2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
36 #define MGMT_VERSION 1
37 #define MGMT_REVISION 4
39 static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
76 MGMT_OP_UNBLOCK_DEVICE,
77 MGMT_OP_SET_DEVICE_ID,
78 MGMT_OP_SET_ADVERTISING,
80 MGMT_OP_SET_STATIC_ADDRESS,
81 MGMT_OP_SET_SCAN_PARAMS,
84 static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
87 MGMT_EV_INDEX_REMOVED,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
100 MGMT_EV_DEVICE_FOUND,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
105 MGMT_EV_PASSKEY_NOTIFY,
108 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
110 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
111 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
114 struct list_head list;
122 /* HCI to MGMT error code conversion table */
123 static u8 mgmt_status_table[] = {
125 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
126 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
127 MGMT_STATUS_FAILED, /* Hardware Failure */
128 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
129 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
130 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
131 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
132 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
133 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
135 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
136 MGMT_STATUS_BUSY, /* Command Disallowed */
137 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
138 MGMT_STATUS_REJECTED, /* Rejected Security */
139 MGMT_STATUS_REJECTED, /* Rejected Personal */
140 MGMT_STATUS_TIMEOUT, /* Host Timeout */
141 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
142 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
143 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
144 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
145 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
146 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
147 MGMT_STATUS_BUSY, /* Repeated Attempts */
148 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
149 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
151 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
152 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
153 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
155 MGMT_STATUS_FAILED, /* Unspecified Error */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
157 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
158 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
159 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
160 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
161 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
162 MGMT_STATUS_FAILED, /* Unit Link Key Used */
163 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
164 MGMT_STATUS_TIMEOUT, /* Instant Passed */
165 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
166 MGMT_STATUS_FAILED, /* Transaction Collision */
167 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
168 MGMT_STATUS_REJECTED, /* QoS Rejected */
169 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
170 MGMT_STATUS_REJECTED, /* Insufficient Security */
171 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
172 MGMT_STATUS_BUSY, /* Role Switch Pending */
173 MGMT_STATUS_FAILED, /* Slot Violation */
174 MGMT_STATUS_FAILED, /* Role Switch Failed */
175 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
176 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
177 MGMT_STATUS_BUSY, /* Host Busy Pairing */
178 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
179 MGMT_STATUS_BUSY, /* Controller Busy */
180 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
181 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
182 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
184 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
187 static u8 mgmt_status(u8 hci_status)
189 if (hci_status < ARRAY_SIZE(mgmt_status_table))
190 return mgmt_status_table[hci_status];
192 return MGMT_STATUS_FAILED;
195 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
198 struct mgmt_hdr *hdr;
199 struct mgmt_ev_cmd_status *ev;
202 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
204 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
208 hdr = (void *) skb_put(skb, sizeof(*hdr));
210 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
211 hdr->index = cpu_to_le16(index);
212 hdr->len = cpu_to_le16(sizeof(*ev));
214 ev = (void *) skb_put(skb, sizeof(*ev));
216 ev->opcode = cpu_to_le16(cmd);
218 err = sock_queue_rcv_skb(sk, skb);
225 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
226 void *rp, size_t rp_len)
229 struct mgmt_hdr *hdr;
230 struct mgmt_ev_cmd_complete *ev;
233 BT_DBG("sock %p", sk);
235 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
239 hdr = (void *) skb_put(skb, sizeof(*hdr));
241 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
242 hdr->index = cpu_to_le16(index);
243 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
245 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
246 ev->opcode = cpu_to_le16(cmd);
250 memcpy(ev->data, rp, rp_len);
252 err = sock_queue_rcv_skb(sk, skb);
259 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
262 struct mgmt_rp_read_version rp;
264 BT_DBG("sock %p", sk);
266 rp.version = MGMT_VERSION;
267 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
269 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
273 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
276 struct mgmt_rp_read_commands *rp;
277 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
278 const u16 num_events = ARRAY_SIZE(mgmt_events);
283 BT_DBG("sock %p", sk);
285 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
287 rp = kmalloc(rp_size, GFP_KERNEL);
291 rp->num_commands = __constant_cpu_to_le16(num_commands);
292 rp->num_events = __constant_cpu_to_le16(num_events);
294 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
295 put_unaligned_le16(mgmt_commands[i], opcode);
297 for (i = 0; i < num_events; i++, opcode++)
298 put_unaligned_le16(mgmt_events[i], opcode);
300 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
307 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
310 struct mgmt_rp_read_index_list *rp;
316 BT_DBG("sock %p", sk);
318 read_lock(&hci_dev_list_lock);
321 list_for_each_entry(d, &hci_dev_list, list) {
322 if (d->dev_type == HCI_BREDR)
326 rp_len = sizeof(*rp) + (2 * count);
327 rp = kmalloc(rp_len, GFP_ATOMIC);
329 read_unlock(&hci_dev_list_lock);
334 list_for_each_entry(d, &hci_dev_list, list) {
335 if (test_bit(HCI_SETUP, &d->dev_flags))
338 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
341 if (d->dev_type == HCI_BREDR) {
342 rp->index[count++] = cpu_to_le16(d->id);
343 BT_DBG("Added hci%u", d->id);
347 rp->num_controllers = cpu_to_le16(count);
348 rp_len = sizeof(*rp) + (2 * count);
350 read_unlock(&hci_dev_list_lock);
352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
360 static u32 get_supported_settings(struct hci_dev *hdev)
364 settings |= MGMT_SETTING_POWERED;
365 settings |= MGMT_SETTING_PAIRABLE;
367 if (lmp_bredr_capable(hdev)) {
368 settings |= MGMT_SETTING_CONNECTABLE;
369 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
370 settings |= MGMT_SETTING_FAST_CONNECTABLE;
371 settings |= MGMT_SETTING_DISCOVERABLE;
372 settings |= MGMT_SETTING_BREDR;
373 settings |= MGMT_SETTING_LINK_SECURITY;
375 if (lmp_ssp_capable(hdev)) {
376 settings |= MGMT_SETTING_SSP;
377 settings |= MGMT_SETTING_HS;
381 if (lmp_le_capable(hdev)) {
382 settings |= MGMT_SETTING_LE;
383 settings |= MGMT_SETTING_ADVERTISING;
389 static u32 get_current_settings(struct hci_dev *hdev)
393 if (hdev_is_powered(hdev))
394 settings |= MGMT_SETTING_POWERED;
396 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
397 settings |= MGMT_SETTING_CONNECTABLE;
399 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_FAST_CONNECTABLE;
402 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
403 settings |= MGMT_SETTING_DISCOVERABLE;
405 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
406 settings |= MGMT_SETTING_PAIRABLE;
408 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
409 settings |= MGMT_SETTING_BREDR;
411 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
412 settings |= MGMT_SETTING_LE;
414 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
415 settings |= MGMT_SETTING_LINK_SECURITY;
417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
418 settings |= MGMT_SETTING_SSP;
420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_HS;
423 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
424 settings |= MGMT_SETTING_ADVERTISING;
429 #define PNP_INFO_SVCLASS_ID 0x1200
431 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
433 u8 *ptr = data, *uuids_start = NULL;
434 struct bt_uuid *uuid;
439 list_for_each_entry(uuid, &hdev->uuids, list) {
442 if (uuid->size != 16)
445 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
449 if (uuid16 == PNP_INFO_SVCLASS_ID)
455 uuids_start[1] = EIR_UUID16_ALL;
459 /* Stop if not enough space to put next UUID */
460 if ((ptr - data) + sizeof(u16) > len) {
461 uuids_start[1] = EIR_UUID16_SOME;
465 *ptr++ = (uuid16 & 0x00ff);
466 *ptr++ = (uuid16 & 0xff00) >> 8;
467 uuids_start[0] += sizeof(uuid16);
473 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
475 u8 *ptr = data, *uuids_start = NULL;
476 struct bt_uuid *uuid;
481 list_for_each_entry(uuid, &hdev->uuids, list) {
482 if (uuid->size != 32)
488 uuids_start[1] = EIR_UUID32_ALL;
492 /* Stop if not enough space to put next UUID */
493 if ((ptr - data) + sizeof(u32) > len) {
494 uuids_start[1] = EIR_UUID32_SOME;
498 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
500 uuids_start[0] += sizeof(u32);
506 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
508 u8 *ptr = data, *uuids_start = NULL;
509 struct bt_uuid *uuid;
514 list_for_each_entry(uuid, &hdev->uuids, list) {
515 if (uuid->size != 128)
521 uuids_start[1] = EIR_UUID128_ALL;
525 /* Stop if not enough space to put next UUID */
526 if ((ptr - data) + 16 > len) {
527 uuids_start[1] = EIR_UUID128_SOME;
531 memcpy(ptr, uuid->uuid, 16);
533 uuids_start[0] += 16;
539 static u8 create_ad(struct hci_dev *hdev, u8 *ptr)
541 u8 ad_len = 0, flags = 0;
544 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
545 flags |= LE_AD_GENERAL;
547 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
548 if (lmp_le_br_capable(hdev))
549 flags |= LE_AD_SIM_LE_BREDR_CTRL;
550 if (lmp_host_le_br_capable(hdev))
551 flags |= LE_AD_SIM_LE_BREDR_HOST;
553 flags |= LE_AD_NO_BREDR;
557 BT_DBG("adv flags 0x%02x", flags);
567 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
569 ptr[1] = EIR_TX_POWER;
570 ptr[2] = (u8) hdev->adv_tx_power;
576 name_len = strlen(hdev->dev_name);
578 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
580 if (name_len > max_len) {
582 ptr[1] = EIR_NAME_SHORT;
584 ptr[1] = EIR_NAME_COMPLETE;
586 ptr[0] = name_len + 1;
588 memcpy(ptr + 2, hdev->dev_name, name_len);
590 ad_len += (name_len + 2);
591 ptr += (name_len + 2);
597 static void update_ad(struct hci_request *req)
599 struct hci_dev *hdev = req->hdev;
