2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
36 #define MGMT_VERSION 1
37 #define MGMT_REVISION 4
39 static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
76 MGMT_OP_UNBLOCK_DEVICE,
77 MGMT_OP_SET_DEVICE_ID,
78 MGMT_OP_SET_ADVERTISING,
80 MGMT_OP_SET_STATIC_ADDRESS,
81 MGMT_OP_SET_SCAN_PARAMS,
84 static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
87 MGMT_EV_INDEX_REMOVED,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
100 MGMT_EV_DEVICE_FOUND,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
105 MGMT_EV_PASSKEY_NOTIFY,
108 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
110 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
111 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
114 struct list_head list;
122 /* HCI to MGMT error code conversion table */
123 static u8 mgmt_status_table[] = {
125 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
126 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
127 MGMT_STATUS_FAILED, /* Hardware Failure */
128 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
129 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
130 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
131 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
132 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
133 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
135 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
136 MGMT_STATUS_BUSY, /* Command Disallowed */
137 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
138 MGMT_STATUS_REJECTED, /* Rejected Security */
139 MGMT_STATUS_REJECTED, /* Rejected Personal */
140 MGMT_STATUS_TIMEOUT, /* Host Timeout */
141 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
142 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
143 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
144 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
145 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
146 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
147 MGMT_STATUS_BUSY, /* Repeated Attempts */
148 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
149 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
151 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
152 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
153 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
155 MGMT_STATUS_FAILED, /* Unspecified Error */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
157 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
158 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
159 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
160 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
161 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
162 MGMT_STATUS_FAILED, /* Unit Link Key Used */
163 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
164 MGMT_STATUS_TIMEOUT, /* Instant Passed */
165 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
166 MGMT_STATUS_FAILED, /* Transaction Collision */
167 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
168 MGMT_STATUS_REJECTED, /* QoS Rejected */
169 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
170 MGMT_STATUS_REJECTED, /* Insufficient Security */
171 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
172 MGMT_STATUS_BUSY, /* Role Switch Pending */
173 MGMT_STATUS_FAILED, /* Slot Violation */
174 MGMT_STATUS_FAILED, /* Role Switch Failed */
175 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
176 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
177 MGMT_STATUS_BUSY, /* Host Busy Pairing */
178 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
179 MGMT_STATUS_BUSY, /* Controller Busy */
180 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
181 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
182 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
184 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
187 static u8 mgmt_status(u8 hci_status)
189 if (hci_status < ARRAY_SIZE(mgmt_status_table))
190 return mgmt_status_table[hci_status];
192 return MGMT_STATUS_FAILED;
195 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
198 struct mgmt_hdr *hdr;
199 struct mgmt_ev_cmd_status *ev;
202 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
204 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
208 hdr = (void *) skb_put(skb, sizeof(*hdr));
210 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
211 hdr->index = cpu_to_le16(index);
212 hdr->len = cpu_to_le16(sizeof(*ev));
214 ev = (void *) skb_put(skb, sizeof(*ev));
216 ev->opcode = cpu_to_le16(cmd);
218 err = sock_queue_rcv_skb(sk, skb);
225 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
226 void *rp, size_t rp_len)
229 struct mgmt_hdr *hdr;
230 struct mgmt_ev_cmd_complete *ev;
233 BT_DBG("sock %p", sk);
235 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
239 hdr = (void *) skb_put(skb, sizeof(*hdr));
241 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
242 hdr->index = cpu_to_le16(index);
243 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
245 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
246 ev->opcode = cpu_to_le16(cmd);
250 memcpy(ev->data, rp, rp_len);
252 err = sock_queue_rcv_skb(sk, skb);
259 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
262 struct mgmt_rp_read_version rp;
264 BT_DBG("sock %p", sk);
266 rp.version = MGMT_VERSION;
267 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
269 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
273 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
276 struct mgmt_rp_read_commands *rp;
277 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
278 const u16 num_events = ARRAY_SIZE(mgmt_events);
283 BT_DBG("sock %p", sk);
285 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
287 rp = kmalloc(rp_size, GFP_KERNEL);
291 rp->num_commands = __constant_cpu_to_le16(num_commands);
292 rp->num_events = __constant_cpu_to_le16(num_events);
294 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
295 put_unaligned_le16(mgmt_commands[i], opcode);
297 for (i = 0; i < num_events; i++, opcode++)
298 put_unaligned_le16(mgmt_events[i], opcode);
300 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
307 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
310 struct mgmt_rp_read_index_list *rp;
316 BT_DBG("sock %p", sk);
318 read_lock(&hci_dev_list_lock);
321 list_for_each_entry(d, &hci_dev_list, list) {
322 if (d->dev_type == HCI_BREDR)
326 rp_len = sizeof(*rp) + (2 * count);
327 rp = kmalloc(rp_len, GFP_ATOMIC);
329 read_unlock(&hci_dev_list_lock);
334 list_for_each_entry(d, &hci_dev_list, list) {
335 if (test_bit(HCI_SETUP, &d->dev_flags))
338 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
341 if (d->dev_type == HCI_BREDR) {
342 rp->index[count++] = cpu_to_le16(d->id);
343 BT_DBG("Added hci%u", d->id);
347 rp->num_controllers = cpu_to_le16(count);
348 rp_len = sizeof(*rp) + (2 * count);
350 read_unlock(&hci_dev_list_lock);
352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
360 static u32 get_supported_settings(struct hci_dev *hdev)
364 settings |= MGMT_SETTING_POWERED;
365 settings |= MGMT_SETTING_PAIRABLE;
367 if (lmp_bredr_capable(hdev)) {
368 settings |= MGMT_SETTING_CONNECTABLE;
369 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
370 settings |= MGMT_SETTING_FAST_CONNECTABLE;
371 settings |= MGMT_SETTING_DISCOVERABLE;
372 settings |= MGMT_SETTING_BREDR;
373 settings |= MGMT_SETTING_LINK_SECURITY;
375 if (lmp_ssp_capable(hdev)) {
376 settings |= MGMT_SETTING_SSP;
377 settings |= MGMT_SETTING_HS;
381 if (lmp_le_capable(hdev)) {
382 settings |= MGMT_SETTING_LE;
383 settings |= MGMT_SETTING_ADVERTISING;
389 static u32 get_current_settings(struct hci_dev *hdev)
393 if (hdev_is_powered(hdev))
394 settings |= MGMT_SETTING_POWERED;
396 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
397 settings |= MGMT_SETTING_CONNECTABLE;
399 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_FAST_CONNECTABLE;
402 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
403 settings |= MGMT_SETTING_DISCOVERABLE;
405 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
406 settings |= MGMT_SETTING_PAIRABLE;
408 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
409 settings |= MGMT_SETTING_BREDR;
411 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
412 settings |= MGMT_SETTING_LE;
414 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
415 settings |= MGMT_SETTING_LINK_SECURITY;
417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
418 settings |= MGMT_SETTING_SSP;
420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_HS;
423 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
424 settings |= MGMT_SETTING_ADVERTISING;
429 #define PNP_INFO_SVCLASS_ID 0x1200
431 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
433 u8 *ptr = data, *uuids_start = NULL;
434 struct bt_uuid *uuid;
439 list_for_each_entry(uuid, &hdev->uuids, list) {
442 if (uuid->size != 16)
445 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
449 if (uuid16 == PNP_INFO_SVCLASS_ID)
455 uuids_start[1] = EIR_UUID16_ALL;
459 /* Stop if not enough space to put next UUID */
460 if ((ptr - data) + sizeof(u16) > len) {
461 uuids_start[1] = EIR_UUID16_SOME;
465 *ptr++ = (uuid16 & 0x00ff);
466 *ptr++ = (uuid16 & 0xff00) >> 8;
467 uuids_start[0] += sizeof(uuid16);
473 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
475 u8 *ptr = data, *uuids_start = NULL;
476 struct bt_uuid *uuid;
481 list_for_each_entry(uuid, &hdev->uuids, list) {
482 if (uuid->size != 32)
488 uuids_start[1] = EIR_UUID32_ALL;
492 /* Stop if not enough space to put next UUID */
493 if ((ptr - data) + sizeof(u32) > len) {
494 uuids_start[1] = EIR_UUID32_SOME;
498 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
500 uuids_start[0] += sizeof(u32);
506 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
508 u8 *ptr = data, *uuids_start = NULL;
509 struct bt_uuid *uuid;
514 list_for_each_entry(uuid, &hdev->uuids, list) {
515 if (uuid->size != 128)
521 uuids_start[1] = EIR_UUID128_ALL;
525 /* Stop if not enough space to put next UUID */
526 if ((ptr - data) + 16 > len) {
527 uuids_start[1] = EIR_UUID128_SOME;
531 memcpy(ptr, uuid->uuid, 16);
533 uuids_start[0] += 16;
539 static u8 create_ad(struct hci_dev *hdev, u8 *ptr)
541 u8 ad_len = 0, flags = 0;
544 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
545 flags |= LE_AD_GENERAL;
547 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
548 if (lmp_le_br_capable(hdev))
549 flags |= LE_AD_SIM_LE_BREDR_CTRL;
550 if (lmp_host_le_br_capable(hdev))
551 flags |= LE_AD_SIM_LE_BREDR_HOST;
553 flags |= LE_AD_NO_BREDR;
557 BT_DBG("adv flags 0x%02x", flags);
567 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
569 ptr[1] = EIR_TX_POWER;
570 ptr[2] = (u8) hdev->adv_tx_power;
576 name_len = strlen(hdev->dev_name);
578 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
580 if (name_len > max_len) {
582 ptr[1] = EIR_NAME_SHORT;
584 ptr[1] = EIR_NAME_COMPLETE;
586 ptr[0] = name_len + 1;
588 memcpy(ptr + 2, hdev->dev_name, name_len);
590 ad_len += (name_len + 2);
591 ptr += (name_len + 2);
597 static void update_ad(struct hci_request *req)
599 struct hci_dev *hdev = req->hdev;
