if (!lmp_le_capable(hdev))
4241 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4242 MGMT_STATUS_NOT_SUPPORTED);
4244 interval = __le16_to_cpu(cp->interval);
4246 if (interval < 0x0004 || interval > 0x4000)
4247 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4248 MGMT_STATUS_INVALID_PARAMS);
4250 window = __le16_to_cpu(cp->window);
4252 if (window < 0x0004 || window > 0x4000)
4253 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4254 MGMT_STATUS_INVALID_PARAMS);
4256 if (window > interval)
4257 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4258 MGMT_STATUS_INVALID_PARAMS);
4262 hdev->le_scan_interval = interval;
4263 hdev->le_scan_window = window;
4265 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4267 /* If background scan is running, restart it so new parameters are
4270 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4271 hdev->discovery.state == DISCOVERY_STOPPED) {
4272 struct hci_request req;
4274 hci_req_init(&req, hdev);
4276 hci_req_add_le_scan_disable(&req);
4277 hci_req_add_le_passive_scan(&req);
4279 hci_req_run(&req, NULL);
4282 hci_dev_unlock(hdev);
4287 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4289 struct pending_cmd *cmd;
4291 BT_DBG("status 0x%02x", status);
4295 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4300 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4301 mgmt_status(status));
4303 struct mgmt_mode *cp = cmd->param;
4306 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4308 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4310 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4311 new_settings(hdev, cmd->sk);
4314 mgmt_pending_remove(cmd);
4317 hci_dev_unlock(hdev);
4320 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
4321 void *data, u16 len)
4323 struct mgmt_mode *cp = data;
4324 struct pending_cmd *cmd;
4325 struct hci_request req;
4328 BT_DBG("%s", hdev->name);
4330 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4331 hdev->hci_ver < BLUETOOTH_VER_1_2)
4332 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4333 MGMT_STATUS_NOT_SUPPORTED);
4335 if (cp->val != 0x00 && cp->val != 0x01)
4336 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4337 MGMT_STATUS_INVALID_PARAMS);
4339 if (!hdev_is_powered(hdev))
4340 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4341 MGMT_STATUS_NOT_POWERED);
4343 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4344 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4345 MGMT_STATUS_REJECTED);
4349 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4350 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4355 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4356 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4361 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4368 hci_req_init(&req, hdev);
4370 write_fast_connectable(&req, cp->val);
4372 err = hci_req_run(&req, fast_connectable_complete);
4374 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4375 MGMT_STATUS_FAILED);
4376 mgmt_pending_remove(cmd);
4380 hci_dev_unlock(hdev);
4385 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4387 struct pending_cmd *cmd;
4389 BT_DBG("status 0x%02x", status);
4393 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4398 u8 mgmt_err = mgmt_status(status);
4400 /* We need to restore the flag if related HCI commands
4403 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4405 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4407 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4408 new_settings(hdev, cmd->sk);
4411 mgmt_pending_remove(cmd);
4414 hci_dev_unlock(hdev);
4417 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4419 struct mgmt_mode *cp = data;
4420 struct pending_cmd *cmd;
4421 struct hci_request req;
4424 BT_DBG("request for %s", hdev->name);
4426 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4427 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4428 MGMT_STATUS_NOT_SUPPORTED);
4430 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4431 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4432 MGMT_STATUS_REJECTED);
4434 if (cp->val != 0x00 && cp->val != 0x01)
4435 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4436 MGMT_STATUS_INVALID_PARAMS);
4440 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4441 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4445 if (!hdev_is_powered(hdev)) {
4447 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4448 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4449 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4450 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4451 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4454 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4456 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4460 err = new_settings(hdev, sk);
4464 /* Reject disabling when powered on */
4466 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4467 MGMT_STATUS_REJECTED);
4471 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4472 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4477 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4483 /* We need to flip the bit already here so that update_adv_data
4484 * generates the correct flags.
4486 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4488 hci_req_init(&req, hdev);
4490 write_fast_connectable(&req, false);
4491 hci_update_page_scan(hdev, &req);
4493 /* Since only the advertising data flags will change, there
4494 * is no need to update the scan response data.
4496 update_adv_data(&req);
4498 err = hci_req_run(&req, set_bredr_complete);
4500 mgmt_pending_remove(cmd);
4503 hci_dev_unlock(hdev);
4507 static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4508 void *data, u16 len)
4510 struct mgmt_mode *cp = data;
4511 struct pending_cmd *cmd;
4515 BT_DBG("request for %s", hdev->name);
4517 status = mgmt_bredr_support(hdev);
4519 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4522 if (!lmp_sc_capable(hdev) &&
4523 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
4524 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4525 MGMT_STATUS_NOT_SUPPORTED);
4527 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4528 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4529 MGMT_STATUS_INVALID_PARAMS);
4533 if (!hdev_is_powered(hdev)) {
4537 changed = !test_and_set_bit(HCI_SC_ENABLED,
4539 if (cp->val == 0x02)
4540 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4542 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4544 changed = test_and_clear_bit(HCI_SC_ENABLED,
4546 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4549 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4554 err = new_settings(hdev, sk);
4559 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4560 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4567 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4568 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
4569 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4573 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4579 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4581 mgmt_pending_remove(cmd);
4585 if (cp->val == 0x02)
4586 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4588 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4591 hci_dev_unlock(hdev);
4595 static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4596 void *data, u16 len)
4598 struct mgmt_mode *cp = data;
4599 bool changed, use_changed;
4602 BT_DBG("request for %s", hdev->name);
4604 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4605 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4606 MGMT_STATUS_INVALID_PARAMS);