600 struct hci_cp_le_set_adv_data cp;
603 if (!lmp_le_capable(hdev))
606 memset(&cp, 0, sizeof(cp));
608 len = create_ad(hdev, cp.data);
610 if (hdev->adv_data_len == len &&
611 memcmp(cp.data, hdev->adv_data, len) == 0)
614 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
615 hdev->adv_data_len = len;
619 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
622 static void create_eir(struct hci_dev *hdev, u8 *data)
627 name_len = strlen(hdev->dev_name);
633 ptr[1] = EIR_NAME_SHORT;
635 ptr[1] = EIR_NAME_COMPLETE;
637 /* EIR Data length */
638 ptr[0] = name_len + 1;
640 memcpy(ptr + 2, hdev->dev_name, name_len);
642 ptr += (name_len + 2);
645 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
647 ptr[1] = EIR_TX_POWER;
648 ptr[2] = (u8) hdev->inq_tx_power;
653 if (hdev->devid_source > 0) {
655 ptr[1] = EIR_DEVICE_ID;
657 put_unaligned_le16(hdev->devid_source, ptr + 2);
658 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
659 put_unaligned_le16(hdev->devid_product, ptr + 6);
660 put_unaligned_le16(hdev->devid_version, ptr + 8);
665 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
666 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
667 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
670 static void update_eir(struct hci_request *req)
672 struct hci_dev *hdev = req->hdev;
673 struct hci_cp_write_eir cp;
675 if (!hdev_is_powered(hdev))
678 if (!lmp_ext_inq_capable(hdev))
681 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
684 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
687 memset(&cp, 0, sizeof(cp));
689 create_eir(hdev, cp.data);
691 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
694 memcpy(hdev->eir, cp.data, sizeof(cp.data));
696 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
699 static u8 get_service_classes(struct hci_dev *hdev)
701 struct bt_uuid *uuid;
704 list_for_each_entry(uuid, &hdev->uuids, list)
705 val |= uuid->svc_hint;
710 static void update_class(struct hci_request *req)
712 struct hci_dev *hdev = req->hdev;
715 BT_DBG("%s", hdev->name);
717 if (!hdev_is_powered(hdev))
720 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
723 cod[0] = hdev->minor_class;
724 cod[1] = hdev->major_class;
725 cod[2] = get_service_classes(hdev);
727 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
730 if (memcmp(cod, hdev->dev_class, 3) == 0)
733 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
736 static void service_cache_off(struct work_struct *work)
738 struct hci_dev *hdev = container_of(work, struct hci_dev,
740 struct hci_request req;
742 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
745 hci_req_init(&req, hdev);
752 hci_dev_unlock(hdev);
754 hci_req_run(&req, NULL);
757 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
759 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
762 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
764 /* Non-mgmt controlled devices get this bit set
765 * implicitly so that pairing works for them, however
766 * for mgmt we require user-space to explicitly enable
769 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
772 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
773 void *data, u16 data_len)
775 struct mgmt_rp_read_info rp;
777 BT_DBG("sock %p %s", sk, hdev->name);
781 memset(&rp, 0, sizeof(rp));
783 bacpy(&rp.bdaddr, &hdev->bdaddr);
785 rp.version = hdev->hci_ver;
786 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
788 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
789 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
791 memcpy(rp.dev_class, hdev->dev_class, 3);
793 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
794 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
796 hci_dev_unlock(hdev);
798 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
802 static void mgmt_pending_free(struct pending_cmd *cmd)
809 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
810 struct hci_dev *hdev, void *data,
813 struct pending_cmd *cmd;
815 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
819 cmd->opcode = opcode;
820 cmd->index = hdev->id;
822 cmd->param = kmalloc(len, GFP_KERNEL);
829 memcpy(cmd->param, data, len);
834 list_add(&cmd->list, &hdev->mgmt_pending);
839 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
840 void (*cb)(struct pending_cmd *cmd,
844 struct pending_cmd *cmd, *tmp;
846 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
847 if (opcode > 0 && cmd->opcode != opcode)
854 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
856 struct pending_cmd *cmd;
858 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
859 if (cmd->opcode == opcode)
866 static void mgmt_pending_remove(struct pending_cmd *cmd)
868 list_del(&cmd->list);
869 mgmt_pending_free(cmd);
872 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
874 __le32 settings = cpu_to_le32(get_current_settings(hdev));
876 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
880 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
883 struct mgmt_mode *cp = data;
884 struct pending_cmd *cmd;
887 BT_DBG("request for %s", hdev->name);
889 if (cp->val != 0x00 && cp->val != 0x01)
890 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
891 MGMT_STATUS_INVALID_PARAMS);
895 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
896 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
901 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
902 cancel_delayed_work(&hdev->power_off);
905 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
907 err = mgmt_powered(hdev, 1);
912 if (!!cp->val == hdev_is_powered(hdev)) {
913 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
917 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
924 queue_work(hdev->req_workqueue, &hdev->power_on);
926 queue_work(hdev->req_workqueue, &hdev->power_off.work);
931 hci_dev_unlock(hdev);
935 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
936 struct sock *skip_sk)
939 struct mgmt_hdr *hdr;
941 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
945 hdr = (void *) skb_put(skb, sizeof(*hdr));
946 hdr->opcode = cpu_to_le16(event);
948 hdr->index = cpu_to_le16(hdev->id);
950 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
951 hdr->len = cpu_to_le16(data_len);
954 memcpy(skb_put(skb, data_len), data, data_len);
957 __net_timestamp(skb);
959 hci_send_to_control(skb, skip_sk);
965 static int new_settings(struct hci_dev *hdev, struct sock *skip)
969 ev = cpu_to_le32(get_current_settings(hdev));
971 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
976 struct hci_dev *hdev;
980 static void settings_rsp(struct pending_cmd *cmd, void *data)
982 struct cmd_lookup *match = data;
984 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
986 list_del(&cmd->list);
988 if (match->sk == NULL) {
990 sock_hold(match->sk);
993 mgmt_pending_free(cmd);
996 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1000 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1001 mgmt_pending_remove(cmd);
1004 static u8 mgmt_bredr_support(struct hci_dev *hdev)
1006 if (!lmp_bredr_capable(hdev))
1007 return MGMT_STATUS_NOT_SUPPORTED;
1008 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1009 return MGMT_STATUS_REJECTED;
1011 return MGMT_STATUS_SUCCESS;
1014 static u8 mgmt_le_support(struct hci_dev *hdev)
1016 if (!lmp_le_capable(hdev))
1017 return MGMT_STATUS_NOT_SUPPORTED;
1018 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1019 return MGMT_STATUS_REJECTED;
1021 return MGMT_STATUS_SUCCESS;
1024 static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1026 struct pending_cmd *cmd;
1027 struct mgmt_mode *cp;
1030 BT_DBG("status 0x%02x", status);
1034 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1039 u8 mgmt_err = mgmt_status(status);
1040 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1046 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1049 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1052 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1055 new_settings(hdev, cmd->sk);
1058 mgmt_pending_remove(cmd);
1061 hci_dev_unlock(hdev);
1064 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
1067 struct mgmt_cp_set_discoverable *cp = data;
1068 struct pending_cmd *cmd;
1069 struct hci_request req;
1074 BT_DBG("request for %s", hdev->name);
1076 status = mgmt_bredr_support(hdev);
1078 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1081 if (cp->val != 0x00 && cp->val != 0x01)
1082 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1083 MGMT_STATUS_INVALID_PARAMS);
1085 timeout = __le16_to_cpu(cp->timeout);
1086 if (!cp->val && timeout > 0)
1087 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1088 MGMT_STATUS_INVALID_PARAMS);
1092 if (!hdev_is_powered(hdev) && timeout > 0) {
1093 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1094 MGMT_STATUS_NOT_POWERED);
1098 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1099 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1100 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1105 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
1106 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1107 MGMT_STATUS_REJECTED);
1111 if (!hdev_is_powered(hdev)) {
1112 bool changed = false;
1114 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1115 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1119 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1124 err = new_settings(hdev, sk);
1129 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1130 if (hdev->discov_timeout > 0) {
1131 cancel_delayed_work(&hdev->discov_off);
1132 hdev->discov_timeout = 0;
1135 if (cp->val && timeout > 0) {
1136 hdev->discov_timeout = timeout;
1137 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1138 msecs_to_jiffies(hdev->discov_timeout * 1000));
1141 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1145 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
1151 hci_req_init(&req, hdev);
1156 scan |= SCAN_INQUIRY;
1158 cancel_delayed_work(&hdev->discov_off);
1160 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1162 err = hci_req_run(&req, set_discoverable_complete);
1164 mgmt_pending_remove(cmd);
1167 hdev->discov_timeout = timeout;
1170 hci_dev_unlock(hdev);
1174 static void write_fast_connectable(struct hci_request *req, bool enable)
1176 struct hci_dev *hdev = req->hdev;
1177 struct hci_cp_write_page_scan_activity acp;
1180 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1184 type = PAGE_SCAN_TYPE_INTERLACED;
1186 /* 160 msec page scan interval */
1187 acp.interval = __constant_cpu_to_le16(0x0100);
1189 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1191 /* default 1.28 sec page scan */
1192 acp.interval = __constant_cpu_to_le16(0x0800);
1195 acp.window = __constant_cpu_to_le16(0x0012);
1197 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1198 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1199 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1202 if (hdev->page_scan_type != type)
1203 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1206 static u8 get_adv_type(struct hci_dev *hdev)
1208 struct pending_cmd *cmd;
1211 /* If there's a pending mgmt command the flag will not yet have
1212 * it's final value, so check for this first.
