2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
33 #include <net/bluetooth/mgmt.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 7
40 static const u16 mgmt_commands
[] = {
41 MGMT_OP_READ_INDEX_LIST
,
44 MGMT_OP_SET_DISCOVERABLE
,
45 MGMT_OP_SET_CONNECTABLE
,
46 MGMT_OP_SET_FAST_CONNECTABLE
,
48 MGMT_OP_SET_LINK_SECURITY
,
52 MGMT_OP_SET_DEV_CLASS
,
53 MGMT_OP_SET_LOCAL_NAME
,
56 MGMT_OP_LOAD_LINK_KEYS
,
57 MGMT_OP_LOAD_LONG_TERM_KEYS
,
59 MGMT_OP_GET_CONNECTIONS
,
60 MGMT_OP_PIN_CODE_REPLY
,
61 MGMT_OP_PIN_CODE_NEG_REPLY
,
62 MGMT_OP_SET_IO_CAPABILITY
,
64 MGMT_OP_CANCEL_PAIR_DEVICE
,
65 MGMT_OP_UNPAIR_DEVICE
,
66 MGMT_OP_USER_CONFIRM_REPLY
,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
68 MGMT_OP_USER_PASSKEY_REPLY
,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
70 MGMT_OP_READ_LOCAL_OOB_DATA
,
71 MGMT_OP_ADD_REMOTE_OOB_DATA
,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
73 MGMT_OP_START_DISCOVERY
,
74 MGMT_OP_STOP_DISCOVERY
,
77 MGMT_OP_UNBLOCK_DEVICE
,
78 MGMT_OP_SET_DEVICE_ID
,
79 MGMT_OP_SET_ADVERTISING
,
81 MGMT_OP_SET_STATIC_ADDRESS
,
82 MGMT_OP_SET_SCAN_PARAMS
,
83 MGMT_OP_SET_SECURE_CONN
,
84 MGMT_OP_SET_DEBUG_KEYS
,
87 MGMT_OP_GET_CONN_INFO
,
88 MGMT_OP_GET_CLOCK_INFO
,
90 MGMT_OP_REMOVE_DEVICE
,
91 MGMT_OP_LOAD_CONN_PARAM
,
92 MGMT_OP_READ_UNCONF_INDEX_LIST
,
93 MGMT_OP_READ_CONFIG_INFO
,
96 static const u16 mgmt_events
[] = {
97 MGMT_EV_CONTROLLER_ERROR
,
99 MGMT_EV_INDEX_REMOVED
,
100 MGMT_EV_NEW_SETTINGS
,
101 MGMT_EV_CLASS_OF_DEV_CHANGED
,
102 MGMT_EV_LOCAL_NAME_CHANGED
,
103 MGMT_EV_NEW_LINK_KEY
,
104 MGMT_EV_NEW_LONG_TERM_KEY
,
105 MGMT_EV_DEVICE_CONNECTED
,
106 MGMT_EV_DEVICE_DISCONNECTED
,
107 MGMT_EV_CONNECT_FAILED
,
108 MGMT_EV_PIN_CODE_REQUEST
,
109 MGMT_EV_USER_CONFIRM_REQUEST
,
110 MGMT_EV_USER_PASSKEY_REQUEST
,
112 MGMT_EV_DEVICE_FOUND
,
114 MGMT_EV_DEVICE_BLOCKED
,
115 MGMT_EV_DEVICE_UNBLOCKED
,
116 MGMT_EV_DEVICE_UNPAIRED
,
117 MGMT_EV_PASSKEY_NOTIFY
,
120 MGMT_EV_DEVICE_ADDED
,
121 MGMT_EV_DEVICE_REMOVED
,
122 MGMT_EV_NEW_CONN_PARAM
,
123 MGMT_EV_UNCONF_INDEX_ADDED
,
124 MGMT_EV_UNCONF_INDEX_REMOVED
,
127 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
129 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
130 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
133 struct list_head list
;
141 /* HCI to MGMT error code conversion table */
142 static u8 mgmt_status_table
[] = {
144 MGMT_STATUS_UNKNOWN_COMMAND
, /* Unknown Command */
145 MGMT_STATUS_NOT_CONNECTED
, /* No Connection */
146 MGMT_STATUS_FAILED
, /* Hardware Failure */
147 MGMT_STATUS_CONNECT_FAILED
, /* Page Timeout */
148 MGMT_STATUS_AUTH_FAILED
, /* Authentication Failed */
149 MGMT_STATUS_AUTH_FAILED
, /* PIN or Key Missing */
150 MGMT_STATUS_NO_RESOURCES
, /* Memory Full */
151 MGMT_STATUS_TIMEOUT
, /* Connection Timeout */
152 MGMT_STATUS_NO_RESOURCES
, /* Max Number of Connections */
153 MGMT_STATUS_NO_RESOURCES
, /* Max Number of SCO Connections */
154 MGMT_STATUS_ALREADY_CONNECTED
, /* ACL Connection Exists */
155 MGMT_STATUS_BUSY