4611 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4614 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4617 if (cp->val == 0x02)
4618 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4621 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4624 if (hdev_is_powered(hdev) && use_changed &&
4625 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4626 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4627 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4628 sizeof(mode), &mode);
4631 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4636 err = new_settings(hdev, sk);
4639 hci_dev_unlock(hdev);
4643 static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4646 struct mgmt_cp_set_privacy *cp = cp_data;
4650 BT_DBG("request for %s", hdev->name);
4652 if (!lmp_le_capable(hdev))
4653 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4654 MGMT_STATUS_NOT_SUPPORTED);
4656 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4657 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4658 MGMT_STATUS_INVALID_PARAMS);
4660 if (hdev_is_powered(hdev))
4661 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4662 MGMT_STATUS_REJECTED);
4666 /* If user space supports this command it is also expected to
4667 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4669 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4672 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4673 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4674 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4676 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4677 memset(hdev->irk, 0, sizeof(hdev->irk));
4678 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4681 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4686 err = new_settings(hdev, sk);
4689 hci_dev_unlock(hdev);
4693 static bool irk_is_valid(struct mgmt_irk_info *irk)
4695 switch (irk->addr.type) {
4696 case BDADDR_LE_PUBLIC:
4699 case BDADDR_LE_RANDOM:
4700 /* Two most significant bits shall be set */
4701 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4709 static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4712 struct mgmt_cp_load_irks *cp = cp_data;
4713 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4714 sizeof(struct mgmt_irk_info));
4715 u16 irk_count, expected_len;
4718 BT_DBG("request for %s", hdev->name);
4720 if (!lmp_le_capable(hdev))
4721 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4722 MGMT_STATUS_NOT_SUPPORTED);
4724 irk_count = __le16_to_cpu(cp->irk_count);
4725 if (irk_count > max_irk_count) {
4726 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4727 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4728 MGMT_STATUS_INVALID_PARAMS);
4731 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4732 if (expected_len != len) {
4733 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4735 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4736 MGMT_STATUS_INVALID_PARAMS);
4739 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4741 for (i = 0; i < irk_count; i++) {
4742 struct mgmt_irk_info *key = &cp->irks[i];
4744 if (!irk_is_valid(key))
4745 return cmd_status(sk, hdev->id,
4747 MGMT_STATUS_INVALID_PARAMS);
4752 hci_smp_irks_clear(hdev);
4754 for (i = 0; i < irk_count; i++) {
4755 struct mgmt_irk_info *irk = &cp->irks[i];
4758 if (irk->addr.type == BDADDR_LE_PUBLIC)
4759 addr_type = ADDR_LE_DEV_PUBLIC;
4761 addr_type = ADDR_LE_DEV_RANDOM;
4763 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4767 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4769 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4771 hci_dev_unlock(hdev);
4776 static bool ltk_is_valid(struct mgmt_ltk_info *key)
4778 if (key->master != 0x00 && key->master != 0x01)
4781 switch (key->addr.type) {
4782 case BDADDR_LE_PUBLIC:
4785 case BDADDR_LE_RANDOM:
4786 /* Two most significant bits shall be set */
4787 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4795 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
4796 void *cp_data, u16 len)
4798 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4799 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4800 sizeof(struct mgmt_ltk_info));
4801 u16 key_count, expected_len;
4804 BT_DBG("request for %s", hdev->name);
4806 if (!lmp_le_capable(hdev))
4807 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4808 MGMT_STATUS_NOT_SUPPORTED);
4810 key_count = __le16_to_cpu(cp->key_count);
4811 if (key_count > max_key_count) {
4812 BT_ERR("load_ltks: too big key_count value %u", key_count);
4813 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4814 MGMT_STATUS_INVALID_PARAMS);
4817 expected_len = sizeof(*cp) + key_count *
4818 sizeof(struct mgmt_ltk_info);
4819 if (expected_len != len) {
4820 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4822 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4823 MGMT_STATUS_INVALID_PARAMS);
4826 BT_DBG("%s key_count %u", hdev->name, key_count);
4828 for (i = 0; i < key_count; i++) {
4829 struct mgmt_ltk_info *key = &cp->keys[i];
4831 if (!ltk_is_valid(key))
4832 return cmd_status(sk, hdev->id,
4833 MGMT_OP_LOAD_LONG_TERM_KEYS,
4834 MGMT_STATUS_INVALID_PARAMS);
4839 hci_smp_ltks_clear(hdev);
4841 for (i = 0; i < key_count; i++) {
4842 struct mgmt_ltk_info *key = &cp->keys[i];
4843 u8 type, addr_type, authenticated;
4845 if (key->addr.type == BDADDR_LE_PUBLIC)
4846 addr_type = ADDR_LE_DEV_PUBLIC;
4848 addr_type = ADDR_LE_DEV_RANDOM;
4853 type = SMP_LTK_SLAVE;
4855 switch (key->type) {
4856 case MGMT_LTK_UNAUTHENTICATED:
4857 authenticated = 0x00;
4859 case MGMT_LTK_AUTHENTICATED:
4860 authenticated = 0x01;
4866 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4867 authenticated, key->val, key->enc_size, key->ediv,
4871 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4874 hci_dev_unlock(hdev);
4879 struct cmd_conn_lookup {
4880 struct hci_conn *conn;
4881 bool valid_tx_power;
4885 static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4887 struct cmd_conn_lookup *match = data;
4888 struct mgmt_cp_get_conn_info *cp;
4889 struct mgmt_rp_get_conn_info rp;
4890 struct hci_conn *conn = cmd->user_data;
4892 if (conn != match->conn)
4895 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4897 memset(&rp, 0, sizeof(rp));
4898 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4899 rp.addr.type = cp->addr.type;
4901 if (!match->mgmt_status) {
4902 rp.rssi = conn->rssi;
4904 if (match->valid_tx_power) {
4905 rp.tx_power = conn->tx_power;
4906 rp.max_tx_power = conn->max_tx_power;
4908 rp.tx_power = HCI_TX_POWER_INVALID;
4909 rp.max_tx_power = HCI_TX_POWER_INVALID;
4913 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4914 match->mgmt_status, &rp, sizeof(rp));
4916 hci_conn_drop(conn);
4918 mgmt_pending_remove(cmd);
4921 static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4923 struct hci_cp_read_rssi *cp;
4924 struct hci_conn *conn;
4925 struct cmd_conn_lookup match;
4928 BT_DBG("status 0x%02x", status);
4932 /* TX power data is valid in case request completed successfully,
4933 * otherwise we assume it's not valid. At the moment we assume that
4934 * either both or none of current and max values are valid to keep code
4937 match.valid_tx_power = !status;
4939 /* Commands sent in request are either Read RSSI or Read Transmit Power
4940 * Level so we check which one was last sent to retrieve connection
4941 * handle. Both commands have handle as first parameter so it's safe to
4942 * cast data on the same command struct.
4944 * First command sent is always Read RSSI and we fail only if it fails.
4945 * In other case we simply override error to indicate success as we
4946 * already remembered if TX power value is actually valid.