1214 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1216 struct mgmt_mode *cp = cmd->param;
1217 connectable = !!cp->val;
1219 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1222 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1225 static void enable_advertising(struct hci_request *req)
1227 struct hci_dev *hdev = req->hdev;
1228 struct hci_cp_le_set_adv_param cp;
1231 memset(&cp, 0, sizeof(cp));
1232 cp.min_interval = __constant_cpu_to_le16(0x0800);
1233 cp.max_interval = __constant_cpu_to_le16(0x0800);
1234 cp.type = get_adv_type(hdev);
1235 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1236 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1238 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1239 cp.channel_map = 0x07;
1241 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1243 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1246 static void disable_advertising(struct hci_request *req)
1250 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1253 static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1255 struct pending_cmd *cmd;
1256 struct mgmt_mode *cp;
1259 BT_DBG("status 0x%02x", status);
1263 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1268 u8 mgmt_err = mgmt_status(status);
1269 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1275 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1277 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1279 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1282 new_settings(hdev, cmd->sk);
1285 mgmt_pending_remove(cmd);
1288 hci_dev_unlock(hdev);
1291 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1294 struct mgmt_mode *cp = data;
1295 struct pending_cmd *cmd;
1296 struct hci_request req;
1300 BT_DBG("request for %s", hdev->name);
1302 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1303 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1304 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1305 MGMT_STATUS_REJECTED);
1307 if (cp->val != 0x00 && cp->val != 0x01)
1308 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1309 MGMT_STATUS_INVALID_PARAMS);
1313 if (!hdev_is_powered(hdev)) {
1314 bool changed = false;
1316 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1320 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1322 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1323 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1326 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1331 err = new_settings(hdev, sk);
1336 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1337 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1338 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1343 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1349 hci_req_init(&req, hdev);
1351 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
1352 cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
1358 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1359 hdev->discov_timeout > 0)
1360 cancel_delayed_work(&hdev->discov_off);
1363 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1366 /* If we're going from non-connectable to connectable or
1367 * vice-versa when fast connectable is enabled ensure that fast
1368 * connectable gets disabled. write_fast_connectable won't do
1369 * anything if the page scan parameters are already what they
1372 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
1373 write_fast_connectable(&req, false);
1375 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1376 hci_conn_num(hdev, LE_LINK) == 0) {
1377 disable_advertising(&req);
1378 enable_advertising(&req);
1381 err = hci_req_run(&req, set_connectable_complete);
1383 mgmt_pending_remove(cmd);
1384 if (err == -ENODATA)
1385 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE,
1391 hci_dev_unlock(hdev);
1395 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1398 struct mgmt_mode *cp = data;
1402 BT_DBG("request for %s", hdev->name);
1404 if (cp->val != 0x00 && cp->val != 0x01)
1405 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1406 MGMT_STATUS_INVALID_PARAMS);
1411 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1413 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1415 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1420 err = new_settings(hdev, sk);
1423 hci_dev_unlock(hdev);
1427 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1430 struct mgmt_mode *cp = data;
1431 struct pending_cmd *cmd;
1435 BT_DBG("request for %s", hdev->name);
1437 status = mgmt_bredr_support(hdev);
1439 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1442 if (cp->val != 0x00 && cp->val != 0x01)
1443 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1444 MGMT_STATUS_INVALID_PARAMS);
1448 if (!hdev_is_powered(hdev)) {
1449 bool changed = false;
1451 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1452 &hdev->dev_flags)) {
1453 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1457 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1462 err = new_settings(hdev, sk);
1467 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1468 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1475 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1476 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1480 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1486 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1488 mgmt_pending_remove(cmd);
1493 hci_dev_unlock(hdev);
1497 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1499 struct mgmt_mode *cp = data;
1500 struct pending_cmd *cmd;
1504 BT_DBG("request for %s", hdev->name);
1506 status = mgmt_bredr_support(hdev);
1508 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1510 if (!lmp_ssp_capable(hdev))
1511 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1512 MGMT_STATUS_NOT_SUPPORTED);
1514 if (cp->val != 0x00 && cp->val != 0x01)
1515 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1516 MGMT_STATUS_INVALID_PARAMS);
1520 if (!hdev_is_powered(hdev)) {
1524 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1527 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1530 changed = test_and_clear_bit(HCI_HS_ENABLED,
1533 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1536 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1541 err = new_settings(hdev, sk);
1546 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1547 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
1548 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1553 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1554 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1558 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1564 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
1566 mgmt_pending_remove(cmd);
1571 hci_dev_unlock(hdev);
1575 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1577 struct mgmt_mode *cp = data;
1582 BT_DBG("request for %s", hdev->name);
1584 status = mgmt_bredr_support(hdev);
1586 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
1588 if (!lmp_ssp_capable(hdev))
1589 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1590 MGMT_STATUS_NOT_SUPPORTED);
1592 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1593 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1594 MGMT_STATUS_REJECTED);
1596 if (cp->val != 0x00 && cp->val != 0x01)
1597 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1598 MGMT_STATUS_INVALID_PARAMS);
1603 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1605 if (hdev_is_powered(hdev)) {
1606 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1607 MGMT_STATUS_REJECTED);
1611 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1614 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1619 err = new_settings(hdev, sk);
1622 hci_dev_unlock(hdev);
1626 static void le_enable_complete(struct hci_dev *hdev, u8 status)
1628 struct cmd_lookup match = { NULL, hdev };
1631 u8 mgmt_err = mgmt_status(status);
1633 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1638 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1640 new_settings(hdev, match.sk);
1645 /* Make sure the controller has a good default for
1646 * advertising data. Restrict the update to when LE
1647 * has actually been enabled. During power on, the
1648 * update in powered_update_hci will take care of it.
1650 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1651 struct hci_request req;
1655 hci_req_init(&req, hdev);
1657 hci_req_run(&req, NULL);
1659 hci_dev_unlock(hdev);
1663 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1665 struct mgmt_mode *cp = data;
1666 struct hci_cp_write_le_host_supported hci_cp;
1667 struct pending_cmd *cmd;
1668 struct hci_request req;
1672 BT_DBG("request for %s", hdev->name);
1674 if (!lmp_le_capable(hdev))
1675 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1676 MGMT_STATUS_NOT_SUPPORTED);
1678 if (cp->val != 0x00 && cp->val != 0x01)
1679 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1680 MGMT_STATUS_INVALID_PARAMS);
1682 /* LE-only devices do not allow toggling LE on/off */
1683 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1684 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1685 MGMT_STATUS_REJECTED);
1690 enabled = lmp_host_le_capable(hdev);
1692 if (!hdev_is_powered(hdev) || val == enabled) {
1693 bool changed = false;
1695 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1696 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1700 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1701 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1705 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1710 err = new_settings(hdev, sk);
1715 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1716 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
1717 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1722 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1728 hci_req_init(&req, hdev);
1730 memset(&hci_cp, 0, sizeof(hci_cp));
1734 hci_cp.simul = lmp_le_br_capable(hdev);
1736 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1737 disable_advertising(&req);
1740 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1743 err = hci_req_run(&req, le_enable_complete);
1745 mgmt_pending_remove(cmd);
1748 hci_dev_unlock(hdev);
1752 /* This is a helper function to test for pending mgmt commands that can
1753 * cause CoD or EIR HCI commands. We can only allow one such pending
1754 * mgmt command at a time since otherwise we cannot easily track what
1755 * the current values are, will be, and based on that calculate if a new
1756 * HCI command needs to be sent and if yes with what value.