, /* Command Disallowed */
156 MGMT_STATUS_NO_RESOURCES
, /* Rejected Limited Resources */
157 MGMT_STATUS_REJECTED
, /* Rejected Security */
158 MGMT_STATUS_REJECTED
, /* Rejected Personal */
159 MGMT_STATUS_TIMEOUT
, /* Host Timeout */
160 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Feature */
161 MGMT_STATUS_INVALID_PARAMS
, /* Invalid Parameters */
162 MGMT_STATUS_DISCONNECTED
, /* OE User Ended Connection */
163 MGMT_STATUS_NO_RESOURCES
, /* OE Low Resources */
164 MGMT_STATUS_DISCONNECTED
, /* OE Power Off */
165 MGMT_STATUS_DISCONNECTED
, /* Connection Terminated */
166 MGMT_STATUS_BUSY
, /* Repeated Attempts */
167 MGMT_STATUS_REJECTED
, /* Pairing Not Allowed */
168 MGMT_STATUS_FAILED
, /* Unknown LMP PDU */
169 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Remote Feature */
170 MGMT_STATUS_REJECTED
, /* SCO Offset Rejected */
171 MGMT_STATUS_REJECTED
, /* SCO Interval Rejected */
172 MGMT_STATUS_REJECTED
, /* Air Mode Rejected */
173 MGMT_STATUS_INVALID_PARAMS
, /* Invalid LMP Parameters */
174 MGMT_STATUS_FAILED
, /* Unspecified Error */
175 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported LMP Parameter Value */
176 MGMT_STATUS_FAILED
, /* Role Change Not Allowed */
177 MGMT_STATUS_TIMEOUT
, /* LMP Response Timeout */
178 MGMT_STATUS_FAILED
, /* LMP Error Transaction Collision */
179 MGMT_STATUS_FAILED
, /* LMP PDU Not Allowed */
180 MGMT_STATUS_REJECTED
, /* Encryption Mode Not Accepted */
181 MGMT_STATUS_FAILED
, /* Unit Link Key Used */
182 MGMT_STATUS_NOT_SUPPORTED
, /* QoS Not Supported */
183 MGMT_STATUS_TIMEOUT
, /* Instant Passed */
184 MGMT_STATUS_NOT_SUPPORTED
, /* Pairing Not Supported */
185 MGMT_STATUS_FAILED
, /* Transaction Collision */
186 MGMT_STATUS_INVALID_PARAMS
, /* Unacceptable Parameter */
187 MGMT_STATUS_REJECTED
, /* QoS Rejected */
188 MGMT_STATUS_NOT_SUPPORTED
, /* Classification Not Supported */
189 MGMT_STATUS_REJECTED
, /* Insufficient Security */
190 MGMT_STATUS_INVALID_PARAMS
, /* Parameter Out Of Range */
191 MGMT_STATUS_BUSY
, /* Role Switch Pending */
192 MGMT_STATUS_FAILED
, /* Slot Violation */
193 MGMT_STATUS_FAILED
, /* Role Switch Failed */
194 MGMT_STATUS_INVALID_PARAMS
, /* EIR Too Large */
195 MGMT_STATUS_NOT_SUPPORTED
, /* Simple Pairing Not Supported */
196 MGMT_STATUS_BUSY
, /* Host Busy Pairing */
197 MGMT_STATUS_REJECTED
, /* Rejected, No Suitable Channel */
198 MGMT_STATUS_BUSY
, /* Controller Busy */
199 MGMT_STATUS_INVALID_PARAMS
, /* Unsuitable Connection Interval */
200 MGMT_STATUS_TIMEOUT
, /* Directed Advertising Timeout */
201 MGMT_STATUS_AUTH_FAILED
, /* Terminated Due to MIC Failure */
202 MGMT_STATUS_CONNECT_FAILED
, /* Connection Establishment Failed */
203 MGMT_STATUS_CONNECT_FAILED
, /* MAC Connection Failed */
206 static u8
mgmt_status(u8 hci_status
)
208 if (hci_status
< ARRAY_SIZE(mgmt_status_table
))
209 return mgmt_status_table
[hci_status
];
211 return MGMT_STATUS_FAILED
;
214 static int cmd_status(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