600 struct hci_cp_le_set_adv_data cp;
603 if (!lmp_le_capable(hdev))
606 memset(&cp, 0, sizeof(cp));
608 len = create_ad(hdev, cp.data);
610 if (hdev->adv_data_len == len &&
611 memcmp(cp.data, hdev->adv_data, len) == 0)
614 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
615 hdev->adv_data_len = len;
619 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
622 static void create_eir(struct hci_dev *hdev, u8 *data)
627 name_len = strlen(hdev->dev_name);
633 ptr[1] = EIR_NAME_SHORT;
635 ptr[1] = EIR_NAME_COMPLETE;
637 /* EIR Data length */
638 ptr[0] = name_len + 1;
640 memcpy(ptr + 2, hdev->dev_name, name_len);
642 ptr += (name_len + 2);
645 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
647 ptr[1] = EIR_TX_POWER;
648 ptr[2] = (u8) hdev->inq_tx_power;
653 if (hdev->devid_source > 0) {
655 ptr[1] = EIR_DEVICE_ID;
657 put_unaligned_le16(hdev->devid_source, ptr + 2);
658 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
659 put_unaligned_le16(hdev->devid_product, ptr + 6);
660 put_unaligned_le16(hdev->devid_version, ptr + 8);
665 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
666 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
667 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
670 static void update_eir(struct hci_request *req)
672 struct hci_dev *hdev = req->hdev;
673 struct hci_cp_write_eir cp;
675 if (!hdev_is_powered(hdev))
678 if (!lmp_ext_inq_capable(hdev))
681 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
684 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
687 memset(&cp, 0, sizeof(cp));
689 create_eir(hdev, cp.data);
691 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
694 memcpy(hdev->eir, cp.data, sizeof(cp.data));
696 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
699 static u8 get_service_classes(struct hci_dev *hdev)
701 struct bt_uuid *uuid;
704 list_for_each_entry(uuid, &hdev->uuids, list)
705 val |= uuid->svc_hint;
710 static void update_class(struct hci_request *req)
712 struct hci_dev *hdev = req->hdev;
715 BT_DBG("%s", hdev->name);
717 if (!hdev_is_powered(hdev))
720 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
723 cod[0] = hdev->minor_class;
724 cod[1] = hdev->major_class;
725 cod[2] = get_service_classes(hdev);
727 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
730 if (memcmp(cod, hdev->dev_class, 3) == 0)
733 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
736 static void service_cache_off(struct work_struct *work)
738 struct hci_dev *hdev = container_of(work, struct hci_dev,
740 struct hci_request req;
742 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
745 hci_req_init(&req, hdev);
752 hci_dev_unlock(hdev);
754 hci_req_run(&req, NULL);
757 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
759 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
762 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
764 /* Non-mgmt controlled devices get this bit set
765 * implicitly so that pairing works for them, however
766 * for mgmt we require user-space to explicitly enable
769 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
772 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
773 void *data, u16 data_len)
775 struct mgmt_rp_read_info rp;
777 BT_DBG("sock %p %s", sk, hdev->name);
781 memset(&rp, 0, sizeof(rp));
783 bacpy(&rp.bdaddr, &hdev->bdaddr);
785 rp.version = hdev->hci_ver;
786 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
788 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
789 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
791 memcpy(rp.dev_class, hdev->dev_class, 3);
793 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
794 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
796 hci_dev_unlock(hdev);
798 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
802 static void mgmt_pending_free(struct pending_cmd *cmd)
809 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
810 struct hci_dev *hdev, void *data,
813 struct pending_cmd *cmd;
815 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
819 cmd->opcode = opcode;
820 cmd->index = hdev->id;
822 cmd->param = kmalloc(len, GFP_KERNEL);
829 memcpy(cmd->param, data, len);
834 list_add(&cmd->list, &hdev->mgmt_pending);
839 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
840 void (*cb)(struct pending_cmd *cmd,
844 struct pending_cmd *cmd, *tmp;
846 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
847 if (opcode > 0 && cmd->opcode != opcode)
854 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
856 struct pending_cmd *cmd;
858 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
859 if (cmd->opcode == opcode)
866 static void mgmt_pending_remove(struct pending_cmd *cmd)
868 list_del(&cmd->list);
869 mgmt_pending_free(cmd);
872 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
874 __le32 settings = cpu_to_le32(get_current_settings(hdev));
876 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
880 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
883 struct mgmt_mode *cp = data;
884 struct pending_cmd *cmd;
887 BT_DBG("request for %s", hdev->name);
889 if (cp->val != 0x00 && cp->val != 0x01)
890 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
891 MGMT_STATUS_INVALID_PARAMS);
895 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
896 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
901 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
902 cancel_delayed_work(&hdev->power_off);
905 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
907 err = mgmt_powered(hdev, 1);
912 if (!!cp->val == hdev_is_powered(hdev)) {
913 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
917 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
924 queue_work(hdev->req_workqueue, &hdev->power_on);
926 queue_work(hdev->req_workqueue, &hdev->power_off.work);
931 hci_dev_unlock(hdev);
935 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
936 struct sock *skip_sk)
939 struct mgmt_hdr *hdr;
941 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
945 hdr = (void *) skb_put(skb, sizeof(*hdr));
946 hdr->opcode = cpu_to_le16(event);
948 hdr->index = cpu_to_le16(hdev->id);
950 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
951 hdr->len = cpu_to_le16(data_len);
954 memcpy(skb_put(skb, data_len), data, data_len);
957 __net_timestamp(skb);
959 hci_send_to_control(skb, skip_sk);
965 static int new_settings(struct hci_dev *hdev, struct sock *skip)
969 ev = cpu_to_le32(get_current_settings(hdev));
971 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
976 struct hci_dev *hdev;
980 static void settings_rsp(struct pending_cmd *cmd, void *data)
982 struct cmd_lookup *match = data;
984 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
986 list_del(&cmd->list);
988 if (match->sk == NULL) {
990 sock_hold(match->sk);
993 mgmt_pending_free(cmd);
996 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1000 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1001 mgmt_pending_remove(cmd);
1004 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1006 if (!lmp_bredr_capable(hdev))
1007 return MGMT_STATUS_NOT_SUPPORTED;
1008 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1009 return MGMT_STATUS_REJECTED;
1011 return MGMT_STATUS_SUCCESS;
1014 static u8 mgmt_le_support(struct hci_dev *hdev)
1016 if (!lmp_le_capable(hdev))
1017 return MGMT_STATUS_NOT_SUPPORTED;
1018 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1019 return MGMT_STATUS_REJECTED;
1021 return MGMT_STATUS_SUCCESS;
1024 static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1026 struct pending_cmd *cmd;
1027 struct mgmt_mode *cp;
1030 BT_DBG("status 0x%02x", status);
1034 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1039 u8 mgmt_err = mgmt_status(status);
1040 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1046 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1049 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1052 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1055 new_settings(hdev, cmd->sk);
1058 mgmt_pending_remove(cmd);
1061 hci_dev_unlock(hdev);
1064 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1067 struct mgmt_cp_set_discoverable *cp = data;
1068 struct pending_cmd *cmd;
1069 struct hci_request req;
1074 BT_DBG("request for %s", hdev->name);
1076 status = mgmt_bredr_support(hdev);
1078 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1081 if (cp->val != 0x00 && cp->val != 0x01)
1082 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1083 MGMT_STATUS_INVALID_PARAMS);
1085 timeout = __le16_to_cpu(cp->timeout);
1086 if (!cp->val && timeout > 0)
1087 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1088 MGMT_STATUS_INVALID_PARAMS);
1092 if (!hdev_is_powered(hdev) && timeout > 0) {
1093 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1094 MGMT_STATUS_NOT_POWERED);
1098 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1099 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1100 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1105 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1106 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1107 MGMT_STATUS_REJECTED);
1111 if (!hdev_is_powered(hdev)) {
1112 bool changed = false;
1114 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1115 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1119 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1124 err = new_settings(hdev, sk);
1129 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1130 if (hdev->discov_timeout > 0) {
1131 cancel_delayed_work(&hdev->discov_off);
1132 hdev->discov_timeout = 0;
1135 if (cp->val && timeout > 0) {
1136 hdev->discov_timeout = timeout;
1137 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1138 msecs_to_jiffies(hdev->discov_timeout * 1000));
1141 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1145 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1151 hci_req_init(&req, hdev);
1156 scan |= SCAN_INQUIRY;
1158 cancel_delayed_work(&hdev->discov_off);
1160 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1162 err = hci_req_run(&req, set_discoverable_complete);
1164 mgmt_pending_remove(cmd);
1167 hdev->discov_timeout = timeout;
1170 hci_dev_unlock(hdev);
1174 static void write_fast_connectable(struct hci_request *req, bool enable)
1176 struct hci_dev *hdev = req->hdev;
1177 struct hci_cp_write_page_scan_activity acp;
1180 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1184 type = PAGE_SCAN_TYPE_INTERLACED;
1186 /* 160 msec page scan interval */
1187 acp.interval = __constant_cpu_to_le16(0x0100);
1189 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1191 /* default 1.28 sec page scan */
1192 acp.interval = __constant_cpu_to_le16(0x0800);
1195 acp.window = __constant_cpu_to_le16(0x0012);
1197 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1198 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1199 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1202 if (hdev->page_scan_type != type)
1203 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1206 static u8 get_adv_type(struct hci_dev *hdev)
1208 struct pending_cmd *cmd;
1211 /* If there's a pending mgmt command the flag will not yet have
1212 * it's final value, so check for this first.