1758 static bool pending_eir_or_class(struct hci_dev *hdev)
1760 struct pending_cmd *cmd;
1762 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1763 switch (cmd->opcode) {
1764 case MGMT_OP_ADD_UUID:
1765 case MGMT_OP_REMOVE_UUID:
1766 case MGMT_OP_SET_DEV_CLASS:
1767 case MGMT_OP_SET_POWERED:
1775 static const u8 bluetooth_base_uuid[] = {
1776 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1777 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1780 static u8 get_uuid_size(const u8 *uuid)
1784 if (memcmp(uuid, bluetooth_base_uuid, 12))
1787 val = get_unaligned_le32(&uuid[12]);
1794 static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1796 struct pending_cmd *cmd;
1800 cmd = mgmt_pending_find(mgmt_op, hdev);
1804 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1805 hdev->dev_class, 3);
1807 mgmt_pending_remove(cmd);
1810 hci_dev_unlock(hdev);
1813 static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1815 BT_DBG("status 0x%02x", status);
1817 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1820 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1822 struct mgmt_cp_add_uuid *cp = data;
1823 struct pending_cmd *cmd;
1824 struct hci_request req;
1825 struct bt_uuid *uuid;
1828 BT_DBG("request for %s", hdev->name);
1832 if (pending_eir_or_class(hdev)) {
1833 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1838 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1844 memcpy(uuid->uuid, cp->uuid, 16);
1845 uuid->svc_hint = cp->svc_hint;
1846 uuid->size = get_uuid_size(cp->uuid);
1848 list_add_tail(&uuid->list, &hdev->uuids);
1850 hci_req_init(&req, hdev);
1855 err = hci_req_run(&req, add_uuid_complete);
1857 if (err != -ENODATA)
1860 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1861 hdev->dev_class, 3);
1865 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1874 hci_dev_unlock(hdev);
1878 static bool enable_service_cache(struct hci_dev *hdev)
1880 if (!hdev_is_powered(hdev))
1883 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1884 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1892 static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1894 BT_DBG("status 0x%02x", status);
1896 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1899 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1902 struct mgmt_cp_remove_uuid *cp = data;
1903 struct pending_cmd *cmd;
1904 struct bt_uuid *match, *tmp;
1905 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1906 struct hci_request req;
1909 BT_DBG("request for %s", hdev->name);
1913 if (pending_eir_or_class(hdev)) {
1914 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1919 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1920 err = hci_uuids_clear(hdev);
1922 if (enable_service_cache(hdev)) {
1923 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1924 0, hdev->dev_class, 3);
1933 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1934 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1937 list_del(&match->list);
1943 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1944 MGMT_STATUS_INVALID_PARAMS);
1949 hci_req_init(&req, hdev);
1954 err = hci_req_run(&req, remove_uuid_complete);
1956 if (err != -ENODATA)
1959 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1960 hdev->dev_class, 3);
1964 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1973 hci_dev_unlock(hdev);
1977 static void set_class_complete(struct hci_dev *hdev, u8 status)
1979 BT_DBG("status 0x%02x", status);
1981 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1984 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1987 struct mgmt_cp_set_dev_class *cp = data;
1988 struct pending_cmd *cmd;
1989 struct hci_request req;
1992 BT_DBG("request for %s", hdev->name);
1994 if (!lmp_bredr_capable(hdev))
1995 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1996 MGMT_STATUS_NOT_SUPPORTED);
2000 if (pending_eir_or_class(hdev)) {
2001 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2006 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2007 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2008 MGMT_STATUS_INVALID_PARAMS);
2012 hdev->major_class = cp->major;
2013 hdev->minor_class = cp->minor;
2015 if (!hdev_is_powered(hdev)) {
2016 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2017 hdev->dev_class, 3);
2021 hci_req_init(&req, hdev);
2023 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
2024 hci_dev_unlock(hdev);
2025 cancel_delayed_work_sync(&hdev->service_cache);
2032 err = hci_req_run(&req, set_class_complete);
2034 if (err != -ENODATA)
2037 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2038 hdev->dev_class, 3);
2042 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
2051 hci_dev_unlock(hdev);
2055 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
2058 struct mgmt_cp_load_link_keys *cp = data;
2059 u16 key_count, expected_len;
2062 BT_DBG("request for %s", hdev->name);
2064 if (!lmp_bredr_capable(hdev))
2065 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2066 MGMT_STATUS_NOT_SUPPORTED);
2068 key_count = __le16_to_cpu(cp->key_count);
2070 expected_len = sizeof(*cp) + key_count *
2071 sizeof(struct mgmt_link_key_info);
2072 if (expected_len != len) {
2073 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2075 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2076 MGMT_STATUS_INVALID_PARAMS);
2079 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2080 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2081 MGMT_STATUS_INVALID_PARAMS);
2083 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
2086 for (i = 0; i < key_count; i++) {
2087 struct mgmt_link_key_info *key = &cp->keys[i];
2089 if (key->addr.type != BDADDR_BREDR)
2090 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2091 MGMT_STATUS_INVALID_PARAMS);
2096 hci_link_keys_clear(hdev);
2099 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2101 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2103 for (i = 0; i < key_count; i++) {
2104 struct mgmt_link_key_info *key = &cp->keys[i];
2106 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
2107 key->type, key->pin_len);
2110 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
2112 hci_dev_unlock(hdev);
2117 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
2118 u8 addr_type, struct sock *skip_sk)
2120 struct mgmt_ev_device_unpaired ev;
2122 bacpy(&ev.addr.bdaddr, bdaddr);
2123 ev.addr.type = addr_type;
2125 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
2129 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2132 struct mgmt_cp_unpair_device *cp = data;
2133 struct mgmt_rp_unpair_device rp;
2134 struct hci_cp_disconnect dc;
2135 struct pending_cmd *cmd;
2136 struct hci_conn *conn;
2139 memset(&rp, 0, sizeof(rp));
2140 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2141 rp.addr.type = cp->addr.type;
2143 if (!bdaddr_type_is_valid(cp->addr.type))
2144 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2145 MGMT_STATUS_INVALID_PARAMS,
2148 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2149 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2150 MGMT_STATUS_INVALID_PARAMS,
2155 if (!hdev_is_powered(hdev)) {
2156 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2157 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2161 if (cp->addr.type == BDADDR_BREDR)
2162 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2164 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
2167 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2168 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
2172 if (cp->disconnect) {
2173 if (cp->addr.type == BDADDR_BREDR)
2174 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2177 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2184 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2186 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
2190 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
2197 dc.handle = cpu_to_le16(conn->handle);
2198 dc.reason = 0x13; /* Remote User Terminated Connection */
2199 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2201 mgmt_pending_remove(cmd);
2204 hci_dev_unlock(hdev);
2208 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
2211 struct mgmt_cp_disconnect *cp = data;
2212 struct mgmt_rp_disconnect rp;
2213 struct hci_cp_disconnect dc;
2214 struct pending_cmd *cmd;
2215 struct hci_conn *conn;
2220 memset(&rp, 0, sizeof(rp));
2221 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2222 rp.addr.type = cp->addr.type;
2224 if (!bdaddr_type_is_valid(cp->addr.type))
2225 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2226 MGMT_STATUS_INVALID_PARAMS,
2231 if (!test_bit(HCI_UP, &hdev->flags)) {
2232 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2233 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2237 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2238 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2239 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2243 if (cp->addr.type == BDADDR_BREDR)
2244 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2247 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
2249 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2250 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2251 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
2255 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
2261 dc.handle = cpu_to_le16(conn->handle);
2262 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
2264 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2266 mgmt_pending_remove(cmd);
2269 hci_dev_unlock(hdev);
2273 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
2275 switch (link_type) {
2277 switch (addr_type) {
2278 case ADDR_LE_DEV_PUBLIC:
2279 return BDADDR_LE_PUBLIC;
2282 /* Fallback to LE Random address type */
2283 return BDADDR_LE_RANDOM;
2287 /* Fallback to BR/EDR type */
2288 return BDADDR_BREDR;
2292 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2295 struct mgmt_rp_get_connections *rp;
2305 if (!hdev_is_powered(hdev)) {
2306 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2307 MGMT_STATUS_NOT_POWERED);
2312 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2313 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2317 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2318 rp = kmalloc(rp_len, GFP_KERNEL);
2325 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2326 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2328 bacpy(&rp->addr[i].bdaddr, &c->dst);
2329 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
2330 if (c->type == SCO_LINK || c->type == ESCO_LINK)
2335 rp->conn_count = cpu_to_le16(i);
2337 /* Recalculate length in case of filtered SCO connections, etc */
2338 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2340 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2346 hci_dev_unlock(hdev);
2350 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2351 struct mgmt_cp_pin_code_neg_reply *cp)
2353 struct pending_cmd *cmd;
2356 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
2361 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2362 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
2364 mgmt_pending_remove(cmd);
2369 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2372 struct hci_conn *conn;
2373 struct mgmt_cp_pin_code_reply *cp = data;
2374 struct hci_cp_pin_code_reply reply;
2375 struct pending_cmd *cmd;
2382 if (!hdev_is_powered(hdev)) {
2383 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2384 MGMT_STATUS_NOT_POWERED);
2388 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
2390 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2391 MGMT_STATUS_NOT_CONNECTED);
2395 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
2396 struct mgmt_cp_pin_code_neg_reply ncp;
2398 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
2400 BT_ERR("PIN code is not 16 bytes long");
2402 err = send_pin_code_neg_reply(sk, hdev, &ncp);
2404 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2405 MGMT_STATUS_INVALID_PARAMS);
2410 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
2416 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
2417 reply.pin_len = cp->pin_len;
2418 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
2420 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2422 mgmt_pending_remove(cmd);
2425 hci_dev_unlock(hdev);
2429 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2432 struct mgmt_cp_set_io_capability *cp = data;
2438 hdev->io_capability = cp->io_capability;
2440 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2441 hdev->io_capability);
2443 hci_dev_unlock(hdev);
2445 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2449 static struct pending_cmd *find_pairing(struct hci_conn *conn)
2451 struct hci_dev *hdev = conn->hdev;
2452 struct pending_cmd *cmd;
2454 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2455 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2458 if (cmd->user_data != conn)
2467 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2469 struct mgmt_rp_pair_device rp;
2470 struct hci_conn *conn = cmd->user_data;
2472 bacpy(&rp.addr.bdaddr, &conn->dst);
2473 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
2475 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2478 /* So we don't get further callbacks for this connection */
2479 conn->connect_cfm_cb = NULL;
2480 conn->security_cfm_cb = NULL;
2481 conn->disconn_cfm_cb = NULL;
2483 hci_conn_drop(conn);
2485 mgmt_pending_remove(cmd);
