2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
33 #include <net/bluetooth/mgmt.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 7
40 static const u16 mgmt_commands
[] = {
41 MGMT_OP_READ_INDEX_LIST
,
44 MGMT_OP_SET_DISCOVERABLE
,
45 MGMT_OP_SET_CONNECTABLE
,
46 MGMT_OP_SET_FAST_CONNECTABLE
,
48 MGMT_OP_SET_LINK_SECURITY
,
52 MGMT_OP_SET_DEV_CLASS
,
53 MGMT_OP_SET_LOCAL_NAME
,
56 MGMT_OP_LOAD_LINK_KEYS
,
57 MGMT_OP_LOAD_LONG_TERM_KEYS
,
59 MGMT_OP_GET_CONNECTIONS
,
60 MGMT_OP_PIN_CODE_REPLY
,
61 MGMT_OP_PIN_CODE_NEG_REPLY
,
62 MGMT_OP_SET_IO_CAPABILITY
,
64 MGMT_OP_CANCEL_PAIR_DEVICE
,
65 MGMT_OP_UNPAIR_DEVICE
,
66 MGMT_OP_USER_CONFIRM_REPLY
,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
68 MGMT_OP_USER_PASSKEY_REPLY
,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
70 MGMT_OP_READ_LOCAL_OOB_DATA
,
71 MGMT_OP_ADD_REMOTE_OOB_DATA
,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
73 MGMT_OP_START_DISCOVERY
,
74 MGMT_OP_STOP_DISCOVERY
,
77 MGMT_OP_UNBLOCK_DEVICE
,
78 MGMT_OP_SET_DEVICE_ID
,
79 MGMT_OP_SET_ADVERTISING
,
81 MGMT_OP_SET_STATIC_ADDRESS
,
82 MGMT_OP_SET_SCAN_PARAMS
,
83 MGMT_OP_SET_SECURE_CONN
,
84 MGMT_OP_SET_DEBUG_KEYS
,
87 MGMT_OP_GET_CONN_INFO
,
88 MGMT_OP_GET_CLOCK_INFO
,
90 MGMT_OP_REMOVE_DEVICE
,
93 static const u16 mgmt_events
[] = {
94 MGMT_EV_CONTROLLER_ERROR
,
96 MGMT_EV_INDEX_REMOVED
,
98 MGMT_EV_CLASS_OF_DEV_CHANGED
,
99 MGMT_EV_LOCAL_NAME_CHANGED
,
100 MGMT_EV_NEW_LINK_KEY
,
101 MGMT_EV_NEW_LONG_TERM_KEY
,
102 MGMT_EV_DEVICE_CONNECTED
,
103 MGMT_EV_DEVICE_DISCONNECTED
,
104 MGMT_EV_CONNECT_FAILED
,
105 MGMT_EV_PIN_CODE_REQUEST
,
106 MGMT_EV_USER_CONFIRM_REQUEST
,
107 MGMT_EV_USER_PASSKEY_REQUEST
,
109 MGMT_EV_DEVICE_FOUND
,
111 MGMT_EV_DEVICE_BLOCKED
,
112 MGMT_EV_DEVICE_UNBLOCKED
,
113 MGMT_EV_DEVICE_UNPAIRED
,
114 MGMT_EV_PASSKEY_NOTIFY
,
117 MGMT_EV_DEVICE_ADDED
,
118 MGMT_EV_DEVICE_REMOVED
,
121 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
123 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
124 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
127 struct list_head list
;
135 /* HCI to MGMT error code conversion table */
136 static u8 mgmt_status_table
[] = {
138 MGMT_STATUS_UNKNOWN_COMMAND
, /* Unknown Command */
139 MGMT_STATUS_NOT_CONNECTED
, /* No Connection */
140 MGMT_STATUS_FAILED
, /* Hardware Failure */
141 MGMT_STATUS_CONNECT_FAILED
, /* Page Timeout */
142 MGMT_STATUS_AUTH_FAILED
, /* Authentication Failed */
143 MGMT_STATUS_AUTH_FAILED
, /* PIN or Key Missing */
144 MGMT_STATUS_NO_RESOURCES
, /* Memory Full */
145 MGMT_STATUS_TIMEOUT
, /* Connection Timeout */
146 MGMT_STATUS_NO_RESOURCES
, /* Max Number of Connections */
147 MGMT_STATUS_NO_RESOURCES
, /* Max Number of SCO Connections */
148 MGMT_STATUS_ALREADY_CONNECTED
, /* ACL Connection Exists */
149 MGMT_STATUS_BUSY
, /* Command Disallowed */
150 MGMT_STATUS_NO_RESOURCES
, /* Rejected Limited Resources */
151 MGMT_STATUS_REJECTED
, /* Rejected Security */
152 MGMT_STATUS_REJECTED
, /* Rejected Personal */
153 MGMT_STATUS_TIMEOUT
, /* Host Timeout */
154 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Feature */
155 MGMT_STATUS_INVALID_PARAMS
, /* Invalid Parameters */
156 MGMT_STATUS_DISCONNECTED
, /* OE User Ended Connection */
157 MGMT_STATUS_NO_RESOURCES
, /* OE Low Resources */
158 MGMT_STATUS_DISCONNECTED
, /* OE Power Off */
159 MGMT_STATUS_DISCONNECTED
, /* Connection Terminated */
160 MGMT_STATUS_BUSY
, /* Repeated Attempts */
161 MGMT_STATUS_REJECTED
, /* Pairing Not Allowed */
162 MGMT_STATUS_FAILED
, /* Unknown LMP PDU */
163 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Remote Feature */
164 MGMT_STATUS_REJECTED
, /* SCO Offset Rejected */
165 MGMT_STATUS_REJECTED
, /* SCO Interval Rejected */
166 MGMT_STATUS_REJECTED
, /* Air Mode Rejected */
167 MGMT_STATUS_INVALID_PARAMS
, /* Invalid LMP Parameters */
168 MGMT_STATUS_FAILED
, /* Unspecified Error */
169 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported LMP Parameter Value */
170 MGMT_STATUS_FAILED
, /* Role Change Not Allowed */
171 MGMT_STATUS_TIMEOUT
, /* LMP Response Timeout */
172 MGMT_STATUS_FAILED
, /* LMP Error Transaction Collision */
173 MGMT_STATUS_FAILED
, /* LMP PDU Not Allowed */
174 MGMT_STATUS_REJECTED
, /* Encryption Mode Not Accepted */
175 MGMT_STATUS_FAILED
, /* Unit Link Key Used */
176 MGMT_STATUS_NOT_SUPPORTED
, /* QoS Not Supported */
177 MGMT_STATUS_TIMEOUT
, /* Instant Passed */
178 MGMT_STATUS_NOT_SUPPORTED
, /* Pairing Not Supported */
179 MGMT_STATUS_FAILED
, /* Transaction Collision */
180 MGMT_STATUS_INVALID_PARAMS
, /* Unacceptable Parameter */
181 MGMT_STATUS_REJECTED
, /* QoS Rejected */
182 MGMT_STATUS_NOT_SUPPORTED
, /* Classification Not Supported */
183 MGMT_STATUS_REJECTED
, /* Insufficient Security */
184 MGMT_STATUS_INVALID_PARAMS
, /* Parameter Out Of Range */
185 MGMT_STATUS_BUSY
, /* Role Switch Pending */
186 MGMT_STATUS_FAILED
, /* Slot Violation */
187 MGMT_STATUS_FAILED
, /* Role Switch Failed */
188 MGMT_STATUS_INVALID_PARAMS
, /* EIR Too Large */
189 MGMT_STATUS_NOT_SUPPORTED
, /* Simple Pairing Not Supported */
190 MGMT_STATUS_BUSY
, /* Host Busy Pairing */
191 MGMT_STATUS_REJECTED
, /* Rejected, No Suitable Channel */
192 MGMT_STATUS_BUSY
, /* Controller Busy */
193 MGMT_STATUS_INVALID_PARAMS
, /* Unsuitable Connection Interval */
194 MGMT_STATUS_TIMEOUT
, /* Directed Advertising Timeout */
195 MGMT_STATUS_AUTH_FAILED
, /* Terminated Due to MIC Failure */
196 MGMT_STATUS_CONNECT_FAILED
, /* Connection Establishment Failed */
197 MGMT_STATUS_CONNECT_FAILED
, /* MAC Connection Failed */
200 static u8
mgmt_status(u8 hci_status
)
202 if (hci_status
< ARRAY_SIZE(mgmt_status_table
))
203 return mgmt_status_table
[hci_status
];
205 return MGMT_STATUS_FAILED
;
208 static int cmd_status(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
)
211 struct mgmt_hdr
*hdr
;
212 struct mgmt_ev_cmd_status
*ev
;
215 BT_DBG("sock %p, index %u, cmd %u, status %u", sk
, index
, cmd
, status
);
217 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
), GFP_KERNEL
);
221 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
223 hdr
->opcode
= cpu_to_le16(MGMT_EV_CMD_STATUS
);
224 hdr
->index
= cpu_to_le16(index
);
225 hdr
->len
= cpu_to_le16(sizeof(*ev
));
227 ev
= (void *) skb_put(skb
, sizeof(*ev
));
229 ev
->opcode
= cpu_to_le16(cmd
);
231 err
= sock_queue_rcv_skb(sk
, skb
);
238 static int cmd_complete(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
,
239 void *rp
, size_t rp_len
)
242 struct mgmt_hdr
*hdr
;
243 struct mgmt_ev_cmd_complete
*ev
;
246 BT_DBG("sock %p", sk
);
248 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
) + rp_len
, GFP_KERNEL
);
252 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
254 hdr
->opcode
= cpu_to_le16(MGMT_EV_CMD_COMPLETE
);
255 hdr
->index
= cpu_to_le16(index
);
256 hdr
->len
= cpu_to_le16(sizeof(*ev
) + rp_len
);
258 ev
= (void *) skb_put(skb
, sizeof(*ev
) + rp_len
);
259 ev
->opcode
= cpu_to_le16(cmd
);
263 memcpy(ev
->data
, rp
, rp_len
);
265 err
= sock_queue_rcv_skb(sk
, skb
);
272 static int read_version(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
275 struct mgmt_rp_read_version rp
;
277 BT_DBG("sock %p", sk
);
279 rp
.version
= MGMT_VERSION
;
280 rp
.revision
= cpu_to_le16(MGMT_REVISION
);
282 return cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_VERSION
, 0, &rp
,
286 static int read_commands(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
289 struct mgmt_rp_read_commands
*rp
;
290 const u16 num_commands
= ARRAY_SIZE(mgmt_commands
);
291 const u16 num_events
= ARRAY_SIZE(mgmt_events
);
296 BT_DBG("sock %p", sk
);
298 rp_size
= sizeof(*rp
) + ((num_commands
+ num_events
) * sizeof(u16
));
300 rp
= kmalloc(rp_size
, GFP_KERNEL
);
304 rp
->num_commands
= cpu_to_le16(num_commands
);
305 rp
->num_events
= cpu_to_le16(num_events
);
307 for (i
= 0, opcode
= rp
->opcodes
; i
< num_commands
; i
++, opcode
++)
308 put_unaligned_le16(mgmt_commands
[i
], opcode
);
310 for (i
= 0; i
< num_events
; i
++, opcode
++)
311 put_unaligned_le16(mgmt_events
[i
], opcode
);
313 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_COMMANDS
, 0, rp
,
320 static int read_index_list(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
323 struct mgmt_rp_read_index_list
*rp
;
329 BT_DBG("sock %p", sk
);
331 read_lock(&hci_dev_list_lock
);
334 list_for_each_entry(d
, &hci_dev_list
, list
) {
335 if (d
->dev_type
== HCI_BREDR
)
339 rp_len
= sizeof(*rp
) + (2 * count
);
340 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
342 read_unlock(&hci_dev_list_lock
);
347 list_for_each_entry(d
, &hci_dev_list
, list
) {
348 if (test_bit(HCI_SETUP
, &d
->dev_flags
))
351 if (test_bit(HCI_USER_CHANNEL
, &d
->dev_flags
))
354 if (test_bit(HCI_QUIRK_RAW_DEVICE
, &d
->quirks
))
357 if (d
->dev_type
== HCI_BREDR
) {
358 rp
->index
[count
++] = cpu_to_le16(d
->id
);
359 BT_DBG("Added hci%u", d
->id
);
363 rp
->num_controllers
= cpu_to_le16(count
);
364 rp_len
= sizeof(*rp
) + (2 * count
);
366 read_unlock(&hci_dev_list_lock
);
368 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_INDEX_LIST
, 0, rp
,
376 static u32
get_supported_settings(struct hci_dev
*hdev
)
380 settings
|= MGMT_SETTING_POWERED
;
381 settings
|= MGMT_SETTING_PAIRABLE
;
382 settings
|= MGMT_SETTING_DEBUG_KEYS
;
384 if (lmp_bredr_capable(hdev
)) {
385 settings
|= MGMT_SETTING_CONNECTABLE
;
386 if (hdev
->hci_ver
>= BLUETOOTH_VER_1_2
)
387 settings
|= MGMT_SETTING_FAST_CONNECTABLE
;
388 settings
|= MGMT_SETTING_DISCOVERABLE
;
389 settings
|= MGMT_SETTING_BREDR
;
390 settings
|= MGMT_SETTING_LINK_SECURITY
;
392 if (lmp_ssp_capable(hdev
)) {
393 settings
|= MGMT_SETTING_SSP
;
394 settings
|= MGMT_SETTING_HS
;
397 if (lmp_sc_capable(hdev
) ||
398 test_bit(HCI_FORCE_SC
, &hdev
->dbg_flags
))
399 settings
|= MGMT_SETTING_SECURE_CONN
;
402 if (lmp_le_capable(hdev
)) {
403 settings
|= MGMT_SETTING_LE
;
404 settings
|= MGMT_SETTING_ADVERTISING
;
405 settings
|= MGMT_SETTING_PRIVACY
;
411 static u32
get_current_settings(struct hci_dev
*hdev
)
415 if (hdev_is_powered(hdev
))
416 settings
|= MGMT_SETTING_POWERED
;
418 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
419 settings
|= MGMT_SETTING_CONNECTABLE
;
421 if (test_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
))
422 settings
|= MGMT_SETTING_FAST_CONNECTABLE
;
424 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
425 settings
|= MGMT_SETTING_DISCOVERABLE
;
427 if (test_bit(HCI_PAIRABLE
, &hdev
->dev_flags
))
428 settings
|= MGMT_SETTING_PAIRABLE
;
430 if (test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
431 settings
|= MGMT_SETTING_BREDR
;
433 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
434 settings
|= MGMT_SETTING_LE
;
436 if (test_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
437 settings
|= MGMT_SETTING_LINK_SECURITY
;
439 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
440 settings
|= MGMT_SETTING_SSP
;
442 if (test_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
))
443 settings
|= MGMT_SETTING_HS
;
445 if (test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
))
446 settings
|= MGMT_SETTING_ADVERTISING
;
448 if (test_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
))
449 settings
|= MGMT_SETTING_SECURE_CONN
;
451 if (test_bit(HCI_KEEP_DEBUG_KEYS
, &hdev
->dev_flags
))
452 settings
|= MGMT_SETTING_DEBUG_KEYS
;
454 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
455 settings
|= MGMT_SETTING_PRIVACY
;
460 #define PNP_INFO_SVCLASS_ID 0x1200
462 static u8
*create_uuid16_list(struct hci_dev
*hdev
, u8
*data
, ptrdiff_t len
)
464 u8
*ptr
= data
, *uuids_start
= NULL
;
465 struct bt_uuid
*uuid
;
470 list_for_each_entry(uuid
, &hdev
->uuids
, list
) {
473 if (uuid
->size
!= 16)
476 uuid16
= get_unaligned_le16(&uuid
->uuid
[12]);
480 if (uuid16
== PNP_INFO_SVCLASS_ID
)
486 uuids_start
[1] = EIR_UUID16_ALL
;
490 /* Stop if not enough space to put next UUID */
491 if ((ptr
- data
) + sizeof(u16
) > len
) {
492 uuids_start
[1] = EIR_UUID16_SOME
;
496 *ptr
++ = (uuid16
& 0x00ff);
497 *ptr
++ = (uuid16
& 0xff00) >> 8;
498 uuids_start
[0] += sizeof(uuid16
);
504 static u8
*create_uuid32_list(struct hci_dev
*hdev
, u8
*data
, ptrdiff_t len
)
506 u8
*ptr
= data
, *uuids_start
= NULL
;
507 struct bt_uuid
*uuid
;
512 list_for_each_entry(uuid
, &hdev
->uuids
, list
) {
513 if (uuid
->size
!= 32)
519 uuids_start
[1] = EIR_UUID32_ALL
;
523 /* Stop if not enough space to put next UUID */
524 if ((ptr
- data
) + sizeof(u32
) > len
) {
525 uuids_start
[1] = EIR_UUID32_SOME
;
529 memcpy(ptr
, &uuid
->uuid
[12], sizeof(u32
));
531 uuids_start
[0] += sizeof(u32
);
537 static u8
*create_uuid128_list(struct hci_dev
*hdev
, u8
*data
, ptrdiff_t len
)
539 u8
*ptr
= data
, *uuids_start
= NULL
;
540 struct bt_uuid
*uuid
;
545 list_for_each_entry(uuid
, &hdev
->uuids
, list
) {
546 if (uuid
->size
!= 128)
552 uuids_start
[1] = EIR_UUID128_ALL
;
556 /* Stop if not enough space to put next UUID */
557 if ((ptr
- data
) + 16 > len
) {
558 uuids_start
[1] = EIR_UUID128_SOME
;
562 memcpy(ptr
, uuid
->uuid
, 16);
564 uuids_start
[0] += 16;
570 static struct pending_cmd
*mgmt_pending_find(u16 opcode
, struct hci_dev
*hdev
)
572 struct pending_cmd
*cmd
;
574 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
575 if (cmd
->opcode
== opcode
)
582 static struct pending_cmd
*mgmt_pending_find_data(u16 opcode
,
583 struct hci_dev
*hdev
,
586 struct pending_cmd
*cmd
;
588 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
589 if (cmd
->user_data
!= data
)
591 if (cmd
->opcode
== opcode
)
598 static u8
create_scan_rsp_data(struct hci_dev
*hdev
, u8
*ptr
)
603 name_len
= strlen(hdev
->dev_name
);
605 size_t max_len
= HCI_MAX_AD_LENGTH
- ad_len
- 2;
607 if (name_len
> max_len
) {
609 ptr
[1] = EIR_NAME_SHORT
;
611 ptr
[1] = EIR_NAME_COMPLETE
;
613 ptr
[0] = name_len
+ 1;
615 memcpy(ptr
+ 2, hdev
->dev_name
, name_len
);
617 ad_len
+= (name_len
+ 2);
618 ptr
+= (name_len
+ 2);
624 static void update_scan_rsp_data(struct hci_request
*req
)
626 struct hci_dev
*hdev
= req
->hdev
;
627 struct hci_cp_le_set_scan_rsp_data cp
;
630 if (!test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
633 memset(&cp
, 0, sizeof(cp
));
635 len
= create_scan_rsp_data(hdev
, cp
.data
);
637 if (hdev
->scan_rsp_data_len
== len
&&
638 memcmp(cp
.data
, hdev
->scan_rsp_data
, len
) == 0)
641 memcpy(hdev
->scan_rsp_data
, cp
.data
, sizeof(cp
.data
));
642 hdev
->scan_rsp_data_len
= len
;
646 hci_req_add(req
, HCI_OP_LE_SET_SCAN_RSP_DATA
, sizeof(cp
), &cp
);
649 static u8
get_adv_discov_flags(struct hci_dev
*hdev
)
651 struct pending_cmd
*cmd
;
653 /* If there's a pending mgmt command the flags will not yet have
654 * their final values, so check for this first.