1214 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1216 struct mgmt_mode *cp = cmd->param;
1217 connectable = !!cp->val;
1219 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1222 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1225 static void enable_advertising(struct hci_request *req)
1227 struct hci_dev *hdev = req->hdev;
1228 struct hci_cp_le_set_adv_param cp;
1231 memset(&cp, 0, sizeof(cp));
1232 cp.min_interval = __constant_cpu_to_le16(0x0800);
1233 cp.max_interval = __constant_cpu_to_le16(0x0800);
1234 cp.type = get_adv_type(hdev);
1235 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1236 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1238 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1239 cp.channel_map = 0x07;
1241 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1243 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1246 static void disable_advertising(struct hci_request *req)
1250 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1253 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1255 struct pending_cmd *cmd;
1256 struct mgmt_mode *cp;
1259 BT_DBG("status 0x%02x", status);
1263 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1268 u8 mgmt_err = mgmt_status(status);
1269 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1275 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1277 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1279 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1282 new_settings(hdev, cmd->sk);
1285 mgmt_pending_remove(cmd);
1288 hci_dev_unlock(hdev);
1291 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1294 struct mgmt_mode *cp = data;
1295 struct pending_cmd *cmd;
1296 struct hci_request req;
1300 BT_DBG("request for %s", hdev->name);
1302 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1303 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1304 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1305 MGMT_STATUS_REJECTED);
1307 if (cp->val != 0x00 && cp->val != 0x01)
1308 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1309 MGMT_STATUS_INVALID_PARAMS);
1313 if (!hdev_is_powered(hdev)) {
1314 bool changed = false;
1316 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1320 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1322 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1323 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1326 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1331 err = new_settings(hdev, sk);
1336 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1337 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1338 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1343 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1349 hci_req_init(&req, hdev);
1351 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
1352 cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1358 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1359 hdev->discov_timeout > 0)
1360 cancel_delayed_work(&hdev->discov_off);
1363 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1366 /* If we're going from non-connectable to connectable or
1367 * vice-versa when fast connectable is enabled ensure that fast
1368 * connectable gets disabled. write_fast_connectable won't do
1369 * anything if the page scan parameters are already what they
1372 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1373 write_fast_connectable(&req, false);
1375 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1376 hci_conn_num(hdev, LE_LINK) == 0) {
1377 disable_advertising(&req);
1378 enable_advertising(&req);
1381 err = hci_req_run(&req, set_connectable_complete);
1383 mgmt_pending_remove(cmd);
1384 if (err == -ENODATA)
1385 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE,
1391 hci_dev_unlock(hdev);
1395 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1398 struct mgmt_mode *cp = data;
1402 BT_DBG("request for %s", hdev->name);
1404 if (cp->val != 0x00 && cp->val != 0x01)
1405 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1406 MGMT_STATUS_INVALID_PARAMS);
1411 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1413 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1415 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1420 err = new_settings(hdev, sk);
1423 hci_dev_unlock(hdev);
1427 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1430 struct mgmt_mode *cp = data;
1431 struct pending_cmd *cmd;
1435 BT_DBG("request for %s", hdev->name);
1437 status = mgmt_bredr_support(hdev);
1439 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1442 if (cp->val != 0x00 && cp->val != 0x01)
1443 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1444 MGMT_STATUS_INVALID_PARAMS);
1448 if (!hdev_is_powered(hdev)) {
1449 bool changed = false;
1451 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1452 &hdev->dev_flags)) {
1453 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1457 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1462 err = new_settings(hdev, sk);
1467 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1468 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1475 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1476 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1480 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1486 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1488 mgmt_pending_remove(cmd);
1493 hci_dev_unlock(hdev);
1497 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1499 struct mgmt_mode *cp = data;
1500 struct pending_cmd *cmd;
1504 BT_DBG("request for %s", hdev->name);
1506 status = mgmt_bredr_support(hdev);
1508 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1510 if (!lmp_ssp_capable(hdev))
1511 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1512 MGMT_STATUS_NOT_SUPPORTED);
1514 if (cp->val != 0x00 && cp->val != 0x01)
1515 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1516 MGMT_STATUS_INVALID_PARAMS);
1520 if (!hdev_is_powered(hdev)) {
1524 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1527 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1530 changed = test_and_clear_bit(HCI_HS_ENABLED,
1533 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1536 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1541 err = new_settings(hdev, sk);
1546 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1547 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
1548 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1553 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1554 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1558 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1564 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1566 mgmt_pending_remove(cmd);
1571 hci_dev_unlock(hdev);
1575 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1577 struct mgmt_mode *cp = data;
1582 BT_DBG("request for %s", hdev->name);
1584 status = mgmt_bredr_support(hdev);
1586 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1588 if (!lmp_ssp_capable(hdev))
1589 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1590 MGMT_STATUS_NOT_SUPPORTED);
1592 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1593 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1594 MGMT_STATUS_REJECTED);
1596 if (cp->val != 0x00 && cp->val != 0x01)
1597 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1598 MGMT_STATUS_INVALID_PARAMS);
1603 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1605 if (hdev_is_powered(hdev)) {
1606 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1607 MGMT_STATUS_REJECTED);
1611 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1614 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1619 err = new_settings(hdev, sk);
1622 hci_dev_unlock(hdev);
1626 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1628 struct cmd_lookup match = { NULL, hdev };
1631 u8 mgmt_err = mgmt_status(status);
1633 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1638 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1640 new_settings(hdev, match.sk);
1645 /* Make sure the controller has a good default for
1646 * advertising data. Restrict the update to when LE
1647 * has actually been enabled. During power on, the
1648 * update in powered_update_hci will take care of it.
1650 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1651 struct hci_request req;
1655 hci_req_init(&req, hdev);
1657 hci_req_run(&req, NULL);
1659 hci_dev_unlock(hdev);
1663 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1665 struct mgmt_mode *cp = data;
1666 struct hci_cp_write_le_host_supported hci_cp;
1667 struct pending_cmd *cmd;
1668 struct hci_request req;
1672 BT_DBG("request for %s", hdev->name);
1674 if (!lmp_le_capable(hdev))
1675 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1676 MGMT_STATUS_NOT_SUPPORTED);
1678 if (cp->val != 0x00 && cp->val != 0x01)
1679 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1680 MGMT_STATUS_INVALID_PARAMS);
1682 /* LE-only devices do not allow toggling LE on/off */
1683 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1684 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1685 MGMT_STATUS_REJECTED);
1690 enabled = lmp_host_le_capable(hdev);
1692 if (!hdev_is_powered(hdev) || val == enabled) {
1693 bool changed = false;
1695 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1696 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1700 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1701 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1705 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1710 err = new_settings(hdev, sk);
1715 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1716 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1717 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1722 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1728 hci_req_init(&req, hdev);
1730 memset(&hci_cp, 0, sizeof(hci_cp));
1734 hci_cp.simul = lmp_le_br_capable(hdev);
1736 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1737 disable_advertising(&req);
1740 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1743 err = hci_req_run(&req, le_enable_complete);
1745 mgmt_pending_remove(cmd);
1748 hci_dev_unlock(hdev);
1752 /* This is a helper function to test for pending mgmt commands that can
1753 * cause CoD or EIR HCI commands. We can only allow one such pending
1754 * mgmt command at a time since otherwise we cannot easily track what
1755 * the current values are, will be, and based on that calculate if a new
1756 * HCI command needs to be sent and if yes with what value.