2488 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2490 struct pending_cmd *cmd;
2492 BT_DBG("status %u", status);
2494 cmd = find_pairing(conn);
2496 BT_DBG("Unable to find a pending command");
2498 pairing_complete(cmd, mgmt_status(status));
2501 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2503 struct pending_cmd *cmd;
2505 BT_DBG("status %u", status);
2510 cmd = find_pairing(conn);
2512 BT_DBG("Unable to find a pending command");
2514 pairing_complete(cmd, mgmt_status(status));
2517 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2520 struct mgmt_cp_pair_device *cp = data;
2521 struct mgmt_rp_pair_device rp;
2522 struct pending_cmd *cmd;
2523 u8 sec_level, auth_type;
2524 struct hci_conn *conn;
2529 memset(&rp, 0, sizeof(rp));
2530 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2531 rp.addr.type = cp->addr.type;
2533 if (!bdaddr_type_is_valid(cp->addr.type))
2534 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2535 MGMT_STATUS_INVALID_PARAMS,
2540 if (!hdev_is_powered(hdev)) {
2541 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2542 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2546 sec_level = BT_SECURITY_MEDIUM;
2547 if (cp->io_cap == 0x03)
2548 auth_type = HCI_AT_DEDICATED_BONDING;
2550 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2552 if (cp->addr.type == BDADDR_BREDR)
2553 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2554 cp->addr.type, sec_level, auth_type);
2556 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2557 cp->addr.type, sec_level, auth_type);
2562 if (PTR_ERR(conn) == -EBUSY)
2563 status = MGMT_STATUS_BUSY;
2565 status = MGMT_STATUS_CONNECT_FAILED;
2567 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2573 if (conn->connect_cfm_cb) {
2574 hci_conn_drop(conn);
2575 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2576 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2580 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2583 hci_conn_drop(conn);
2587 /* For LE, just connecting isn't a proof that the pairing finished */
2588 if (cp->addr.type == BDADDR_BREDR)
2589 conn->connect_cfm_cb = pairing_complete_cb;
2591 conn->connect_cfm_cb = le_connect_complete_cb;
2593 conn->security_cfm_cb = pairing_complete_cb;
2594 conn->disconn_cfm_cb = pairing_complete_cb;
2595 conn->io_capability = cp->io_cap;
2596 cmd->user_data = conn;
2598 if (conn->state == BT_CONNECTED &&
2599 hci_conn_security(conn, sec_level, auth_type))
2600 pairing_complete(cmd, 0);
2605 hci_dev_unlock(hdev);
2609 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2612 struct mgmt_addr_info *addr = data;
2613 struct pending_cmd *cmd;
2614 struct hci_conn *conn;
2621 if (!hdev_is_powered(hdev)) {
2622 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2623 MGMT_STATUS_NOT_POWERED);
2627 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2629 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2630 MGMT_STATUS_INVALID_PARAMS);
2634 conn = cmd->user_data;
2636 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2637 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2638 MGMT_STATUS_INVALID_PARAMS);
2642 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2644 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2645 addr, sizeof(*addr));
2647 hci_dev_unlock(hdev);
2651 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2652 struct mgmt_addr_info *addr, u16 mgmt_op,
2653 u16 hci_op, __le32 passkey)
2655 struct pending_cmd *cmd;
2656 struct hci_conn *conn;
2661 if (!hdev_is_powered(hdev)) {
2662 err = cmd_complete(sk, hdev->id, mgmt_op,
2663 MGMT_STATUS_NOT_POWERED, addr,
2668 if (addr->type == BDADDR_BREDR)
2669 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
2671 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
2674 err = cmd_complete(sk, hdev->id, mgmt_op,
2675 MGMT_STATUS_NOT_CONNECTED, addr,
2680 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
2681 /* Continue with pairing via SMP */
2682 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2685 err = cmd_complete(sk, hdev->id, mgmt_op,
2686 MGMT_STATUS_SUCCESS, addr,
2689 err = cmd_complete(sk, hdev->id, mgmt_op,
2690 MGMT_STATUS_FAILED, addr,
2696 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
2702 /* Continue with pairing via HCI */
2703 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2704 struct hci_cp_user_passkey_reply cp;
2706 bacpy(&cp.bdaddr, &addr->bdaddr);
2707 cp.passkey = passkey;
2708 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2710 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2714 mgmt_pending_remove(cmd);
2717 hci_dev_unlock(hdev);
2721 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2722 void *data, u16 len)
2724 struct mgmt_cp_pin_code_neg_reply *cp = data;
2728 return user_pairing_resp(sk, hdev, &cp->addr,
2729 MGMT_OP_PIN_CODE_NEG_REPLY,
2730 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2733 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2736 struct mgmt_cp_user_confirm_reply *cp = data;
2740 if (len != sizeof(*cp))
2741 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2742 MGMT_STATUS_INVALID_PARAMS);
2744 return user_pairing_resp(sk, hdev, &cp->addr,
2745 MGMT_OP_USER_CONFIRM_REPLY,
2746 HCI_OP_USER_CONFIRM_REPLY, 0);
2749 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2750 void *data, u16 len)
2752 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2756 return user_pairing_resp(sk, hdev, &cp->addr,
2757 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2758 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2761 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2764 struct mgmt_cp_user_passkey_reply *cp = data;
2768 return user_pairing_resp(sk, hdev, &cp->addr,
2769 MGMT_OP_USER_PASSKEY_REPLY,
2770 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2773 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2774 void *data, u16 len)
2776 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2780 return user_pairing_resp(sk, hdev, &cp->addr,
2781 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2782 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2785 static void update_name(struct hci_request *req)
2787 struct hci_dev *hdev = req->hdev;
2788 struct hci_cp_write_local_name cp;
2790 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2792 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2795 static void set_name_complete(struct hci_dev *hdev, u8 status)
2797 struct mgmt_cp_set_local_name *cp;
2798 struct pending_cmd *cmd;
2800 BT_DBG("status 0x%02x", status);
2804 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2811 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2812 mgmt_status(status));
2814 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2817 mgmt_pending_remove(cmd);
2820 hci_dev_unlock(hdev);
2823 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2826 struct mgmt_cp_set_local_name *cp = data;
2827 struct pending_cmd *cmd;
2828 struct hci_request req;
2835 /* If the old values are the same as the new ones just return a
2836 * direct command complete event.
2838 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2839 !memcmp(hdev->short_name, cp->short_name,
2840 sizeof(hdev->short_name))) {
2841 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2846 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2848 if (!hdev_is_powered(hdev)) {
2849 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2851 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2856 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2862 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2868 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2870 hci_req_init(&req, hdev);
2872 if (lmp_bredr_capable(hdev)) {
2877 if (lmp_le_capable(hdev))
2880 err = hci_req_run(&req, set_name_complete);
2882 mgmt_pending_remove(cmd);
2885 hci_dev_unlock(hdev);
2889 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2890 void *data, u16 data_len)
2892 struct pending_cmd *cmd;
2895 BT_DBG("%s", hdev->name);
2899 if (!hdev_is_powered(hdev)) {
2900 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2901 MGMT_STATUS_NOT_POWERED);
2905 if (!lmp_ssp_capable(hdev)) {
2906 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2907 MGMT_STATUS_NOT_SUPPORTED);
2911 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2912 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2917 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2923 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2925 mgmt_pending_remove(cmd);
2928 hci_dev_unlock(hdev);
2932 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2933 void *data, u16 len)
2935 struct mgmt_cp_add_remote_oob_data *cp = data;
2939 BT_DBG("%s ", hdev->name);
2943 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2946 status = MGMT_STATUS_FAILED;
2948 status = MGMT_STATUS_SUCCESS;
2950 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2951 &cp->addr, sizeof(cp->addr));
2953 hci_dev_unlock(hdev);
2957 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2958 void *data, u16 len)
2960 struct mgmt_cp_remove_remote_oob_data *cp = data;
2964 BT_DBG("%s", hdev->name);
2968 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2970 status = MGMT_STATUS_INVALID_PARAMS;
2972 status = MGMT_STATUS_SUCCESS;
2974 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2975 status, &cp->addr, sizeof(cp->addr));
2977 hci_dev_unlock(hdev);
2981 static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2983 struct pending_cmd *cmd;
2987 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2989 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2993 type = hdev->discovery.type;
2995 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2996 &type, sizeof(type));
2997 mgmt_pending_remove(cmd);
3002 static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3004 BT_DBG("status %d", status);
3008 mgmt_start_discovery_failed(hdev, status);
3009 hci_dev_unlock(hdev);
3014 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3015 hci_dev_unlock(hdev);
3017 switch (hdev->discovery.type) {
3018 case DISCOV_TYPE_LE:
3019 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
3023 case DISCOV_TYPE_INTERLEAVED:
3024 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
3025 DISCOV_INTERLEAVED_TIMEOUT);
3028 case DISCOV_TYPE_BREDR:
3032 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3036 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3037 void *data, u16 len)
3039 struct mgmt_cp_start_discovery *cp = data;
3040 struct pending_cmd *cmd;
3041 struct hci_cp_le_set_scan_param param_cp;
3042 struct hci_cp_le_set_scan_enable enable_cp;
3043 struct hci_cp_inquiry inq_cp;
3044 struct hci_request req;
3045 /* General inquiry access code (GIAC) */
3046 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3050 BT_DBG("%s", hdev->name);
3054 if (!hdev_is_powered(hdev)) {
3055 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3056 MGMT_STATUS_NOT_POWERED);
3060 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3061 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3066 if (hdev->discovery.state != DISCOVERY_STOPPED) {
3067 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3072 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
3078 hdev->discovery.type = cp->type;
3080 hci_req_init(&req, hdev);
3082 switch (hdev->discovery.type) {
3083 case DISCOV_TYPE_BREDR:
3084 status = mgmt_bredr_support(hdev);
3086 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3088 mgmt_pending_remove(cmd);
3092 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3093 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3095 mgmt_pending_remove(cmd);
3099 hci_inquiry_cache_flush(hdev);
3101 memset(&inq_cp, 0, sizeof(inq_cp));
3102 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3103 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3104 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3107 case DISCOV_TYPE_LE:
3108 case DISCOV_TYPE_INTERLEAVED:
3109 status = mgmt_le_support(hdev);
3111 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3113 mgmt_pending_remove(cmd);
3117 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3118 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3119 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3120 MGMT_STATUS_NOT_SUPPORTED);
3121 mgmt_pending_remove(cmd);
3125 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3126 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3127 MGMT_STATUS_REJECTED);
3128 mgmt_pending_remove(cmd);
3132 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3133 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3135 mgmt_pending_remove(cmd);
3139 memset(¶m_cp, 0, sizeof(param_cp));
3140 param_cp.type = LE_SCAN_ACTIVE;
3141 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3142 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3143 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
3144 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
3146 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
3147 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3150 memset(&enable_cp, 0, sizeof(enable_cp));
3151 enable_cp.enable = LE_SCAN_ENABLE;
3152 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3153 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3158 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3159 MGMT_STATUS_INVALID_PARAMS);
3160 mgmt_pending_remove(cmd);
3164 err = hci_req_run(&req, start_discovery_complete);
3166 mgmt_pending_remove(cmd);