656 cmd
= mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
);
658 struct mgmt_mode
*cp
= cmd
->param
;
660 return LE_AD_GENERAL
;
661 else if (cp
->val
== 0x02)
662 return LE_AD_LIMITED
;
664 if (test_bit(HCI_LIMITED_DISCOVERABLE
, &hdev
->dev_flags
))
665 return LE_AD_LIMITED
;
666 else if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
667 return LE_AD_GENERAL
;
673 static u8
create_adv_data(struct hci_dev
*hdev
, u8
*ptr
)
675 u8 ad_len
= 0, flags
= 0;
677 flags
|= get_adv_discov_flags(hdev
);
679 if (!test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
680 flags
|= LE_AD_NO_BREDR
;
683 BT_DBG("adv flags 0x%02x", flags
);
693 if (hdev
->adv_tx_power
!= HCI_TX_POWER_INVALID
) {
695 ptr
[1] = EIR_TX_POWER
;
696 ptr
[2] = (u8
) hdev
->adv_tx_power
;
705 static void update_adv_data(struct hci_request
*req
)
707 struct hci_dev
*hdev
= req
->hdev
;
708 struct hci_cp_le_set_adv_data cp
;
711 if (!test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
714 memset(&cp
, 0, sizeof(cp
));
716 len
= create_adv_data(hdev
, cp
.data
);
718 if (hdev
->adv_data_len
== len
&&
719 memcmp(cp
.data
, hdev
->adv_data
, len
) == 0)
722 memcpy(hdev
->adv_data
, cp
.data
, sizeof(cp
.data
));
723 hdev
->adv_data_len
= len
;
727 hci_req_add(req
, HCI_OP_LE_SET_ADV_DATA
, sizeof(cp
), &cp
);
730 static void create_eir(struct hci_dev
*hdev
, u8
*data
)
735 name_len
= strlen(hdev
->dev_name
);
741 ptr
[1] = EIR_NAME_SHORT
;
743 ptr
[1] = EIR_NAME_COMPLETE
;
745 /* EIR Data length */
746 ptr
[0] = name_len
+ 1;
748 memcpy(ptr
+ 2, hdev
->dev_name
, name_len
);
750 ptr
+= (name_len
+ 2);
753 if (hdev
->inq_tx_power
!= HCI_TX_POWER_INVALID
) {
755 ptr
[1] = EIR_TX_POWER
;
756 ptr
[2] = (u8
) hdev
->inq_tx_power
;
761 if (hdev
->devid_source
> 0) {
763 ptr
[1] = EIR_DEVICE_ID
;
765 put_unaligned_le16(hdev
->devid_source
, ptr
+ 2);
766 put_unaligned_le16(hdev
->devid_vendor
, ptr
+ 4);
767 put_unaligned_le16(hdev
->devid_product
, ptr
+ 6);
768 put_unaligned_le16(hdev
->devid_version
, ptr
+ 8);
773 ptr
= create_uuid16_list(hdev
, ptr
, HCI_MAX_EIR_LENGTH
- (ptr
- data
));
774 ptr
= create_uuid32_list(hdev
, ptr
, HCI_MAX_EIR_LENGTH
- (ptr
- data
));
775 ptr
= create_uuid128_list(hdev
, ptr
, HCI_MAX_EIR_LENGTH
- (ptr
- data
));
778 static void update_eir(struct hci_request
*req
)
780 struct hci_dev
*hdev
= req
->hdev
;
781 struct hci_cp_write_eir cp
;
783 if (!hdev_is_powered(hdev
))
786 if (!lmp_ext_inq_capable(hdev
))
789 if (!test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
792 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
795 memset(&cp
, 0, sizeof(cp
));
797 create_eir(hdev
, cp
.data
);
799 if (memcmp(cp
.data
, hdev
->eir
, sizeof(cp
.data
)) == 0)
802 memcpy(hdev
->eir
, cp
.data
, sizeof(cp
.data
));
804 hci_req_add(req
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
807 static u8
get_service_classes(struct hci_dev
*hdev
)
809 struct bt_uuid
*uuid
;
812 list_for_each_entry(uuid
, &hdev
->uuids
, list
)
813 val
|= uuid
->svc_hint
;
818 static void update_class(struct hci_request
*req
)
820 struct hci_dev
*hdev
= req
->hdev
;
823 BT_DBG("%s", hdev
->name
);
825 if (!hdev_is_powered(hdev
))
828 if (!test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
831 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
834 cod
[0] = hdev
->minor_class
;
835 cod
[1] = hdev
->major_class
;
836 cod
[2] = get_service_classes(hdev
);
838 if (test_bit(HCI_LIMITED_DISCOVERABLE
, &hdev
->dev_flags
))
841 if (memcmp(cod
, hdev
->dev_class
, 3) == 0)
844 hci_req_add(req
, HCI_OP_WRITE_CLASS_OF_DEV
, sizeof(cod
), cod
);
847 static bool get_connectable(struct hci_dev
*hdev
)
849 struct pending_cmd
*cmd
;
851 /* If there's a pending mgmt command the flag will not yet have
852 * it's final value, so check for this first.
854 cmd
= mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
);
856 struct mgmt_mode
*cp
= cmd
->param
;
860 return test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
863 static void enable_advertising(struct hci_request
*req
)
865 struct hci_dev
*hdev
= req
->hdev
;
866 struct hci_cp_le_set_adv_param cp
;
867 u8 own_addr_type
, enable
= 0x01;
870 /* Clear the HCI_ADVERTISING bit temporarily so that the
871 * hci_update_random_address knows that it's safe to go ahead
872 * and write a new random address. The flag will be set back on
873 * as soon as the SET_ADV_ENABLE HCI command completes.
875 clear_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
877 connectable
= get_connectable(hdev
);
879 /* Set require_privacy to true only when non-connectable
880 * advertising is used. In that case it is fine to use a
881 * non-resolvable private address.
883 if (hci_update_random_address(req
, !connectable
, &own_addr_type
) < 0)
886 memset(&cp
, 0, sizeof(cp
));
887 cp
.min_interval
= cpu_to_le16(0x0800);
888 cp
.max_interval
= cpu_to_le16(0x0800);
889 cp
.type
= connectable
? LE_ADV_IND
: LE_ADV_NONCONN_IND
;
890 cp
.own_address_type
= own_addr_type
;
891 cp
.channel_map
= hdev
->le_adv_channel_map
;
893 hci_req_add(req
, HCI_OP_LE_SET_ADV_PARAM
, sizeof(cp
), &cp
);
895 hci_req_add(req
, HCI_OP_LE_SET_ADV_ENABLE
, sizeof(enable
), &enable
);
898 static void disable_advertising(struct hci_request
*req
)
902 hci_req_add(req
, HCI_OP_LE_SET_ADV_ENABLE
, sizeof(enable
), &enable
);
905 static void service_cache_off(struct work_struct
*work
)
907 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
909 struct hci_request req
;
911 if (!test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
914 hci_req_init(&req
, hdev
);
921 hci_dev_unlock(hdev
);
923 hci_req_run(&req
, NULL
);
926 static void rpa_expired(struct work_struct
*work
)
928 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
930 struct hci_request req
;
934 set_bit(HCI_RPA_EXPIRED
, &hdev
->dev_flags
);
936 if (!test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
) ||
937 hci_conn_num(hdev
, LE_LINK
) > 0)
940 /* The generation of a new RPA and programming it into the
941 * controller happens in the enable_advertising() function.
944 hci_req_init(&req
, hdev
);
946 disable_advertising(&req
);
947 enable_advertising(&req
);
949 hci_req_run(&req
, NULL
);
952 static void mgmt_init_hdev(struct sock
*sk
, struct hci_dev
*hdev
)
954 if (test_and_set_bit(HCI_MGMT
, &hdev
->dev_flags
))
957 INIT_DELAYED_WORK(&hdev
->service_cache
, service_cache_off
);
958 INIT_DELAYED_WORK(&hdev
->rpa_expired
, rpa_expired
);
960 /* Non-mgmt controlled devices get this bit set
961 * implicitly so that pairing works for them, however
962 * for mgmt we require user-space to explicitly enable
965 clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
968 static int read_controller_info(struct sock
*sk
, struct hci_dev
*hdev
,
969 void *data
, u16 data_len
)
971 struct mgmt_rp_read_info rp
;
973 BT_DBG("sock %p %s", sk
, hdev
->name
);
977 memset(&rp
, 0, sizeof(rp
));
979 bacpy(&rp
.bdaddr
, &hdev
->bdaddr
);
981 rp
.version
= hdev
->hci_ver
;
982 rp
.manufacturer
= cpu_to_le16(hdev
->manufacturer
);
984 rp
.supported_settings
= cpu_to_le32(get_supported_settings(hdev
));
985 rp
.current_settings
= cpu_to_le32(get_current_settings(hdev
));
987 memcpy(rp
.dev_class
, hdev
->dev_class
, 3);
989 memcpy(rp
.name
, hdev
->dev_name
, sizeof(hdev
->dev_name
));
990 memcpy(rp
.short_name
, hdev
->short_name
, sizeof(hdev
->short_name
));
992 hci_dev_unlock(hdev
);
994 return cmd_complete(sk
, hdev
->id
, MGMT_OP_READ_INFO
, 0, &rp
,
998 static void mgmt_pending_free(struct pending_cmd
*cmd
)
1005 static struct pending_cmd
*mgmt_pending_add(struct sock
*sk
, u16 opcode
,
1006 struct hci_dev
*hdev
, void *data
,
1009 struct pending_cmd
*cmd
;
1011 cmd
= kzalloc(sizeof(*cmd
), GFP_KERNEL
);
1015 cmd
->opcode
= opcode
;
1016 cmd
->index
= hdev
->id
;
1018 cmd
->param
= kmalloc(len
, GFP_KERNEL
);
1025 memcpy(cmd
->param
, data
, len
);
1030 list_add(&cmd
->list
, &hdev
->mgmt_pending
);
1035 static void mgmt_pending_foreach(u16 opcode
, struct hci_dev
*hdev
,
1036 void (*cb
)(struct pending_cmd
*cmd
,
1040 struct pending_cmd
*cmd
, *tmp
;
1042 list_for_each_entry_safe(cmd
, tmp
, &hdev
->mgmt_pending
, list
) {
1043 if (opcode
> 0 && cmd
->opcode
!= opcode
)
1050 static void mgmt_pending_remove(struct pending_cmd
*cmd
)
1052 list_del(&cmd
->list
);
1053 mgmt_pending_free(cmd
);
1056 static int send_settings_rsp(struct sock
*sk
, u16 opcode
, struct hci_dev
*hdev
)
1058 __le32 settings
= cpu_to_le32(get_current_settings(hdev
));
1060 return cmd_complete(sk
, hdev
->id
, opcode
, 0, &settings
,
1064 static void clean_up_hci_complete(struct hci_dev
*hdev
, u8 status
)
1066 BT_DBG("%s status 0x%02x", hdev
->name
, status
);
1068 if (hci_conn_count(hdev
) == 0) {
1069 cancel_delayed_work(&hdev
->power_off
);
1070 queue_work(hdev
->req_workqueue
, &hdev
->power_off
.work
);
1074 static void hci_stop_discovery(struct hci_request
*req
)
1076 struct hci_dev
*hdev
= req
->hdev
;
1077 struct hci_cp_remote_name_req_cancel cp
;
1078 struct inquiry_entry
*e
;
1080 switch (hdev
->discovery
.state
) {
1081 case DISCOVERY_FINDING
:
1082 if (test_bit(HCI_INQUIRY
, &hdev
->flags
)) {
1083 hci_req_add(req
, HCI_OP_INQUIRY_CANCEL
, 0, NULL
);
1085 cancel_delayed_work(&hdev
->le_scan_disable
);
1086 hci_req_add_le_scan_disable(req
);
1091 case DISCOVERY_RESOLVING
:
1092 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
,
1097 bacpy(&cp
.bdaddr
, &e
->data
.bdaddr
);
1098 hci_req_add(req
, HCI_OP_REMOTE_NAME_REQ_CANCEL
, sizeof(cp
),
1104 /* Passive scanning */
1105 if (test_bit(HCI_LE_SCAN
, &hdev
->dev_flags
))
1106 hci_req_add_le_scan_disable(req
);
1111 static int clean_up_hci_state(struct hci_dev
*hdev
)
1113 struct hci_request req
;
1114 struct hci_conn
*conn
;
1116 hci_req_init(&req
, hdev
);
1118 if (test_bit(HCI_ISCAN
, &hdev
->flags
) ||
1119 test_bit(HCI_PSCAN
, &hdev
->flags
)) {
1121 hci_req_add(&req
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
1124 if (test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
))
1125 disable_advertising(&req
);
1127 hci_stop_discovery(&req
);
1129 list_for_each_entry(conn
, &hdev
->conn_hash
.list
, list
) {
1130 struct hci_cp_disconnect dc
;
1131 struct hci_cp_reject_conn_req rej
;
1133 switch (conn
->state
) {
1136 dc
.handle
= cpu_to_le16(conn
->handle
);
1137 dc
.reason
= 0x15; /* Terminated due to Power Off */
1138 hci_req_add(&req
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
1141 if (conn
->type
== LE_LINK
)
1142 hci_req_add(&req
, HCI_OP_LE_CREATE_CONN_CANCEL
,
1144 else if (conn
->type
== ACL_LINK
)
1145 hci_req_add(&req
, HCI_OP_CREATE_CONN_CANCEL
,
1149 bacpy(&rej
.bdaddr
, &conn
->dst
);
1150 rej
.reason
= 0x15; /* Terminated due to Power Off */
1151 if (conn
->type
== ACL_LINK
)
1152 hci_req_add(&req
, HCI_OP_REJECT_CONN_REQ
,
1154 else if (conn
->type
== SCO_LINK
)
1155 hci_req_add(&req
, HCI_OP_REJECT_SYNC_CONN_REQ
,
1161 return hci_req_run(&req
, clean_up_hci_complete
);
1164 static int set_powered(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1167 struct mgmt_mode
*cp
= data
;
1168 struct pending_cmd
*cmd
;
1171 BT_DBG("request for %s", hdev
->name
);
1173 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1174 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_POWERED
,
1175 MGMT_STATUS_INVALID_PARAMS
);
1179 if (mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
)) {
1180 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_POWERED
,
1185 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
)) {
1186 cancel_delayed_work(&hdev
->power_off
);
1189 mgmt_pending_add(sk
, MGMT_OP_SET_POWERED
, hdev
,
1191 err
= mgmt_powered(hdev
, 1);
1196 if (!!cp
->val
== hdev_is_powered(hdev
)) {
1197 err
= send_settings_rsp(sk
, MGMT_OP_SET_POWERED
, hdev
);
1201 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_POWERED
, hdev
, data
, len
);
1208 queue_work(hdev
->req_workqueue
, &hdev
->power_on
);
1211 /* Disconnect connections, stop scans, etc */
1212 err
= clean_up_hci_state(hdev
);
1214 queue_delayed_work(hdev
->req_workqueue
, &hdev
->power_off
,
1215 HCI_POWER_OFF_TIMEOUT
);
1217 /* ENODATA means there were no HCI commands queued */
1218 if (err
== -ENODATA
) {
1219 cancel_delayed_work(&hdev
->power_off
);
1220 queue_work(hdev
->req_workqueue
, &hdev
->power_off
.work
);
1226 hci_dev_unlock(hdev
);
1230 static int mgmt_event(u16 event
, struct hci_dev
*hdev
, void *data
, u16 data_len
,
1231 struct sock
*skip_sk
)
1233 struct sk_buff
*skb
;
1234 struct mgmt_hdr
*hdr
;
1236 skb
= alloc_skb(sizeof(*hdr
) + data_len
, GFP_KERNEL
);
1240 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
1241 hdr
->opcode
= cpu_to_le16(event
);
1243 hdr
->index
= cpu_to_le16(hdev
->id
);
1245 hdr
->index
= cpu_to_le16(MGMT_INDEX_NONE
);
1246 hdr
->len
= cpu_to_le16(data_len
);
1249 memcpy(skb_put(skb
, data_len
), data
, data_len
);
1252 __net_timestamp(skb
);
1254 hci_send_to_control(skb
, skip_sk
);
1260 static int new_settings(struct hci_dev
*hdev
, struct sock
*skip
)
1264 ev
= cpu_to_le32(get_current_settings(hdev
));
1266 return mgmt_event(MGMT_EV_NEW_SETTINGS
, hdev
, &ev
, sizeof(ev
), skip
);
1271 struct hci_dev
*hdev
;
1275 static void settings_rsp(struct pending_cmd
*cmd
, void *data
)
1277 struct cmd_lookup
*match
= data
;
1279 send_settings_rsp(cmd
->sk
, cmd
->opcode
, match
->hdev
);
1281 list_del(&cmd
->list
);
1283 if (match
->sk
== NULL
) {
1284 match
->sk
= cmd
->sk
;
1285 sock_hold(match
->sk
);
1288 mgmt_pending_free(cmd
);
1291 static void cmd_status_rsp(struct pending_cmd
*cmd
, void *data
)
1295 cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, *status
);
1296 mgmt_pending_remove(cmd
);
1299 static u8
mgmt_bredr_support(struct hci_dev
*hdev
)
1301 if (!lmp_bredr_capable(hdev
))
1302 return MGMT_STATUS_NOT_SUPPORTED
;
1303 else if (!test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
1304 return MGMT_STATUS_REJECTED
;
1306 return MGMT_STATUS_SUCCESS
;
1309 static u8
mgmt_le_support(struct hci_dev
*hdev
)
1311 if (!lmp_le_capable(hdev
))
1312 return MGMT_STATUS_NOT_SUPPORTED
;
1313 else if (!test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
1314 return MGMT_STATUS_REJECTED
;
1316 return MGMT_STATUS_SUCCESS
;
1319 static void set_discoverable_complete(struct hci_dev
*hdev
, u8 status
)
1321 struct pending_cmd
*cmd
;
1322 struct mgmt_mode
*cp
;
1323 struct hci_request req
;
1326 BT_DBG("status 0x%02x", status
);
1330 cmd
= mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
);
1335 u8 mgmt_err
= mgmt_status(status
);
1336 cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, mgmt_err
);
1337 clear_bit(HCI_LIMITED_DISCOVERABLE
, &hdev
->dev_flags
);
1343 changed
= !test_and_set_bit(HCI_DISCOVERABLE
,
1346 if (hdev
->discov_timeout
> 0) {
1347 int to
= msecs_to_jiffies(hdev
->discov_timeout
* 1000);
1348 queue_delayed_work(hdev
->workqueue
, &hdev
->discov_off
,
1352 changed
= test_and_clear_bit(HCI_DISCOVERABLE
,
1356 send_settings_rsp(cmd
->sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
1359 new_settings(hdev
, cmd
->sk
);
1361 /* When the discoverable mode gets changed, make sure
1362 * that class of device has the limited discoverable
1363 * bit correctly set.
1365 hci_req_init(&req
, hdev
);
1367 hci_req_run(&req
, NULL
);
1370 mgmt_pending_remove(cmd
);
1373 hci_dev_unlock(hdev
);
1376 static int set_discoverable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1379 struct mgmt_cp_set_discoverable
*cp
= data
;
1380 struct pending_cmd
*cmd
;
1381 struct hci_request req
;
1386 BT_DBG("request for %s", hdev
->name
);
1388 if (!test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
) &&
1389 !test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
1390 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
1391 MGMT_STATUS_REJECTED
);
1393 if (cp
->val
!= 0x00 && cp
->val
!= 0x01 && cp
->val
!= 0x02)
1394 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
1395 MGMT_STATUS_INVALID_PARAMS
);
1397 timeout
= __le16_to_cpu(cp
->timeout
);
1399 /* Disabling discoverable requires that no timeout is set,
1400 * and enabling limited discoverable requires a timeout.
1402 if ((cp
->val
== 0x00 && timeout
> 0) ||
1403 (cp
->val
== 0x02 && timeout
== 0))
1404 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
1405 MGMT_STATUS_INVALID_PARAMS
);
1409 if (!hdev_is_powered(hdev
) && timeout
> 0) {
1410 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
1411 MGMT_STATUS_NOT_POWERED
);
1415 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
1416 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
1417 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
1422 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
)) {
1423 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
1424 MGMT_STATUS_REJECTED
);
1428 if (!hdev_is_powered(hdev
)) {
1429 bool changed
= false;
1431 /* Setting limited discoverable when powered off is
1432 * not a valid operation since it requires a timeout
1433 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1435 if (!!cp
->val
!= test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
)) {
1436 change_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
1440 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
1445 err
= new_settings(hdev
, sk
);
1450 /* If the current mode is the same, then just update the timeout
1451 * value with the new value. And if only the timeout gets updated,
1452 * then no need for any HCI transactions.
1454 if (!!cp
->val
== test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
) &&
1455 (cp
->val
== 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE
,
1456 &hdev
->dev_flags
)) {
1457 cancel_delayed_work(&hdev
->discov_off
);
1458 hdev
->discov_timeout
= timeout
;
1460 if (cp
->val
&& hdev
->discov_timeout
> 0) {
1461 int to
= msecs_to_jiffies(hdev
->discov_timeout
* 1000);
1462 queue_delayed_work(hdev
->workqueue
, &hdev
->discov_off
,
1466 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
1470 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
, data
, len
);
1476 /* Cancel any potential discoverable timeout that might be
1477 * still active and store new timeout value. The arming of
1478 * the timeout happens in the complete handler.
1480 cancel_delayed_work(&hdev
->discov_off
);
1481 hdev
->discov_timeout
= timeout
;
1483 /* Limited discoverable mode */
1484 if (cp
->val
== 0x02)
1485 set_bit(HCI_LIMITED_DISCOVERABLE
, &hdev
->dev_flags
);
1487 clear_bit(HCI_LIMITED_DISCOVERABLE
, &hdev
->dev_flags
);
1489 hci_req_init(&req
, hdev
);
1491 /* The procedure for LE-only controllers is much simpler - just
1492 * update the advertising data.