1758 static bool pending_eir_or_class(struct hci_dev *hdev)
1760 struct pending_cmd *cmd;
1762 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1763 switch (cmd->opcode) {
1764 case MGMT_OP_ADD_UUID:
1765 case MGMT_OP_REMOVE_UUID:
1766 case MGMT_OP_SET_DEV_CLASS:
1767 case MGMT_OP_SET_POWERED:
1775 static const u8 bluetooth_base_uuid[] = {
1776 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1777 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1780 static u8 get_uuid_size(const u8 *uuid)
1784 if (memcmp(uuid, bluetooth_base_uuid, 12))
1787 val = get_unaligned_le32(&uuid[12]);
1794 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1796 struct pending_cmd *cmd;
1800 cmd = mgmt_pending_find(mgmt_op, hdev);
1804 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1805 hdev->dev_class, 3);
1807 mgmt_pending_remove(cmd);
1810 hci_dev_unlock(hdev);
1813 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1815 BT_DBG("status 0x%02x", status);
1817 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1820 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1822 struct mgmt_cp_add_uuid *cp = data;
1823 struct pending_cmd *cmd;
1824 struct hci_request req;
1825 struct bt_uuid *uuid;
1828 BT_DBG("request for %s", hdev->name);
1832 if (pending_eir_or_class(hdev)) {
1833 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1838 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1844 memcpy(uuid->uuid, cp->uuid, 16);
1845 uuid->svc_hint = cp->svc_hint;
1846 uuid->size = get_uuid_size(cp->uuid);
1848 list_add_tail(&uuid->list, &hdev->uuids);
1850 hci_req_init(&req, hdev);
1855 err = hci_req_run(&req, add_uuid_complete);
1857 if (err != -ENODATA)
1860 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1861 hdev->dev_class, 3);
1865 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1874 hci_dev_unlock(hdev);
1878 static bool enable_service_cache(struct hci_dev *hdev)
1880 if (!hdev_is_powered(hdev))
1883 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1884 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1892 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1894 BT_DBG("status 0x%02x", status);
1896 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1899 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1902 struct mgmt_cp_remove_uuid *cp = data;
1903 struct pending_cmd *cmd;
1904 struct bt_uuid *match, *tmp;
1905 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1906 struct hci_request req;
1909 BT_DBG("request for %s", hdev->name);
1913 if (pending_eir_or_class(hdev)) {
1914 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1919 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1920 err = hci_uuids_clear(hdev);
1922 if (enable_service_cache(hdev)) {
1923 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1924 0, hdev->dev_class, 3);
1933 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1934 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1937 list_del(&match->list);
1943 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1944 MGMT_STATUS_INVALID_PARAMS);
1949 hci_req_init(&req, hdev);
1954 err = hci_req_run(&req, remove_uuid_complete);
1956 if (err != -ENODATA)
1959 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1960 hdev->dev_class, 3);
1964 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1973 hci_dev_unlock(hdev);
1977 static void set_class_complete(struct hci_dev *hdev, u8 status)
1979 BT_DBG("status 0x%02x", status);
1981 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1984 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1987 struct mgmt_cp_set_dev_class *cp = data;
1988 struct pending_cmd *cmd;
1989 struct hci_request req;
1992 BT_DBG("request for %s", hdev->name);
1994 if (!lmp_bredr_capable(hdev))
1995 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1996 MGMT_STATUS_NOT_SUPPORTED);
2000 if (pending_eir_or_class(hdev)) {
2001 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2006 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2007 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2008 MGMT_STATUS_INVALID_PARAMS);
2012 hdev->major_class = cp->major;
2013 hdev->minor_class = cp->minor;
2015 if (!hdev_is_powered(hdev)) {
2016 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2017 hdev->dev_class, 3);
2021 hci_req_init(&req, hdev);
2023 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2024 hci_dev_unlock(hdev);
2025 cancel_delayed_work_sync(&hdev->service_cache);
2032 err = hci_req_run(&req, set_class_complete);
2034 if (err != -ENODATA)
2037 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2038 hdev->dev_class, 3);
2042 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2051 hci_dev_unlock(hdev);
2055 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2058 struct mgmt_cp_load_link_keys *cp = data;
2059 u16 key_count, expected_len;
2062 BT_DBG("request for %s", hdev->name);
2064 if (!lmp_bredr_capable(hdev))
2065 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2066 MGMT_STATUS_NOT_SUPPORTED);
2068 key_count = __le16_to_cpu(cp->key_count);
2070 expected_len = sizeof(*cp) + key_count *
2071 sizeof(struct mgmt_link_key_info);
2072 if (expected_len != len) {
2073 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2075 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2076 MGMT_STATUS_INVALID_PARAMS);
2079 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2080 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2081 MGMT_STATUS_INVALID_PARAMS);
2083 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2086 for (i = 0; i < key_count; i++) {
2087 struct mgmt_link_key_info *key = &cp->keys[i];
2089 if (key->addr.type != BDADDR_BREDR)
2090 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2091 MGMT_STATUS_INVALID_PARAMS);
2096 hci_link_keys_clear(hdev);
2099 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2101 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2103 for (i = 0; i < key_count; i++) {
2104 struct mgmt_link_key_info *key = &cp->keys[i];
2106 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
2107 key->type, key->pin_len);
2110 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2112 hci_dev_unlock(hdev);
2117 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2118 u8 addr_type, struct sock *skip_sk)
2120 struct mgmt_ev_device_unpaired ev;
2122 bacpy(&ev.addr.bdaddr, bdaddr);
2123 ev.addr.type = addr_type;
2125 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2129 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2132 struct mgmt_cp_unpair_device *cp = data;
2133 struct mgmt_rp_unpair_device rp;
2134 struct hci_cp_disconnect dc;
2135 struct pending_cmd *cmd;
2136 struct hci_conn *conn;
2139 memset(&rp, 0, sizeof(rp));
2140 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2141 rp.addr.type = cp->addr.type;
2143 if (!bdaddr_type_is_valid(cp->addr.type))
2144 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2145 MGMT_STATUS_INVALID_PARAMS,
2148 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2149 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2150 MGMT_STATUS_INVALID_PARAMS,
2155 if (!hdev_is_powered(hdev)) {
2156 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2157 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2161 if (cp->addr.type == BDADDR_BREDR)
2162 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2164 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
2167 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2168 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2172 if (cp->disconnect) {
2173 if (cp->addr.type == BDADDR_BREDR)
2174 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2177 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2184 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2186 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2190 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2197 dc.handle = cpu_to_le16(conn->handle);
2198 dc.reason = 0x13; /* Remote User Terminated Connection */
2199 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2201 mgmt_pending_remove(cmd);
2204 hci_dev_unlock(hdev);
2208 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2211 struct mgmt_cp_disconnect *cp = data;
2212 struct mgmt_rp_disconnect rp;
2213 struct hci_cp_disconnect dc;
2214 struct pending_cmd *cmd;
2215 struct hci_conn *conn;
2220 memset(&rp, 0, sizeof(rp));
2221 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2222 rp.addr.type = cp->addr.type;
2224 if (!bdaddr_type_is_valid(cp->addr.type))
2225 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2226 MGMT_STATUS_INVALID_PARAMS,
2231 if (!test_bit(HCI_UP, &hdev->flags)) {
2232 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2233 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2237 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2238 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2239 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2243 if (cp->addr.type == BDADDR_BREDR)
2244 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2247 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2249 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2250 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2251 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2255 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2261 dc.handle = cpu_to_le16(conn->handle);
2262 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2264 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2266 mgmt_pending_remove(cmd);
2269 hci_dev_unlock(hdev);
2273 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2275 switch (link_type) {
2277 switch (addr_type) {
2278 case ADDR_LE_DEV_PUBLIC:
2279 return BDADDR_LE_PUBLIC;
2282 /* Fallback to LE Random address type */
2283 return BDADDR_LE_RANDOM;
2287 /* Fallback to BR/EDR type */
2288 return BDADDR_BREDR;
2292 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2295 struct mgmt_rp_get_connections *rp;
2305 if (!hdev_is_powered(hdev)) {
2306 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2307 MGMT_STATUS_NOT_POWERED);
2312 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2313 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2317 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2318 rp = kmalloc(rp_len, GFP_KERNEL);
2325 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2326 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2328 bacpy(&rp->addr[i].bdaddr, &c->dst);
2329 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2330 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2335 rp->conn_count = cpu_to_le16(i);
2337 /* Recalculate length in case of filtered SCO connections, etc */
2338 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2340 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2346 hci_dev_unlock(hdev);
2350 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2351 struct mgmt_cp_pin_code_neg_reply *cp)
2353 struct pending_cmd *cmd;
2356 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2361 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2362 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2364 mgmt_pending_remove(cmd);
2369 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2372 struct hci_conn *conn;
2373 struct mgmt_cp_pin_code_reply *cp = data;
2374 struct hci_cp_pin_code_reply reply;
2375 struct pending_cmd *cmd;
2382 if (!hdev_is_powered(hdev)) {
2383 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2384 MGMT_STATUS_NOT_POWERED);
2388 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2390 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2391 MGMT_STATUS_NOT_CONNECTED);
2395 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2396 struct mgmt_cp_pin_code_neg_reply ncp;
2398 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2400 BT_ERR("PIN code is not 16 bytes long");
2402 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2404 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2405 MGMT_STATUS_INVALID_PARAMS);
2410 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2416 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2417 reply.pin_len = cp->pin_len;
2418 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2420 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2422 mgmt_pending_remove(cmd);
2425 hci_dev_unlock(hdev);
2429 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2432 struct mgmt_cp_set_io_capability *cp = data;
2438 hdev->io_capability = cp->io_capability;
2440 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2441 hdev->io_capability);
2443 hci_dev_unlock(hdev);
2445 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2449 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2451 struct hci_dev *hdev = conn->hdev;
2452 struct pending_cmd *cmd;
2454 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2455 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2458 if (cmd->user_data != conn)
2467 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2469 struct mgmt_rp_pair_device rp;
2470 struct hci_conn *conn = cmd->user_data;
2472 bacpy(&rp.addr.bdaddr, &conn->dst);
2473 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2475 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2478 /* So we don't get further callbacks for this connection */
2479 conn->connect_cfm_cb = NULL;
2480 conn->security_cfm_cb = NULL;
2481 conn->disconn_cfm_cb = NULL;
2483 hci_conn_drop(conn);
2485 mgmt_pending_remove(cmd);