)
217 struct mgmt_hdr
*hdr
;
218 struct mgmt_ev_cmd_status
*ev
;
221 BT_DBG("sock %p, index %u, cmd %u, status %u", sk
, index
, cmd
, status
);
223 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
), GFP_KERNEL
);
227 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
229 hdr
->opcode
= cpu_to_le16(MGMT_EV_CMD_STATUS
);
230 hdr
->index
= cpu_to_le16(index
);
231 hdr
->len
= cpu_to_le16(sizeof(*ev
));
233 ev
= (void *) skb_put(skb
, sizeof(*ev
));
235 ev
->opcode
= cpu_to_le16(cmd
);
237 err
= sock_queue_rcv_skb(sk
, skb
);
244 static int cmd_complete(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
,
245 void *rp
, size_t rp_len
)
248 struct mgmt_hdr
*hdr
;
249 struct mgmt_ev_cmd_complete
*ev
;
252 BT_DBG("sock %p", sk
);
254 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
) + rp_len
, GFP_KERNEL
);
258 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
260 hdr
->opcode
= cpu_to_le16(MGMT_EV_CMD_COMPLETE
);
261 hdr
->index
= cpu_to_le16(index
);
262 hdr
->len
= cpu_to_le16(sizeof(*ev
) + rp_len
);
264 ev
= (void *) skb_put(skb
, sizeof(*ev
) + rp_len
);
265 ev
->opcode
= cpu_to_le16(cmd
);
269 memcpy(ev
->data
, rp
, rp_len
);
271 err
= sock_queue_rcv_skb(sk
, skb
);
278 static int read_version(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
281 struct mgmt_rp_read_version rp
;
283 BT_DBG("sock %p", sk
);
285 rp
.version
= MGMT_VERSION
;
286 rp
.revision
= cpu_to_le16(MGMT_REVISION
);
288 return cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_VERSION
, 0, &rp
,
292 static int read_commands(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
295 struct mgmt_rp_read_commands
*rp
;
296 const u16 num_commands
= ARRAY_SIZE(mgmt_commands
);
297 const u16 num_events
= ARRAY_SIZE(mgmt_events
);
302 BT_DBG("sock %p", sk
);
304 rp_size
= sizeof(*rp
) + ((num_commands
+ num_events
) * sizeof(u16
));
306 rp
= kmalloc(rp_size
, GFP_KERNEL
);
310 rp
->num_commands
= cpu_to_le16(num_commands
);
311 rp
->num_events
= cpu_to_le16(num_events
);
313 for (i
= 0, opcode
= rp
->opcodes
; i
< num_commands
; i
++, opcode
++)
314 put_unaligned_le16(mgmt_commands
[i
], opcode
);
316 for (i
= 0; i
< num_events
; i
++, opcode
++)
317 put_unaligned_le16(mgmt_events
[i
], opcode
);
319 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_COMMANDS
, 0, rp
,
326 static int read_index_list(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
329 struct mgmt_rp_read_index_list
*rp
;
335 BT_DBG("sock %p", sk
);
337 read_lock(&hci_dev_list_lock
);
340 list_for_each_entry(d
, &hci_dev_list
, list
) {
341 if (d
->dev_type
== HCI_BREDR
&&
342 !test_bit(HCI_UNCONFIGURED
, &d
->dev_flags
))
346 rp_len
= sizeof(*rp
) + (2 * count
);
347 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
349 read_unlock(&hci_dev_list_lock
);
354 list_for_each_entry(d
, &hci_dev_list
, list
) {
355 if (test_bit(HCI_SETUP
, &d
->dev_flags
) ||
356 test_bit(HCI_USER_CHANNEL
, &d
->dev_flags
))
359 /* Devices marked as raw-only are neither configured
360 * nor unconfigured controllers.