1494 if (!test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
1500 struct hci_cp_write_current_iac_lap hci_cp
;
1502 if (cp
->val
== 0x02) {
1503 /* Limited discoverable mode */
1504 hci_cp
.num_iac
= min_t(u8
, hdev
->num_iac
, 2);
1505 hci_cp
.iac_lap
[0] = 0x00; /* LIAC */
1506 hci_cp
.iac_lap
[1] = 0x8b;
1507 hci_cp
.iac_lap
[2] = 0x9e;
1508 hci_cp
.iac_lap
[3] = 0x33; /* GIAC */
1509 hci_cp
.iac_lap
[4] = 0x8b;
1510 hci_cp
.iac_lap
[5] = 0x9e;
1512 /* General discoverable mode */
1514 hci_cp
.iac_lap
[0] = 0x33; /* GIAC */
1515 hci_cp
.iac_lap
[1] = 0x8b;
1516 hci_cp
.iac_lap
[2] = 0x9e;
1519 hci_req_add(&req
, HCI_OP_WRITE_CURRENT_IAC_LAP
,
1520 (hci_cp
.num_iac
* 3) + 1, &hci_cp
);
1522 scan
|= SCAN_INQUIRY
;
1524 clear_bit(HCI_LIMITED_DISCOVERABLE
, &hdev
->dev_flags
);
1527 hci_req_add(&req
, HCI_OP_WRITE_SCAN_ENABLE
, sizeof(scan
), &scan
);
1530 update_adv_data(&req
);
1532 err
= hci_req_run(&req
, set_discoverable_complete
);
1534 mgmt_pending_remove(cmd
);
1537 hci_dev_unlock(hdev
);
1541 static void write_fast_connectable(struct hci_request
*req
, bool enable
)
1543 struct hci_dev
*hdev
= req
->hdev
;
1544 struct hci_cp_write_page_scan_activity acp
;
1547 if (!test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
1550 if (hdev
->hci_ver
< BLUETOOTH_VER_1_2
)
1554 type
= PAGE_SCAN_TYPE_INTERLACED
;
1556 /* 160 msec page scan interval */
1557 acp
.interval
= cpu_to_le16(0x0100);
1559 type
= PAGE_SCAN_TYPE_STANDARD
; /* default */
1561 /* default 1.28 sec page scan */
1562 acp
.interval
= cpu_to_le16(0x0800);
1565 acp
.window
= cpu_to_le16(0x0012);
1567 if (__cpu_to_le16(hdev
->page_scan_interval
) != acp
.interval
||
1568 __cpu_to_le16(hdev
->page_scan_window
) != acp
.window
)
1569 hci_req_add(req
, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY
,
1572 if (hdev
->page_scan_type
!= type
)
1573 hci_req_add(req
, HCI_OP_WRITE_PAGE_SCAN_TYPE
, 1, &type
);
1576 static void set_connectable_complete(struct hci_dev
*hdev
, u8 status
)
1578 struct pending_cmd
*cmd
;
1579 struct mgmt_mode
*cp
;
1582 BT_DBG("status 0x%02x", status
);
1586 cmd
= mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
);
1591 u8 mgmt_err
= mgmt_status(status
);
1592 cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, mgmt_err
);
1598 changed
= !test_and_set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
1600 changed
= test_and_clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
1602 send_settings_rsp(cmd
->sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
1605 new_settings(hdev
, cmd
->sk
);
1608 mgmt_pending_remove(cmd
);
1611 hci_dev_unlock(hdev
);
1614 static int set_connectable_update_settings(struct hci_dev
*hdev
,
1615 struct sock
*sk
, u8 val
)
1617 bool changed
= false;
1620 if (!!val
!= test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
1624 set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
1626 clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
1627 clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
1630 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
1635 return new_settings(hdev
, sk
);
1640 static int set_connectable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1643 struct mgmt_mode
*cp
= data
;
1644 struct pending_cmd
*cmd
;
1645 struct hci_request req
;
1649 BT_DBG("request for %s", hdev
->name
);
1651 if (!test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
) &&
1652 !test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
1653 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
1654 MGMT_STATUS_REJECTED
);
1656 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1657 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
1658 MGMT_STATUS_INVALID_PARAMS
);
1662 if (!hdev_is_powered(hdev
)) {
1663 err
= set_connectable_update_settings(hdev
, sk
, cp
->val
);
1667 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
1668 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
1669 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
1674 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
, data
, len
);
1680 hci_req_init(&req
, hdev
);
1682 /* If BR/EDR is not enabled and we disable advertising as a
1683 * by-product of disabling connectable, we need to update the
1684 * advertising flags.
1686 if (!test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
)) {
1688 clear_bit(HCI_LIMITED_DISCOVERABLE
, &hdev
->dev_flags
);
1689 clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
1691 update_adv_data(&req
);
1692 } else if (cp
->val
!= test_bit(HCI_PSCAN
, &hdev
->flags
)) {
1698 if (test_bit(HCI_ISCAN
, &hdev
->flags
) &&
1699 hdev
->discov_timeout
> 0)
1700 cancel_delayed_work(&hdev
->discov_off
);
1703 hci_req_add(&req
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
1706 /* If we're going from non-connectable to connectable or
1707 * vice-versa when fast connectable is enabled ensure that fast
1708 * connectable gets disabled. write_fast_connectable won't do
1709 * anything if the page scan parameters are already what they
1712 if (cp
->val
|| test_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
))
1713 write_fast_connectable(&req
, false);
1715 if (test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
) &&
1716 hci_conn_num(hdev
, LE_LINK
) == 0) {
1717 disable_advertising(&req
);
1718 enable_advertising(&req
);
1721 err
= hci_req_run(&req
, set_connectable_complete
);
1723 mgmt_pending_remove(cmd
);
1724 if (err
== -ENODATA
)
1725 err
= set_connectable_update_settings(hdev
, sk
,
1731 hci_dev_unlock(hdev
);
1735 static int set_pairable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1738 struct mgmt_mode
*cp
= data
;
1742 BT_DBG("request for %s", hdev
->name
);
1744 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1745 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_PAIRABLE
,
1746 MGMT_STATUS_INVALID_PARAMS
);
1751 changed
= !test_and_set_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1753 changed
= test_and_clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1755 err
= send_settings_rsp(sk
, MGMT_OP_SET_PAIRABLE
, hdev
);
1760 err
= new_settings(hdev
, sk
);
1763 hci_dev_unlock(hdev
);
1767 static int set_link_security(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1770 struct mgmt_mode
*cp
= data
;
1771 struct pending_cmd
*cmd
;
1775 BT_DBG("request for %s", hdev
->name
);
1777 status
= mgmt_bredr_support(hdev
);
1779 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1782 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1783 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1784 MGMT_STATUS_INVALID_PARAMS
);
1788 if (!hdev_is_powered(hdev
)) {
1789 bool changed
= false;
1791 if (!!cp
->val
!= test_bit(HCI_LINK_SECURITY
,
1792 &hdev
->dev_flags
)) {
1793 change_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
);
1797 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1802 err
= new_settings(hdev
, sk
);
1807 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY
, hdev
)) {
1808 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1815 if (test_bit(HCI_AUTH
, &hdev
->flags
) == val
) {
1816 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1820 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
, data
, len
);
1826 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, sizeof(val
), &val
);
1828 mgmt_pending_remove(cmd
);
1833 hci_dev_unlock(hdev
);
1837 static int set_ssp(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1839 struct mgmt_mode
*cp
= data
;
1840 struct pending_cmd
*cmd
;
1844 BT_DBG("request for %s", hdev
->name
);
1846 status
= mgmt_bredr_support(hdev
);
1848 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
, status
);
1850 if (!lmp_ssp_capable(hdev
))
1851 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1852 MGMT_STATUS_NOT_SUPPORTED
);
1854 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1855 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1856 MGMT_STATUS_INVALID_PARAMS
);
1860 if (!hdev_is_powered(hdev
)) {
1864 changed
= !test_and_set_bit(HCI_SSP_ENABLED
,
1867 changed
= test_and_clear_bit(HCI_SSP_ENABLED
,
1870 changed
= test_and_clear_bit(HCI_HS_ENABLED
,
1873 clear_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1876 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1881 err
= new_settings(hdev
, sk
);
1886 if (mgmt_pending_find(MGMT_OP_SET_SSP
, hdev
) ||
1887 mgmt_pending_find(MGMT_OP_SET_HS
, hdev
)) {
1888 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1893 if (!!cp
->val
== test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
1894 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1898 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_SSP
, hdev
, data
, len
);
1904 if (!cp
->val
&& test_bit(HCI_USE_DEBUG_KEYS
, &hdev
->dev_flags
))
1905 hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_DEBUG_MODE
,
1906 sizeof(cp
->val
), &cp
->val
);
1908 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_MODE
, 1, &cp
->val
);
1910 mgmt_pending_remove(cmd
);
1915 hci_dev_unlock(hdev
);
1919 static int set_hs(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1921 struct mgmt_mode
*cp
= data
;
1926 BT_DBG("request for %s", hdev
->name
);
1928 status
= mgmt_bredr_support(hdev
);
1930 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
, status
);
1932 if (!lmp_ssp_capable(hdev
))
1933 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1934 MGMT_STATUS_NOT_SUPPORTED
);
1936 if (!test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
1937 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1938 MGMT_STATUS_REJECTED
);
1940 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1941 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1942 MGMT_STATUS_INVALID_PARAMS
);
1947 changed
= !test_and_set_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1949 if (hdev_is_powered(hdev
)) {
1950 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1951 MGMT_STATUS_REJECTED
);
1955 changed
= test_and_clear_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1958 err
= send_settings_rsp(sk
, MGMT_OP_SET_HS
, hdev
);
1963 err
= new_settings(hdev
, sk
);
1966 hci_dev_unlock(hdev
);
1970 static void le_enable_complete(struct hci_dev
*hdev
, u8 status
)
1972 struct cmd_lookup match
= { NULL
, hdev
};
1975 u8 mgmt_err
= mgmt_status(status
);
1977 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, cmd_status_rsp
,
1982 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, settings_rsp
, &match
);
1984 new_settings(hdev
, match
.sk
);
1989 /* Make sure the controller has a good default for
1990 * advertising data. Restrict the update to when LE
1991 * has actually been enabled. During power on, the
1992 * update in powered_update_hci will take care of it.
1994 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
1995 struct hci_request req
;
1999 hci_req_init(&req
, hdev
);
2000 update_adv_data(&req
);
2001 update_scan_rsp_data(&req
);
2002 hci_req_run(&req
, NULL
);
2004 hci_dev_unlock(hdev
);
2008 static int set_le(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
2010 struct mgmt_mode
*cp
= data
;
2011 struct hci_cp_write_le_host_supported hci_cp
;
2012 struct pending_cmd
*cmd
;
2013 struct hci_request req
;
2017 BT_DBG("request for %s", hdev
->name
);
2019 if (!lmp_le_capable(hdev
))
2020 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
2021 MGMT_STATUS_NOT_SUPPORTED
);
2023 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
2024 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
2025 MGMT_STATUS_INVALID_PARAMS
);
2027 /* LE-only devices do not allow toggling LE on/off */
2028 if (!test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
2029 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
2030 MGMT_STATUS_REJECTED
);
2035 enabled
= lmp_host_le_capable(hdev
);
2037 if (!hdev_is_powered(hdev
) || val
== enabled
) {
2038 bool changed
= false;
2040 if (val
!= test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
2041 change_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
);
2045 if (!val
&& test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
)) {
2046 clear_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
2050 err
= send_settings_rsp(sk
, MGMT_OP_SET_LE
, hdev
);
2055 err
= new_settings(hdev
, sk
);
2060 if (mgmt_pending_find(MGMT_OP_SET_LE
, hdev
) ||
2061 mgmt_pending_find(MGMT_OP_SET_ADVERTISING
, hdev
)) {
2062 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
2067 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LE
, hdev
, data
, len
);
2073 hci_req_init(&req
, hdev
);
2075 memset(&hci_cp
, 0, sizeof(hci_cp
));
2079 hci_cp
.simul
= lmp_le_br_capable(hdev
);
2081 if (test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
))
2082 disable_advertising(&req
);
2085 hci_req_add(&req
, HCI_OP_WRITE_LE_HOST_SUPPORTED
, sizeof(hci_cp
),
2088 err
= hci_req_run(&req
, le_enable_complete
);
2090 mgmt_pending_remove(cmd
);
2093 hci_dev_unlock(hdev
);
2097 /* This is a helper function to test for pending mgmt commands that can
2098 * cause CoD or EIR HCI commands. We can only allow one such pending
2099 * mgmt command at a time since otherwise we cannot easily track what
2100 * the current values are, will be, and based on that calculate if a new
2101 * HCI command needs to be sent and if yes with what value.
2103 static bool pending_eir_or_class(struct hci_dev
*hdev
)
2105 struct pending_cmd
*cmd
;
2107 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
2108 switch (cmd
->opcode
) {
2109 case MGMT_OP_ADD_UUID
:
2110 case MGMT_OP_REMOVE_UUID
:
2111 case MGMT_OP_SET_DEV_CLASS
:
2112 case MGMT_OP_SET_POWERED
:
2120 static const u8 bluetooth_base_uuid
[] = {
2121 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2122 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2125 static u8
get_uuid_size(const u8
*uuid
)
2129 if (memcmp(uuid
, bluetooth_base_uuid
, 12))
2132 val
= get_unaligned_le32(&uuid
[12]);
2139 static void mgmt_class_complete(struct hci_dev
*hdev
, u16 mgmt_op
, u8 status
)
2141 struct pending_cmd
*cmd
;
2145 cmd
= mgmt_pending_find(mgmt_op
, hdev
);
2149 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, mgmt_status(status
),
2150 hdev
->dev_class
, 3);
2152 mgmt_pending_remove(cmd
);
2155 hci_dev_unlock(hdev
);
2158 static void add_uuid_complete(struct hci_dev
*hdev
, u8 status
)
2160 BT_DBG("status 0x%02x", status
);
2162 mgmt_class_complete(hdev
, MGMT_OP_ADD_UUID
, status
);
2165 static int add_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
2167 struct mgmt_cp_add_uuid
*cp
= data
;
2168 struct pending_cmd
*cmd
;
2169 struct hci_request req
;
2170 struct bt_uuid
*uuid
;
2173 BT_DBG("request for %s", hdev
->name
);
2177 if (pending_eir_or_class(hdev
)) {
2178 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_UUID
,
2183 uuid
= kmalloc(sizeof(*uuid
), GFP_KERNEL
);
2189 memcpy(uuid
->uuid
, cp
->uuid
, 16);
2190 uuid
->svc_hint
= cp
->svc_hint
;
2191 uuid
->size
= get_uuid_size(cp
->uuid
);
2193 list_add_tail(&uuid
->list
, &hdev
->uuids
);
2195 hci_req_init(&req
, hdev
);
2200 err
= hci_req_run(&req
, add_uuid_complete
);
2202 if (err
!= -ENODATA
)
2205 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_UUID
, 0,
2206 hdev
->dev_class
, 3);
2210 cmd
= mgmt_pending_add(sk
, MGMT_OP_ADD_UUID
, hdev
, data
, len
);
2219 hci_dev_unlock(hdev
);
2223 static bool enable_service_cache(struct hci_dev
*hdev
)
2225 if (!hdev_is_powered(hdev
))
2228 if (!test_and_set_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
2229 queue_delayed_work(hdev
->workqueue
, &hdev
->service_cache
,
2237 static void remove_uuid_complete(struct hci_dev
*hdev
, u8 status
)
2239 BT_DBG("status 0x%02x", status
);
2241 mgmt_class_complete(hdev
, MGMT_OP_REMOVE_UUID
, status
);
2244 static int remove_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2247 struct mgmt_cp_remove_uuid
*cp
= data
;
2248 struct pending_cmd
*cmd
;
2249 struct bt_uuid
*match
, *tmp
;
2250 u8 bt_uuid_any
[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2251 struct hci_request req
;
2254 BT_DBG("request for %s", hdev
->name
);
2258 if (pending_eir_or_class(hdev
)) {
2259 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
2264 if (memcmp(cp
->uuid
, bt_uuid_any
, 16) == 0) {
2265 hci_uuids_clear(hdev
);
2267 if (enable_service_cache(hdev
)) {
2268 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
2269 0, hdev
->dev_class
, 3);
2278 list_for_each_entry_safe(match
, tmp
, &hdev
->uuids
, list
) {
2279 if (memcmp(match
->uuid
, cp
->uuid
, 16) != 0)
2282 list_del(&match
->list
);
2288 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
2289 MGMT_STATUS_INVALID_PARAMS
);
2294 hci_req_init(&req
, hdev
);
2299 err
= hci_req_run(&req
, remove_uuid_complete
);
2301 if (err
!= -ENODATA
)
2304 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
, 0,
2305 hdev
->dev_class
, 3);
2309 cmd
= mgmt_pending_add(sk
, MGMT_OP_REMOVE_UUID
, hdev
, data
, len
);
2318 hci_dev_unlock(hdev
);
2322 static void set_class_complete(struct hci_dev
*hdev
, u8 status
)
2324 BT_DBG("status 0x%02x", status
);
2326 mgmt_class_complete(hdev
, MGMT_OP_SET_DEV_CLASS
, status
);
2329 static int set_dev_class(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2332 struct mgmt_cp_set_dev_class
*cp
= data
;
2333 struct pending_cmd
*cmd
;
2334 struct hci_request req
;
2337 BT_DBG("request for %s", hdev
->name
);
2339 if (!lmp_bredr_capable(hdev
))
2340 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
2341 MGMT_STATUS_NOT_SUPPORTED
);
2345 if (pending_eir_or_class(hdev
)) {
2346 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
2351 if ((cp
->minor
& 0x03) != 0 || (cp
->major
& 0xe0) != 0) {
2352 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
2353 MGMT_STATUS_INVALID_PARAMS
);
2357 hdev
->major_class
= cp
->major
;
2358 hdev
->minor_class
= cp
->minor
;
2360 if (!hdev_is_powered(hdev
)) {
2361 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
2362 hdev
->dev_class
, 3);
2366 hci_req_init(&req
, hdev
);
2368 if (test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
2369 hci_dev_unlock(hdev
);
2370 cancel_delayed_work_sync(&hdev
->service_cache
);
2377 err
= hci_req_run(&req
, set_class_complete
);
2379 if (err
!= -ENODATA
)
2382 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
2383 hdev
->dev_class
, 3);
2387 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DEV_CLASS
, hdev
, data
, len
);
2396 hci_dev_unlock(hdev
);
2400 static int load_link_keys(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2403 struct mgmt_cp_load_link_keys
*cp
= data
;
2404 u16 key_count
, expected_len
;
2408 BT_DBG("request for %s", hdev
->name
);
2410 if (!lmp_bredr_capable(hdev
))
2411 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
2412 MGMT_STATUS_NOT_SUPPORTED
);
2414 key_count
= __le16_to_cpu(cp
->key_count
);
2416 expected_len
= sizeof(*cp
) + key_count
*
2417 sizeof(struct mgmt_link_key_info
);
2418 if (expected_len
!= len
) {
2419 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2421 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
2422 MGMT_STATUS_INVALID_PARAMS
);
2425 if (cp
->debug_keys
!= 0x00 && cp
->debug_keys
!= 0x01)
2426 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
2427 MGMT_STATUS_INVALID_PARAMS
);
2429 BT_DBG("%s debug_keys %u key_count %u", hdev
->name
, cp
->debug_keys
,
2432 for (i
= 0; i
< key_count
; i
++) {
2433 struct mgmt_link_key_info
*key
= &cp
->keys
[i
];
2435 if (key
->addr
.type
!= BDADDR_BREDR
|| key
->type
> 0x08)
2436 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
2437 MGMT_STATUS_INVALID_PARAMS
);
2442 hci_link_keys_clear(hdev
);
2445 changed
= !test_and_set_bit(HCI_KEEP_DEBUG_KEYS
,
2448 changed
= test_and_clear_bit(HCI_KEEP_DEBUG_KEYS
,
2452 new_settings(hdev
, NULL
);
2454 for (i
= 0; i
< key_count
; i
++) {
2455 struct mgmt_link_key_info
*key
= &cp
->keys
[i
];
2457 /* Always ignore debug keys and require a new pairing if
2458 * the user wants to use them.