2488 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2490 struct pending_cmd *cmd;
2492 BT_DBG("status %u", status);
2494 cmd = find_pairing(conn);
2496 BT_DBG("Unable to find a pending command");
2498 pairing_complete(cmd, mgmt_status(status));
2501 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2503 struct pending_cmd *cmd;
2505 BT_DBG("status %u", status);
2510 cmd = find_pairing(conn);
2512 BT_DBG("Unable to find a pending command");
2514 pairing_complete(cmd, mgmt_status(status));
2517 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2520 struct mgmt_cp_pair_device *cp = data;
2521 struct mgmt_rp_pair_device rp;
2522 struct pending_cmd *cmd;
2523 u8 sec_level, auth_type;
2524 struct hci_conn *conn;
2529 memset(&rp, 0, sizeof(rp));
2530 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2531 rp.addr.type = cp->addr.type;
2533 if (!bdaddr_type_is_valid(cp->addr.type))
2534 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2535 MGMT_STATUS_INVALID_PARAMS,
2540 if (!hdev_is_powered(hdev)) {
2541 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2542 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2546 sec_level = BT_SECURITY_MEDIUM;
2547 if (cp->io_cap == 0x03)
2548 auth_type = HCI_AT_DEDICATED_BONDING;
2550 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2552 if (cp->addr.type == BDADDR_BREDR)
2553 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2554 cp->addr.type, sec_level, auth_type);
2556 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2557 cp->addr.type, sec_level, auth_type);
2562 if (PTR_ERR(conn) == -EBUSY)
2563 status = MGMT_STATUS_BUSY;
2565 status = MGMT_STATUS_CONNECT_FAILED;
2567 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2573 if (conn->connect_cfm_cb) {
2574 hci_conn_drop(conn);
2575 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2576 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2580 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2583 hci_conn_drop(conn);
2587 /* For LE, just connecting isn't a proof that the pairing finished */
2588 if (cp->addr.type == BDADDR_BREDR)
2589 conn->connect_cfm_cb = pairing_complete_cb;
2591 conn->connect_cfm_cb = le_connect_complete_cb;
2593 conn->security_cfm_cb = pairing_complete_cb;
2594 conn->disconn_cfm_cb = pairing_complete_cb;
2595 conn->io_capability = cp->io_cap;
2596 cmd->user_data = conn;
2598 if (conn->state == BT_CONNECTED &&
2599 hci_conn_security(conn, sec_level, auth_type))
2600 pairing_complete(cmd, 0);
2605 hci_dev_unlock(hdev);
2609 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2612 struct mgmt_addr_info *addr = data;
2613 struct pending_cmd *cmd;
2614 struct hci_conn *conn;
2621 if (!hdev_is_powered(hdev)) {
2622 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2623 MGMT_STATUS_NOT_POWERED);
2627 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2629 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2630 MGMT_STATUS_INVALID_PARAMS);
2634 conn = cmd->user_data;
2636 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2637 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2638 MGMT_STATUS_INVALID_PARAMS);
2642 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2644 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2645 addr, sizeof(*addr));
2647 hci_dev_unlock(hdev);
2651 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2652 struct mgmt_addr_info *addr, u16 mgmt_op,
2653 u16 hci_op, __le32 passkey)
2655 struct pending_cmd *cmd;
2656 struct hci_conn *conn;
2661 if (!hdev_is_powered(hdev)) {
2662 err = cmd_complete(sk, hdev->id, mgmt_op,
2663 MGMT_STATUS_NOT_POWERED, addr,
2668 if (addr->type == BDADDR_BREDR)
2669 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2671 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2674 err = cmd_complete(sk, hdev->id, mgmt_op,
2675 MGMT_STATUS_NOT_CONNECTED, addr,
2680 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2681 /* Continue with pairing via SMP */
2682 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2685 err = cmd_complete(sk, hdev->id, mgmt_op,
2686 MGMT_STATUS_SUCCESS, addr,
2689 err = cmd_complete(sk, hdev->id, mgmt_op,
2690 MGMT_STATUS_FAILED, addr,
2696 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2702 /* Continue with pairing via HCI */
2703 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2704 struct hci_cp_user_passkey_reply cp;
2706 bacpy(&cp.bdaddr, &addr->bdaddr);
2707 cp.passkey = passkey;
2708 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2710 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2714 mgmt_pending_remove(cmd);
2717 hci_dev_unlock(hdev);
2721 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2722 void *data, u16 len)
2724 struct mgmt_cp_pin_code_neg_reply *cp = data;
2728 return user_pairing_resp(sk, hdev, &cp->addr,
2729 MGMT_OP_PIN_CODE_NEG_REPLY,
2730 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2733 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2736 struct mgmt_cp_user_confirm_reply *cp = data;
2740 if (len != sizeof(*cp))
2741 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2742 MGMT_STATUS_INVALID_PARAMS);
2744 return user_pairing_resp(sk, hdev, &cp->addr,
2745 MGMT_OP_USER_CONFIRM_REPLY,
2746 HCI_OP_USER_CONFIRM_REPLY, 0);
2749 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2750 void *data, u16 len)
2752 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2756 return user_pairing_resp(sk, hdev, &cp->addr,
2757 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2758 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2761 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2764 struct mgmt_cp_user_passkey_reply *cp = data;
2768 return user_pairing_resp(sk, hdev, &cp->addr,
2769 MGMT_OP_USER_PASSKEY_REPLY,
2770 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2773 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2774 void *data, u16 len)
2776 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2780 return user_pairing_resp(sk, hdev, &cp->addr,
2781 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2782 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2785 static void update_name(struct hci_request *req)
2787 struct hci_dev *hdev = req->hdev;
2788 struct hci_cp_write_local_name cp;
2790 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2792 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2795 static void set_name_complete(struct hci_dev *hdev, u8 status)
2797 struct mgmt_cp_set_local_name *cp;
2798 struct pending_cmd *cmd;
2800 BT_DBG("status 0x%02x", status);
2804 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2811 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2812 mgmt_status(status));
2814 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2817 mgmt_pending_remove(cmd);
2820 hci_dev_unlock(hdev);
2823 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2826 struct mgmt_cp_set_local_name *cp = data;
2827 struct pending_cmd *cmd;
2828 struct hci_request req;
2835 /* If the old values are the same as the new ones just return a
2836 * direct command complete event.
2838 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2839 !memcmp(hdev->short_name, cp->short_name,
2840 sizeof(hdev->short_name))) {
2841 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2846 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2848 if (!hdev_is_powered(hdev)) {
2849 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2851 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2856 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2862 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2868 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2870 hci_req_init(&req, hdev);
2872 if (lmp_bredr_capable(hdev)) {
2877 if (lmp_le_capable(hdev))
2880 err = hci_req_run(&req, set_name_complete);
2882 mgmt_pending_remove(cmd);
2885 hci_dev_unlock(hdev);
2889 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2890 void *data, u16 data_len)
2892 struct pending_cmd *cmd;
2895 BT_DBG("%s", hdev->name);
2899 if (!hdev_is_powered(hdev)) {
2900 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2901 MGMT_STATUS_NOT_POWERED);
2905 if (!lmp_ssp_capable(hdev)) {
2906 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2907 MGMT_STATUS_NOT_SUPPORTED);
2911 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2912 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2917 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2923 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2925 mgmt_pending_remove(cmd);
2928 hci_dev_unlock(hdev);
2932 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2933 void *data, u16 len)
2935 struct mgmt_cp_add_remote_oob_data *cp = data;
2939 BT_DBG("%s ", hdev->name);
2943 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2946 status = MGMT_STATUS_FAILED;
2948 status = MGMT_STATUS_SUCCESS;
2950 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2951 &cp->addr, sizeof(cp->addr));
2953 hci_dev_unlock(hdev);
2957 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2958 void *data, u16 len)
2960 struct mgmt_cp_remove_remote_oob_data *cp = data;
2964 BT_DBG("%s", hdev->name);
2968 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2970 status = MGMT_STATUS_INVALID_PARAMS;
2972 status = MGMT_STATUS_SUCCESS;
2974 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2975 status, &cp->addr, sizeof(cp->addr));
2977 hci_dev_unlock(hdev);
2981 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2983 struct pending_cmd *cmd;
2987 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2989 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2993 type = hdev->discovery.type;
2995 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2996 &type, sizeof(type));
2997 mgmt_pending_remove(cmd);
3002 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3004 BT_DBG("status %d", status);
3008 mgmt_start_discovery_failed(hdev, status);
3009 hci_dev_unlock(hdev);
3014 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3015 hci_dev_unlock(hdev);
3017 switch (hdev->discovery.type) {
3018 case DISCOV_TYPE_LE:
3019 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
3023 case DISCOV_TYPE_INTERLEAVED:
3024 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
3025 DISCOV_INTERLEAVED_TIMEOUT);
3028 case DISCOV_TYPE_BREDR:
3032 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3036 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3037 void *data, u16 len)
3039 struct mgmt_cp_start_discovery *cp = data;
3040 struct pending_cmd *cmd;
3041 struct hci_cp_le_set_scan_param param_cp;
3042 struct hci_cp_le_set_scan_enable enable_cp;
3043 struct hci_cp_inquiry inq_cp;
3044 struct hci_request req;
3045 /* General inquiry access code (GIAC) */
3046 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3050 BT_DBG("%s", hdev->name);
3054 if (!hdev_is_powered(hdev)) {
3055 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3056 MGMT_STATUS_NOT_POWERED);
3060 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3061 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3066 if (hdev->discovery.state != DISCOVERY_STOPPED) {
3067 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3072 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
3078 hdev->discovery.type = cp->type;
3080 hci_req_init(&req, hdev);
3082 switch (hdev->discovery.type) {
3083 case DISCOV_TYPE_BREDR:
3084 status = mgmt_bredr_support(hdev);
3086 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3088 mgmt_pending_remove(cmd);
3092 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3093 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3095 mgmt_pending_remove(cmd);
3099 hci_inquiry_cache_flush(hdev);
3101 memset(&inq_cp, 0, sizeof(inq_cp));
3102 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3103 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3104 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3107 case DISCOV_TYPE_LE:
3108 case DISCOV_TYPE_INTERLEAVED:
3109 status = mgmt_le_support(hdev);
3111 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3113 mgmt_pending_remove(cmd);
3117 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3118 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3119 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3120 MGMT_STATUS_NOT_SUPPORTED);
3121 mgmt_pending_remove(cmd);
3125 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3126 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3127 MGMT_STATUS_REJECTED);
3128 mgmt_pending_remove(cmd);
3132 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3133 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3135 mgmt_pending_remove(cmd);
3139 memset(¶m_cp, 0, sizeof(param_cp));
3140 param_cp.type = LE_SCAN_ACTIVE;
3141 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3142 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3143 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
3144 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
3146 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
3147 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3150 memset(&enable_cp, 0, sizeof(enable_cp));
3151 enable_cp.enable = LE_SCAN_ENABLE;
3152 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3153 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3158 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3159 MGMT_STATUS_INVALID_PARAMS);
3160 mgmt_pending_remove(cmd);
3164 err = hci_req_run(&req, start_discovery_complete);