3168 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
3171 hci_dev_unlock(hdev);
3175 static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3177 struct pending_cmd *cmd;
3180 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3184 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3185 &hdev->discovery.type, sizeof(hdev->discovery.type));
3186 mgmt_pending_remove(cmd);
3191 static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3193 BT_DBG("status %d", status);
3198 mgmt_stop_discovery_failed(hdev, status);
3202 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3205 hci_dev_unlock(hdev);
3208 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
3211 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3212 struct pending_cmd *cmd;
3213 struct hci_cp_remote_name_req_cancel cp;
3214 struct inquiry_entry *e;
3215 struct hci_request req;
3216 struct hci_cp_le_set_scan_enable enable_cp;
3219 BT_DBG("%s", hdev->name);
3223 if (!hci_discovery_active(hdev)) {
3224 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3225 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3226 sizeof(mgmt_cp->type));
3230 if (hdev->discovery.type != mgmt_cp->type) {
3231 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3232 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3233 sizeof(mgmt_cp->type));
3237 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
3243 hci_req_init(&req, hdev);
3245 switch (hdev->discovery.state) {
3246 case DISCOVERY_FINDING:
3247 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3248 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3250 cancel_delayed_work(&hdev->le_scan_disable);
3252 memset(&enable_cp, 0, sizeof(enable_cp));
3253 enable_cp.enable = LE_SCAN_DISABLE;
3254 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3255 sizeof(enable_cp), &enable_cp);
3260 case DISCOVERY_RESOLVING:
3261 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
3264 mgmt_pending_remove(cmd);
3265 err = cmd_complete(sk, hdev->id,
3266 MGMT_OP_STOP_DISCOVERY, 0,
3268 sizeof(mgmt_cp->type));
3269 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3273 bacpy(&cp.bdaddr, &e->data.bdaddr);
3274 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3280 BT_DBG("unknown discovery state %u", hdev->discovery.state);
3282 mgmt_pending_remove(cmd);
3283 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3284 MGMT_STATUS_FAILED, &mgmt_cp->type,
3285 sizeof(mgmt_cp->type));
3289 err = hci_req_run(&req, stop_discovery_complete);
3291 mgmt_pending_remove(cmd);
3293 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3296 hci_dev_unlock(hdev);
3300 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
3303 struct mgmt_cp_confirm_name *cp = data;
3304 struct inquiry_entry *e;
3307 BT_DBG("%s", hdev->name);
3311 if (!hci_discovery_active(hdev)) {
3312 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3313 MGMT_STATUS_FAILED);
3317 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
3319 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3320 MGMT_STATUS_INVALID_PARAMS);
3324 if (cp->name_known) {
3325 e->name_state = NAME_KNOWN;
3328 e->name_state = NAME_NEEDED;
3329 hci_inquiry_cache_update_resolve(hdev, e);
3332 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3336 hci_dev_unlock(hdev);
3340 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
3343 struct mgmt_cp_block_device *cp = data;
3347 BT_DBG("%s", hdev->name);
3349 if (!bdaddr_type_is_valid(cp->addr.type))
3350 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3351 MGMT_STATUS_INVALID_PARAMS,
3352 &cp->addr, sizeof(cp->addr));
3356 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
3358 status = MGMT_STATUS_FAILED;
3360 status = MGMT_STATUS_SUCCESS;
3362 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3363 &cp->addr, sizeof(cp->addr));
3365 hci_dev_unlock(hdev);
3370 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
3373 struct mgmt_cp_unblock_device *cp = data;
3377 BT_DBG("%s", hdev->name);
3379 if (!bdaddr_type_is_valid(cp->addr.type))
3380 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3381 MGMT_STATUS_INVALID_PARAMS,
3382 &cp->addr, sizeof(cp->addr));
3386 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
3388 status = MGMT_STATUS_INVALID_PARAMS;
3390 status = MGMT_STATUS_SUCCESS;
3392 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3393 &cp->addr, sizeof(cp->addr));
3395 hci_dev_unlock(hdev);
3400 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3403 struct mgmt_cp_set_device_id *cp = data;
3404 struct hci_request req;
3408 BT_DBG("%s", hdev->name);
3410 source = __le16_to_cpu(cp->source);
3412 if (source > 0x0002)
3413 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3414 MGMT_STATUS_INVALID_PARAMS);
3418 hdev->devid_source = source;
3419 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3420 hdev->devid_product = __le16_to_cpu(cp->product);
3421 hdev->devid_version = __le16_to_cpu(cp->version);
3423 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3425 hci_req_init(&req, hdev);
3427 hci_req_run(&req, NULL);
3429 hci_dev_unlock(hdev);
3434 static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3436 struct cmd_lookup match = { NULL, hdev };
3439 u8 mgmt_err = mgmt_status(status);
3441 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3442 cmd_status_rsp, &mgmt_err);
3446 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3449 new_settings(hdev, match.sk);
3455 static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3458 struct mgmt_mode *cp = data;
3459 struct pending_cmd *cmd;
3460 struct hci_request req;
3461 u8 val, enabled, status;
3464 BT_DBG("request for %s", hdev->name);
3466 status = mgmt_le_support(hdev);
3468 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3471 if (cp->val != 0x00 && cp->val != 0x01)
3472 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3473 MGMT_STATUS_INVALID_PARAMS);
3478 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
3480 /* The following conditions are ones which mean that we should
3481 * not do any HCI communication but directly send a mgmt
3482 * response to user space (after toggling the flag if
3485 if (!hdev_is_powered(hdev) || val == enabled ||
3486 hci_conn_num(hdev, LE_LINK) > 0) {
3487 bool changed = false;
3489 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3490 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
3494 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3499 err = new_settings(hdev, sk);
3504 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3505 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3506 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3511 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3517 hci_req_init(&req, hdev);
3520 enable_advertising(&req);
3522 disable_advertising(&req);
3524 err = hci_req_run(&req, set_advertising_complete);
3526 mgmt_pending_remove(cmd);
3529 hci_dev_unlock(hdev);
3533 static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3534 void *data, u16 len)
3536 struct mgmt_cp_set_static_address *cp = data;
3539 BT_DBG("%s", hdev->name);
3541 if (!lmp_le_capable(hdev))
3542 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3543 MGMT_STATUS_NOT_SUPPORTED);
3545 if (hdev_is_powered(hdev))
3546 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3547 MGMT_STATUS_REJECTED);
3549 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3550 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3551 return cmd_status(sk, hdev->id,
3552 MGMT_OP_SET_STATIC_ADDRESS,
3553 MGMT_STATUS_INVALID_PARAMS);
3555 /* Two most significant bits shall be set */
3556 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3557 return cmd_status(sk, hdev->id,
3558 MGMT_OP_SET_STATIC_ADDRESS,
3559 MGMT_STATUS_INVALID_PARAMS);
3564 bacpy(&hdev->static_addr, &cp->bdaddr);
3566 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3568 hci_dev_unlock(hdev);
3573 static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3574 void *data, u16 len)
3576 struct mgmt_cp_set_scan_params *cp = data;
3577 __u16 interval, window;
3580 BT_DBG("%s", hdev->name);
3582 if (!lmp_le_capable(hdev))
3583 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3584 MGMT_STATUS_NOT_SUPPORTED);
3586 interval = __le16_to_cpu(cp->interval);
3588 if (interval < 0x0004 || interval > 0x4000)
3589 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3590 MGMT_STATUS_INVALID_PARAMS);
3592 window = __le16_to_cpu(cp->window);
3594 if (window < 0x0004 || window > 0x4000)
3595 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3596 MGMT_STATUS_INVALID_PARAMS);
3598 if (window > interval)
3599 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3600 MGMT_STATUS_INVALID_PARAMS);
3604 hdev->le_scan_interval = interval;
3605 hdev->le_scan_window = window;
3607 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3609 hci_dev_unlock(hdev);
3614 static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3616 struct pending_cmd *cmd;
3618 BT_DBG("status 0x%02x", status);
3622 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3627 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3628 mgmt_status(status));
3630 struct mgmt_mode *cp = cmd->param;
3633 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3635 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3637 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3638 new_settings(hdev, cmd->sk);
3641 mgmt_pending_remove(cmd);
3644 hci_dev_unlock(hdev);
3647 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
3648 void *data, u16 len)
3650 struct mgmt_mode *cp = data;
3651 struct pending_cmd *cmd;
3652 struct hci_request req;
3655 BT_DBG("%s", hdev->name);
3657 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3658 hdev->hci_ver < BLUETOOTH_VER_1_2)
3659 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3660 MGMT_STATUS_NOT_SUPPORTED);
3662 if (cp->val != 0x00 && cp->val != 0x01)
3663 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3664 MGMT_STATUS_INVALID_PARAMS);
3666 if (!hdev_is_powered(hdev))
3667 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3668 MGMT_STATUS_NOT_POWERED);
3670 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3671 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3672 MGMT_STATUS_REJECTED);
3676 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3677 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3682 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3683 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3688 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3695 hci_req_init(&req, hdev);
3697 write_fast_connectable(&req, cp->val);
3699 err = hci_req_run(&req, fast_connectable_complete);
3701 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3702 MGMT_STATUS_FAILED);
3703 mgmt_pending_remove(cmd);
3707 hci_dev_unlock(hdev);
3712 static void set_bredr_scan(struct hci_request *req)
3714 struct hci_dev *hdev = req->hdev;
3717 /* Ensure that fast connectable is disabled. This function will
3718 * not do anything if the page scan parameters are already what
3721 write_fast_connectable(req, false);
3723 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3725 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3726 scan |= SCAN_INQUIRY;
3729 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3732 static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3734 struct pending_cmd *cmd;
3736 BT_DBG("status 0x%02x", status);
3740 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3745 u8 mgmt_err = mgmt_status(status);
3747 /* We need to restore the flag if related HCI commands
3750 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3752 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3754 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3755 new_settings(hdev, cmd->sk);
3758 mgmt_pending_remove(cmd);
3761 hci_dev_unlock(hdev);
3764 static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3766 struct mgmt_mode *cp = data;
3767 struct pending_cmd *cmd;
3768 struct hci_request req;
3771 BT_DBG("request for %s", hdev->name);
3773 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3774 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3775 MGMT_STATUS_NOT_SUPPORTED);
3777 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3778 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3779 MGMT_STATUS_REJECTED);
3781 if (cp->val != 0x00 && cp->val != 0x01)
3782 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3783 MGMT_STATUS_INVALID_PARAMS);
3787 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3788 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3792 if (!hdev_is_powered(hdev)) {
3794 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3795 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3796 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3797 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3798 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3801 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3803 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3807 err = new_settings(hdev, sk);
3811 /* Reject disabling when powered on */
3813 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3814 MGMT_STATUS_REJECTED);
3818 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3819 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3824 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3830 /* We need to flip the bit already here so that update_ad
3831 * generates the correct flags.