2460 if (key
->type
== HCI_LK_DEBUG_COMBINATION
)
2463 hci_add_link_key(hdev
, NULL
, &key
->addr
.bdaddr
, key
->val
,
2464 key
->type
, key
->pin_len
, NULL
);
2467 cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
, 0, NULL
, 0);
2469 hci_dev_unlock(hdev
);
2474 static int device_unpaired(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
2475 u8 addr_type
, struct sock
*skip_sk
)
2477 struct mgmt_ev_device_unpaired ev
;
2479 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
2480 ev
.addr
.type
= addr_type
;
2482 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED
, hdev
, &ev
, sizeof(ev
),
2486 static int unpair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2489 struct mgmt_cp_unpair_device
*cp
= data
;
2490 struct mgmt_rp_unpair_device rp
;
2491 struct hci_cp_disconnect dc
;
2492 struct pending_cmd
*cmd
;
2493 struct hci_conn
*conn
;
2496 memset(&rp
, 0, sizeof(rp
));
2497 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
2498 rp
.addr
.type
= cp
->addr
.type
;
2500 if (!bdaddr_type_is_valid(cp
->addr
.type
))
2501 return cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
2502 MGMT_STATUS_INVALID_PARAMS
,
2505 if (cp
->disconnect
!= 0x00 && cp
->disconnect
!= 0x01)
2506 return cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
2507 MGMT_STATUS_INVALID_PARAMS
,
2512 if (!hdev_is_powered(hdev
)) {
2513 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
2514 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
2518 if (cp
->addr
.type
== BDADDR_BREDR
) {
2519 err
= hci_remove_link_key(hdev
, &cp
->addr
.bdaddr
);
2523 if (cp
->addr
.type
== BDADDR_LE_PUBLIC
)
2524 addr_type
= ADDR_LE_DEV_PUBLIC
;
2526 addr_type
= ADDR_LE_DEV_RANDOM
;
2528 hci_remove_irk(hdev
, &cp
->addr
.bdaddr
, addr_type
);
2530 hci_conn_params_del(hdev
, &cp
->addr
.bdaddr
, addr_type
);
2532 err
= hci_remove_ltk(hdev
, &cp
->addr
.bdaddr
, addr_type
);
2536 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
2537 MGMT_STATUS_NOT_PAIRED
, &rp
, sizeof(rp
));
2541 if (cp
->disconnect
) {
2542 if (cp
->addr
.type
== BDADDR_BREDR
)
2543 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
2546 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
,
2553 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
, 0,
2555 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, sk
);
2559 cmd
= mgmt_pending_add(sk
, MGMT_OP_UNPAIR_DEVICE
, hdev
, cp
,
2566 dc
.handle
= cpu_to_le16(conn
->handle
);
2567 dc
.reason
= 0x13; /* Remote User Terminated Connection */
2568 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
2570 mgmt_pending_remove(cmd
);
2573 hci_dev_unlock(hdev
);
2577 static int disconnect(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2580 struct mgmt_cp_disconnect
*cp
= data
;
2581 struct mgmt_rp_disconnect rp
;
2582 struct hci_cp_disconnect dc
;
2583 struct pending_cmd
*cmd
;
2584 struct hci_conn
*conn
;
2589 memset(&rp
, 0, sizeof(rp
));
2590 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
2591 rp
.addr
.type
= cp
->addr
.type
;
2593 if (!bdaddr_type_is_valid(cp
->addr
.type
))
2594 return cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
2595 MGMT_STATUS_INVALID_PARAMS
,
2600 if (!test_bit(HCI_UP
, &hdev
->flags
)) {
2601 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
2602 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
2606 if (mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
)) {
2607 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
2608 MGMT_STATUS_BUSY
, &rp
, sizeof(rp
));
2612 if (cp
->addr
.type
== BDADDR_BREDR
)
2613 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
2616 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->addr
.bdaddr
);
2618 if (!conn
|| conn
->state
== BT_OPEN
|| conn
->state
== BT_CLOSED
) {
2619 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
2620 MGMT_STATUS_NOT_CONNECTED
, &rp
, sizeof(rp
));
2624 cmd
= mgmt_pending_add(sk
, MGMT_OP_DISCONNECT
, hdev
, data
, len
);
2630 dc
.handle
= cpu_to_le16(conn
->handle
);
2631 dc
.reason
= HCI_ERROR_REMOTE_USER_TERM
;
2633 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
2635 mgmt_pending_remove(cmd
);
2638 hci_dev_unlock(hdev
);
2642 static u8
link_to_bdaddr(u8 link_type
, u8 addr_type
)
2644 switch (link_type
) {
2646 switch (addr_type
) {
2647 case ADDR_LE_DEV_PUBLIC
:
2648 return BDADDR_LE_PUBLIC
;
2651 /* Fallback to LE Random address type */
2652 return BDADDR_LE_RANDOM
;
2656 /* Fallback to BR/EDR type */
2657 return BDADDR_BREDR
;
2661 static int get_connections(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2664 struct mgmt_rp_get_connections
*rp
;
2674 if (!hdev_is_powered(hdev
)) {
2675 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
,
2676 MGMT_STATUS_NOT_POWERED
);
2681 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
2682 if (test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
2686 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
2687 rp
= kmalloc(rp_len
, GFP_KERNEL
);
2694 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
2695 if (!test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
2697 bacpy(&rp
->addr
[i
].bdaddr
, &c
->dst
);
2698 rp
->addr
[i
].type
= link_to_bdaddr(c
->type
, c
->dst_type
);
2699 if (c
->type
== SCO_LINK
|| c
->type
== ESCO_LINK
)
2704 rp
->conn_count
= cpu_to_le16(i
);
2706 /* Recalculate length in case of filtered SCO connections, etc */
2707 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
2709 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
, 0, rp
,
2715 hci_dev_unlock(hdev
);
2719 static int send_pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2720 struct mgmt_cp_pin_code_neg_reply
*cp
)
2722 struct pending_cmd
*cmd
;
2725 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
, cp
,
2730 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
2731 sizeof(cp
->addr
.bdaddr
), &cp
->addr
.bdaddr
);
2733 mgmt_pending_remove(cmd
);
2738 static int pin_code_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2741 struct hci_conn
*conn
;
2742 struct mgmt_cp_pin_code_reply
*cp
= data
;
2743 struct hci_cp_pin_code_reply reply
;
2744 struct pending_cmd
*cmd
;
2751 if (!hdev_is_powered(hdev
)) {
2752 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
2753 MGMT_STATUS_NOT_POWERED
);
2757 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
);
2759 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
2760 MGMT_STATUS_NOT_CONNECTED
);
2764 if (conn
->pending_sec_level
== BT_SECURITY_HIGH
&& cp
->pin_len
!= 16) {
2765 struct mgmt_cp_pin_code_neg_reply ncp
;
2767 memcpy(&ncp
.addr
, &cp
->addr
, sizeof(ncp
.addr
));
2769 BT_ERR("PIN code is not 16 bytes long");
2771 err
= send_pin_code_neg_reply(sk
, hdev
, &ncp
);
2773 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
2774 MGMT_STATUS_INVALID_PARAMS
);
2779 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_REPLY
, hdev
, data
, len
);
2785 bacpy(&reply
.bdaddr
, &cp
->addr
.bdaddr
);
2786 reply
.pin_len
= cp
->pin_len
;
2787 memcpy(reply
.pin_code
, cp
->pin_code
, sizeof(reply
.pin_code
));
2789 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_REPLY
, sizeof(reply
), &reply
);
2791 mgmt_pending_remove(cmd
);
2794 hci_dev_unlock(hdev
);
2798 static int set_io_capability(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2801 struct mgmt_cp_set_io_capability
*cp
= data
;
2805 if (cp
->io_capability
> SMP_IO_KEYBOARD_DISPLAY
)
2806 return cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_IO_CAPABILITY
,
2807 MGMT_STATUS_INVALID_PARAMS
, NULL
, 0);
2811 hdev
->io_capability
= cp
->io_capability
;
2813 BT_DBG("%s IO capability set to 0x%02x", hdev
->name
,
2814 hdev
->io_capability
);
2816 hci_dev_unlock(hdev
);
2818 return cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_IO_CAPABILITY
, 0, NULL
,
2822 static struct pending_cmd
*find_pairing(struct hci_conn
*conn
)
2824 struct hci_dev
*hdev
= conn
->hdev
;
2825 struct pending_cmd
*cmd
;
2827 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
2828 if (cmd
->opcode
!= MGMT_OP_PAIR_DEVICE
)
2831 if (cmd
->user_data
!= conn
)
2840 static void pairing_complete(struct pending_cmd
*cmd
, u8 status
)
2842 struct mgmt_rp_pair_device rp
;
2843 struct hci_conn
*conn
= cmd
->user_data
;
2845 bacpy(&rp
.addr
.bdaddr
, &conn
->dst
);
2846 rp
.addr
.type
= link_to_bdaddr(conn
->type
, conn
->dst_type
);
2848 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_PAIR_DEVICE
, status
,
2851 /* So we don't get further callbacks for this connection */
2852 conn
->connect_cfm_cb
= NULL
;
2853 conn
->security_cfm_cb
= NULL
;
2854 conn
->disconn_cfm_cb
= NULL
;
2856 hci_conn_drop(conn
);
2858 mgmt_pending_remove(cmd
);
2861 void mgmt_smp_complete(struct hci_conn
*conn
, bool complete
)
2863 u8 status
= complete
? MGMT_STATUS_SUCCESS
: MGMT_STATUS_FAILED
;
2864 struct pending_cmd
*cmd
;
2866 cmd
= find_pairing(conn
);
2868 pairing_complete(cmd
, status
);
2871 static void pairing_complete_cb(struct hci_conn
*conn
, u8 status
)
2873 struct pending_cmd
*cmd
;
2875 BT_DBG("status %u", status
);
2877 cmd
= find_pairing(conn
);
2879 BT_DBG("Unable to find a pending command");
2881 pairing_complete(cmd
, mgmt_status(status
));
2884 static void le_pairing_complete_cb(struct hci_conn
*conn
, u8 status
)
2886 struct pending_cmd
*cmd
;
2888 BT_DBG("status %u", status
);
2893 cmd
= find_pairing(conn
);
2895 BT_DBG("Unable to find a pending command");
2897 pairing_complete(cmd
, mgmt_status(status
));
2900 static int pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2903 struct mgmt_cp_pair_device
*cp
= data
;
2904 struct mgmt_rp_pair_device rp
;
2905 struct pending_cmd
*cmd
;
2906 u8 sec_level
, auth_type
;
2907 struct hci_conn
*conn
;
2912 memset(&rp
, 0, sizeof(rp
));
2913 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
2914 rp
.addr
.type
= cp
->addr
.type
;
2916 if (!bdaddr_type_is_valid(cp
->addr
.type
))
2917 return cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2918 MGMT_STATUS_INVALID_PARAMS
,
2921 if (cp
->io_cap
> SMP_IO_KEYBOARD_DISPLAY
)
2922 return cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2923 MGMT_STATUS_INVALID_PARAMS
,
2928 if (!hdev_is_powered(hdev
)) {
2929 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2930 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
2934 sec_level
= BT_SECURITY_MEDIUM
;
2935 auth_type
= HCI_AT_DEDICATED_BONDING
;
2937 if (cp
->addr
.type
== BDADDR_BREDR
) {
2938 conn
= hci_connect_acl(hdev
, &cp
->addr
.bdaddr
, sec_level
,
2943 /* Convert from L2CAP channel address type to HCI address type
2945 if (cp
->addr
.type
== BDADDR_LE_PUBLIC
)
2946 addr_type
= ADDR_LE_DEV_PUBLIC
;
2948 addr_type
= ADDR_LE_DEV_RANDOM
;
2950 /* When pairing a new device, it is expected to remember
2951 * this device for future connections. Adding the connection
2952 * parameter information ahead of time allows tracking
2953 * of the slave preferred values and will speed up any
2954 * further connection establishment.
2956 * If connection parameters already exist, then they
2957 * will be kept and this function does nothing.
2959 hci_conn_params_add(hdev
, &cp
->addr
.bdaddr
, addr_type
);
2961 conn
= hci_connect_le(hdev
, &cp
->addr
.bdaddr
, addr_type
,
2962 sec_level
, auth_type
);
2968 if (PTR_ERR(conn
) == -EBUSY
)
2969 status
= MGMT_STATUS_BUSY
;
2971 status
= MGMT_STATUS_CONNECT_FAILED
;
2973 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2979 if (conn
->connect_cfm_cb
) {
2980 hci_conn_drop(conn
);
2981 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2982 MGMT_STATUS_BUSY
, &rp
, sizeof(rp
));
2986 cmd
= mgmt_pending_add(sk
, MGMT_OP_PAIR_DEVICE
, hdev
, data
, len
);
2989 hci_conn_drop(conn
);
2993 /* For LE, just connecting isn't a proof that the pairing finished */
2994 if (cp
->addr
.type
== BDADDR_BREDR
) {
2995 conn
->connect_cfm_cb
= pairing_complete_cb
;
2996 conn
->security_cfm_cb
= pairing_complete_cb
;
2997 conn
->disconn_cfm_cb
= pairing_complete_cb
;
2999 conn
->connect_cfm_cb
= le_pairing_complete_cb
;
3000 conn
->security_cfm_cb
= le_pairing_complete_cb
;
3001 conn
->disconn_cfm_cb
= le_pairing_complete_cb
;
3004 conn
->io_capability
= cp
->io_cap
;
3005 cmd
->user_data
= conn
;
3007 if (conn
->state
== BT_CONNECTED
&&
3008 hci_conn_security(conn
, sec_level
, auth_type
))
3009 pairing_complete(cmd
, 0);
3014 hci_dev_unlock(hdev
);
3018 static int cancel_pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3021 struct mgmt_addr_info
*addr
= data
;
3022 struct pending_cmd
*cmd
;
3023 struct hci_conn
*conn
;
3030 if (!hdev_is_powered(hdev
)) {
3031 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
3032 MGMT_STATUS_NOT_POWERED
);
3036 cmd
= mgmt_pending_find(MGMT_OP_PAIR_DEVICE
, hdev
);
3038 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
3039 MGMT_STATUS_INVALID_PARAMS
);
3043 conn
= cmd
->user_data
;
3045 if (bacmp(&addr
->bdaddr
, &conn
->dst
) != 0) {
3046 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
3047 MGMT_STATUS_INVALID_PARAMS
);
3051 pairing_complete(cmd
, MGMT_STATUS_CANCELLED
);
3053 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
, 0,
3054 addr
, sizeof(*addr
));
3056 hci_dev_unlock(hdev
);
3060 static int user_pairing_resp(struct sock
*sk
, struct hci_dev
*hdev
,
3061 struct mgmt_addr_info
*addr
, u16 mgmt_op
,
3062 u16 hci_op
, __le32 passkey
)
3064 struct pending_cmd
*cmd
;
3065 struct hci_conn
*conn
;
3070 if (!hdev_is_powered(hdev
)) {
3071 err
= cmd_complete(sk
, hdev
->id
, mgmt_op
,
3072 MGMT_STATUS_NOT_POWERED
, addr
,
3077 if (addr
->type
== BDADDR_BREDR
)
3078 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &addr
->bdaddr
);
3080 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &addr
->bdaddr
);
3083 err
= cmd_complete(sk
, hdev
->id
, mgmt_op
,
3084 MGMT_STATUS_NOT_CONNECTED
, addr
,
3089 if (addr
->type
== BDADDR_LE_PUBLIC
|| addr
->type
== BDADDR_LE_RANDOM
) {
3090 err
= smp_user_confirm_reply(conn
, mgmt_op
, passkey
);
3092 err
= cmd_complete(sk
, hdev
->id
, mgmt_op
,
3093 MGMT_STATUS_SUCCESS
, addr
,
3096 err
= cmd_complete(sk
, hdev
->id
, mgmt_op
,
3097 MGMT_STATUS_FAILED
, addr
,
3103 cmd
= mgmt_pending_add(sk
, mgmt_op
, hdev
, addr
, sizeof(*addr
));
3109 /* Continue with pairing via HCI */
3110 if (hci_op
== HCI_OP_USER_PASSKEY_REPLY
) {
3111 struct hci_cp_user_passkey_reply cp
;
3113 bacpy(&cp
.bdaddr
, &addr
->bdaddr
);
3114 cp
.passkey
= passkey
;
3115 err
= hci_send_cmd(hdev
, hci_op
, sizeof(cp
), &cp
);
3117 err
= hci_send_cmd(hdev
, hci_op
, sizeof(addr
->bdaddr
),
3121 mgmt_pending_remove(cmd
);
3124 hci_dev_unlock(hdev
);
3128 static int pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
3129 void *data
, u16 len
)
3131 struct mgmt_cp_pin_code_neg_reply
*cp
= data
;
3135 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
3136 MGMT_OP_PIN_CODE_NEG_REPLY
,
3137 HCI_OP_PIN_CODE_NEG_REPLY
, 0);
3140 static int user_confirm_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3143 struct mgmt_cp_user_confirm_reply
*cp
= data
;
3147 if (len
!= sizeof(*cp
))
3148 return cmd_status(sk
, hdev
->id
, MGMT_OP_USER_CONFIRM_REPLY
,
3149 MGMT_STATUS_INVALID_PARAMS
);
3151 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
3152 MGMT_OP_USER_CONFIRM_REPLY
,
3153 HCI_OP_USER_CONFIRM_REPLY
, 0);
3156 static int user_confirm_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
3157 void *data
, u16 len
)
3159 struct mgmt_cp_user_confirm_neg_reply
*cp
= data
;
3163 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
3164 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
3165 HCI_OP_USER_CONFIRM_NEG_REPLY
, 0);
3168 static int user_passkey_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3171 struct mgmt_cp_user_passkey_reply
*cp
= data
;
3175 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
3176 MGMT_OP_USER_PASSKEY_REPLY
,
3177 HCI_OP_USER_PASSKEY_REPLY
, cp
->passkey
);
3180 static int user_passkey_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
3181 void *data
, u16 len
)
3183 struct mgmt_cp_user_passkey_neg_reply
*cp
= data
;
3187 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
3188 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
3189 HCI_OP_USER_PASSKEY_NEG_REPLY
, 0);
3192 static void update_name(struct hci_request
*req
)
3194 struct hci_dev
*hdev
= req
->hdev
;
3195 struct hci_cp_write_local_name cp
;
3197 memcpy(cp
.name
, hdev
->dev_name
, sizeof(cp
.name
));
3199 hci_req_add(req
, HCI_OP_WRITE_LOCAL_NAME
, sizeof(cp
), &cp
);
3202 static void set_name_complete(struct hci_dev
*hdev
, u8 status
)
3204 struct mgmt_cp_set_local_name
*cp
;
3205 struct pending_cmd
*cmd
;
3207 BT_DBG("status 0x%02x", status
);
3211 cmd
= mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME
, hdev
);
3218 cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
,
3219 mgmt_status(status
));
3221 cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
3224 mgmt_pending_remove(cmd
);
3227 hci_dev_unlock(hdev
);
3230 static int set_local_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3233 struct mgmt_cp_set_local_name
*cp
= data
;
3234 struct pending_cmd
*cmd
;
3235 struct hci_request req
;
3242 /* If the old values are the same as the new ones just return a
3243 * direct command complete event.
3245 if (!memcmp(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
)) &&
3246 !memcmp(hdev
->short_name
, cp
->short_name
,
3247 sizeof(hdev
->short_name
))) {
3248 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
3253 memcpy(hdev
->short_name
, cp
->short_name
, sizeof(hdev
->short_name
));
3255 if (!hdev_is_powered(hdev
)) {
3256 memcpy(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
));
3258 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
3263 err
= mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, data
, len
,
3269 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LOCAL_NAME
, hdev
, data
, len
);
3275 memcpy(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
));
3277 hci_req_init(&req
, hdev
);
3279 if (lmp_bredr_capable(hdev
)) {
3284 /* The name is stored in the scan response data and so
3285 * no need to udpate the advertising data here.