3166 mgmt_pending_remove(cmd);
3168 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3171 hci_dev_unlock(hdev);
3175 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3177 struct pending_cmd *cmd;
3180 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3184 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3185 &hdev->discovery.type, sizeof(hdev->discovery.type));
3186 mgmt_pending_remove(cmd);
3191 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3193 BT_DBG("status %d", status);
3198 mgmt_stop_discovery_failed(hdev, status);
3202 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3205 hci_dev_unlock(hdev);
3208 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3211 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3212 struct pending_cmd *cmd;
3213 struct hci_cp_remote_name_req_cancel cp;
3214 struct inquiry_entry *e;
3215 struct hci_request req;
3216 struct hci_cp_le_set_scan_enable enable_cp;
3219 BT_DBG("%s", hdev->name);
3223 if (!hci_discovery_active(hdev)) {
3224 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3225 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3226 sizeof(mgmt_cp->type));
3230 if (hdev->discovery.type != mgmt_cp->type) {
3231 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3232 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3233 sizeof(mgmt_cp->type));
3237 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3243 hci_req_init(&req, hdev);
3245 switch (hdev->discovery.state) {
3246 case DISCOVERY_FINDING:
3247 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3248 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3250 cancel_delayed_work(&hdev->le_scan_disable);
3252 memset(&enable_cp, 0, sizeof(enable_cp));
3253 enable_cp.enable = LE_SCAN_DISABLE;
3254 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3255 sizeof(enable_cp), &enable_cp);
3260 case DISCOVERY_RESOLVING:
3261 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3264 mgmt_pending_remove(cmd);
3265 err = cmd_complete(sk, hdev->id,
3266 MGMT_OP_STOP_DISCOVERY, 0,
3268 sizeof(mgmt_cp->type));
3269 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3273 bacpy(&cp.bdaddr, &e->data.bdaddr);
3274 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3280 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3282 mgmt_pending_remove(cmd);
3283 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3284 MGMT_STATUS_FAILED, &mgmt_cp->type,
3285 sizeof(mgmt_cp->type));
3289 err = hci_req_run(&req, stop_discovery_complete);
3291 mgmt_pending_remove(cmd);
3293 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3296 hci_dev_unlock(hdev);
3300 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3303 struct mgmt_cp_confirm_name *cp = data;
3304 struct inquiry_entry *e;
3307 BT_DBG("%s", hdev->name);
3311 if (!hci_discovery_active(hdev)) {
3312 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3313 MGMT_STATUS_FAILED);
3317 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3319 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3320 MGMT_STATUS_INVALID_PARAMS);
3324 if (cp->name_known) {
3325 e->name_state = NAME_KNOWN;
3328 e->name_state = NAME_NEEDED;
3329 hci_inquiry_cache_update_resolve(hdev, e);
3332 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3336 hci_dev_unlock(hdev);
3340 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3343 struct mgmt_cp_block_device *cp = data;
3347 BT_DBG("%s", hdev->name);
3349 if (!bdaddr_type_is_valid(cp->addr.type))
3350 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3351 MGMT_STATUS_INVALID_PARAMS,
3352 &cp->addr, sizeof(cp->addr));
3356 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3358 status = MGMT_STATUS_FAILED;
3360 status = MGMT_STATUS_SUCCESS;
3362 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3363 &cp->addr, sizeof(cp->addr));
3365 hci_dev_unlock(hdev);
3370 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3373 struct mgmt_cp_unblock_device *cp = data;
3377 BT_DBG("%s", hdev->name);
3379 if (!bdaddr_type_is_valid(cp->addr.type))
3380 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3381 MGMT_STATUS_INVALID_PARAMS,
3382 &cp->addr, sizeof(cp->addr));
3386 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3388 status = MGMT_STATUS_INVALID_PARAMS;
3390 status = MGMT_STATUS_SUCCESS;
3392 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3393 &cp->addr, sizeof(cp->addr));
3395 hci_dev_unlock(hdev);
3400 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3403 struct mgmt_cp_set_device_id *cp = data;
3404 struct hci_request req;
3408 BT_DBG("%s", hdev->name);
3410 source = __le16_to_cpu(cp->source);
3412 if (source > 0x0002)
3413 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3414 MGMT_STATUS_INVALID_PARAMS);
3418 hdev->devid_source = source;
3419 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3420 hdev->devid_product = __le16_to_cpu(cp->product);
3421 hdev->devid_version = __le16_to_cpu(cp->version);
3423 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3425 hci_req_init(&req, hdev);
3427 hci_req_run(&req, NULL);
3429 hci_dev_unlock(hdev);
3434 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3436 struct cmd_lookup match = { NULL, hdev };
3439 u8 mgmt_err = mgmt_status(status);
3441 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3442 cmd_status_rsp, &mgmt_err);
3446 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3449 new_settings(hdev, match.sk);
3455 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3458 struct mgmt_mode *cp = data;
3459 struct pending_cmd *cmd;
3460 struct hci_request req;
3461 u8 val, enabled, status;
3464 BT_DBG("request for %s", hdev->name);
3466 status = mgmt_le_support(hdev);
3468 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3471 if (cp->val != 0x00 && cp->val != 0x01)
3472 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3473 MGMT_STATUS_INVALID_PARAMS);
3478 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3480 /* The following conditions are ones which mean that we should
3481 * not do any HCI communication but directly send a mgmt
3482 * response to user space (after toggling the flag if
3485 if (!hdev_is_powered(hdev) || val == enabled ||
3486 hci_conn_num(hdev, LE_LINK) > 0) {
3487 bool changed = false;
3489 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3490 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3494 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3499 err = new_settings(hdev, sk);
3504 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3505 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3506 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3511 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3517 hci_req_init(&req, hdev);
3520 enable_advertising(&req);
3522 disable_advertising(&req);
3524 err = hci_req_run(&req, set_advertising_complete);
3526 mgmt_pending_remove(cmd);
3529 hci_dev_unlock(hdev);
3533 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3534 void *data, u16 len)
3536 struct mgmt_cp_set_static_address *cp = data;
3539 BT_DBG("%s", hdev->name);
3541 if (!lmp_le_capable(hdev))
3542 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3543 MGMT_STATUS_NOT_SUPPORTED);
3545 if (hdev_is_powered(hdev))
3546 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3547 MGMT_STATUS_REJECTED);
3549 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3550 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3551 return cmd_status(sk, hdev->id,
3552 MGMT_OP_SET_STATIC_ADDRESS,
3553 MGMT_STATUS_INVALID_PARAMS);
3555 /* Two most significant bits shall be set */
3556 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3557 return cmd_status(sk, hdev->id,
3558 MGMT_OP_SET_STATIC_ADDRESS,
3559 MGMT_STATUS_INVALID_PARAMS);
3564 bacpy(&hdev->static_addr, &cp->bdaddr);
3566 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3568 hci_dev_unlock(hdev);
3573 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3574 void *data, u16 len)
3576 struct mgmt_cp_set_scan_params *cp = data;
3577 __u16 interval, window;
3580 BT_DBG("%s", hdev->name);
3582 if (!lmp_le_capable(hdev))
3583 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3584 MGMT_STATUS_NOT_SUPPORTED);
3586 interval = __le16_to_cpu(cp->interval);
3588 if (interval < 0x0004 || interval > 0x4000)
3589 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3590 MGMT_STATUS_INVALID_PARAMS);
3592 window = __le16_to_cpu(cp->window);
3594 if (window < 0x0004 || window > 0x4000)
3595 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3596 MGMT_STATUS_INVALID_PARAMS);
3598 if (window > interval)
3599 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3600 MGMT_STATUS_INVALID_PARAMS);
3604 hdev->le_scan_interval = interval;
3605 hdev->le_scan_window = window;
3607 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3609 hci_dev_unlock(hdev);
3614 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3616 struct pending_cmd *cmd;
3618 BT_DBG("status 0x%02x", status);
3622 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3627 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3628 mgmt_status(status));
3630 struct mgmt_mode *cp = cmd->param;
3633 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3635 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3637 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3638 new_settings(hdev, cmd->sk);
3641 mgmt_pending_remove(cmd);
3644 hci_dev_unlock(hdev);
3647 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3648 void *data, u16 len)
3650 struct mgmt_mode *cp = data;
3651 struct pending_cmd *cmd;
3652 struct hci_request req;
3655 BT_DBG("%s", hdev->name);
3657 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3658 hdev->hci_ver < BLUETOOTH_VER_1_2)
3659 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3660 MGMT_STATUS_NOT_SUPPORTED);
3662 if (cp->val != 0x00 && cp->val != 0x01)
3663 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3664 MGMT_STATUS_INVALID_PARAMS);
3666 if (!hdev_is_powered(hdev))
3667 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3668 MGMT_STATUS_NOT_POWERED);
3670 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3671 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3672 MGMT_STATUS_REJECTED);
3676 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3677 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3682 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3683 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3688 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3695 hci_req_init(&req, hdev);
3697 write_fast_connectable(&req, cp->val);
3699 err = hci_req_run(&req, fast_connectable_complete);
3701 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3702 MGMT_STATUS_FAILED);
3703 mgmt_pending_remove(cmd);
3707 hci_dev_unlock(hdev);
3712 static void set_bredr_scan(struct hci_request *req)
3714 struct hci_dev *hdev = req->hdev;
3717 /* Ensure that fast connectable is disabled. This function will
3718 * not do anything if the page scan parameters are already what
3721 write_fast_connectable(req, false);
3723 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3725 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3726 scan |= SCAN_INQUIRY;
3729 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3732 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3734 struct pending_cmd *cmd;
3736 BT_DBG("status 0x%02x", status);
3740 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3745 u8 mgmt_err = mgmt_status(status);
3747 /* We need to restore the flag if related HCI commands
3750 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3752 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3754 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3755 new_settings(hdev, cmd->sk);
3758 mgmt_pending_remove(cmd);
3761 hci_dev_unlock(hdev);
3764 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3766 struct mgmt_mode *cp = data;
3767 struct pending_cmd *cmd;
3768 struct hci_request req;
3771 BT_DBG("request for %s", hdev->name);
3773 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3774 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3775 MGMT_STATUS_NOT_SUPPORTED);
3777 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3778 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3779 MGMT_STATUS_REJECTED);
3781 if (cp->val != 0x00 && cp->val != 0x01)
3782 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3783 MGMT_STATUS_INVALID_PARAMS);
3787 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3788 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3792 if (!hdev_is_powered(hdev)) {
3794 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3795 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3796 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3797 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3798 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3801 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3803 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3807 err = new_settings(hdev, sk);
3811 /* Reject disabling when powered on */
3813 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3814 MGMT_STATUS_REJECTED);
3818 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3819 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3824 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3830 /* We need to flip the bit already here so that update_ad
3831 * generates the correct flags.