4948 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4950 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4955 BT_ERR("invalid sent_cmd in response");
4959 handle = __le16_to_cpu(cp->handle);
4960 conn = hci_conn_hash_lookup_handle(hdev, handle);
4962 BT_ERR("unknown handle (%d) in response", handle);
4967 match.mgmt_status = mgmt_status(status);
4969 /* Cache refresh is complete, now reply for mgmt request for given
4972 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4973 get_conn_info_complete, &match);
4976 hci_dev_unlock(hdev);
4979 static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4982 struct mgmt_cp_get_conn_info *cp = data;
4983 struct mgmt_rp_get_conn_info rp;
4984 struct hci_conn *conn;
4985 unsigned long conn_info_age;
4988 BT_DBG("%s", hdev->name);
4990 memset(&rp, 0, sizeof(rp));
4991 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4992 rp.addr.type = cp->addr.type;
4994 if (!bdaddr_type_is_valid(cp->addr.type))
4995 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4996 MGMT_STATUS_INVALID_PARAMS,
5001 if (!hdev_is_powered(hdev)) {
5002 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5003 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5007 if (cp->addr.type == BDADDR_BREDR)
5008 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5011 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5013 if (!conn || conn->state != BT_CONNECTED) {
5014 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5015 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5019 /* To avoid client trying to guess when to poll again for information we
5020 * calculate conn info age as random value between min/max set in hdev.
5022 conn_info_age = hdev->conn_info_min_age +
5023 prandom_u32_max(hdev->conn_info_max_age -
5024 hdev->conn_info_min_age);
5026 /* Query controller to refresh cached values if they are too old or were
5029 if (time_after(jiffies, conn->conn_info_timestamp +
5030 msecs_to_jiffies(conn_info_age)) ||
5031 !conn->conn_info_timestamp) {
5032 struct hci_request req;
5033 struct hci_cp_read_tx_power req_txp_cp;
5034 struct hci_cp_read_rssi req_rssi_cp;
5035 struct pending_cmd *cmd;
5037 hci_req_init(&req, hdev);
5038 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5039 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5042 /* For LE links TX power does not change thus we don't need to
5043 * query for it once value is known.
5045 if (!bdaddr_type_is_le(cp->addr.type) ||
5046 conn->tx_power == HCI_TX_POWER_INVALID) {
5047 req_txp_cp.handle = cpu_to_le16(conn->handle);
5048 req_txp_cp.type = 0x00;
5049 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5050 sizeof(req_txp_cp), &req_txp_cp);
5053 /* Max TX power needs to be read only once per connection */
5054 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5055 req_txp_cp.handle = cpu_to_le16(conn->handle);
5056 req_txp_cp.type = 0x01;
5057 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5058 sizeof(req_txp_cp), &req_txp_cp);
5061 err = hci_req_run(&req, conn_info_refresh_complete);
5065 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5072 hci_conn_hold(conn);
5073 cmd->user_data = conn;
5075 conn->conn_info_timestamp = jiffies;
5077 /* Cache is valid, just reply with values cached in hci_conn */
5078 rp.rssi = conn->rssi;
5079 rp.tx_power = conn->tx_power;
5080 rp.max_tx_power = conn->max_tx_power;
5082 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5083 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5087 hci_dev_unlock(hdev);
5091 static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5093 struct mgmt_cp_get_clock_info *cp;
5094 struct mgmt_rp_get_clock_info rp;
5095 struct hci_cp_read_clock *hci_cp;
5096 struct pending_cmd *cmd;
5097 struct hci_conn *conn;
5099 BT_DBG("%s status %u", hdev->name, status);
5103 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5107 if (hci_cp->which) {
5108 u16 handle = __le16_to_cpu(hci_cp->handle);
5109 conn = hci_conn_hash_lookup_handle(hdev, handle);
5114 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5120 memset(&rp, 0, sizeof(rp));
5121 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5126 rp.local_clock = cpu_to_le32(hdev->clock);
5129 rp.piconet_clock = cpu_to_le32(conn->clock);
5130 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5134 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5136 mgmt_pending_remove(cmd);
5138 hci_conn_drop(conn);
5141 hci_dev_unlock(hdev);
5144 static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5147 struct mgmt_cp_get_clock_info *cp = data;
5148 struct mgmt_rp_get_clock_info rp;
5149 struct hci_cp_read_clock hci_cp;
5150 struct pending_cmd *cmd;
5151 struct hci_request req;
5152 struct hci_conn *conn;
5155 BT_DBG("%s", hdev->name);
5157 memset(&rp, 0, sizeof(rp));
5158 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5159 rp.addr.type = cp->addr.type;
5161 if (cp->addr.type != BDADDR_BREDR)
5162 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5163 MGMT_STATUS_INVALID_PARAMS,
5168 if (!hdev_is_powered(hdev)) {
5169 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5170 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5174 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5175 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5177 if (!conn || conn->state != BT_CONNECTED) {
5178 err = cmd_complete(sk, hdev->id,
5179 MGMT_OP_GET_CLOCK_INFO,
5180 MGMT_STATUS_NOT_CONNECTED,
5188 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5194 hci_req_init(&req, hdev);
5196 memset(&hci_cp, 0, sizeof(hci_cp));
5197 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5200 hci_conn_hold(conn);
5201 cmd->user_data = conn;
5203 hci_cp.handle = cpu_to_le16(conn->handle);
5204 hci_cp.which = 0x01; /* Piconet clock */
5205 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5208 err = hci_req_run(&req, get_clock_info_complete);
5210 mgmt_pending_remove(cmd);
5213 hci_dev_unlock(hdev);
5217 static void device_added(struct sock *sk, struct hci_dev *hdev,
5218 bdaddr_t *bdaddr, u8 type, u8 action)
5220 struct mgmt_ev_device_added ev;
5222 bacpy(&ev.addr.bdaddr, bdaddr);
5223 ev.addr.type = type;
5226 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5229 static int add_device(struct sock *sk, struct hci_dev *hdev,
5230 void *data, u16 len)
5232 struct mgmt_cp_add_device *cp = data;
5233 u8 auto_conn, addr_type;
5236 BT_DBG("%s", hdev->name);
5238 if (!bdaddr_type_is_valid(cp->addr.type) ||
5239 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5240 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5241 MGMT_STATUS_INVALID_PARAMS,
5242 &cp->addr, sizeof(cp->addr));
5244 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
5245 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5246 MGMT_STATUS_INVALID_PARAMS,
5247 &cp->addr, sizeof(cp->addr));
5251 if (cp->addr.type == BDADDR_BREDR) {
5252 /* Only incoming connections action is supported for now */
5253 if (cp->action != 0x01) {
5254 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5255 MGMT_STATUS_INVALID_PARAMS,
5256 &cp->addr, sizeof(cp->addr));
5260 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5265 hci_update_page_scan(hdev, NULL);
5270 if (cp->addr.type == BDADDR_LE_PUBLIC)
5271 addr_type = ADDR_LE_DEV_PUBLIC;
5273 addr_type = ADDR_LE_DEV_RANDOM;
5275 if (cp->action == 0x02)
5276 auto_conn = HCI_AUTO_CONN_ALWAYS;
5277 else if (cp->action == 0x01)
5278 auto_conn = HCI_AUTO_CONN_DIRECT;
5280 auto_conn = HCI_AUTO_CONN_REPORT;
5282 /* If the connection parameters don't exist for this device,
5283 * they will be created and configured with defaults.