3287 if (lmp_le_capable(hdev
))
3288 update_scan_rsp_data(&req
);
3290 err
= hci_req_run(&req
, set_name_complete
);
3292 mgmt_pending_remove(cmd
);
3295 hci_dev_unlock(hdev
);
3299 static int read_local_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
3300 void *data
, u16 data_len
)
3302 struct pending_cmd
*cmd
;
3305 BT_DBG("%s", hdev
->name
);
3309 if (!hdev_is_powered(hdev
)) {
3310 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
3311 MGMT_STATUS_NOT_POWERED
);
3315 if (!lmp_ssp_capable(hdev
)) {
3316 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
3317 MGMT_STATUS_NOT_SUPPORTED
);
3321 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
)) {
3322 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
3327 cmd
= mgmt_pending_add(sk
, MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
, NULL
, 0);
3333 if (test_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
))
3334 err
= hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_OOB_EXT_DATA
,
3337 err
= hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_OOB_DATA
, 0, NULL
);
3340 mgmt_pending_remove(cmd
);
3343 hci_dev_unlock(hdev
);
3347 static int add_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
3348 void *data
, u16 len
)
3352 BT_DBG("%s ", hdev
->name
);
3356 if (len
== MGMT_ADD_REMOTE_OOB_DATA_SIZE
) {
3357 struct mgmt_cp_add_remote_oob_data
*cp
= data
;
3360 err
= hci_add_remote_oob_data(hdev
, &cp
->addr
.bdaddr
,
3361 cp
->hash
, cp
->randomizer
);
3363 status
= MGMT_STATUS_FAILED
;
3365 status
= MGMT_STATUS_SUCCESS
;
3367 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
,
3368 status
, &cp
->addr
, sizeof(cp
->addr
));
3369 } else if (len
== MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE
) {
3370 struct mgmt_cp_add_remote_oob_ext_data
*cp
= data
;
3373 err
= hci_add_remote_oob_ext_data(hdev
, &cp
->addr
.bdaddr
,
3379 status
= MGMT_STATUS_FAILED
;
3381 status
= MGMT_STATUS_SUCCESS
;
3383 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
,
3384 status
, &cp
->addr
, sizeof(cp
->addr
));
3386 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len
);
3387 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
,
3388 MGMT_STATUS_INVALID_PARAMS
);
3391 hci_dev_unlock(hdev
);
3395 static int remove_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
3396 void *data
, u16 len
)
3398 struct mgmt_cp_remove_remote_oob_data
*cp
= data
;
3402 BT_DBG("%s", hdev
->name
);
3406 err
= hci_remove_remote_oob_data(hdev
, &cp
->addr
.bdaddr
);
3408 status
= MGMT_STATUS_INVALID_PARAMS
;
3410 status
= MGMT_STATUS_SUCCESS
;
3412 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
3413 status
, &cp
->addr
, sizeof(cp
->addr
));
3415 hci_dev_unlock(hdev
);
3419 static int mgmt_start_discovery_failed(struct hci_dev
*hdev
, u8 status
)
3421 struct pending_cmd
*cmd
;
3425 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
3427 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
3431 type
= hdev
->discovery
.type
;
3433 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
3434 &type
, sizeof(type
));
3435 mgmt_pending_remove(cmd
);
3440 static void start_discovery_complete(struct hci_dev
*hdev
, u8 status
)
3442 unsigned long timeout
= 0;
3444 BT_DBG("status %d", status
);
3448 mgmt_start_discovery_failed(hdev
, status
);
3449 hci_dev_unlock(hdev
);
3454 hci_discovery_set_state(hdev
, DISCOVERY_FINDING
);
3455 hci_dev_unlock(hdev
);
3457 switch (hdev
->discovery
.type
) {
3458 case DISCOV_TYPE_LE
:
3459 timeout
= msecs_to_jiffies(DISCOV_LE_TIMEOUT
);
3462 case DISCOV_TYPE_INTERLEAVED
:
3463 timeout
= msecs_to_jiffies(hdev
->discov_interleaved_timeout
);
3466 case DISCOV_TYPE_BREDR
:
3470 BT_ERR("Invalid discovery type %d", hdev
->discovery
.type
);
3476 queue_delayed_work(hdev
->workqueue
, &hdev
->le_scan_disable
, timeout
);
3479 static int start_discovery(struct sock
*sk
, struct hci_dev
*hdev
,
3480 void *data
, u16 len
)
3482 struct mgmt_cp_start_discovery
*cp
= data
;
3483 struct pending_cmd
*cmd
;
3484 struct hci_cp_le_set_scan_param param_cp
;
3485 struct hci_cp_le_set_scan_enable enable_cp
;
3486 struct hci_cp_inquiry inq_cp
;
3487 struct hci_request req
;
3488 /* General inquiry access code (GIAC) */
3489 u8 lap
[3] = { 0x33, 0x8b, 0x9e };
3490 u8 status
, own_addr_type
;
3493 BT_DBG("%s", hdev
->name
);
3497 if (!hdev_is_powered(hdev
)) {
3498 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3499 MGMT_STATUS_NOT_POWERED
);
3503 if (test_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
)) {
3504 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3509 if (hdev
->discovery
.state
!= DISCOVERY_STOPPED
) {
3510 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3515 cmd
= mgmt_pending_add(sk
, MGMT_OP_START_DISCOVERY
, hdev
, NULL
, 0);
3521 hdev
->discovery
.type
= cp
->type
;
3523 hci_req_init(&req
, hdev
);
3525 switch (hdev
->discovery
.type
) {
3526 case DISCOV_TYPE_BREDR
:
3527 status
= mgmt_bredr_support(hdev
);
3529 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3531 mgmt_pending_remove(cmd
);
3535 if (test_bit(HCI_INQUIRY
, &hdev
->flags
)) {
3536 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3538 mgmt_pending_remove(cmd
);
3542 hci_inquiry_cache_flush(hdev
);
3544 memset(&inq_cp
, 0, sizeof(inq_cp
));
3545 memcpy(&inq_cp
.lap
, lap
, sizeof(inq_cp
.lap
));
3546 inq_cp
.length
= DISCOV_BREDR_INQUIRY_LEN
;
3547 hci_req_add(&req
, HCI_OP_INQUIRY
, sizeof(inq_cp
), &inq_cp
);
3550 case DISCOV_TYPE_LE
:
3551 case DISCOV_TYPE_INTERLEAVED
:
3552 status
= mgmt_le_support(hdev
);
3554 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3556 mgmt_pending_remove(cmd
);
3560 if (hdev
->discovery
.type
== DISCOV_TYPE_INTERLEAVED
&&
3561 !test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
)) {
3562 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3563 MGMT_STATUS_NOT_SUPPORTED
);
3564 mgmt_pending_remove(cmd
);
3568 if (test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
)) {
3569 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3570 MGMT_STATUS_REJECTED
);
3571 mgmt_pending_remove(cmd
);
3575 /* If controller is scanning, it means the background scanning
3576 * is running. Thus, we should temporarily stop it in order to
3577 * set the discovery scanning parameters.
3579 if (test_bit(HCI_LE_SCAN
, &hdev
->dev_flags
))
3580 hci_req_add_le_scan_disable(&req
);
3582 memset(¶m_cp
, 0, sizeof(param_cp
));
3584 /* All active scans will be done with either a resolvable
3585 * private address (when privacy feature has been enabled)
3586 * or unresolvable private address.
3588 err
= hci_update_random_address(&req
, true, &own_addr_type
);
3590 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3591 MGMT_STATUS_FAILED
);
3592 mgmt_pending_remove(cmd
);
3596 param_cp
.type
= LE_SCAN_ACTIVE
;
3597 param_cp
.interval
= cpu_to_le16(DISCOV_LE_SCAN_INT
);
3598 param_cp
.window
= cpu_to_le16(DISCOV_LE_SCAN_WIN
);
3599 param_cp
.own_address_type
= own_addr_type
;
3600 hci_req_add(&req
, HCI_OP_LE_SET_SCAN_PARAM
, sizeof(param_cp
),
3603 memset(&enable_cp
, 0, sizeof(enable_cp
));
3604 enable_cp
.enable
= LE_SCAN_ENABLE
;
3605 enable_cp
.filter_dup
= LE_SCAN_FILTER_DUP_ENABLE
;
3606 hci_req_add(&req
, HCI_OP_LE_SET_SCAN_ENABLE
, sizeof(enable_cp
),
3611 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3612 MGMT_STATUS_INVALID_PARAMS
);
3613 mgmt_pending_remove(cmd
);
3617 err
= hci_req_run(&req
, start_discovery_complete
);
3619 mgmt_pending_remove(cmd
);
3621 hci_discovery_set_state(hdev
, DISCOVERY_STARTING
);
3624 hci_dev_unlock(hdev
);
3628 static int mgmt_stop_discovery_failed(struct hci_dev
*hdev
, u8 status
)
3630 struct pending_cmd
*cmd
;
3633 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
3637 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
3638 &hdev
->discovery
.type
, sizeof(hdev
->discovery
.type
));
3639 mgmt_pending_remove(cmd
);
3644 static void stop_discovery_complete(struct hci_dev
*hdev
, u8 status
)
3646 BT_DBG("status %d", status
);
3651 mgmt_stop_discovery_failed(hdev
, status
);
3655 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
3658 hci_dev_unlock(hdev
);
3661 static int stop_discovery(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3664 struct mgmt_cp_stop_discovery
*mgmt_cp
= data
;
3665 struct pending_cmd
*cmd
;
3666 struct hci_request req
;
3669 BT_DBG("%s", hdev
->name
);
3673 if (!hci_discovery_active(hdev
)) {
3674 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
3675 MGMT_STATUS_REJECTED
, &mgmt_cp
->type
,
3676 sizeof(mgmt_cp
->type
));
3680 if (hdev
->discovery
.type
!= mgmt_cp
->type
) {
3681 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
3682 MGMT_STATUS_INVALID_PARAMS
, &mgmt_cp
->type
,
3683 sizeof(mgmt_cp
->type
));
3687 cmd
= mgmt_pending_add(sk
, MGMT_OP_STOP_DISCOVERY
, hdev
, NULL
, 0);
3693 hci_req_init(&req
, hdev
);
3695 hci_stop_discovery(&req
);
3697 err
= hci_req_run(&req
, stop_discovery_complete
);
3699 hci_discovery_set_state(hdev
, DISCOVERY_STOPPING
);
3703 mgmt_pending_remove(cmd
);
3705 /* If no HCI commands were sent we're done */
3706 if (err
== -ENODATA
) {
3707 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
, 0,
3708 &mgmt_cp
->type
, sizeof(mgmt_cp
->type
));
3709 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
3713 hci_dev_unlock(hdev
);
3717 static int confirm_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3720 struct mgmt_cp_confirm_name
*cp
= data
;
3721 struct inquiry_entry
*e
;
3724 BT_DBG("%s", hdev
->name
);
3728 if (!hci_discovery_active(hdev
)) {
3729 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
3730 MGMT_STATUS_FAILED
, &cp
->addr
,
3735 e
= hci_inquiry_cache_lookup_unknown(hdev
, &cp
->addr
.bdaddr
);
3737 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
3738 MGMT_STATUS_INVALID_PARAMS
, &cp
->addr
,
3743 if (cp
->name_known
) {
3744 e
->name_state
= NAME_KNOWN
;
3747 e
->name_state
= NAME_NEEDED
;
3748 hci_inquiry_cache_update_resolve(hdev
, e
);
3751 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
, 0, &cp
->addr
,
3755 hci_dev_unlock(hdev
);
3759 static int block_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3762 struct mgmt_cp_block_device
*cp
= data
;
3766 BT_DBG("%s", hdev
->name
);
3768 if (!bdaddr_type_is_valid(cp
->addr
.type
))
3769 return cmd_complete(sk
, hdev
->id
, MGMT_OP_BLOCK_DEVICE
,
3770 MGMT_STATUS_INVALID_PARAMS
,
3771 &cp
->addr
, sizeof(cp
->addr
));
3775 err
= hci_blacklist_add(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
3777 status
= MGMT_STATUS_FAILED
;
3779 status
= MGMT_STATUS_SUCCESS
;
3781 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_BLOCK_DEVICE
, status
,
3782 &cp
->addr
, sizeof(cp
->addr
));
3784 hci_dev_unlock(hdev
);
3789 static int unblock_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3792 struct mgmt_cp_unblock_device
*cp
= data
;
3796 BT_DBG("%s", hdev
->name
);
3798 if (!bdaddr_type_is_valid(cp
->addr
.type
))
3799 return cmd_complete(sk
, hdev
->id
, MGMT_OP_UNBLOCK_DEVICE
,
3800 MGMT_STATUS_INVALID_PARAMS
,
3801 &cp
->addr
, sizeof(cp
->addr
));
3805 err
= hci_blacklist_del(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
3807 status
= MGMT_STATUS_INVALID_PARAMS
;
3809 status
= MGMT_STATUS_SUCCESS
;
3811 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNBLOCK_DEVICE
, status
,
3812 &cp
->addr
, sizeof(cp
->addr
));
3814 hci_dev_unlock(hdev
);
3819 static int set_device_id(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3822 struct mgmt_cp_set_device_id
*cp
= data
;
3823 struct hci_request req
;
3827 BT_DBG("%s", hdev
->name
);
3829 source
= __le16_to_cpu(cp
->source
);
3831 if (source
> 0x0002)
3832 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEVICE_ID
,
3833 MGMT_STATUS_INVALID_PARAMS
);
3837 hdev
->devid_source
= source
;
3838 hdev
->devid_vendor
= __le16_to_cpu(cp
->vendor
);
3839 hdev
->devid_product
= __le16_to_cpu(cp
->product
);
3840 hdev
->devid_version
= __le16_to_cpu(cp
->version
);
3842 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEVICE_ID
, 0, NULL
, 0);
3844 hci_req_init(&req
, hdev
);
3846 hci_req_run(&req
, NULL
);
3848 hci_dev_unlock(hdev
);
3853 static void set_advertising_complete(struct hci_dev
*hdev
, u8 status
)
3855 struct cmd_lookup match
= { NULL
, hdev
};
3858 u8 mgmt_err
= mgmt_status(status
);
3860 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING
, hdev
,
3861 cmd_status_rsp
, &mgmt_err
);
3865 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING
, hdev
, settings_rsp
,
3868 new_settings(hdev
, match
.sk
);
3874 static int set_advertising(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3877 struct mgmt_mode
*cp
= data
;
3878 struct pending_cmd
*cmd
;
3879 struct hci_request req
;
3880 u8 val
, enabled
, status
;
3883 BT_DBG("request for %s", hdev
->name
);
3885 status
= mgmt_le_support(hdev
);
3887 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_ADVERTISING
,
3890 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
3891 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_ADVERTISING
,
3892 MGMT_STATUS_INVALID_PARAMS
);
3897 enabled
= test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
3899 /* The following conditions are ones which mean that we should
3900 * not do any HCI communication but directly send a mgmt
3901 * response to user space (after toggling the flag if
3904 if (!hdev_is_powered(hdev
) || val
== enabled
||
3905 hci_conn_num(hdev
, LE_LINK
) > 0) {
3906 bool changed
= false;
3908 if (val
!= test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
)) {
3909 change_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
3913 err
= send_settings_rsp(sk
, MGMT_OP_SET_ADVERTISING
, hdev
);
3918 err
= new_settings(hdev
, sk
);
3923 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING
, hdev
) ||
3924 mgmt_pending_find(MGMT_OP_SET_LE
, hdev
)) {
3925 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_ADVERTISING
,
3930 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_ADVERTISING
, hdev
, data
, len
);
3936 hci_req_init(&req
, hdev
);
3939 enable_advertising(&req
);
3941 disable_advertising(&req
);
3943 err
= hci_req_run(&req
, set_advertising_complete
);
3945 mgmt_pending_remove(cmd
);
3948 hci_dev_unlock(hdev
);
3952 static int set_static_address(struct sock
*sk
, struct hci_dev
*hdev
,
3953 void *data
, u16 len
)
3955 struct mgmt_cp_set_static_address
*cp
= data
;
3958 BT_DBG("%s", hdev
->name
);
3960 if (!lmp_le_capable(hdev
))
3961 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_STATIC_ADDRESS
,
3962 MGMT_STATUS_NOT_SUPPORTED
);
3964 if (hdev_is_powered(hdev
))
3965 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_STATIC_ADDRESS
,
3966 MGMT_STATUS_REJECTED
);
3968 if (bacmp(&cp
->bdaddr
, BDADDR_ANY
)) {
3969 if (!bacmp(&cp
->bdaddr
, BDADDR_NONE
))
3970 return cmd_status(sk
, hdev
->id
,
3971 MGMT_OP_SET_STATIC_ADDRESS
,
3972 MGMT_STATUS_INVALID_PARAMS
);
3974 /* Two most significant bits shall be set */
3975 if ((cp
->bdaddr
.b
[5] & 0xc0) != 0xc0)
3976 return cmd_status(sk
, hdev
->id
,
3977 MGMT_OP_SET_STATIC_ADDRESS
,
3978 MGMT_STATUS_INVALID_PARAMS
);
3983 bacpy(&hdev
->static_addr
, &cp
->bdaddr
);
3985 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_STATIC_ADDRESS
, 0, NULL
, 0);
3987 hci_dev_unlock(hdev
);
3992 static int set_scan_params(struct sock
*sk
, struct hci_dev
*hdev
,
3993 void *data
, u16 len
)
3995 struct mgmt_cp_set_scan_params
*cp
= data
;
3996 __u16 interval
, window
;
3999 BT_DBG("%s", hdev
->name
);
4001 if (!lmp_le_capable(hdev
))
4002 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SCAN_PARAMS
,
4003 MGMT_STATUS_NOT_SUPPORTED
);
4005 interval
= __le16_to_cpu(cp
->interval
);
4007 if (interval
< 0x0004 || interval
> 0x4000)
4008 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SCAN_PARAMS
,
4009 MGMT_STATUS_INVALID_PARAMS
);
4011 window
= __le16_to_cpu(cp
->window
);
4013 if (window
< 0x0004 || window
> 0x4000)
4014 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SCAN_PARAMS
,
4015 MGMT_STATUS_INVALID_PARAMS
);
4017 if (window
> interval
)
4018 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SCAN_PARAMS
,
4019 MGMT_STATUS_INVALID_PARAMS
);
4023 hdev
->le_scan_interval
= interval
;
4024 hdev
->le_scan_window
= window
;
4026 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_SCAN_PARAMS
, 0, NULL
, 0);
4028 /* If background scan is running, restart it so new parameters are
4031 if (test_bit(HCI_LE_SCAN
, &hdev
->dev_flags
) &&
4032 hdev
->discovery
.state
== DISCOVERY_STOPPED
) {
4033 struct hci_request req
;
4035 hci_req_init(&req
, hdev
);
4037 hci_req_add_le_scan_disable(&req
);
4038 hci_req_add_le_passive_scan(&req
);
4040 hci_req_run(&req
, NULL
);
4043 hci_dev_unlock(hdev
);
4048 static void fast_connectable_complete(struct hci_dev
*hdev
, u8 status
)
4050 struct pending_cmd
*cmd
;
4052 BT_DBG("status 0x%02x", status
);
4056 cmd
= mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE
, hdev
);
4061 cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4062 mgmt_status(status
));
4064 struct mgmt_mode
*cp
= cmd
->param
;
4067 set_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
);
4069 clear_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
);
4071 send_settings_rsp(cmd
->sk
, MGMT_OP_SET_FAST_CONNECTABLE
, hdev
);
4072 new_settings(hdev
, cmd
->sk
);
4075 mgmt_pending_remove(cmd
);
4078 hci_dev_unlock(hdev
);
4081 static int set_fast_connectable(struct sock
*sk
, struct hci_dev
*hdev
,
4082 void *data
, u16 len
)
4084 struct mgmt_mode
*cp
= data
;
4085 struct pending_cmd
*cmd
;
4086 struct hci_request req
;
4089 BT_DBG("%s", hdev
->name
);
4091 if (!test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
) ||
4092 hdev
->hci_ver
< BLUETOOTH_VER_1_2
)
4093 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4094 MGMT_STATUS_NOT_SUPPORTED
);
4096 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
4097 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4098 MGMT_STATUS_INVALID_PARAMS
);
4100 if (!hdev_is_powered(hdev
))
4101 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4102 MGMT_STATUS_NOT_POWERED
);
4104 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
4105 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4106 MGMT_STATUS_REJECTED
);
4110 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE
, hdev
)) {
4111 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4116 if (!!cp
->val
== test_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
)) {
4117 err
= send_settings_rsp(sk
, MGMT_OP_SET_FAST_CONNECTABLE
,
4122 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_FAST_CONNECTABLE
, hdev
,
4129 hci_req_init(&req
, hdev
);
4131 write_fast_connectable(&req
, cp
->val
);
4133 err
= hci_req_run(&req
, fast_connectable_complete
);
4135 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4136 MGMT_STATUS_FAILED
);
4137 mgmt_pending_remove(cmd
);
4141 hci_dev_unlock(hdev
);
4146 static void set_bredr_scan(struct hci_request
*req
)
4148 struct hci_dev
*hdev
= req
->hdev
;
4151 /* Ensure that fast connectable is disabled. This function will
4152 * not do anything if the page scan parameters are already what
4155 write_fast_connectable(req
, false);
4157 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
4159 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
4160 scan
|= SCAN_INQUIRY
;
4163 hci_req_add(req
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
4166 static void set_bredr_complete(struct hci_dev
*hdev
, u8 status
)
4168 struct pending_cmd
*cmd
;
4170 BT_DBG("status 0x%02x", status
);
4174 cmd
= mgmt_pending_find(MGMT_OP_SET_BREDR
, hdev
);
4179 u8 mgmt_err
= mgmt_status(status
);
4181 /* We need to restore the flag if related HCI commands
4184 clear_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
);
4186 cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, mgmt_err
);
4188 send_settings_rsp(cmd
->sk
, MGMT_OP_SET_BREDR
, hdev
);
4189 new_settings(hdev
, cmd
->sk
);
4192 mgmt_pending_remove(cmd
);
4195 hci_dev_unlock(hdev
);
4198 static int set_bredr(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
4200 struct mgmt_mode
*cp
= data
;
4201 struct pending_cmd
*cmd
;
4202 struct hci_request req
;
4205 BT_DBG("request for %s", hdev
->name
);
4207 if (!lmp_bredr_capable(hdev
) || !lmp_le_capable(hdev
))
4208 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_BREDR
,
4209 MGMT_STATUS_NOT_SUPPORTED
);
4211 if (!test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
4212 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_BREDR
,
4213 MGMT_STATUS_REJECTED
);
4215 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
4216 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_BREDR
,
4217 MGMT_STATUS_INVALID_PARAMS
);
4221 if (cp
->val
== test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
)) {
4222 err
= send_settings_rsp(sk
, MGMT_OP_SET_BREDR
, hdev
);
4226 if (!hdev_is_powered(hdev
)) {
4228 clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
4229 clear_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
4230 clear_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
);
4231 clear_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
);
4232 clear_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
4235 change_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
);
4237 err
= send_settings_rsp(sk
, MGMT_OP_SET_BREDR
, hdev
);
4241 err
= new_settings(hdev
, sk
);
4245 /* Reject disabling when powered on */
4247 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_BREDR
,
4248 MGMT_STATUS_REJECTED
);
4252 if (mgmt_pending_find(MGMT_OP_SET_BREDR
, hdev
)) {
4253 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_BREDR
,
4258 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_BREDR
, hdev
, data
, len
);
4264 /* We need to flip the bit already here so that update_adv_data
4265 * generates the correct flags.