3833 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3835 hci_req_init(&req, hdev);
3837 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3838 set_bredr_scan(&req);
3842 err = hci_req_run(&req, set_bredr_complete);
3844 mgmt_pending_remove(cmd);
3847 hci_dev_unlock(hdev);
3851 static bool ltk_is_valid(struct mgmt_ltk_info *key)
3853 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3855 if (key->master != 0x00 && key->master != 0x01)
3857 if (!bdaddr_type_is_le(key->addr.type))
3862 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
3863 void *cp_data, u16 len)
3865 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3866 u16 key_count, expected_len;
3869 BT_DBG("request for %s", hdev->name);
3871 if (!lmp_le_capable(hdev))
3872 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3873 MGMT_STATUS_NOT_SUPPORTED);
3875 key_count = __le16_to_cpu(cp->key_count);
3877 expected_len = sizeof(*cp) + key_count *
3878 sizeof(struct mgmt_ltk_info);
3879 if (expected_len != len) {
3880 BT_ERR("load_keys: expected %u bytes, got %u bytes",
3882 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3883 MGMT_STATUS_INVALID_PARAMS);
3886 BT_DBG("%s key_count %u", hdev->name, key_count);
3888 for (i = 0; i < key_count; i++) {
3889 struct mgmt_ltk_info *key = &cp->keys[i];
3891 if (!ltk_is_valid(key))
3892 return cmd_status(sk, hdev->id,
3893 MGMT_OP_LOAD_LONG_TERM_KEYS,
3894 MGMT_STATUS_INVALID_PARAMS);
3899 hci_smp_ltks_clear(hdev);
3901 for (i = 0; i < key_count; i++) {
3902 struct mgmt_ltk_info *key = &cp->keys[i];
3905 if (key->addr.type == BDADDR_LE_PUBLIC)
3906 addr_type = ADDR_LE_DEV_PUBLIC;
3908 addr_type = ADDR_LE_DEV_RANDOM;
3913 type = HCI_SMP_LTK_SLAVE;
3915 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
3916 type, 0, key->authenticated, key->val,
3917 key->enc_size, key->ediv, key->rand);
3920 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3923 hci_dev_unlock(hdev);
3928 static const struct mgmt_handler {
3929 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3933 } mgmt_handlers[] = {
3934 { NULL }, /* 0x0000 (no command) */
3935 { read_version, false, MGMT_READ_VERSION_SIZE },
3936 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3937 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3938 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3939 { set_powered, false, MGMT_SETTING_SIZE },
3940 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3941 { set_connectable, false, MGMT_SETTING_SIZE },
3942 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3943 { set_pairable, false, MGMT_SETTING_SIZE },
3944 { set_link_security, false, MGMT_SETTING_SIZE },
3945 { set_ssp, false, MGMT_SETTING_SIZE },
3946 { set_hs, false, MGMT_SETTING_SIZE },
3947 { set_le, false, MGMT_SETTING_SIZE },
3948 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3949 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3950 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3951 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3952 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3953 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3954 { disconnect, false, MGMT_DISCONNECT_SIZE },
3955 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3956 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3957 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3958 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3959 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3960 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3961 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3962 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3963 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3964 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3965 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3966 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3967 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3968 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3969 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3970 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3971 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3972 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3973 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
3974 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
3975 { set_advertising, false, MGMT_SETTING_SIZE },
3976 { set_bredr, false, MGMT_SETTING_SIZE },
3977 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
3978 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
3982 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3986 struct mgmt_hdr *hdr;
3987 u16 opcode, index, len;
3988 struct hci_dev *hdev = NULL;
3989 const struct mgmt_handler *handler;
3992 BT_DBG("got %zu bytes", msglen);
3994 if (msglen < sizeof(*hdr))
3997 buf = kmalloc(msglen, GFP_KERNEL);
4001 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4007 opcode = __le16_to_cpu(hdr->opcode);
4008 index = __le16_to_cpu(hdr->index);
4009 len = __le16_to_cpu(hdr->len);
4011 if (len != msglen - sizeof(*hdr)) {
4016 if (index != MGMT_INDEX_NONE) {
4017 hdev = hci_dev_get(index);
4019 err = cmd_status(sk, index, opcode,
4020 MGMT_STATUS_INVALID_INDEX);
4024 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4025 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
4026 err = cmd_status(sk, index, opcode,
4027 MGMT_STATUS_INVALID_INDEX);
4032 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
4033 mgmt_handlers[opcode].func == NULL) {
4034 BT_DBG("Unknown op %u", opcode);
4035 err = cmd_status(sk, index, opcode,
4036 MGMT_STATUS_UNKNOWN_COMMAND);
4040 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
4041 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
4042 err = cmd_status(sk, index, opcode,
4043 MGMT_STATUS_INVALID_INDEX);
4047 handler = &mgmt_handlers[opcode];
4049 if ((handler->var_len && len < handler->data_len) ||
4050 (!handler->var_len && len != handler->data_len)) {
4051 err = cmd_status(sk, index, opcode,
4052 MGMT_STATUS_INVALID_PARAMS);
4057 mgmt_init_hdev(sk, hdev);
4059 cp = buf + sizeof(*hdr);
4061 err = handler->func(sk, hdev, cp, len);
4075 void mgmt_index_added(struct hci_dev *hdev)
4077 if (hdev->dev_type != HCI_BREDR)
4080 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
4083 void mgmt_index_removed(struct hci_dev *hdev)
4085 u8 status = MGMT_STATUS_INVALID_INDEX;
4087 if (hdev->dev_type != HCI_BREDR)
4090 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
4092 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
4095 static void powered_complete(struct hci_dev *hdev, u8 status)
4097 struct cmd_lookup match = { NULL, hdev };
4099 BT_DBG("status 0x%02x", status);
4103 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4105 new_settings(hdev, match.sk);
4107 hci_dev_unlock(hdev);
4113 static int powered_update_hci(struct hci_dev *hdev)
4115 struct hci_request req;
4118 hci_req_init(&req, hdev);
4120 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4121 !lmp_host_ssp_capable(hdev)) {
4124 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
4127 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4128 lmp_bredr_capable(hdev)) {
4129 struct hci_cp_write_le_host_supported cp;
4132 cp.simul = lmp_le_br_capable(hdev);
4134 /* Check first if we already have the right
4135 * host state (host features set)
4137 if (cp.le != lmp_host_le_capable(hdev) ||
4138 cp.simul != lmp_host_le_br_capable(hdev))
4139 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4143 if (lmp_le_capable(hdev)) {
4144 /* Set random address to static address if configured */
4145 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4146 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4147 &hdev->static_addr);
4149 /* Make sure the controller has a good default for
4150 * advertising data. This also applies to the case
4151 * where BR/EDR was toggled during the AUTO_OFF phase.
4153 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4156 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4157 enable_advertising(&req);
4160 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4161 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
4162 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4163 sizeof(link_sec), &link_sec);
4165 if (lmp_bredr_capable(hdev)) {
4166 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4167 set_bredr_scan(&req);
4173 return hci_req_run(&req, powered_complete);
4176 int mgmt_powered(struct hci_dev *hdev, u8 powered)
4178 struct cmd_lookup match = { NULL, hdev };
4179 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4180 u8 zero_cod[] = { 0, 0, 0 };
4183 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4187 if (powered_update_hci(hdev) == 0)
4190 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4195 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4196 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4198 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4199 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4200 zero_cod, sizeof(zero_cod), NULL);
4203 err = new_settings(hdev, match.sk);
4211 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
4213 struct pending_cmd *cmd;
4216 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4220 if (err == -ERFKILL)
4221 status = MGMT_STATUS_RFKILLED;
4223 status = MGMT_STATUS_FAILED;
4225 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
4227 mgmt_pending_remove(cmd);
4230 void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
4234 /* Nothing needed here if there's a pending command since that
4235 * commands request completion callback takes care of everything
4238 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
4242 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4244 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4247 new_settings(hdev, NULL);
4250 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
4252 bool changed = false;
4255 /* Nothing needed here if there's a pending command since that
4256 * commands request completion callback takes care of everything
4259 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
4263 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4266 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4271 err = new_settings(hdev, NULL);
4276 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
4278 u8 mgmt_err = mgmt_status(status);
4280 if (scan & SCAN_PAGE)
4281 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
4282 cmd_status_rsp, &mgmt_err);
4284 if (scan & SCAN_INQUIRY)
4285 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
4286 cmd_status_rsp, &mgmt_err);
4291 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4294 struct mgmt_ev_new_link_key ev;
4296 memset(&ev, 0, sizeof(ev));
4298 ev.store_hint = persistent;
4299 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4300 ev.key.addr.type = BDADDR_BREDR;
4301 ev.key.type = key->type;
4302 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
4303 ev.key.pin_len = key->pin_len;
4305 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4308 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4310 struct mgmt_ev_new_long_term_key ev;
4312 memset(&ev, 0, sizeof(ev));
4314 ev.store_hint = persistent;
4315 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4316 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4317 ev.key.authenticated = key->authenticated;
4318 ev.key.enc_size = key->enc_size;
4319 ev.key.ediv = key->ediv;
4321 if (key->type == HCI_SMP_LTK)
4324 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4325 memcpy(ev.key.val, key->val, sizeof(key->val));
4327 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4331 void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4332 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4336 struct mgmt_ev_device_connected *ev = (void *) buf;
4339 bacpy(&ev->addr.bdaddr, bdaddr);
4340 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4342 ev->flags = __cpu_to_le32(flags);
4345 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4348 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4349 eir_len = eir_append_data(ev->eir, eir_len,
4350 EIR_CLASS_OF_DEV, dev_class, 3);
4352 ev->eir_len = cpu_to_le16(eir_len);
4354 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4355 sizeof(*ev) + eir_len, NULL);
4358 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4360 struct mgmt_cp_disconnect *cp = cmd->param;
4361 struct sock **sk = data;
4362 struct mgmt_rp_disconnect rp;