5285 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5287 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5289 &cp->addr, sizeof(cp->addr));
5294 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5296 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5297 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5300 hci_dev_unlock(hdev);
5304 static void device_removed(struct sock *sk, struct hci_dev *hdev,
5305 bdaddr_t *bdaddr, u8 type)
5307 struct mgmt_ev_device_removed ev;
5309 bacpy(&ev.addr.bdaddr, bdaddr);
5310 ev.addr.type = type;
5312 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5315 static int remove_device(struct sock *sk, struct hci_dev *hdev,
5316 void *data, u16 len)
5318 struct mgmt_cp_remove_device *cp = data;
5321 BT_DBG("%s", hdev->name);
5325 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5326 struct hci_conn_params *params;
5329 if (!bdaddr_type_is_valid(cp->addr.type)) {
5330 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5331 MGMT_STATUS_INVALID_PARAMS,
5332 &cp->addr, sizeof(cp->addr));
5336 if (cp->addr.type == BDADDR_BREDR) {
5337 err = hci_bdaddr_list_del(&hdev->whitelist,
5341 err = cmd_complete(sk, hdev->id,
5342 MGMT_OP_REMOVE_DEVICE,
5343 MGMT_STATUS_INVALID_PARAMS,
5344 &cp->addr, sizeof(cp->addr));
5348 hci_update_page_scan(hdev, NULL);
5350 device_removed(sk, hdev, &cp->addr.bdaddr,
5355 if (cp->addr.type == BDADDR_LE_PUBLIC)
5356 addr_type = ADDR_LE_DEV_PUBLIC;
5358 addr_type = ADDR_LE_DEV_RANDOM;
5360 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5363 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5364 MGMT_STATUS_INVALID_PARAMS,
5365 &cp->addr, sizeof(cp->addr));
5369 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5370 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5371 MGMT_STATUS_INVALID_PARAMS,
5372 &cp->addr, sizeof(cp->addr));
5376 list_del(¶ms->action);
5377 list_del(¶ms->list);
5379 hci_update_background_scan(hdev);
5381 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
5383 struct hci_conn_params *p, *tmp;
5384 struct bdaddr_list *b, *btmp;
5386 if (cp->addr.type) {
5387 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5388 MGMT_STATUS_INVALID_PARAMS,
5389 &cp->addr, sizeof(cp->addr));
5393 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5394 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5399 hci_update_page_scan(hdev, NULL);
5401 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5402 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5404 device_removed(sk, hdev, &p->addr, p->addr_type);
5405 list_del(&p->action);
5410 BT_DBG("All LE connection parameters were removed");
5412 hci_update_background_scan(hdev);
5416 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5417 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5420 hci_dev_unlock(hdev);
5424 static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5427 struct mgmt_cp_load_conn_param *cp = data;
5428 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5429 sizeof(struct mgmt_conn_param));
5430 u16 param_count, expected_len;
5433 if (!lmp_le_capable(hdev))
5434 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5435 MGMT_STATUS_NOT_SUPPORTED);
5437 param_count = __le16_to_cpu(cp->param_count);
5438 if (param_count > max_param_count) {
5439 BT_ERR("load_conn_param: too big param_count value %u",
5441 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5442 MGMT_STATUS_INVALID_PARAMS);
5445 expected_len = sizeof(*cp) + param_count *
5446 sizeof(struct mgmt_conn_param);
5447 if (expected_len != len) {
5448 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5450 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5451 MGMT_STATUS_INVALID_PARAMS);
5454 BT_DBG("%s param_count %u", hdev->name, param_count);
5458 hci_conn_params_clear_disabled(hdev);
5460 for (i = 0; i < param_count; i++) {
5461 struct mgmt_conn_param *param = &cp->params[i];
5462 struct hci_conn_params *hci_param;
5463 u16 min, max, latency, timeout;
5466 BT_DBG("Adding %pMR (type %u)", ¶m->addr.bdaddr,
5469 if (param->addr.type == BDADDR_LE_PUBLIC) {
5470 addr_type = ADDR_LE_DEV_PUBLIC;
5471 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5472 addr_type = ADDR_LE_DEV_RANDOM;
5474 BT_ERR("Ignoring invalid connection parameters");
5478 min = le16_to_cpu(param->min_interval);
5479 max = le16_to_cpu(param->max_interval);
5480 latency = le16_to_cpu(param->latency);
5481 timeout = le16_to_cpu(param->timeout);
5483 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5484 min, max, latency, timeout);
5486 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5487 BT_ERR("Ignoring invalid connection parameters");
5491 hci_param = hci_conn_params_add(hdev, ¶m->addr.bdaddr,
5494 BT_ERR("Failed to add connection parameters");
5498 hci_param->conn_min_interval = min;
5499 hci_param->conn_max_interval = max;
5500 hci_param->conn_latency = latency;
5501 hci_param->supervision_timeout = timeout;
5504 hci_dev_unlock(hdev);
5506 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5509 static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5510 void *data, u16 len)
5512 struct mgmt_cp_set_external_config *cp = data;
5516 BT_DBG("%s", hdev->name);
5518 if (hdev_is_powered(hdev))
5519 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5520 MGMT_STATUS_REJECTED);
5522 if (cp->config != 0x00 && cp->config != 0x01)
5523 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5524 MGMT_STATUS_INVALID_PARAMS);
5526 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5527 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5528 MGMT_STATUS_NOT_SUPPORTED);
5533 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5536 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5539 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5546 err = new_options(hdev, sk);
5548 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5549 mgmt_index_removed(hdev);
5551 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5552 set_bit(HCI_CONFIG, &hdev->dev_flags);
5553 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5555 queue_work(hdev->req_workqueue, &hdev->power_on);
5557 set_bit(HCI_RAW, &hdev->flags);
5558 mgmt_index_added(hdev);
5563 hci_dev_unlock(hdev);
5567 static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5568 void *data, u16 len)
5570 struct mgmt_cp_set_public_address *cp = data;
5574 BT_DBG("%s", hdev->name);
5576 if (hdev_is_powered(hdev))
5577 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5578 MGMT_STATUS_REJECTED);
5580 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5581 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5582 MGMT_STATUS_INVALID_PARAMS);
5584 if (!hdev->set_bdaddr)
5585 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5586 MGMT_STATUS_NOT_SUPPORTED);
5590 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5591 bacpy(&hdev->public_addr, &cp->bdaddr);