4267 set_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
);
4269 hci_req_init(&req
, hdev
);
4271 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
4272 set_bredr_scan(&req
);
4274 /* Since only the advertising data flags will change, there
4275 * is no need to update the scan response data.
4277 update_adv_data(&req
);
4279 err
= hci_req_run(&req
, set_bredr_complete
);
4281 mgmt_pending_remove(cmd
);
4284 hci_dev_unlock(hdev
);
4288 static int set_secure_conn(struct sock
*sk
, struct hci_dev
*hdev
,
4289 void *data
, u16 len
)
4291 struct mgmt_mode
*cp
= data
;
4292 struct pending_cmd
*cmd
;
4296 BT_DBG("request for %s", hdev
->name
);
4298 status
= mgmt_bredr_support(hdev
);
4300 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SECURE_CONN
,
4303 if (!lmp_sc_capable(hdev
) &&
4304 !test_bit(HCI_FORCE_SC
, &hdev
->dbg_flags
))
4305 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SECURE_CONN
,
4306 MGMT_STATUS_NOT_SUPPORTED
);
4308 if (cp
->val
!= 0x00 && cp
->val
!= 0x01 && cp
->val
!= 0x02)
4309 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SECURE_CONN
,
4310 MGMT_STATUS_INVALID_PARAMS
);
4314 if (!hdev_is_powered(hdev
)) {
4318 changed
= !test_and_set_bit(HCI_SC_ENABLED
,
4320 if (cp
->val
== 0x02)
4321 set_bit(HCI_SC_ONLY
, &hdev
->dev_flags
);
4323 clear_bit(HCI_SC_ONLY
, &hdev
->dev_flags
);
4325 changed
= test_and_clear_bit(HCI_SC_ENABLED
,
4327 clear_bit(HCI_SC_ONLY
, &hdev
->dev_flags
);
4330 err
= send_settings_rsp(sk
, MGMT_OP_SET_SECURE_CONN
, hdev
);
4335 err
= new_settings(hdev
, sk
);
4340 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN
, hdev
)) {
4341 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SECURE_CONN
,
4348 if (val
== test_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
) &&
4349 (cp
->val
== 0x02) == test_bit(HCI_SC_ONLY
, &hdev
->dev_flags
)) {
4350 err
= send_settings_rsp(sk
, MGMT_OP_SET_SECURE_CONN
, hdev
);
4354 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_SECURE_CONN
, hdev
, data
, len
);
4360 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SC_SUPPORT
, 1, &val
);
4362 mgmt_pending_remove(cmd
);
4366 if (cp
->val
== 0x02)
4367 set_bit(HCI_SC_ONLY
, &hdev
->dev_flags
);
4369 clear_bit(HCI_SC_ONLY
, &hdev
->dev_flags
);
4372 hci_dev_unlock(hdev
);
4376 static int set_debug_keys(struct sock
*sk
, struct hci_dev
*hdev
,
4377 void *data
, u16 len
)
4379 struct mgmt_mode
*cp
= data
;
4380 bool changed
, use_changed
;
4383 BT_DBG("request for %s", hdev
->name
);
4385 if (cp
->val
!= 0x00 && cp
->val
!= 0x01 && cp
->val
!= 0x02)
4386 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEBUG_KEYS
,
4387 MGMT_STATUS_INVALID_PARAMS
);
4392 changed
= !test_and_set_bit(HCI_KEEP_DEBUG_KEYS
,
4395 changed
= test_and_clear_bit(HCI_KEEP_DEBUG_KEYS
,
4398 if (cp
->val
== 0x02)
4399 use_changed
= !test_and_set_bit(HCI_USE_DEBUG_KEYS
,
4402 use_changed
= test_and_clear_bit(HCI_USE_DEBUG_KEYS
,
4405 if (hdev_is_powered(hdev
) && use_changed
&&
4406 test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
4407 u8 mode
= (cp
->val
== 0x02) ? 0x01 : 0x00;
4408 hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_DEBUG_MODE
,
4409 sizeof(mode
), &mode
);
4412 err
= send_settings_rsp(sk
, MGMT_OP_SET_DEBUG_KEYS
, hdev
);
4417 err
= new_settings(hdev
, sk
);
4420 hci_dev_unlock(hdev
);
4424 static int set_privacy(struct sock
*sk
, struct hci_dev
*hdev
, void *cp_data
,
4427 struct mgmt_cp_set_privacy
*cp
= cp_data
;
4431 BT_DBG("request for %s", hdev
->name
);
4433 if (!lmp_le_capable(hdev
))
4434 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_PRIVACY
,
4435 MGMT_STATUS_NOT_SUPPORTED
);
4437 if (cp
->privacy
!= 0x00 && cp
->privacy
!= 0x01)
4438 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_PRIVACY
,
4439 MGMT_STATUS_INVALID_PARAMS
);
4441 if (hdev_is_powered(hdev
))
4442 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_PRIVACY
,
4443 MGMT_STATUS_REJECTED
);
4447 /* If user space supports this command it is also expected to
4448 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4450 set_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
);
4453 changed
= !test_and_set_bit(HCI_PRIVACY
, &hdev
->dev_flags
);
4454 memcpy(hdev
->irk
, cp
->irk
, sizeof(hdev
->irk
));
4455 set_bit(HCI_RPA_EXPIRED
, &hdev
->dev_flags
);
4457 changed
= test_and_clear_bit(HCI_PRIVACY
, &hdev
->dev_flags
);
4458 memset(hdev
->irk
, 0, sizeof(hdev
->irk
));
4459 clear_bit(HCI_RPA_EXPIRED
, &hdev
->dev_flags
);
4462 err
= send_settings_rsp(sk
, MGMT_OP_SET_PRIVACY
, hdev
);
4467 err
= new_settings(hdev
, sk
);
4470 hci_dev_unlock(hdev
);
4474 static bool irk_is_valid(struct mgmt_irk_info
*irk
)
4476 switch (irk
->addr
.type
) {
4477 case BDADDR_LE_PUBLIC
:
4480 case BDADDR_LE_RANDOM
:
4481 /* Two most significant bits shall be set */
4482 if ((irk
->addr
.bdaddr
.b
[5] & 0xc0) != 0xc0)
4490 static int load_irks(struct sock
*sk
, struct hci_dev
*hdev
, void *cp_data
,
4493 struct mgmt_cp_load_irks
*cp
= cp_data
;
4494 u16 irk_count
, expected_len
;
4497 BT_DBG("request for %s", hdev
->name
);
4499 if (!lmp_le_capable(hdev
))
4500 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_IRKS
,
4501 MGMT_STATUS_NOT_SUPPORTED
);
4503 irk_count
= __le16_to_cpu(cp
->irk_count
);
4505 expected_len
= sizeof(*cp
) + irk_count
* sizeof(struct mgmt_irk_info
);
4506 if (expected_len
!= len
) {
4507 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4509 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_IRKS
,
4510 MGMT_STATUS_INVALID_PARAMS
);
4513 BT_DBG("%s irk_count %u", hdev
->name
, irk_count
);
4515 for (i
= 0; i
< irk_count
; i
++) {
4516 struct mgmt_irk_info
*key
= &cp
->irks
[i
];
4518 if (!irk_is_valid(key
))
4519 return cmd_status(sk
, hdev
->id
,
4521 MGMT_STATUS_INVALID_PARAMS
);
4526 hci_smp_irks_clear(hdev
);
4528 for (i
= 0; i
< irk_count
; i
++) {
4529 struct mgmt_irk_info
*irk
= &cp
->irks
[i
];
4532 if (irk
->addr
.type
== BDADDR_LE_PUBLIC
)
4533 addr_type
= ADDR_LE_DEV_PUBLIC
;
4535 addr_type
= ADDR_LE_DEV_RANDOM
;
4537 hci_add_irk(hdev
, &irk
->addr
.bdaddr
, addr_type
, irk
->val
,
4541 set_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
);
4543 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_IRKS
, 0, NULL
, 0);
4545 hci_dev_unlock(hdev
);
4550 static bool ltk_is_valid(struct mgmt_ltk_info
*key
)
4552 if (key
->master
!= 0x00 && key
->master
!= 0x01)
4555 switch (key
->addr
.type
) {
4556 case BDADDR_LE_PUBLIC
:
4559 case BDADDR_LE_RANDOM
:
4560 /* Two most significant bits shall be set */
4561 if ((key
->addr
.bdaddr
.b
[5] & 0xc0) != 0xc0)
4569 static int load_long_term_keys(struct sock
*sk
, struct hci_dev
*hdev
,
4570 void *cp_data
, u16 len
)
4572 struct mgmt_cp_load_long_term_keys
*cp
= cp_data
;
4573 u16 key_count
, expected_len
;
4576 BT_DBG("request for %s", hdev
->name
);
4578 if (!lmp_le_capable(hdev
))
4579 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
,
4580 MGMT_STATUS_NOT_SUPPORTED
);
4582 key_count
= __le16_to_cpu(cp
->key_count
);
4584 expected_len
= sizeof(*cp
) + key_count
*
4585 sizeof(struct mgmt_ltk_info
);
4586 if (expected_len
!= len
) {
4587 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4589 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
,
4590 MGMT_STATUS_INVALID_PARAMS
);
4593 BT_DBG("%s key_count %u", hdev
->name
, key_count
);
4595 for (i
= 0; i
< key_count
; i
++) {
4596 struct mgmt_ltk_info
*key
= &cp
->keys
[i
];
4598 if (!ltk_is_valid(key
))
4599 return cmd_status(sk
, hdev
->id
,
4600 MGMT_OP_LOAD_LONG_TERM_KEYS
,
4601 MGMT_STATUS_INVALID_PARAMS
);
4606 hci_smp_ltks_clear(hdev
);
4608 for (i
= 0; i
< key_count
; i
++) {
4609 struct mgmt_ltk_info
*key
= &cp
->keys
[i
];
4610 u8 type
, addr_type
, authenticated
;
4612 if (key
->addr
.type
== BDADDR_LE_PUBLIC
)
4613 addr_type
= ADDR_LE_DEV_PUBLIC
;
4615 addr_type
= ADDR_LE_DEV_RANDOM
;
4620 type
= SMP_LTK_SLAVE
;
4622 switch (key
->type
) {
4623 case MGMT_LTK_UNAUTHENTICATED
:
4624 authenticated
= 0x00;
4626 case MGMT_LTK_AUTHENTICATED
:
4627 authenticated
= 0x01;
4633 hci_add_ltk(hdev
, &key
->addr
.bdaddr
, addr_type
, type
,
4634 authenticated
, key
->val
, key
->enc_size
, key
->ediv
,
4638 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
, 0,
4641 hci_dev_unlock(hdev
);
4646 struct cmd_conn_lookup
{
4647 struct hci_conn
*conn
;
4648 bool valid_tx_power
;
4652 static void get_conn_info_complete(struct pending_cmd
*cmd
, void *data
)
4654 struct cmd_conn_lookup
*match
= data
;
4655 struct mgmt_cp_get_conn_info
*cp
;
4656 struct mgmt_rp_get_conn_info rp
;
4657 struct hci_conn
*conn
= cmd
->user_data
;
4659 if (conn
!= match
->conn
)
4662 cp
= (struct mgmt_cp_get_conn_info
*) cmd
->param
;
4664 memset(&rp
, 0, sizeof(rp
));
4665 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
4666 rp
.addr
.type
= cp
->addr
.type
;
4668 if (!match
->mgmt_status
) {
4669 rp
.rssi
= conn
->rssi
;
4671 if (match
->valid_tx_power
) {
4672 rp
.tx_power
= conn
->tx_power
;
4673 rp
.max_tx_power
= conn
->max_tx_power
;
4675 rp
.tx_power
= HCI_TX_POWER_INVALID
;
4676 rp
.max_tx_power
= HCI_TX_POWER_INVALID
;
4680 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_GET_CONN_INFO
,
4681 match
->mgmt_status
, &rp
, sizeof(rp
));
4683 hci_conn_drop(conn
);
4685 mgmt_pending_remove(cmd
);
4688 static void conn_info_refresh_complete(struct hci_dev
*hdev
, u8 status
)
4690 struct hci_cp_read_rssi
*cp
;
4691 struct hci_conn
*conn
;
4692 struct cmd_conn_lookup match
;
4695 BT_DBG("status 0x%02x", status
);
4699 /* TX power data is valid in case request completed successfully,
4700 * otherwise we assume it's not valid. At the moment we assume that
4701 * either both or none of current and max values are valid to keep code
4704 match
.valid_tx_power
= !status
;
4706 /* Commands sent in request are either Read RSSI or Read Transmit Power
4707 * Level so we check which one was last sent to retrieve connection
4708 * handle. Both commands have handle as first parameter so it's safe to
4709 * cast data on the same command struct.
4711 * First command sent is always Read RSSI and we fail only if it fails.
4712 * In other case we simply override error to indicate success as we
4713 * already remembered if TX power value is actually valid.
4715 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_RSSI
);
4717 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_TX_POWER
);
4722 BT_ERR("invalid sent_cmd in response");
4726 handle
= __le16_to_cpu(cp
->handle
);
4727 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
4729 BT_ERR("unknown handle (%d) in response", handle
);
4734 match
.mgmt_status
= mgmt_status(status
);
4736 /* Cache refresh is complete, now reply for mgmt request for given
4739 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO
, hdev
,
4740 get_conn_info_complete
, &match
);
4743 hci_dev_unlock(hdev
);
4746 static int get_conn_info(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
4749 struct mgmt_cp_get_conn_info
*cp
= data
;
4750 struct mgmt_rp_get_conn_info rp
;
4751 struct hci_conn
*conn
;
4752 unsigned long conn_info_age
;
4755 BT_DBG("%s", hdev
->name
);
4757 memset(&rp
, 0, sizeof(rp
));
4758 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
4759 rp
.addr
.type
= cp
->addr
.type
;
4761 if (!bdaddr_type_is_valid(cp
->addr
.type
))
4762 return cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONN_INFO
,
4763 MGMT_STATUS_INVALID_PARAMS
,
4768 if (!hdev_is_powered(hdev
)) {
4769 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONN_INFO
,
4770 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
4774 if (cp
->addr
.type
== BDADDR_BREDR
)
4775 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
4778 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->addr
.bdaddr
);
4780 if (!conn
|| conn
->state
!= BT_CONNECTED
) {
4781 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONN_INFO
,
4782 MGMT_STATUS_NOT_CONNECTED
, &rp
, sizeof(rp
));
4786 /* To avoid client trying to guess when to poll again for information we
4787 * calculate conn info age as random value between min/max set in hdev.
4789 conn_info_age
= hdev
->conn_info_min_age
+
4790 prandom_u32_max(hdev
->conn_info_max_age
-
4791 hdev
->conn_info_min_age
);
4793 /* Query controller to refresh cached values if they are too old or were
4796 if (time_after(jiffies
, conn
->conn_info_timestamp
+
4797 msecs_to_jiffies(conn_info_age
)) ||
4798 !conn
->conn_info_timestamp
) {
4799 struct hci_request req
;
4800 struct hci_cp_read_tx_power req_txp_cp
;
4801 struct hci_cp_read_rssi req_rssi_cp
;
4802 struct pending_cmd
*cmd
;
4804 hci_req_init(&req
, hdev
);
4805 req_rssi_cp
.handle
= cpu_to_le16(conn
->handle
);
4806 hci_req_add(&req
, HCI_OP_READ_RSSI
, sizeof(req_rssi_cp
),
4809 /* For LE links TX power does not change thus we don't need to
4810 * query for it once value is known.
4812 if (!bdaddr_type_is_le(cp
->addr
.type
) ||
4813 conn
->tx_power
== HCI_TX_POWER_INVALID
) {
4814 req_txp_cp
.handle
= cpu_to_le16(conn
->handle
);
4815 req_txp_cp
.type
= 0x00;
4816 hci_req_add(&req
, HCI_OP_READ_TX_POWER
,
4817 sizeof(req_txp_cp
), &req_txp_cp
);
4820 /* Max TX power needs to be read only once per connection */
4821 if (conn
->max_tx_power
== HCI_TX_POWER_INVALID
) {
4822 req_txp_cp
.handle
= cpu_to_le16(conn
->handle
);
4823 req_txp_cp
.type
= 0x01;
4824 hci_req_add(&req
, HCI_OP_READ_TX_POWER
,
4825 sizeof(req_txp_cp
), &req_txp_cp
);
4828 err
= hci_req_run(&req
, conn_info_refresh_complete
);
4832 cmd
= mgmt_pending_add(sk
, MGMT_OP_GET_CONN_INFO
, hdev
,
4839 hci_conn_hold(conn
);
4840 cmd
->user_data
= conn
;
4842 conn
->conn_info_timestamp
= jiffies
;
4844 /* Cache is valid, just reply with values cached in hci_conn */
4845 rp
.rssi
= conn
->rssi
;
4846 rp
.tx_power
= conn
->tx_power
;
4847 rp
.max_tx_power
= conn
->max_tx_power
;
4849 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONN_INFO
,
4850 MGMT_STATUS_SUCCESS
, &rp
, sizeof(rp
));
4854 hci_dev_unlock(hdev
);
4858 static void get_clock_info_complete(struct hci_dev
*hdev
, u8 status
)
4860 struct mgmt_cp_get_clock_info
*cp
;
4861 struct mgmt_rp_get_clock_info rp
;
4862 struct hci_cp_read_clock
*hci_cp
;
4863 struct pending_cmd
*cmd
;
4864 struct hci_conn
*conn
;
4866 BT_DBG("%s status %u", hdev
->name
, status
);
4870 hci_cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_CLOCK
);
4874 if (hci_cp
->which
) {
4875 u16 handle
= __le16_to_cpu(hci_cp
->handle
);
4876 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
4881 cmd
= mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO
, hdev
, conn
);
4887 memset(&rp
, 0, sizeof(rp
));
4888 memcpy(&rp
.addr
, &cp
->addr
, sizeof(rp
.addr
));
4893 rp
.local_clock
= cpu_to_le32(hdev
->clock
);
4896 rp
.piconet_clock
= cpu_to_le32(conn
->clock
);
4897 rp
.accuracy
= cpu_to_le16(conn
->clock_accuracy
);
4901 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, mgmt_status(status
),
4903 mgmt_pending_remove(cmd
);
4905 hci_conn_drop(conn
);
4908 hci_dev_unlock(hdev
);
4911 static int get_clock_info(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
4914 struct mgmt_cp_get_clock_info
*cp
= data
;
4915 struct mgmt_rp_get_clock_info rp
;
4916 struct hci_cp_read_clock hci_cp
;
4917 struct pending_cmd
*cmd
;
4918 struct hci_request req
;
4919 struct hci_conn
*conn
;
4922 BT_DBG("%s", hdev
->name
);
4924 memset(&rp
, 0, sizeof(rp
));
4925 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
4926 rp
.addr
.type
= cp
->addr
.type
;
4928 if (cp
->addr
.type
!= BDADDR_BREDR
)
4929 return cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CLOCK_INFO
,
4930 MGMT_STATUS_INVALID_PARAMS
,
4935 if (!hdev_is_powered(hdev
)) {
4936 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CLOCK_INFO
,
4937 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
4941 if (bacmp(&cp
->addr
.bdaddr
, BDADDR_ANY
)) {
4942 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
4944 if (!conn
|| conn
->state
!= BT_CONNECTED
) {
4945 err
= cmd_complete(sk
, hdev
->id
,
4946 MGMT_OP_GET_CLOCK_INFO
,
4947 MGMT_STATUS_NOT_CONNECTED
,
4955 cmd
= mgmt_pending_add(sk
, MGMT_OP_GET_CLOCK_INFO
, hdev
, data
, len
);
4961 hci_req_init(&req
, hdev
);
4963 memset(&hci_cp
, 0, sizeof(hci_cp
));
4964 hci_req_add(&req
, HCI_OP_READ_CLOCK
, sizeof(hci_cp
), &hci_cp
);
4967 hci_conn_hold(conn
);
4968 cmd
->user_data
= conn
;
4970 hci_cp
.handle
= cpu_to_le16(conn
->handle
);
4971 hci_cp
.which
= 0x01; /* Piconet clock */
4972 hci_req_add(&req
, HCI_OP_READ_CLOCK
, sizeof(hci_cp
), &hci_cp
);
4975 err
= hci_req_run(&req
, get_clock_info_complete
);
4977 mgmt_pending_remove(cmd
);
4980 hci_dev_unlock(hdev
);
4984 static void device_added(struct sock
*sk
, struct hci_dev
*hdev
,
4985 bdaddr_t
*bdaddr
, u8 type
, u8 action
)
4987 struct mgmt_ev_device_added ev
;
4989 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
4990 ev
.addr
.type
= type
;
4993 mgmt_event(MGMT_EV_DEVICE_ADDED
, hdev
, &ev
, sizeof(ev
), sk
);
4996 static int add_device(struct sock
*sk
, struct hci_dev
*hdev
,
4997 void *data
, u16 len
)
4999 struct mgmt_cp_add_device
*cp
= data
;
5000 u8 auto_conn
, addr_type
;
5003 BT_DBG("%s", hdev
->name
);
5005 if (!bdaddr_type_is_le(cp
->addr
.type
) ||
5006 !bacmp(&cp
->addr
.bdaddr
, BDADDR_ANY
))
5007 return cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_DEVICE
,
5008 MGMT_STATUS_INVALID_PARAMS
,
5009 &cp
->addr
, sizeof(cp
->addr
));
5011 if (cp
->action
!= 0x00 && cp
->action
!= 0x01)
5012 return cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_DEVICE
,
5013 MGMT_STATUS_INVALID_PARAMS
,
5014 &cp
->addr
, sizeof(cp
->addr
));
5018 if (cp
->addr
.type
== BDADDR_LE_PUBLIC
)
5019 addr_type
= ADDR_LE_DEV_PUBLIC
;
5021 addr_type
= ADDR_LE_DEV_RANDOM
;
5024 auto_conn
= HCI_AUTO_CONN_ALWAYS
;
5026 auto_conn
= HCI_AUTO_CONN_DISABLED
;
5028 /* If the connection parameters don't exist for this device,
5029 * they will be created and configured with defaults.