3833 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3835 hci_req_init(&req, hdev);
3837 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3838 set_bredr_scan(&req);
3842 err = hci_req_run(&req, set_bredr_complete);
3844 mgmt_pending_remove(cmd);
3847 hci_dev_unlock(hdev);
3851 static bool ltk_is_valid(struct mgmt_ltk_info *key)
3853 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3855 if (key->master != 0x00 && key->master != 0x01)
3857 if (!bdaddr_type_is_le(key->addr.type))
3862 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
3863 void *cp_data, u16 len)
3865 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3866 u16 key_count, expected_len;
3869 BT_DBG("request for %s", hdev->name);
3871 if (!lmp_le_capable(hdev))
3872 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3873 MGMT_STATUS_NOT_SUPPORTED);
3875 key_count = __le16_to_cpu(cp->key_count);
3877 expected_len = sizeof(*cp) + key_count *
3878 sizeof(struct mgmt_ltk_info);
3879 if (expected_len != len) {
3880 BT_ERR("load_keys: expected %u bytes, got %u bytes",
3882 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3883 MGMT_STATUS_INVALID_PARAMS);
3886 BT_DBG("%s key_count %u", hdev->name, key_count);
3888 for (i = 0; i < key_count; i++) {
3889 struct mgmt_ltk_info *key = &cp->keys[i];
3891 if (!ltk_is_valid(key))
3892 return cmd_status(sk, hdev->id,
3893 MGMT_OP_LOAD_LONG_TERM_KEYS,
3894 MGMT_STATUS_INVALID_PARAMS);
3899 hci_smp_ltks_clear(hdev);
3901 for (i = 0; i < key_count; i++) {
3902 struct mgmt_ltk_info *key = &cp->keys[i];
3905 if (key->addr.type == BDADDR_LE_PUBLIC)
3906 addr_type = ADDR_LE_DEV_PUBLIC;
3908 addr_type = ADDR_LE_DEV_RANDOM;
3913 type = HCI_SMP_LTK_SLAVE;
3915 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
3916 type, 0, key->authenticated, key->val,
3917 key->enc_size, key->ediv, key->rand);
3920 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3923 hci_dev_unlock(hdev);
3928 static const struct mgmt_handler {
3929 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3933 } mgmt_handlers[] = {
3934 { NULL }, /* 0x0000 (no command) */
3935 { read_version, false, MGMT_READ_VERSION_SIZE },
3936 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3937 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3938 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3939 { set_powered, false, MGMT_SETTING_SIZE },
3940 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3941 { set_connectable, false, MGMT_SETTING_SIZE },
3942 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3943 { set_pairable, false, MGMT_SETTING_SIZE },
3944 { set_link_security, false, MGMT_SETTING_SIZE },
3945 { set_ssp, false, MGMT_SETTING_SIZE },
3946 { set_hs, false, MGMT_SETTING_SIZE },
3947 { set_le, false, MGMT_SETTING_SIZE },
3948 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3949 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3950 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3951 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3952 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3953 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3954 { disconnect, false, MGMT_DISCONNECT_SIZE },
3955 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3956 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3957 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3958 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3959 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3960 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3961 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3962 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3963 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3964 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3965 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3966 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3967 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3968 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3969 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3970 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3971 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3972 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3973 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
3974 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
3975 { set_advertising, false, MGMT_SETTING_SIZE },
3976 { set_bredr, false, MGMT_SETTING_SIZE },
3977 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
3978 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
3982 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3986 struct mgmt_hdr *hdr;
3987 u16 opcode, index, len;
3988 struct hci_dev *hdev = NULL;
3989 const struct mgmt_handler *handler;
3992 BT_DBG("got %zu bytes", msglen);
3994 if (msglen < sizeof(*hdr))
3997 buf = kmalloc(msglen, GFP_KERNEL);
4001 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4007 opcode = __le16_to_cpu(hdr->opcode);
4008 index = __le16_to_cpu(hdr->index);
4009 len = __le16_to_cpu(hdr->len);
4011 if (len != msglen - sizeof(*hdr)) {
4016 if (index != MGMT_INDEX_NONE) {
4017 hdev = hci_dev_get(index);
4019 err = cmd_status(sk, index, opcode,
4020 MGMT_STATUS_INVALID_INDEX);
4024 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4025 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
4026 err = cmd_status(sk, index, opcode,
4027 MGMT_STATUS_INVALID_INDEX);
4032 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
4033 mgmt_handlers[opcode].func == NULL) {
4034 BT_DBG("Unknown op %u", opcode);
4035 err = cmd_status(sk, index, opcode,
4036 MGMT_STATUS_UNKNOWN_COMMAND);
4040 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
4041 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
4042 err = cmd_status(sk, index, opcode,
4043 MGMT_STATUS_INVALID_INDEX);
4047 handler = &mgmt_handlers[opcode];
4049 if ((handler->var_len && len < handler->data_len) ||
4050 (!handler->var_len && len != handler->data_len)) {
4051 err = cmd_status(sk, index, opcode,
4052 MGMT_STATUS_INVALID_PARAMS);
4057 mgmt_init_hdev(sk, hdev);
4059 cp = buf + sizeof(*hdr);
4061 err = handler->func(sk, hdev, cp, len);
4075 void mgmt_index_added(struct hci_dev *hdev)
4077 if (hdev->dev_type != HCI_BREDR)
4080 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
4083 void mgmt_index_removed(struct hci_dev *hdev)
4085 u8 status = MGMT_STATUS_INVALID_INDEX;
4087 if (hdev->dev_type != HCI_BREDR)
4090 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
4092 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
4095 static void powered_complete(struct hci_dev *hdev, u8 status)
4097 struct cmd_lookup match = { NULL, hdev };
4099 BT_DBG("status 0x%02x", status);
4103 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4105 new_settings(hdev, match.sk);
4107 hci_dev_unlock(hdev);
4113 static int powered_update_hci(struct hci_dev *hdev)
4115 struct hci_request req;
4118 hci_req_init(&req, hdev);
4120 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4121 !lmp_host_ssp_capable(hdev)) {
4124 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
4127 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4128 lmp_bredr_capable(hdev)) {
4129 struct hci_cp_write_le_host_supported cp;
4132 cp.simul = lmp_le_br_capable(hdev);
4134 /* Check first if we already have the right
4135 * host state (host features set)
4137 if (cp.le != lmp_host_le_capable(hdev) ||
4138 cp.simul != lmp_host_le_br_capable(hdev))
4139 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4143 if (lmp_le_capable(hdev)) {
4144 /* Set random address to static address if configured */
4145 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4146 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4147 &hdev->static_addr);
4149 /* Make sure the controller has a good default for
4150 * advertising data. This also applies to the case
4151 * where BR/EDR was toggled during the AUTO_OFF phase.
4153 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4156 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4157 enable_advertising(&req);
4160 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4161 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
4162 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4163 sizeof(link_sec), &link_sec);
4165 if (lmp_bredr_capable(hdev)) {
4166 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4167 set_bredr_scan(&req);
4173 return hci_req_run(&req, powered_complete);
4176 int mgmt_powered(struct hci_dev *hdev, u8 powered)
4178 struct cmd_lookup match = { NULL, hdev };
4179 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4180 u8 zero_cod[] = { 0, 0, 0 };
4183 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4187 if (powered_update_hci(hdev) == 0)
4190 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4195 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4196 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4198 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4199 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4200 zero_cod, sizeof(zero_cod), NULL);
4203 err = new_settings(hdev, match.sk);
4211 void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
4213 struct pending_cmd *cmd;
4216 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4220 if (err == -ERFKILL)
4221 status = MGMT_STATUS_RFKILLED;
4223 status = MGMT_STATUS_FAILED;
4225 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
4227 mgmt_pending_remove(cmd);
4230 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
4232 bool changed = false;
4235 /* Nothing needed here if there's a pending command since that
4236 * commands request completion callback takes care of everything
4239 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
4243 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4246 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4251 err = new_settings(hdev, NULL);
4256 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
4258 bool changed = false;
4261 /* Nothing needed here if there's a pending command since that
4262 * commands request completion callback takes care of everything
4265 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
4269 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4272 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4277 err = new_settings(hdev, NULL);
4282 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
4284 u8 mgmt_err = mgmt_status(status);
4286 if (scan & SCAN_PAGE)
4287 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
4288 cmd_status_rsp, &mgmt_err);
4290 if (scan & SCAN_INQUIRY)
4291 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
4292 cmd_status_rsp, &mgmt_err);
4297 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4300 struct mgmt_ev_new_link_key ev;
4302 memset(&ev, 0, sizeof(ev));
4304 ev.store_hint = persistent;
4305 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4306 ev.key.addr.type = BDADDR_BREDR;
4307 ev.key.type = key->type;
4308 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
4309 ev.key.pin_len = key->pin_len;
4311 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
4314 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4316 struct mgmt_ev_new_long_term_key ev;
4318 memset(&ev, 0, sizeof(ev));
4320 ev.store_hint = persistent;
4321 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
4322 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
4323 ev.key.authenticated = key->authenticated;
4324 ev.key.enc_size = key->enc_size;
4325 ev.key.ediv = key->ediv;
4327 if (key->type == HCI_SMP_LTK)
4330 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4331 memcpy(ev.key.val, key->val, sizeof(key->val));
4333 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4337 void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4338 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4342 struct mgmt_ev_device_connected *ev = (void *) buf;
4345 bacpy(&ev->addr.bdaddr, bdaddr);
4346 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4348 ev->flags = __cpu_to_le32(flags);
4351 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
4354 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
4355 eir_len = eir_append_data(ev->eir, eir_len,
4356 EIR_CLASS_OF_DEV, dev_class, 3);
4358 ev->eir_len = cpu_to_le16(eir_len);
4360 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4361 sizeof(*ev) + eir_len, NULL);
4364 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4366 struct mgmt_cp_disconnect *cp = cmd->param;
4367 struct sock **sk = data;
4368 struct mgmt_rp_disconnect rp;