5593 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5600 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5601 err = new_options(hdev, sk);
5603 if (is_configured(hdev)) {
5604 mgmt_index_removed(hdev);
5606 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5608 set_bit(HCI_CONFIG, &hdev->dev_flags);
5609 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5611 queue_work(hdev->req_workqueue, &hdev->power_on);
5615 hci_dev_unlock(hdev);
5619 static const struct mgmt_handler {
5620 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5624 } mgmt_handlers[] = {
5625 { NULL }, /* 0x0000 (no command) */
5626 { read_version, false, MGMT_READ_VERSION_SIZE },
5627 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5628 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5629 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5630 { set_powered, false, MGMT_SETTING_SIZE },
5631 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5632 { set_connectable, false, MGMT_SETTING_SIZE },
5633 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5634 { set_bondable, false, MGMT_SETTING_SIZE },
5635 { set_link_security, false, MGMT_SETTING_SIZE },
5636 { set_ssp, false, MGMT_SETTING_SIZE },
5637 { set_hs, false, MGMT_SETTING_SIZE },
5638 { set_le, false, MGMT_SETTING_SIZE },
5639 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5640 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5641 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5642 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5643 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5644 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5645 { disconnect, false, MGMT_DISCONNECT_SIZE },
5646 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5647 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5648 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5649 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5650 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5651 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5652 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5653 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5654 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5655 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5656 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5657 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
5658 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
5659 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5660 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5661 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5662 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5663 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5664 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
5665 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
5666 { set_advertising, false, MGMT_SETTING_SIZE },
5667 { set_bredr, false, MGMT_SETTING_SIZE },
5668 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
5669 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
5670 { set_secure_conn, false, MGMT_SETTING_SIZE },
5671 { set_debug_keys, false, MGMT_SETTING_SIZE },
5672 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
5673 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
5674 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
5675 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
5676 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5677 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
5678 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5679 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
5680 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
5681 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
5682 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
5685 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5689 struct mgmt_hdr *hdr;
5690 u16 opcode, index, len;
5691 struct hci_dev *hdev = NULL;
5692 const struct mgmt_handler *handler;
5695 BT_DBG("got %zu bytes", msglen);
5697 if (msglen < sizeof(*hdr))
5700 buf = kmalloc(msglen, GFP_KERNEL);
5704 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5710 opcode = __le16_to_cpu(hdr->opcode);
5711 index = __le16_to_cpu(hdr->index);
5712 len = __le16_to_cpu(hdr->len);
5714 if (len != msglen - sizeof(*hdr)) {
5719 if (index != MGMT_INDEX_NONE) {
5720 hdev = hci_dev_get(index);
5722 err = cmd_status(sk, index, opcode,
5723 MGMT_STATUS_INVALID_INDEX);
5727 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
5728 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
5729 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
5730 err = cmd_status(sk, index, opcode,
5731 MGMT_STATUS_INVALID_INDEX);
5735 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
5736 opcode != MGMT_OP_READ_CONFIG_INFO &&
5737 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
5738 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
5739 err = cmd_status(sk, index, opcode,
5740 MGMT_STATUS_INVALID_INDEX);
5745 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
5746 mgmt_handlers[opcode].func == NULL) {
5747 BT_DBG("Unknown op %u", opcode);
5748 err = cmd_status(sk, index, opcode,
5749 MGMT_STATUS_UNKNOWN_COMMAND);
5753 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5754 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5755 err = cmd_status(sk, index, opcode,
5756 MGMT_STATUS_INVALID_INDEX);
5760 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5761 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5762 err = cmd_status(sk, index, opcode,
5763 MGMT_STATUS_INVALID_INDEX);
5767 handler = &mgmt_handlers[opcode];
5769 if ((handler->var_len && len < handler->data_len) ||
5770 (!handler->var_len && len != handler->data_len)) {
5771 err = cmd_status(sk, index, opcode,
5772 MGMT_STATUS_INVALID_PARAMS);
5777 mgmt_init_hdev(sk, hdev);
5779 cp = buf + sizeof(*hdr);
5781 err = handler->func(sk, hdev, cp, len);
5795 void mgmt_index_added(struct hci_dev *hdev)
5797 if (hdev->dev_type != HCI_BREDR)
5800 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5803 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5804 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5806 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
5809 void mgmt_index_removed(struct hci_dev *hdev)
5811 u8 status = MGMT_STATUS_INVALID_INDEX;
5813 if (hdev->dev_type != HCI_BREDR)
5816 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5819 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
5821 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5822 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5824 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
5827 /* This function requires the caller holds hdev->lock */
5828 static void restart_le_actions(struct hci_dev *hdev)
5830 struct hci_conn_params *p;
5832 list_for_each_entry(p, &hdev->le_conn_params, list) {
5833 /* Needed for AUTO_OFF case where might not "really"
5834 * have been powered off.