4364 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4365 rp.addr.type = cp->addr.type;
4367 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4373 mgmt_pending_remove(cmd);
4376 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4378 struct hci_dev *hdev = data;
4379 struct mgmt_cp_unpair_device *cp = cmd->param;
4380 struct mgmt_rp_unpair_device rp;
4382 memset(&rp, 0, sizeof(rp));
4383 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4384 rp.addr.type = cp->addr.type;
4386 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4388 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4390 mgmt_pending_remove(cmd);
4393 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4394 u8 link_type, u8 addr_type, u8 reason)
4396 struct mgmt_ev_device_disconnected ev;
4397 struct sock *sk = NULL;
4399 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4401 bacpy(&ev.addr.bdaddr, bdaddr);
4402 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4405 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
4410 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4414 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4415 u8 link_type, u8 addr_type, u8 status)
4417 struct mgmt_rp_disconnect rp;
4418 struct pending_cmd *cmd;
4420 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4423 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4427 bacpy(&rp.addr.bdaddr, bdaddr);
4428 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4430 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4431 mgmt_status(status), &rp, sizeof(rp));
4433 mgmt_pending_remove(cmd);
4436 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4437 u8 addr_type, u8 status)
4439 struct mgmt_ev_connect_failed ev;
4441 bacpy(&ev.addr.bdaddr, bdaddr);
4442 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4443 ev.status = mgmt_status(status);
4445 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4448 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
4450 struct mgmt_ev_pin_code_request ev;
4452 bacpy(&ev.addr.bdaddr, bdaddr);
4453 ev.addr.type = BDADDR_BREDR;
4456 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4460 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4463 struct pending_cmd *cmd;
4464 struct mgmt_rp_pin_code_reply rp;
4467 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
4471 bacpy(&rp.addr.bdaddr, bdaddr);
4472 rp.addr.type = BDADDR_BREDR;
4474 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4475 mgmt_status(status), &rp, sizeof(rp));
4477 mgmt_pending_remove(cmd);
4482 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4485 struct pending_cmd *cmd;
4486 struct mgmt_rp_pin_code_reply rp;
4489 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
4493 bacpy(&rp.addr.bdaddr, bdaddr);
4494 rp.addr.type = BDADDR_BREDR;
4496 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4497 mgmt_status(status), &rp, sizeof(rp));
4499 mgmt_pending_remove(cmd);
4504 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4505 u8 link_type, u8 addr_type, __le32 value,
4508 struct mgmt_ev_user_confirm_request ev;
4510 BT_DBG("%s", hdev->name);
4512 bacpy(&ev.addr.bdaddr, bdaddr);
4513 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4514 ev.confirm_hint = confirm_hint;
4517 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4521 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4522 u8 link_type, u8 addr_type)
4524 struct mgmt_ev_user_passkey_request ev;
4526 BT_DBG("%s", hdev->name);
4528 bacpy(&ev.addr.bdaddr, bdaddr);
4529 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4531 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
4535 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4536 u8 link_type, u8 addr_type, u8 status,
4539 struct pending_cmd *cmd;
4540 struct mgmt_rp_user_confirm_reply rp;
4543 cmd = mgmt_pending_find(opcode, hdev);
4547 bacpy(&rp.addr.bdaddr, bdaddr);
4548 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4549 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
4552 mgmt_pending_remove(cmd);
4557 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4558 u8 link_type, u8 addr_type, u8 status)
4560 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4561 status, MGMT_OP_USER_CONFIRM_REPLY);
4564 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4565 u8 link_type, u8 addr_type, u8 status)
4567 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4569 MGMT_OP_USER_CONFIRM_NEG_REPLY);
4572 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4573 u8 link_type, u8 addr_type, u8 status)
4575 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4576 status, MGMT_OP_USER_PASSKEY_REPLY);
4579 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4580 u8 link_type, u8 addr_type, u8 status)
4582 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4584 MGMT_OP_USER_PASSKEY_NEG_REPLY);
4587 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4588 u8 link_type, u8 addr_type, u32 passkey,
4591 struct mgmt_ev_passkey_notify ev;
4593 BT_DBG("%s", hdev->name);
4595 bacpy(&ev.addr.bdaddr, bdaddr);
4596 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4597 ev.passkey = __cpu_to_le32(passkey);
4598 ev.entered = entered;
4600 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4603 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4604 u8 addr_type, u8 status)
4606 struct mgmt_ev_auth_failed ev;
4608 bacpy(&ev.addr.bdaddr, bdaddr);
4609 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4610 ev.status = mgmt_status(status);
4612 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
4615 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4617 struct cmd_lookup match = { NULL, hdev };
4618 bool changed = false;
4622 u8 mgmt_err = mgmt_status(status);
4623 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
4624 cmd_status_rsp, &mgmt_err);
4628 if (test_bit(HCI_AUTH, &hdev->flags)) {
4629 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4632 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4636 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
4640 err = new_settings(hdev, match.sk);
4648 static void clear_eir(struct hci_request *req)
4650 struct hci_dev *hdev = req->hdev;
4651 struct hci_cp_write_eir cp;
4653 if (!lmp_ext_inq_capable(hdev))
4656 memset(hdev->eir, 0, sizeof(hdev->eir));
4658 memset(&cp, 0, sizeof(cp));
4660 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
4663 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4665 struct cmd_lookup match = { NULL, hdev };
4666 struct hci_request req;
4667 bool changed = false;
4671 u8 mgmt_err = mgmt_status(status);
4673 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
4674 &hdev->dev_flags)) {
4675 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4676 err = new_settings(hdev, NULL);
4679 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4686 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4688 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4690 changed = test_and_clear_bit(HCI_HS_ENABLED,
4693 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4696 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4699 err = new_settings(hdev, match.sk);
4704 hci_req_init(&req, hdev);
4706 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4711 hci_req_run(&req, NULL);
4716 static void sk_lookup(struct pending_cmd *cmd, void *data)
4718 struct cmd_lookup *match = data;
4720 if (match->sk == NULL) {
4721 match->sk = cmd->sk;
4722 sock_hold(match->sk);
4726 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4729 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4732 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4733 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4734 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
4737 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4746 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
4748 struct mgmt_cp_set_local_name ev;
4749 struct pending_cmd *cmd;
4754 memset(&ev, 0, sizeof(ev));
4755 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
4756 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
4758 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
4760 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
4762 /* If this is a HCI command related to powering on the
4763 * HCI dev don't send any mgmt signals.
4765 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4769 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4770 cmd ? cmd->sk : NULL);
4773 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4774 u8 *randomizer, u8 status)
4776 struct pending_cmd *cmd;
4779 BT_DBG("%s status %u", hdev->name, status);
4781 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4786 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4787 mgmt_status(status));
4789 struct mgmt_rp_read_local_oob_data rp;
4791 memcpy(rp.hash, hash, sizeof(rp.hash));
4792 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4794 err = cmd_complete(cmd->sk, hdev->id,
4795 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4799 mgmt_pending_remove(cmd);
4804 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4805 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4806 ssp, u8 *eir, u16 eir_len)
4809 struct mgmt_ev_device_found *ev = (void *) buf;
4812 if (!hci_discovery_active(hdev))
4815 /* Leave 5 bytes for a potential CoD field */
4816 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
4819 memset(buf, 0, sizeof(buf));
4821 bacpy(&ev->addr.bdaddr, bdaddr);
4822 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4825 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
4827 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
4830 memcpy(ev->eir, eir, eir_len);
4832 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4833 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
4836 ev->eir_len = cpu_to_le16(eir_len);
4837 ev_size = sizeof(*ev) + eir_len;
4839 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
4842 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4843 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
4845 struct mgmt_ev_device_found *ev;
4846 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4849 ev = (struct mgmt_ev_device_found *) buf;
4851 memset(buf, 0, sizeof(buf));
4853 bacpy(&ev->addr.bdaddr, bdaddr);
4854 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4857 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
4860 ev->eir_len = cpu_to_le16(eir_len);
4862 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
4865 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
4867 struct mgmt_ev_discovering ev;
4868 struct pending_cmd *cmd;
4870 BT_DBG("%s discovering %u", hdev->name, discovering);
4873 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
4875 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4878 u8 type = hdev->discovery.type;
4880 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4882 mgmt_pending_remove(cmd);
4885 memset(&ev, 0, sizeof(ev));
4886 ev.type = hdev->discovery.type;
4887 ev.discovering = discovering;
4889 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
4892 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4894 struct pending_cmd *cmd;
4895 struct mgmt_ev_device_blocked ev;
4897 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
4899 bacpy(&ev.addr.bdaddr, bdaddr);
4900 ev.addr.type = type;
4902 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
4903 cmd ? cmd->sk : NULL);
4906 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4908 struct pending_cmd *cmd;
4909 struct mgmt_ev_device_unblocked ev;
4911 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
4913 bacpy(&ev.addr.bdaddr, bdaddr);
4914 ev.addr.type = type;
4916 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
4917 cmd ? cmd->sk : NULL);
4920 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4922 BT_DBG("%s status %u", hdev->name, status);
4924 /* Clear the advertising mgmt setting if we failed to re-enable it */
4926 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4927 new_settings(hdev, NULL);
4931 void mgmt_reenable_advertising(struct hci_dev *hdev)
4933 struct hci_request req;
4935 if (hci_conn_num(hdev, LE_LINK) > 0)
4938 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4941 hci_req_init(&req, hdev);
4942 enable_advertising(&req);
4944 /* If this fails we have no option but to let user space know
4945 * that we've disabled advertising.
4947 if (hci_req_run(&req, adv_enable_complete) < 0) {
4948 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4949 new_settings(hdev, NULL);