4370 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4371 rp.addr.type = cp->addr.type;
4373 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
4379 mgmt_pending_remove(cmd);
4382 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
4384 struct hci_dev *hdev = data;
4385 struct mgmt_cp_unpair_device *cp = cmd->param;
4386 struct mgmt_rp_unpair_device rp;
4388 memset(&rp, 0, sizeof(rp));
4389 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4390 rp.addr.type = cp->addr.type;
4392 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4394 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
4396 mgmt_pending_remove(cmd);
4399 void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4400 u8 link_type, u8 addr_type, u8 reason)
4402 struct mgmt_ev_device_disconnected ev;
4403 struct sock *sk = NULL;
4405 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
4407 bacpy(&ev.addr.bdaddr, bdaddr);
4408 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4411 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
4416 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4420 void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4421 u8 link_type, u8 addr_type, u8 status)
4423 struct mgmt_rp_disconnect rp;
4424 struct pending_cmd *cmd;
4426 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4429 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
4433 bacpy(&rp.addr.bdaddr, bdaddr);
4434 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4436 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4437 mgmt_status(status), &rp, sizeof(rp));
4439 mgmt_pending_remove(cmd);
4442 void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4443 u8 addr_type, u8 status)
4445 struct mgmt_ev_connect_failed ev;
4447 bacpy(&ev.addr.bdaddr, bdaddr);
4448 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4449 ev.status = mgmt_status(status);
4451 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
4454 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
4456 struct mgmt_ev_pin_code_request ev;
4458 bacpy(&ev.addr.bdaddr, bdaddr);
4459 ev.addr.type = BDADDR_BREDR;
4462 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4466 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4469 struct pending_cmd *cmd;
4470 struct mgmt_rp_pin_code_reply rp;
4473 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
4477 bacpy(&rp.addr.bdaddr, bdaddr);
4478 rp.addr.type = BDADDR_BREDR;
4480 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4481 mgmt_status(status), &rp, sizeof(rp));
4483 mgmt_pending_remove(cmd);
4488 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4491 struct pending_cmd *cmd;
4492 struct mgmt_rp_pin_code_reply rp;
4495 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
4499 bacpy(&rp.addr.bdaddr, bdaddr);
4500 rp.addr.type = BDADDR_BREDR;
4502 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4503 mgmt_status(status), &rp, sizeof(rp));
4505 mgmt_pending_remove(cmd);
4510 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4511 u8 link_type, u8 addr_type, __le32 value,
4514 struct mgmt_ev_user_confirm_request ev;
4516 BT_DBG("%s", hdev->name);
4518 bacpy(&ev.addr.bdaddr, bdaddr);
4519 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4520 ev.confirm_hint = confirm_hint;
4523 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4527 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
4528 u8 link_type, u8 addr_type)
4530 struct mgmt_ev_user_passkey_request ev;
4532 BT_DBG("%s", hdev->name);
4534 bacpy(&ev.addr.bdaddr, bdaddr);
4535 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4537 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
4541 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4542 u8 link_type, u8 addr_type, u8 status,
4545 struct pending_cmd *cmd;
4546 struct mgmt_rp_user_confirm_reply rp;
4549 cmd = mgmt_pending_find(opcode, hdev);
4553 bacpy(&rp.addr.bdaddr, bdaddr);
4554 rp.addr.type = link_to_bdaddr(link_type, addr_type);
4555 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
4558 mgmt_pending_remove(cmd);
4563 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4564 u8 link_type, u8 addr_type, u8 status)
4566 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4567 status, MGMT_OP_USER_CONFIRM_REPLY);
4570 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4571 u8 link_type, u8 addr_type, u8 status)
4573 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4575 MGMT_OP_USER_CONFIRM_NEG_REPLY);
4578 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4579 u8 link_type, u8 addr_type, u8 status)
4581 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4582 status, MGMT_OP_USER_PASSKEY_REPLY);
4585 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4586 u8 link_type, u8 addr_type, u8 status)
4588 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
4590 MGMT_OP_USER_PASSKEY_NEG_REPLY);
4593 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4594 u8 link_type, u8 addr_type, u32 passkey,
4597 struct mgmt_ev_passkey_notify ev;
4599 BT_DBG("%s", hdev->name);
4601 bacpy(&ev.addr.bdaddr, bdaddr);
4602 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4603 ev.passkey = __cpu_to_le32(passkey);
4604 ev.entered = entered;
4606 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4609 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4610 u8 addr_type, u8 status)
4612 struct mgmt_ev_auth_failed ev;
4614 bacpy(&ev.addr.bdaddr, bdaddr);
4615 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4616 ev.status = mgmt_status(status);
4618 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
4621 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4623 struct cmd_lookup match = { NULL, hdev };
4624 bool changed = false;
4628 u8 mgmt_err = mgmt_status(status);
4629 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
4630 cmd_status_rsp, &mgmt_err);
4634 if (test_bit(HCI_AUTH, &hdev->flags)) {
4635 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4638 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4642 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
4646 err = new_settings(hdev, match.sk);
4654 static void clear_eir(struct hci_request *req)
4656 struct hci_dev *hdev = req->hdev;
4657 struct hci_cp_write_eir cp;
4659 if (!lmp_ext_inq_capable(hdev))
4662 memset(hdev->eir, 0, sizeof(hdev->eir));
4664 memset(&cp, 0, sizeof(cp));
4666 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
4669 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4671 struct cmd_lookup match = { NULL, hdev };
4672 struct hci_request req;
4673 bool changed = false;
4677 u8 mgmt_err = mgmt_status(status);
4679 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
4680 &hdev->dev_flags)) {
4681 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4682 err = new_settings(hdev, NULL);
4685 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4692 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4694 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4696 changed = test_and_clear_bit(HCI_HS_ENABLED,
4699 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4702 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4705 err = new_settings(hdev, match.sk);
4710 hci_req_init(&req, hdev);
4712 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4717 hci_req_run(&req, NULL);
4722 static void sk_lookup(struct pending_cmd *cmd, void *data)
4724 struct cmd_lookup *match = data;
4726 if (match->sk == NULL) {
4727 match->sk = cmd->sk;
4728 sock_hold(match->sk);
4732 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4735 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4738 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4739 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4740 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
4743 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4752 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
4754 struct mgmt_cp_set_local_name ev;
4755 struct pending_cmd *cmd;
4760 memset(&ev, 0, sizeof(ev));
4761 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
4762 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
4764 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
4766 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
4768 /* If this is a HCI command related to powering on the
4769 * HCI dev don't send any mgmt signals.
4771 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4775 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4776 cmd ? cmd->sk : NULL);
4779 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4780 u8 *randomizer, u8 status)
4782 struct pending_cmd *cmd;
4785 BT_DBG("%s status %u", hdev->name, status);
4787 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4792 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4793 mgmt_status(status));
4795 struct mgmt_rp_read_local_oob_data rp;
4797 memcpy(rp.hash, hash, sizeof(rp.hash));
4798 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4800 err = cmd_complete(cmd->sk, hdev->id,
4801 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4805 mgmt_pending_remove(cmd);
4810 void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4811 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4812 ssp, u8 *eir, u16 eir_len)
4815 struct mgmt_ev_device_found *ev = (void *) buf;
4818 if (!hci_discovery_active(hdev))
4821 /* Leave 5 bytes for a potential CoD field */
4822 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
4825 memset(buf, 0, sizeof(buf));
4827 bacpy(&ev->addr.bdaddr, bdaddr);
4828 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4831 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
4833 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
4836 memcpy(ev->eir, eir, eir_len);
4838 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4839 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
4842 ev->eir_len = cpu_to_le16(eir_len);
4843 ev_size = sizeof(*ev) + eir_len;
4845 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
4848 void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4849 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
4851 struct mgmt_ev_device_found *ev;
4852 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4855 ev = (struct mgmt_ev_device_found *) buf;
4857 memset(buf, 0, sizeof(buf));
4859 bacpy(&ev->addr.bdaddr, bdaddr);
4860 ev->addr.type = link_to_bdaddr(link_type, addr_type);
4863 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
4866 ev->eir_len = cpu_to_le16(eir_len);
4868 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
4871 void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
4873 struct mgmt_ev_discovering ev;
4874 struct pending_cmd *cmd;
4876 BT_DBG("%s discovering %u", hdev->name, discovering);
4879 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
4881 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4884 u8 type = hdev->discovery.type;
4886 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4888 mgmt_pending_remove(cmd);
4891 memset(&ev, 0, sizeof(ev));
4892 ev.type = hdev->discovery.type;
4893 ev.discovering = discovering;
4895 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
4898 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4900 struct pending_cmd *cmd;
4901 struct mgmt_ev_device_blocked ev;
4903 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
4905 bacpy(&ev.addr.bdaddr, bdaddr);
4906 ev.addr.type = type;
4908 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
4909 cmd ? cmd->sk : NULL);
4912 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4914 struct pending_cmd *cmd;
4915 struct mgmt_ev_device_unblocked ev;
4917 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
4919 bacpy(&ev.addr.bdaddr, bdaddr);
4920 ev.addr.type = type;
4922 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
4923 cmd ? cmd->sk : NULL);
4926 static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4928 BT_DBG("%s status %u", hdev->name, status);
4930 /* Clear the advertising mgmt setting if we failed to re-enable it */
4932 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4933 new_settings(hdev, NULL);
4937 void mgmt_reenable_advertising(struct hci_dev *hdev)
4939 struct hci_request req;
4941 if (hci_conn_num(hdev, LE_LINK) > 0)
4944 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4947 hci_req_init(&req, hdev);
4948 enable_advertising(&req);
4950 /* If this fails we have no option but to let user space know
4951 * that we've disabled advertising.
4953 if (hci_req_run(&req, adv_enable_complete) < 0) {
4954 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4955 new_settings(hdev, NULL);
git.openpandora.org / pandora-kernel.git / blob