5836 list_del_init(&p->action);
5838 switch (p->auto_connect) {
5839 case HCI_AUTO_CONN_DIRECT:
5840 case HCI_AUTO_CONN_ALWAYS:
5841 list_add(&p->action, &hdev->pend_le_conns);
5843 case HCI_AUTO_CONN_REPORT:
5844 list_add(&p->action, &hdev->pend_le_reports);
5851 hci_update_background_scan(hdev);
5854 static void powered_complete(struct hci_dev *hdev, u8 status)
5856 struct cmd_lookup match = { NULL, hdev };
5858 BT_DBG("status 0x%02x", status);
5862 restart_le_actions(hdev);
5864 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5866 new_settings(hdev, match.sk);
5868 hci_dev_unlock(hdev);
5874 static int powered_update_hci(struct hci_dev *hdev)
5876 struct hci_request req;
5879 hci_req_init(&req, hdev);
5881 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5882 !lmp_host_ssp_capable(hdev)) {
5885 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
5888 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5889 lmp_bredr_capable(hdev)) {
5890 struct hci_cp_write_le_host_supported cp;
5895 /* Check first if we already have the right
5896 * host state (host features set)
5898 if (cp.le != lmp_host_le_capable(hdev) ||
5899 cp.simul != lmp_host_le_br_capable(hdev))
5900 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5904 if (lmp_le_capable(hdev)) {
5905 /* Make sure the controller has a good default for
5906 * advertising data. This also applies to the case
5907 * where BR/EDR was toggled during the AUTO_OFF phase.
5909 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5910 update_adv_data(&req);
5911 update_scan_rsp_data(&req);
5914 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5915 enable_advertising(&req);
5918 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5919 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
5920 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5921 sizeof(link_sec), &link_sec);
5923 if (lmp_bredr_capable(hdev)) {
5924 write_fast_connectable(&req, false);
5925 hci_update_page_scan(hdev, &req);
5931 return hci_req_run(&req, powered_complete);
5934 int mgmt_powered(struct hci_dev *hdev, u8 powered)
5936 struct cmd_lookup match = { NULL, hdev };
5937 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5938 u8 zero_cod[] = { 0, 0, 0 };
5941 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5945 if (powered_update_hci(hdev) == 0)
5948 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5953 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5954 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5956 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5957 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5958 zero_cod, sizeof(zero_cod), NULL);
5961 err = new_settings(hdev, match.sk);
5969 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
5971 struct pending_cmd *cmd;
5974 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5978 if (err == -ERFKILL)
5979 status = MGMT_STATUS_RFKILLED;
5981 status = MGMT_STATUS_FAILED;
5983 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
5985 mgmt_pending_remove(cmd);
5988 void mgmt_discoverable_timeout(struct hci_dev *hdev)
5990 struct hci_request req;
5994 /* When discoverable timeout triggers, then just make sure
5995 * the limited discoverable flag is cleared. Even in the case
5996 * of a timeout triggered from general discoverable, it is
5997 * safe to unconditionally clear the flag.
5999 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
6000 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
6002 hci_req_init(&req, hdev);
6003 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6004 u8 scan = SCAN_PAGE;
6005 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6006 sizeof(scan), &scan);
6009 update_adv_data(&req);
6010 hci_req_run(&req, NULL);
6012 hdev->discov_timeout = 0;
6014 new_settings(hdev, NULL);
6016 hci_dev_unlock(hdev);
6019 void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6022 struct mgmt_ev_new_link_key ev;
6024 memset(&ev, 0, sizeof(ev));
6026 ev.store_hint = persistent;
6027 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6028 ev.key.addr.type = BDADDR_BREDR;
6029 ev.key.type = key->type;
6030 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
6031 ev.key.pin_len = key->pin_len;
6033 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
6036 static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6038 if (ltk->authenticated)
6039 return MGMT_LTK_AUTHENTICATED;
6041 return MGMT_LTK_UNAUTHENTICATED;
6044 void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
6046 struct mgmt_ev_new_long_term_key ev;
6048 memset(&ev, 0, sizeof(ev));
6050 /* Devices using resolvable or non-resolvable random addresses
6051 * without providing an indentity resolving key don't require
6052 * to store long term keys. Their addresses will change the
6055 * Only when a remote device provides an identity address
6056 * make sure the long term key is stored. If the remote
6057 * identity is known, the long term keys are internally
6058 * mapped to the identity address. So allow static random
6059 * and public addresses here.
6061 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6062 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6063 ev.store_hint = 0x00;
6065 ev.store_hint = persistent;
6067 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
6068 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
6069 ev.key.type = mgmt_ltk_type(key);
6070 ev.key.enc_size = key->enc_size;
6071 ev.key.ediv = key->ediv;
6072 ev.key.rand = key->rand;
6074 if (key->type == SMP_LTK)
6077 memcpy(ev.key.val, key->val, sizeof(key->val));
6079 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
6082 void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6084 struct mgmt_ev_new_irk ev;
6086 memset(&ev, 0, sizeof(ev));
6088 /* For identity resolving keys from devices that are already
6089 * using a public address or static random address, do not
6090 * ask for storing this key. The identity resolving key really
6091 * is only mandatory for devices using resovlable random
6094 * Storing all identity resolving keys has the downside that
6095 * they will be also loaded on next boot of they system. More
6096 * identity resolving keys, means more time during scanning is
6097 * needed to actually resolve these addresses.
6099 if (bacmp(&irk->rpa, BDADDR_ANY))
6100 ev.store_hint = 0x01;
6102 ev.store_hint = 0x00;
6104 bacpy(&ev.rpa, &irk->rpa);
6105 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6106 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6107 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6109 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6112 void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6115 struct mgmt_ev_new_csrk ev;
6117 memset(&ev, 0, sizeof(ev));
6119 /* Devices using resolvable or non-resolvable random addresses
6120 * without providing an indentity resolving key don't require
6121 * to store signature resolving keys. Their addresses will change
6122 * the next time around.
6124 * Only when a remote device provides an identity address
6125 * make sure the signature resolving key is stored. So allow
6126 * static random and public addresses here.