5031 if (hci_conn_params_set(hdev
, &cp
->addr
.bdaddr
, addr_type
,
5033 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_DEVICE
,
5035 &cp
->addr
, sizeof(cp
->addr
));
5039 device_added(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, cp
->action
);
5041 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_DEVICE
,
5042 MGMT_STATUS_SUCCESS
, &cp
->addr
, sizeof(cp
->addr
));
5045 hci_dev_unlock(hdev
);
5049 static void device_removed(struct sock
*sk
, struct hci_dev
*hdev
,
5050 bdaddr_t
*bdaddr
, u8 type
)
5052 struct mgmt_ev_device_removed ev
;
5054 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
5055 ev
.addr
.type
= type
;
5057 mgmt_event(MGMT_EV_DEVICE_REMOVED
, hdev
, &ev
, sizeof(ev
), sk
);
5060 static int remove_device(struct sock
*sk
, struct hci_dev
*hdev
,
5061 void *data
, u16 len
)
5063 struct mgmt_cp_remove_device
*cp
= data
;
5066 BT_DBG("%s", hdev
->name
);
5070 if (bacmp(&cp
->addr
.bdaddr
, BDADDR_ANY
)) {
5073 if (!bdaddr_type_is_le(cp
->addr
.type
)) {
5074 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_DEVICE
,
5075 MGMT_STATUS_INVALID_PARAMS
,
5076 &cp
->addr
, sizeof(cp
->addr
));
5080 if (cp
->addr
.type
== BDADDR_LE_PUBLIC
)
5081 addr_type
= ADDR_LE_DEV_PUBLIC
;
5083 addr_type
= ADDR_LE_DEV_RANDOM
;
5085 hci_conn_params_del(hdev
, &cp
->addr
.bdaddr
, addr_type
);
5087 device_removed(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
5089 if (cp
->addr
.type
) {
5090 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_DEVICE
,
5091 MGMT_STATUS_INVALID_PARAMS
,
5092 &cp
->addr
, sizeof(cp
->addr
));
5096 hci_conn_params_clear(hdev
);
5099 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_DEVICE
,
5100 MGMT_STATUS_SUCCESS
, &cp
->addr
, sizeof(cp
->addr
));
5103 hci_dev_unlock(hdev
);
5107 static const struct mgmt_handler
{
5108 int (*func
) (struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
5112 } mgmt_handlers
[] = {
5113 { NULL
}, /* 0x0000 (no command) */
5114 { read_version
, false, MGMT_READ_VERSION_SIZE
},
5115 { read_commands
, false, MGMT_READ_COMMANDS_SIZE
},
5116 { read_index_list
, false, MGMT_READ_INDEX_LIST_SIZE
},
5117 { read_controller_info
, false, MGMT_READ_INFO_SIZE
},
5118 { set_powered
, false, MGMT_SETTING_SIZE
},
5119 { set_discoverable
, false, MGMT_SET_DISCOVERABLE_SIZE
},
5120 { set_connectable
, false, MGMT_SETTING_SIZE
},
5121 { set_fast_connectable
, false, MGMT_SETTING_SIZE
},
5122 { set_pairable
, false, MGMT_SETTING_SIZE
},
5123 { set_link_security
, false, MGMT_SETTING_SIZE
},
5124 { set_ssp
, false, MGMT_SETTING_SIZE
},
5125 { set_hs
, false, MGMT_SETTING_SIZE
},
5126 { set_le
, false, MGMT_SETTING_SIZE
},
5127 { set_dev_class
, false, MGMT_SET_DEV_CLASS_SIZE
},
5128 { set_local_name
, false, MGMT_SET_LOCAL_NAME_SIZE
},
5129 { add_uuid
, false, MGMT_ADD_UUID_SIZE
},
5130 { remove_uuid
, false, MGMT_REMOVE_UUID_SIZE
},
5131 { load_link_keys
, true, MGMT_LOAD_LINK_KEYS_SIZE
},
5132 { load_long_term_keys
, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE
},
5133 { disconnect
, false, MGMT_DISCONNECT_SIZE
},
5134 { get_connections
, false, MGMT_GET_CONNECTIONS_SIZE
},
5135 { pin_code_reply
, false, MGMT_PIN_CODE_REPLY_SIZE
},
5136 { pin_code_neg_reply
, false, MGMT_PIN_CODE_NEG_REPLY_SIZE
},
5137 { set_io_capability
, false, MGMT_SET_IO_CAPABILITY_SIZE
},
5138 { pair_device
, false, MGMT_PAIR_DEVICE_SIZE
},
5139 { cancel_pair_device
, false, MGMT_CANCEL_PAIR_DEVICE_SIZE
},
5140 { unpair_device
, false, MGMT_UNPAIR_DEVICE_SIZE
},
5141 { user_confirm_reply
, false, MGMT_USER_CONFIRM_REPLY_SIZE
},
5142 { user_confirm_neg_reply
, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE
},
5143 { user_passkey_reply
, false, MGMT_USER_PASSKEY_REPLY_SIZE
},
5144 { user_passkey_neg_reply
, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE
},
5145 { read_local_oob_data
, false, MGMT_READ_LOCAL_OOB_DATA_SIZE
},
5146 { add_remote_oob_data
, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE
},
5147 { remove_remote_oob_data
, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE
},
5148 { start_discovery
, false, MGMT_START_DISCOVERY_SIZE
},
5149 { stop_discovery
, false, MGMT_STOP_DISCOVERY_SIZE
},
5150 { confirm_name
, false, MGMT_CONFIRM_NAME_SIZE
},
5151 { block_device
, false, MGMT_BLOCK_DEVICE_SIZE
},
5152 { unblock_device
, false, MGMT_UNBLOCK_DEVICE_SIZE
},
5153 { set_device_id
, false, MGMT_SET_DEVICE_ID_SIZE
},
5154 { set_advertising
, false, MGMT_SETTING_SIZE
},
5155 { set_bredr
, false, MGMT_SETTING_SIZE
},
5156 { set_static_address
, false, MGMT_SET_STATIC_ADDRESS_SIZE
},
5157 { set_scan_params
, false, MGMT_SET_SCAN_PARAMS_SIZE
},
5158 { set_secure_conn
, false, MGMT_SETTING_SIZE
},
5159 { set_debug_keys
, false, MGMT_SETTING_SIZE
},
5160 { set_privacy
, false, MGMT_SET_PRIVACY_SIZE
},
5161 { load_irks
, true, MGMT_LOAD_IRKS_SIZE
},
5162 { get_conn_info
, false, MGMT_GET_CONN_INFO_SIZE
},
5163 { get_clock_info
, false, MGMT_GET_CLOCK_INFO_SIZE
},
5164 { add_device
, false, MGMT_ADD_DEVICE_SIZE
},
5165 { remove_device
, false, MGMT_REMOVE_DEVICE_SIZE
},
5168 int mgmt_control(struct sock
*sk
, struct msghdr
*msg
, size_t msglen
)
5172 struct mgmt_hdr
*hdr
;
5173 u16 opcode
, index
, len
;
5174 struct hci_dev
*hdev
= NULL
;
5175 const struct mgmt_handler
*handler
;
5178 BT_DBG("got %zu bytes", msglen
);
5180 if (msglen
< sizeof(*hdr
))
5183 buf
= kmalloc(msglen
, GFP_KERNEL
);
5187 if (memcpy_fromiovec(buf
, msg
->msg_iov
, msglen
)) {
5193 opcode
= __le16_to_cpu(hdr
->opcode
);
5194 index
= __le16_to_cpu(hdr
->index
);
5195 len
= __le16_to_cpu(hdr
->len
);
5197 if (len
!= msglen
- sizeof(*hdr
)) {
5202 if (index
!= MGMT_INDEX_NONE
) {
5203 hdev
= hci_dev_get(index
);
5205 err
= cmd_status(sk
, index
, opcode
,
5206 MGMT_STATUS_INVALID_INDEX
);
5210 if (test_bit(HCI_SETUP
, &hdev
->dev_flags
) ||
5211 test_bit(HCI_USER_CHANNEL
, &hdev
->dev_flags
) ||
5212 test_bit(HCI_QUIRK_RAW_DEVICE
, &hdev
->quirks
)) {
5213 err
= cmd_status(sk
, index
, opcode
,
5214 MGMT_STATUS_INVALID_INDEX
);
5219 if (opcode
>= ARRAY_SIZE(mgmt_handlers
) ||
5220 mgmt_handlers
[opcode
].func
== NULL
) {
5221 BT_DBG("Unknown op %u", opcode
);
5222 err
= cmd_status(sk
, index
, opcode
,
5223 MGMT_STATUS_UNKNOWN_COMMAND
);
5227 if ((hdev
&& opcode
< MGMT_OP_READ_INFO
) ||
5228 (!hdev
&& opcode
>= MGMT_OP_READ_INFO
)) {
5229 err
= cmd_status(sk
, index
, opcode
,
5230 MGMT_STATUS_INVALID_INDEX
);
5234 handler
= &mgmt_handlers
[opcode
];
5236 if ((handler
->var_len
&& len
< handler
->data_len
) ||
5237 (!handler
->var_len
&& len
!= handler
->data_len
)) {
5238 err
= cmd_status(sk
, index
, opcode
,
5239 MGMT_STATUS_INVALID_PARAMS
);
5244 mgmt_init_hdev(sk
, hdev
);
5246 cp
= buf
+ sizeof(*hdr
);
5248 err
= handler
->func(sk
, hdev
, cp
, len
);
5262 void mgmt_index_added(struct hci_dev
*hdev
)
5264 if (hdev
->dev_type
!= HCI_BREDR
)
5267 mgmt_event(MGMT_EV_INDEX_ADDED
, hdev
, NULL
, 0, NULL
);
5270 void mgmt_index_removed(struct hci_dev
*hdev
)
5272 u8 status
= MGMT_STATUS_INVALID_INDEX
;
5274 if (hdev
->dev_type
!= HCI_BREDR
)
5277 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status
);
5279 mgmt_event(MGMT_EV_INDEX_REMOVED
, hdev
, NULL
, 0, NULL
);
5282 /* This function requires the caller holds hdev->lock */
5283 static void restart_le_auto_conns(struct hci_dev
*hdev
)
5285 struct hci_conn_params
*p
;
5288 list_for_each_entry(p
, &hdev
->le_conn_params
, list
) {
5289 if (p
->auto_connect
== HCI_AUTO_CONN_ALWAYS
) {
5290 hci_pend_le_conn_add(hdev
, &p
->addr
, p
->addr_type
);
5295 /* Calling hci_pend_le_conn_add will actually already trigger
5296 * background scanning when needed. So no need to trigger it
5297 * just another time.
5299 * This check is here to avoid an unneeded restart of the
5300 * passive scanning. Since this is during the controller
5301 * power up phase the duplicate filtering is not an issue.
5306 hci_update_background_scan(hdev
);
5309 static void powered_complete(struct hci_dev
*hdev
, u8 status
)
5311 struct cmd_lookup match
= { NULL
, hdev
};
5313 BT_DBG("status 0x%02x", status
);
5317 restart_le_auto_conns(hdev
);
5319 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
, &match
);
5321 new_settings(hdev
, match
.sk
);
5323 hci_dev_unlock(hdev
);
5329 static int powered_update_hci(struct hci_dev
*hdev
)
5331 struct hci_request req
;
5334 hci_req_init(&req
, hdev
);
5336 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
) &&
5337 !lmp_host_ssp_capable(hdev
)) {
5340 hci_req_add(&req
, HCI_OP_WRITE_SSP_MODE
, 1, &ssp
);
5343 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
) &&
5344 lmp_bredr_capable(hdev
)) {
5345 struct hci_cp_write_le_host_supported cp
;
5348 cp
.simul
= lmp_le_br_capable(hdev
);
5350 /* Check first if we already have the right
5351 * host state (host features set)
5353 if (cp
.le
!= lmp_host_le_capable(hdev
) ||
5354 cp
.simul
!= lmp_host_le_br_capable(hdev
))
5355 hci_req_add(&req
, HCI_OP_WRITE_LE_HOST_SUPPORTED
,
5359 if (lmp_le_capable(hdev
)) {
5360 /* Make sure the controller has a good default for
5361 * advertising data. This also applies to the case
5362 * where BR/EDR was toggled during the AUTO_OFF phase.
5364 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
5365 update_adv_data(&req
);
5366 update_scan_rsp_data(&req
);
5369 if (test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
))
5370 enable_advertising(&req
);
5373 link_sec
= test_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
);
5374 if (link_sec
!= test_bit(HCI_AUTH
, &hdev
->flags
))
5375 hci_req_add(&req
, HCI_OP_WRITE_AUTH_ENABLE
,
5376 sizeof(link_sec
), &link_sec
);
5378 if (lmp_bredr_capable(hdev
)) {
5379 if (test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
5380 set_bredr_scan(&req
);
5386 return hci_req_run(&req
, powered_complete
);
5389 int mgmt_powered(struct hci_dev
*hdev
, u8 powered
)
5391 struct cmd_lookup match
= { NULL
, hdev
};
5392 u8 status_not_powered
= MGMT_STATUS_NOT_POWERED
;
5393 u8 zero_cod
[] = { 0, 0, 0 };
5396 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
5400 if (powered_update_hci(hdev
) == 0)
5403 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
,
5408 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
, &match
);
5409 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status_not_powered
);
5411 if (memcmp(hdev
->dev_class
, zero_cod
, sizeof(zero_cod
)) != 0)
5412 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED
, hdev
,
5413 zero_cod
, sizeof(zero_cod
), NULL
);
5416 err
= new_settings(hdev
, match
.sk
);
5424 void mgmt_set_powered_failed(struct hci_dev
*hdev
, int err
)
5426 struct pending_cmd
*cmd
;
5429 cmd
= mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
);
5433 if (err
== -ERFKILL
)
5434 status
= MGMT_STATUS_RFKILLED
;
5436 status
= MGMT_STATUS_FAILED
;
5438 cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_POWERED
, status
);
5440 mgmt_pending_remove(cmd
);
5443 void mgmt_discoverable_timeout(struct hci_dev
*hdev
)
5445 struct hci_request req
;
5449 /* When discoverable timeout triggers, then just make sure
5450 * the limited discoverable flag is cleared. Even in the case
5451 * of a timeout triggered from general discoverable, it is
5452 * safe to unconditionally clear the flag.
5454 clear_bit(HCI_LIMITED_DISCOVERABLE
, &hdev
->dev_flags
);
5455 clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
5457 hci_req_init(&req
, hdev
);
5458 if (test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
)) {
5459 u8 scan
= SCAN_PAGE
;
5460 hci_req_add(&req
, HCI_OP_WRITE_SCAN_ENABLE
,
5461 sizeof(scan
), &scan
);
5464 update_adv_data(&req
);
5465 hci_req_run(&req
, NULL
);
5467 hdev
->discov_timeout
= 0;
5469 new_settings(hdev
, NULL
);
5471 hci_dev_unlock(hdev
);
5474 void mgmt_discoverable(struct hci_dev
*hdev
, u8 discoverable
)
5478 /* Nothing needed here if there's a pending command since that
5479 * commands request completion callback takes care of everything
5482 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
))
5485 /* Powering off may clear the scan mode - don't let that interfere */
5486 if (!discoverable
&& mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
))
5490 changed
= !test_and_set_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
5492 clear_bit(HCI_LIMITED_DISCOVERABLE
, &hdev
->dev_flags
);
5493 changed
= test_and_clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
5497 struct hci_request req
;
5499 /* In case this change in discoverable was triggered by
5500 * a disabling of connectable there could be a need to
5501 * update the advertising flags.
5503 hci_req_init(&req
, hdev
);
5504 update_adv_data(&req
);
5505 hci_req_run(&req
, NULL
);
5507 new_settings(hdev
, NULL
);
5511 void mgmt_connectable(struct hci_dev
*hdev
, u8 connectable
)
5515 /* Nothing needed here if there's a pending command since that
5516 * commands request completion callback takes care of everything
5519 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
))
5522 /* Powering off may clear the scan mode - don't let that interfere */
5523 if (!connectable
&& mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
))
5527 changed
= !test_and_set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
5529 changed
= test_and_clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
5532 new_settings(hdev
, NULL
);
5535 void mgmt_advertising(struct hci_dev
*hdev
, u8 advertising
)
5537 /* Powering off may stop advertising - don't let that interfere */
5538 if (!advertising
&& mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
))
5542 set_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
5544 clear_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
5547 void mgmt_write_scan_failed(struct hci_dev
*hdev
, u8 scan
, u8 status
)
5549 u8 mgmt_err
= mgmt_status(status
);
5551 if (scan
& SCAN_PAGE
)
5552 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE
, hdev
,
5553 cmd_status_rsp
, &mgmt_err
);
5555 if (scan
& SCAN_INQUIRY
)
5556 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE
, hdev
,
5557 cmd_status_rsp
, &mgmt_err
);
5560 void mgmt_new_link_key(struct hci_dev
*hdev
, struct link_key
*key
,
5563 struct mgmt_ev_new_link_key ev
;
5565 memset(&ev
, 0, sizeof(ev
));
5567 ev
.store_hint
= persistent
;
5568 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
5569 ev
.key
.addr
.type
= BDADDR_BREDR
;
5570 ev
.key
.type
= key
->type
;
5571 memcpy(ev
.key
.val
, key
->val
, HCI_LINK_KEY_SIZE
);
5572 ev
.key
.pin_len
= key
->pin_len
;
5574 mgmt_event(MGMT_EV_NEW_LINK_KEY
, hdev
, &ev
, sizeof(ev
), NULL
);
5577 static u8
mgmt_ltk_type(struct smp_ltk
*ltk
)
5579 if (ltk
->authenticated
)
5580 return MGMT_LTK_AUTHENTICATED
;
5582 return MGMT_LTK_UNAUTHENTICATED
;
5585 void mgmt_new_ltk(struct hci_dev
*hdev
, struct smp_ltk
*key
, bool persistent
)
5587 struct mgmt_ev_new_long_term_key ev
;
5589 memset(&ev
, 0, sizeof(ev
));
5591 /* Devices using resolvable or non-resolvable random addresses
5592 * without providing an indentity resolving key don't require
5593 * to store long term keys. Their addresses will change the
5596 * Only when a remote device provides an identity address
5597 * make sure the long term key is stored. If the remote
5598 * identity is known, the long term keys are internally
5599 * mapped to the identity address. So allow static random
5600 * and public addresses here.
5602 if (key
->bdaddr_type
== ADDR_LE_DEV_RANDOM
&&
5603 (key
->bdaddr
.b
[5] & 0xc0) != 0xc0)
5604 ev
.store_hint
= 0x00;
5606 ev
.store_hint
= persistent
;
5608 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
5609 ev
.key
.addr
.type
= link_to_bdaddr(LE_LINK
, key
->bdaddr_type
);
5610 ev
.key
.type
= mgmt_ltk_type(key
);
5611 ev
.key
.enc_size
= key
->enc_size
;
5612 ev
.key
.ediv
= key
->ediv
;
5613 ev
.key
.rand
= key
->rand
;
5615 if (key
->type
== SMP_LTK
)
5618 memcpy(ev
.key
.val
, key
->val
, sizeof(key
->val
));
5620 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY
, hdev
, &ev
, sizeof(ev
), NULL
);
5623 void mgmt_new_irk(struct hci_dev
*hdev
, struct smp_irk
*irk
)
5625 struct mgmt_ev_new_irk ev
;
5627 memset(&ev
, 0, sizeof(ev
));
5629 /* For identity resolving keys from devices that are already
5630 * using a public address or static random address, do not
5631 * ask for storing this key. The identity resolving key really
5632 * is only mandatory for devices using resovlable random
5635 * Storing all identity resolving keys has the downside that
5636 * they will be also loaded on next boot of they system. More
5637 * identity resolving keys, means more time during scanning is
5638 * needed to actually resolve these addresses.