6128 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6129 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6130 ev.store_hint = 0x00;
6132 ev.store_hint = persistent;
6134 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6135 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6136 ev.key.master = csrk->master;
6137 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6139 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6142 void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
6143 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6144 u16 max_interval, u16 latency, u16 timeout)
6146 struct mgmt_ev_new_conn_param ev;
6148 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6151 memset(&ev, 0, sizeof(ev));
6152 bacpy(&ev.addr.bdaddr, bdaddr);
6153 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
6154 ev.store_hint = store_hint;
6155 ev.min_interval = cpu_to_le16(min_interval);
6156 ev.max_interval = cpu_to_le16(max_interval);
6157 ev.latency = cpu_to_le16(latency);
6158 ev.timeout = cpu_to_le16(timeout);
6160 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6163 static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6166 eir[eir_len++] = sizeof(type) + data_len;
6167 eir[eir_len++] = type;
6168 memcpy(&eir[eir_len], data, data_len);
6169 eir_len += data_len;
6174 void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6175 u8 addr_type, u32 flags, u8 *name, u8 name_len,
6179 struct mgmt_ev_device_connected *ev = (void *) buf;
6182 bacpy(&ev->addr.bdaddr, bdaddr);
6183 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6185 ev->flags = __cpu_to_le32(flags);
6188 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6191 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
6192 eir_len = eir_append_data(ev->eir, eir_len,
6193 EIR_CLASS_OF_DEV, dev_class, 3);
6195 ev->eir_len = cpu_to_le16(eir_len);
6197 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6198 sizeof(*ev) + eir_len, NULL);
6201 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6203 struct mgmt_cp_disconnect *cp = cmd->param;
6204 struct sock **sk = data;
6205 struct mgmt_rp_disconnect rp;
6207 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6208 rp.addr.type = cp->addr.type;
6210 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
6216 mgmt_pending_remove(cmd);
6219 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
6221 struct hci_dev *hdev = data;
6222 struct mgmt_cp_unpair_device *cp = cmd->param;
6223 struct mgmt_rp_unpair_device rp;
6225 memset(&rp, 0, sizeof(rp));
6226 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6227 rp.addr.type = cp->addr.type;
6229 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6231 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
6233 mgmt_pending_remove(cmd);
6236 bool mgmt_powering_down(struct hci_dev *hdev)
6238 struct pending_cmd *cmd;
6239 struct mgmt_mode *cp;
6241 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6252 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
6253 u8 link_type, u8 addr_type, u8 reason,
6254 bool mgmt_connected)
6256 struct mgmt_ev_device_disconnected ev;
6257 struct sock *sk = NULL;
6259 /* The connection is still in hci_conn_hash so test for 1
6260 * instead of 0 to know if this is the last one.
6262 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6263 cancel_delayed_work(&hdev->power_off);
6264 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6267 if (!mgmt_connected)
6270 if (link_type != ACL_LINK && link_type != LE_LINK)
6273 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
6275 bacpy(&ev.addr.bdaddr, bdaddr);
6276 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6279 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
6284 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6288 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6289 u8 link_type, u8 addr_type, u8 status)
6291 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6292 struct mgmt_cp_disconnect *cp;
6293 struct mgmt_rp_disconnect rp;
6294 struct pending_cmd *cmd;
6296 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6299 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
6305 if (bacmp(bdaddr, &cp->addr.bdaddr))
6308 if (cp->addr.type != bdaddr_type)
6311 bacpy(&rp.addr.bdaddr, bdaddr);
6312 rp.addr.type = bdaddr_type;
6314 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6315 mgmt_status(status), &rp, sizeof(rp));
6317 mgmt_pending_remove(cmd);
6320 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6321 u8 addr_type, u8 status)
6323 struct mgmt_ev_connect_failed ev;
6325 /* The connection is still in hci_conn_hash so test for 1
6326 * instead of 0 to know if this is the last one.
6328 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6329 cancel_delayed_work(&hdev->power_off);
6330 queue_work(hdev->req_workqueue, &hdev->power_off.work);
6333 bacpy(&ev.addr.bdaddr, bdaddr);
6334 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6335 ev.status = mgmt_status(status);
6337 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
6340 void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
6342 struct mgmt_ev_pin_code_request ev;
6344 bacpy(&ev.addr.bdaddr, bdaddr);
6345 ev.addr.type = BDADDR_BREDR;
6348 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
6351 void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6354 struct pending_cmd *cmd;
6355 struct mgmt_rp_pin_code_reply rp;
6357 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
6361 bacpy(&rp.addr.bdaddr, bdaddr);
6362 rp.addr.type = BDADDR_BREDR;
6364 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6365 mgmt_status(status), &rp, sizeof(rp));
6367 mgmt_pending_remove(cmd);
6370 void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6373 struct pending_cmd *cmd;
6374 struct mgmt_rp_pin_code_reply rp;
6376 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
6380 bacpy(&rp.addr.bdaddr, bdaddr);
6381 rp.addr.type = BDADDR_BREDR;
6383 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6384 mgmt_status(status), &rp, sizeof(rp));
6386 mgmt_pending_remove(cmd);
6389 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
6390 u8 link_type, u8 addr_type, u32 value,
6393 struct mgmt_ev_user_confirm_request ev;
6395 BT_DBG("%s", hdev->name);
6397 bacpy(&ev.addr.bdaddr, bdaddr);
6398 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6399 ev.confirm_hint = confirm_hint;
6400 ev.value = cpu_to_le32(value);
6402 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
6406 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
6407 u8 link_type, u8 addr_type)
6409 struct mgmt_ev_user_passkey_request ev;
6411 BT_DBG("%s", hdev->name);
6413 bacpy(&ev.addr.bdaddr, bdaddr);
6414 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6416 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
6420 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6421 u8 link_type, u8 addr_type, u8 status,
6424 struct pending_cmd *cmd;
6425 struct mgmt_rp_user_confirm_reply rp;
6428 cmd = mgmt_pending_find(opcode, hdev);
6432 bacpy(&rp.addr.bdaddr, bdaddr);
6433 rp.addr.type = link_to_bdaddr(link_type, addr_type);
6434 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
6437 mgmt_pending_remove(cmd);
6442 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6443 u8 link_type, u8 addr_type, u8 status)
6445 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6446 status, MGMT_OP_USER_CONFIRM_REPLY);
6449 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6450 u8 link_type, u8 addr_type, u8 status)
6452 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6454 MGMT_OP_USER_CONFIRM_NEG_REPLY);
6457 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6458 u8 link_type, u8 addr_type, u8 status)
6460 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6461 status, MGMT_OP_USER_PASSKEY_REPLY);
6464 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6465 u8 link_type, u8 addr_type, u8 status)
6467 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
6469 MGMT_OP_USER_PASSKEY_NEG_REPLY);
6472 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6473 u8 link_type, u8 addr_type, u32 passkey,
6476 struct mgmt_ev_passkey_notify ev;
6478 BT_DBG("%s", hdev->name);
6480 bacpy(&ev.addr.bdaddr, bdaddr);
6481 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6482 ev.passkey = __cpu_to_le32(passkey);
6483 ev.entered = entered;
6485 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6488 void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6489 u8 addr_type, u8 status)
6491 struct mgmt_ev_auth_failed ev;
6493 bacpy(&ev.addr.bdaddr, bdaddr);
6494 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6495 ev.status = mgmt_status(status);
6497 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
6500 void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
6502 struct cmd_lookup match = { NULL, hdev };
6506 u8 mgmt_err = mgmt_status(status);
6507 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
6508 cmd_status_rsp, &mgmt_err);
6512 if (test_bit(HCI_AUTH, &hdev->flags))
6513 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6516 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6519 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
6523 new_settings(hdev, match.sk);
6529 static void clear_eir(struct hci_request *req)
6531 struct hci_dev *hdev = req->hdev;
6532 struct hci_cp_write_eir cp;
6534 if (!lmp_ext_inq_capable(hdev))
6537 memset(hdev->eir, 0, sizeof(hdev->eir));
6539 memset(&cp, 0, sizeof(cp));
6541 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
6544 void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6546 struct cmd_lookup match = { NULL, hdev };
6547 struct hci_request req;
6548 bool changed = false;
6551 u8 mgmt_err = mgmt_status(status);
6553 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
6554 &hdev->dev_flags)) {
6555 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
6556 new_settings(hdev, NULL);
6559 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6565 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6567 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6569 changed = test_and_clear_bit(HCI_HS_ENABLED,
6572 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
6575 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6578 new_settings(hdev, match.sk);
6583 hci_req_init(&req, hdev);
6585 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6586 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6587 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6588 sizeof(enable), &enable);
6594 hci_req_run(&req, NULL);
6597 void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6599 struct cmd_lookup match = { NULL, hdev };
6600 bool changed = false;
6603 u8 mgmt_err = mgmt_status(status);
6606 if (test_and_clear_bit(HCI_SC_ENABLED,
6608 new_settings(hdev, NULL);
6609 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6612 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6613 cmd_status_rsp, &mgmt_err);
6618 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
6620 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
6621 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6624 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6625 settings_rsp, &match);
6628 new_settings(hdev, match.sk);
6634 static void sk_lookup(struct pending_cmd *cmd, void *data)
6636 struct cmd_lookup *match = data;
6638 if (match->sk == NULL) {
6639 match->sk = cmd->sk;
6640 sock_hold(match->sk);
6644 void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6647 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
6649 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6650 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6651 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
6654 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6661 void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
6663 struct mgmt_cp_set_local_name ev;
6664 struct pending_cmd *cmd;
6669 memset(&ev, 0, sizeof(ev));
6670 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
6671 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
6673 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
6675 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
6677 /* If this is a HCI command related to powering on the
6678 * HCI dev don't send any mgmt signals.
6680 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
6684 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6685 cmd ? cmd->sk : NULL);
6688 void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6689 u8 *randomizer192, u8 *hash256,
6690 u8 *randomizer256, u8 status)
6692 struct pending_cmd *cmd;
6694 BT_DBG("%s status %u", hdev->name, status);
6696 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
6701 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6702 mgmt_status(status));
6704 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6705 hash256 && randomizer256) {
6706 struct mgmt_rp_read_local_oob_ext_data rp;
6708 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6709 memcpy(rp.randomizer192, randomizer192,
6710 sizeof(rp.randomizer192));
6712 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6713 memcpy(rp.randomizer256, randomizer256,
6714 sizeof(rp.randomizer256));
6716 cmd_complete(cmd->sk, hdev->id,
6717 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6720 struct mgmt_rp_read_local_oob_data rp;
6722 memcpy(rp.hash, hash192, sizeof(rp.hash));
6723 memcpy(rp.randomizer, randomizer192,
6724 sizeof(rp.randomizer));
6726 cmd_complete(cmd->sk, hdev->id,
6727 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6732 mgmt_pending_remove(cmd);
6735 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6736 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6737 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
6740 struct mgmt_ev_device_found *ev = (void *) buf;
6743 /* Don't send events for a non-kernel initiated discovery. With
6744 * LE one exception is if we have pend_le_reports > 0 in which
6745 * case we're doing passive scanning and want these events.
6747 if (!hci_discovery_active(hdev)) {
6748 if (link_type == ACL_LINK)
6750 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
6754 /* Make sure that the buffer is big enough. The 5 extra bytes
6755 * are for the potential CoD field.
6757 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
6760 memset(buf, 0, sizeof(buf));
6762 bacpy(&ev->addr.bdaddr, bdaddr);
6763 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6765 ev->flags = cpu_to_le32(flags);
6768 memcpy(ev->eir, eir, eir_len);
6770 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6771 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
6774 if (scan_rsp_len > 0)
6775 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6777 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6778 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
6780 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
6783 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6784 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
6786 struct mgmt_ev_device_found *ev;
6787 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6790 ev = (struct mgmt_ev_device_found *) buf;
6792 memset(buf, 0, sizeof(buf));
6794 bacpy(&ev->addr.bdaddr, bdaddr);
6795 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6798 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
6801 ev->eir_len = cpu_to_le16(eir_len);
6803 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
6806 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
6808 struct mgmt_ev_discovering ev;
6809 struct pending_cmd *cmd;
6811 BT_DBG("%s discovering %u", hdev->name, discovering);
6814 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
6816 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
6819 u8 type = hdev->discovery.type;
6821 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6823 mgmt_pending_remove(cmd);
6826 memset(&ev, 0, sizeof(ev));
6827 ev.type = hdev->discovery.type;
6828 ev.discovering = discovering;
6830 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
6833 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6835 BT_DBG("%s status %u", hdev->name, status);
6838 void mgmt_reenable_advertising(struct hci_dev *hdev)
6840 struct hci_request req;
6842 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6845 hci_req_init(&req, hdev);
6846 enable_advertising(&req);
6847 hci_req_run(&req, adv_enable_complete);