5640 if (bacmp(&irk
->rpa
, BDADDR_ANY
))
5641 ev
.store_hint
= 0x01;
5643 ev
.store_hint
= 0x00;
5645 bacpy(&ev
.rpa
, &irk
->rpa
);
5646 bacpy(&ev
.irk
.addr
.bdaddr
, &irk
->bdaddr
);
5647 ev
.irk
.addr
.type
= link_to_bdaddr(LE_LINK
, irk
->addr_type
);
5648 memcpy(ev
.irk
.val
, irk
->val
, sizeof(irk
->val
));
5650 mgmt_event(MGMT_EV_NEW_IRK
, hdev
, &ev
, sizeof(ev
), NULL
);
5653 void mgmt_new_csrk(struct hci_dev
*hdev
, struct smp_csrk
*csrk
,
5656 struct mgmt_ev_new_csrk ev
;
5658 memset(&ev
, 0, sizeof(ev
));
5660 /* Devices using resolvable or non-resolvable random addresses
5661 * without providing an indentity resolving key don't require
5662 * to store signature resolving keys. Their addresses will change
5663 * the next time around.
5665 * Only when a remote device provides an identity address
5666 * make sure the signature resolving key is stored. So allow
5667 * static random and public addresses here.
5669 if (csrk
->bdaddr_type
== ADDR_LE_DEV_RANDOM
&&
5670 (csrk
->bdaddr
.b
[5] & 0xc0) != 0xc0)
5671 ev
.store_hint
= 0x00;
5673 ev
.store_hint
= persistent
;
5675 bacpy(&ev
.key
.addr
.bdaddr
, &csrk
->bdaddr
);
5676 ev
.key
.addr
.type
= link_to_bdaddr(LE_LINK
, csrk
->bdaddr_type
);
5677 ev
.key
.master
= csrk
->master
;
5678 memcpy(ev
.key
.val
, csrk
->val
, sizeof(csrk
->val
));
5680 mgmt_event(MGMT_EV_NEW_CSRK
, hdev
, &ev
, sizeof(ev
), NULL
);
5683 static inline u16
eir_append_data(u8
*eir
, u16 eir_len
, u8 type
, u8
*data
,
5686 eir
[eir_len
++] = sizeof(type
) + data_len
;
5687 eir
[eir_len
++] = type
;
5688 memcpy(&eir
[eir_len
], data
, data_len
);
5689 eir_len
+= data_len
;
5694 void mgmt_device_connected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
5695 u8 addr_type
, u32 flags
, u8
*name
, u8 name_len
,
5699 struct mgmt_ev_device_connected
*ev
= (void *) buf
;
5702 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
5703 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
5705 ev
->flags
= __cpu_to_le32(flags
);
5708 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
,
5711 if (dev_class
&& memcmp(dev_class
, "\0\0\0", 3) != 0)
5712 eir_len
= eir_append_data(ev
->eir
, eir_len
,
5713 EIR_CLASS_OF_DEV
, dev_class
, 3);
5715 ev
->eir_len
= cpu_to_le16(eir_len
);
5717 mgmt_event(MGMT_EV_DEVICE_CONNECTED
, hdev
, buf
,
5718 sizeof(*ev
) + eir_len
, NULL
);
5721 static void disconnect_rsp(struct pending_cmd
*cmd
, void *data
)
5723 struct mgmt_cp_disconnect
*cp
= cmd
->param
;
5724 struct sock
**sk
= data
;
5725 struct mgmt_rp_disconnect rp
;
5727 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
5728 rp
.addr
.type
= cp
->addr
.type
;
5730 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
, 0, &rp
,
5736 mgmt_pending_remove(cmd
);
5739 static void unpair_device_rsp(struct pending_cmd
*cmd
, void *data
)
5741 struct hci_dev
*hdev
= data
;
5742 struct mgmt_cp_unpair_device
*cp
= cmd
->param
;
5743 struct mgmt_rp_unpair_device rp
;
5745 memset(&rp
, 0, sizeof(rp
));
5746 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
5747 rp
.addr
.type
= cp
->addr
.type
;
5749 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, cmd
->sk
);
5751 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, 0, &rp
, sizeof(rp
));
5753 mgmt_pending_remove(cmd
);
5756 void mgmt_device_disconnected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
5757 u8 link_type
, u8 addr_type
, u8 reason
,
5758 bool mgmt_connected
)
5760 struct mgmt_ev_device_disconnected ev
;
5761 struct pending_cmd
*power_off
;
5762 struct sock
*sk
= NULL
;
5764 power_off
= mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
);
5766 struct mgmt_mode
*cp
= power_off
->param
;
5768 /* The connection is still in hci_conn_hash so test for 1
5769 * instead of 0 to know if this is the last one.
5771 if (!cp
->val
&& hci_conn_count(hdev
) == 1) {
5772 cancel_delayed_work(&hdev
->power_off
);
5773 queue_work(hdev
->req_workqueue
, &hdev
->power_off
.work
);
5777 if (!mgmt_connected
)
5780 if (link_type
!= ACL_LINK
&& link_type
!= LE_LINK
)
5783 mgmt_pending_foreach(MGMT_OP_DISCONNECT
, hdev
, disconnect_rsp
, &sk
);
5785 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
5786 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
5789 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED
, hdev
, &ev
, sizeof(ev
), sk
);
5794 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
5798 void mgmt_disconnect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
5799 u8 link_type
, u8 addr_type
, u8 status
)
5801 u8 bdaddr_type
= link_to_bdaddr(link_type
, addr_type
);
5802 struct mgmt_cp_disconnect
*cp
;
5803 struct mgmt_rp_disconnect rp
;
5804 struct pending_cmd
*cmd
;
5806 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
5809 cmd
= mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
);
5815 if (bacmp(bdaddr
, &cp
->addr
.bdaddr
))
5818 if (cp
->addr
.type
!= bdaddr_type
)
5821 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
5822 rp
.addr
.type
= bdaddr_type
;
5824 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
,
5825 mgmt_status(status
), &rp
, sizeof(rp
));
5827 mgmt_pending_remove(cmd
);
5830 void mgmt_connect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
5831 u8 addr_type
, u8 status
)
5833 struct mgmt_ev_connect_failed ev
;
5834 struct pending_cmd
*power_off
;
5836 power_off
= mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
);
5838 struct mgmt_mode
*cp
= power_off
->param
;
5840 /* The connection is still in hci_conn_hash so test for 1
5841 * instead of 0 to know if this is the last one.
5843 if (!cp
->val
&& hci_conn_count(hdev
) == 1) {
5844 cancel_delayed_work(&hdev
->power_off
);
5845 queue_work(hdev
->req_workqueue
, &hdev
->power_off
.work
);
5849 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
5850 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
5851 ev
.status
= mgmt_status(status
);
5853 mgmt_event(MGMT_EV_CONNECT_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
5856 void mgmt_pin_code_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 secure
)
5858 struct mgmt_ev_pin_code_request ev
;
5860 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
5861 ev
.addr
.type
= BDADDR_BREDR
;
5864 mgmt_event(MGMT_EV_PIN_CODE_REQUEST
, hdev
, &ev
, sizeof(ev
), NULL
);
5867 void mgmt_pin_code_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
5870 struct pending_cmd
*cmd
;
5871 struct mgmt_rp_pin_code_reply rp
;
5873 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY
, hdev
);
5877 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
5878 rp
.addr
.type
= BDADDR_BREDR
;
5880 cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
5881 mgmt_status(status
), &rp
, sizeof(rp
));
5883 mgmt_pending_remove(cmd
);
5886 void mgmt_pin_code_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
5889 struct pending_cmd
*cmd
;
5890 struct mgmt_rp_pin_code_reply rp
;
5892 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
);
5896 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
5897 rp
.addr
.type
= BDADDR_BREDR
;
5899 cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_NEG_REPLY
,
5900 mgmt_status(status
), &rp
, sizeof(rp
));
5902 mgmt_pending_remove(cmd
);
5905 int mgmt_user_confirm_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
5906 u8 link_type
, u8 addr_type
, u32 value
,
5909 struct mgmt_ev_user_confirm_request ev
;
5911 BT_DBG("%s", hdev
->name
);
5913 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
5914 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
5915 ev
.confirm_hint
= confirm_hint
;
5916 ev
.value
= cpu_to_le32(value
);
5918 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST
, hdev
, &ev
, sizeof(ev
),
5922 int mgmt_user_passkey_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
5923 u8 link_type
, u8 addr_type
)
5925 struct mgmt_ev_user_passkey_request ev
;
5927 BT_DBG("%s", hdev
->name
);
5929 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
5930 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
5932 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST
, hdev
, &ev
, sizeof(ev
),
5936 static int user_pairing_resp_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
5937 u8 link_type
, u8 addr_type
, u8 status
,
5940 struct pending_cmd
*cmd
;
5941 struct mgmt_rp_user_confirm_reply rp
;
5944 cmd
= mgmt_pending_find(opcode
, hdev
);
5948 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
5949 rp
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
5950 err
= cmd_complete(cmd
->sk
, hdev
->id
, opcode
, mgmt_status(status
),
5953 mgmt_pending_remove(cmd
);
5958 int mgmt_user_confirm_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
5959 u8 link_type
, u8 addr_type
, u8 status
)
5961 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
5962 status
, MGMT_OP_USER_CONFIRM_REPLY
);
5965 int mgmt_user_confirm_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
5966 u8 link_type
, u8 addr_type
, u8 status
)
5968 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
5970 MGMT_OP_USER_CONFIRM_NEG_REPLY
);
5973 int mgmt_user_passkey_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
5974 u8 link_type
, u8 addr_type
, u8 status
)
5976 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
5977 status
, MGMT_OP_USER_PASSKEY_REPLY
);
5980 int mgmt_user_passkey_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
5981 u8 link_type
, u8 addr_type
, u8 status
)
5983 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
5985 MGMT_OP_USER_PASSKEY_NEG_REPLY
);
5988 int mgmt_user_passkey_notify(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
5989 u8 link_type
, u8 addr_type
, u32 passkey
,
5992 struct mgmt_ev_passkey_notify ev
;
5994 BT_DBG("%s", hdev
->name
);
5996 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
5997 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
5998 ev
.passkey
= __cpu_to_le32(passkey
);
5999 ev
.entered
= entered
;
6001 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY
, hdev
, &ev
, sizeof(ev
), NULL
);
6004 void mgmt_auth_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
6005 u8 addr_type
, u8 status
)
6007 struct mgmt_ev_auth_failed ev
;
6009 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
6010 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
6011 ev
.status
= mgmt_status(status
);
6013 mgmt_event(MGMT_EV_AUTH_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
6016 void mgmt_auth_enable_complete(struct hci_dev
*hdev
, u8 status
)
6018 struct cmd_lookup match
= { NULL
, hdev
};
6022 u8 mgmt_err
= mgmt_status(status
);
6023 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
,
6024 cmd_status_rsp
, &mgmt_err
);
6028 if (test_bit(HCI_AUTH
, &hdev
->flags
))
6029 changed
= !test_and_set_bit(HCI_LINK_SECURITY
,
6032 changed
= test_and_clear_bit(HCI_LINK_SECURITY
,
6035 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
, settings_rsp
,
6039 new_settings(hdev
, match
.sk
);
6045 static void clear_eir(struct hci_request
*req
)
6047 struct hci_dev
*hdev
= req
->hdev
;
6048 struct hci_cp_write_eir cp
;
6050 if (!lmp_ext_inq_capable(hdev
))
6053 memset(hdev
->eir
, 0, sizeof(hdev
->eir
));
6055 memset(&cp
, 0, sizeof(cp
));
6057 hci_req_add(req
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
6060 void mgmt_ssp_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
6062 struct cmd_lookup match
= { NULL
, hdev
};
6063 struct hci_request req
;
6064 bool changed
= false;
6067 u8 mgmt_err
= mgmt_status(status
);
6069 if (enable
&& test_and_clear_bit(HCI_SSP_ENABLED
,
6070 &hdev
->dev_flags
)) {
6071 clear_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
6072 new_settings(hdev
, NULL
);
6075 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, cmd_status_rsp
,
6081 changed
= !test_and_set_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
6083 changed
= test_and_clear_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
6085 changed
= test_and_clear_bit(HCI_HS_ENABLED
,
6088 clear_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
6091 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, settings_rsp
, &match
);
6094 new_settings(hdev
, match
.sk
);
6099 hci_req_init(&req
, hdev
);
6101 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
6102 if (test_bit(HCI_USE_DEBUG_KEYS
, &hdev
->dev_flags
))
6103 hci_req_add(&req
, HCI_OP_WRITE_SSP_DEBUG_MODE
,
6104 sizeof(enable
), &enable
);
6110 hci_req_run(&req
, NULL
);
6113 void mgmt_sc_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
6115 struct cmd_lookup match
= { NULL
, hdev
};
6116 bool changed
= false;
6119 u8 mgmt_err
= mgmt_status(status
);
6122 if (test_and_clear_bit(HCI_SC_ENABLED
,
6124 new_settings(hdev
, NULL
);
6125 clear_bit(HCI_SC_ONLY
, &hdev
->dev_flags
);
6128 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN
, hdev
,
6129 cmd_status_rsp
, &mgmt_err
);
6134 changed
= !test_and_set_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
);
6136 changed
= test_and_clear_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
);
6137 clear_bit(HCI_SC_ONLY
, &hdev
->dev_flags
);
6140 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN
, hdev
,
6141 settings_rsp
, &match
);
6144 new_settings(hdev
, match
.sk
);
6150 static void sk_lookup(struct pending_cmd
*cmd
, void *data
)
6152 struct cmd_lookup
*match
= data
;
6154 if (match
->sk
== NULL
) {
6155 match
->sk
= cmd
->sk
;
6156 sock_hold(match
->sk
);
6160 void mgmt_set_class_of_dev_complete(struct hci_dev
*hdev
, u8
*dev_class
,
6163 struct cmd_lookup match
= { NULL
, hdev
, mgmt_status(status
) };
6165 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS
, hdev
, sk_lookup
, &match
);
6166 mgmt_pending_foreach(MGMT_OP_ADD_UUID
, hdev
, sk_lookup
, &match
);
6167 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID
, hdev
, sk_lookup
, &match
);
6170 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED
, hdev
, dev_class
, 3,
6177 void mgmt_set_local_name_complete(struct hci_dev
*hdev
, u8
*name
, u8 status
)
6179 struct mgmt_cp_set_local_name ev
;
6180 struct pending_cmd
*cmd
;
6185 memset(&ev
, 0, sizeof(ev
));
6186 memcpy(ev
.name
, name
, HCI_MAX_NAME_LENGTH
);
6187 memcpy(ev
.short_name
, hdev
->short_name
, HCI_MAX_SHORT_NAME_LENGTH
);
6189 cmd
= mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME
, hdev
);
6191 memcpy(hdev
->dev_name
, name
, sizeof(hdev
->dev_name
));
6193 /* If this is a HCI command related to powering on the
6194 * HCI dev don't send any mgmt signals.
6196 if (mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
))
6200 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, &ev
, sizeof(ev
),
6201 cmd
? cmd
->sk
: NULL
);
6204 void mgmt_read_local_oob_data_complete(struct hci_dev
*hdev
, u8
*hash192
,
6205 u8
*randomizer192
, u8
*hash256
,
6206 u8
*randomizer256
, u8 status
)
6208 struct pending_cmd
*cmd
;
6210 BT_DBG("%s status %u", hdev
->name
, status
);
6212 cmd
= mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
);
6217 cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
6218 mgmt_status(status
));
6220 if (test_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
) &&
6221 hash256
&& randomizer256
) {
6222 struct mgmt_rp_read_local_oob_ext_data rp
;
6224 memcpy(rp
.hash192
, hash192
, sizeof(rp
.hash192
));
6225 memcpy(rp
.randomizer192
, randomizer192
,
6226 sizeof(rp
.randomizer192
));
6228 memcpy(rp
.hash256
, hash256
, sizeof(rp
.hash256
));
6229 memcpy(rp
.randomizer256
, randomizer256
,
6230 sizeof(rp
.randomizer256
));
6232 cmd_complete(cmd
->sk
, hdev
->id
,
6233 MGMT_OP_READ_LOCAL_OOB_DATA
, 0,
6236 struct mgmt_rp_read_local_oob_data rp
;
6238 memcpy(rp
.hash
, hash192
, sizeof(rp
.hash
));
6239 memcpy(rp
.randomizer
, randomizer192
,
6240 sizeof(rp
.randomizer
));
6242 cmd_complete(cmd
->sk
, hdev
->id
,
6243 MGMT_OP_READ_LOCAL_OOB_DATA
, 0,
6248 mgmt_pending_remove(cmd
);
6251 void mgmt_device_found(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
6252 u8 addr_type
, u8
*dev_class
, s8 rssi
, u32 flags
,
6253 u8
*eir
, u16 eir_len
, u8
*scan_rsp
, u8 scan_rsp_len
)
6256 struct mgmt_ev_device_found
*ev
= (void *) buf
;
6257 struct smp_irk
*irk
;
6260 if (!hci_discovery_active(hdev
))
6263 /* Make sure that the buffer is big enough. The 5 extra bytes
6264 * are for the potential CoD field.
6266 if (sizeof(*ev
) + eir_len
+ scan_rsp_len
+ 5 > sizeof(buf
))
6269 memset(buf
, 0, sizeof(buf
));
6271 irk
= hci_get_irk(hdev
, bdaddr
, addr_type
);
6273 bacpy(&ev
->addr
.bdaddr
, &irk
->bdaddr
);
6274 ev
->addr
.type
= link_to_bdaddr(link_type
, irk
->addr_type
);
6276 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
6277 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
6281 ev
->flags
= cpu_to_le32(flags
);
6284 memcpy(ev
->eir
, eir
, eir_len
);
6286 if (dev_class
&& !eir_has_data_type(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
))
6287 eir_len
= eir_append_data(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
,
6290 if (scan_rsp_len
> 0)
6291 memcpy(ev
->eir
+ eir_len
, scan_rsp
, scan_rsp_len
);
6293 ev
->eir_len
= cpu_to_le16(eir_len
+ scan_rsp_len
);
6294 ev_size
= sizeof(*ev
) + eir_len
+ scan_rsp_len
;
6296 mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
, ev_size
, NULL
);
6299 void mgmt_remote_name(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
6300 u8 addr_type
, s8 rssi
, u8
*name
, u8 name_len
)
6302 struct mgmt_ev_device_found
*ev
;
6303 char buf
[sizeof(*ev
) + HCI_MAX_NAME_LENGTH
+ 2];
6306 ev
= (struct mgmt_ev_device_found
*) buf
;
6308 memset(buf
, 0, sizeof(buf
));
6310 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
6311 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
6314 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
, name
,
6317 ev
->eir_len
= cpu_to_le16(eir_len
);
6319 mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
, sizeof(*ev
) + eir_len
, NULL
);
6322 void mgmt_discovering(struct hci_dev
*hdev
, u8 discovering
)
6324 struct mgmt_ev_discovering ev
;
6325 struct pending_cmd
*cmd
;
6327 BT_DBG("%s discovering %u", hdev
->name
, discovering
);
6330 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
6332 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
6335 u8 type
= hdev
->discovery
.type
;
6337 cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, 0, &type
,
6339 mgmt_pending_remove(cmd
);
6342 memset(&ev
, 0, sizeof(ev
));
6343 ev
.type
= hdev
->discovery
.type
;
6344 ev
.discovering
= discovering
;
6346 mgmt_event(MGMT_EV_DISCOVERING
, hdev
, &ev
, sizeof(ev
), NULL
);
6349 int mgmt_device_blocked(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
6351 struct pending_cmd
*cmd
;
6352 struct mgmt_ev_device_blocked ev
;
6354 cmd
= mgmt_pending_find(MGMT_OP_BLOCK_DEVICE
, hdev
);
6356 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
6357 ev
.addr
.type
= type
;
6359 return mgmt_event(MGMT_EV_DEVICE_BLOCKED
, hdev
, &ev
, sizeof(ev
),
6360 cmd
? cmd
->sk
: NULL
);
6363 int mgmt_device_unblocked(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
6365 struct pending_cmd
*cmd
;
6366 struct mgmt_ev_device_unblocked ev
;
6368 cmd
= mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE
, hdev
);
6370 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
6371 ev
.addr
.type
= type
;
6373 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED
, hdev
, &ev
, sizeof(ev
),
6374 cmd
? cmd
->sk
: NULL
);
6377 static void adv_enable_complete(struct hci_dev
*hdev
, u8 status
)
6379 BT_DBG("%s status %u", hdev
->name
, status
);
6381 /* Clear the advertising mgmt setting if we failed to re-enable it */
6383 clear_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
6384 new_settings(hdev
, NULL
);
6388 void mgmt_reenable_advertising(struct hci_dev
*hdev
)
6390 struct hci_request req
;
6392 if (hci_conn_num(hdev
, LE_LINK
) > 0)
6395 if (!test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
))
6398 hci_req_init(&req
, hdev
);
6399 enable_advertising(&req
);
6401 /* If this fails we have no option but to let user space know
6402 * that we've disabled advertising.
6404 if (hci_req_run(&req
, adv_enable_complete
) < 0) {
6405 clear_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
6406 new_settings(hdev
, NULL
);