362 if (test_bit(HCI_QUIRK_RAW_DEVICE
, &d
->quirks
))
365 if (d
->dev_type
== HCI_BREDR
&&
366 !test_bit(HCI_UNCONFIGURED
, &d
->dev_flags
)) {
367 rp
->index
[count
++] = cpu_to_le16(d
->id
);
368 BT_DBG("Added hci%u", d
->id
);
372 rp
->num_controllers
= cpu_to_le16(count
);
373 rp_len
= sizeof(*rp
) + (2 * count
);
375 read_unlock(&hci_dev_list_lock
);
377 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_INDEX_LIST
, 0, rp
,
385 static int read_unconf_index_list(struct sock
*sk
, struct hci_dev
*hdev
,
386 void *data
, u16 data_len
)
388 struct mgmt_rp_read_unconf_index_list
*rp
;
394 BT_DBG("sock %p", sk
);
396 read_lock(&hci_dev_list_lock
);
399 list_for_each_entry(d
, &hci_dev_list
, list
) {
400 if (d
->dev_type
== HCI_BREDR
&&
401 test_bit(HCI_UNCONFIGURED
, &d
->dev_flags
))
405 rp_len
= sizeof(*rp
) + (2 * count
);
406 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
408 read_unlock(&hci_dev_list_lock
);
413 list_for_each_entry(d
, &hci_dev_list
, list
) {
414 if (test_bit(HCI_SETUP
, &d
->dev_flags
) ||
415 test_bit(HCI_USER_CHANNEL
, &d
->dev_flags
))
418 /* Devices marked as raw-only are neither configured
419 * nor unconfigured controllers.
421 if (test_bit(HCI_QUIRK_RAW_DEVICE
, &d
->quirks
))
424 if (d
->dev_type
== HCI_BREDR
&&
425 test_bit(HCI_UNCONFIGURED
, &d
->dev_flags
)) {
426 rp
->index
[count
++] = cpu_to_le16(d
->id
);
427 BT_DBG("Added hci%u", d
->id
);
431 rp
->num_controllers
= cpu_to_le16(count
);
432 rp_len
= sizeof(*rp
) + (2 * count
);
434 read_unlock(&hci_dev_list_lock
);
436 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_UNCONF_INDEX_LIST
,
444 static __le32
get_missing_options(struct hci_dev
*hdev
)
448 if (test_bit(HCI_QUIRK_INVALID_BDADDR
, &hdev
->quirks
) &&
449 !bacmp(&hdev
->public_addr
, BDADDR_ANY
))
450 options
|= MGMT_OPTION_PUBLIC_ADDRESS
;
452 return cpu_to_le32(options
);
455 static int read_config_info(struct sock
*sk
, struct hci_dev
*hdev
,
456 void *data
, u16 data_len
)
458 struct mgmt_rp_read_config_info rp
;
461 BT_DBG("sock %p %s", sk
, hdev
->name
);
465 memset(&rp
, 0, sizeof(rp
));
466 rp
.manufacturer
= cpu_to_le16(hdev
->manufacturer
);
468 if (hdev
->set_bdaddr
)
469 options
|= MGMT_OPTION_PUBLIC_ADDRESS
;
471 rp
.supported_options
= cpu_to_le32(options
);
472 rp
.missing_options
= get_missing_options(hdev
);
474 hci_dev_unlock(hdev
);
476 return cmd_complete(sk
, hdev
->id
, MGMT_OP_READ_CONFIG_INFO
, 0, &rp
,
480 static u32
get_supported_settings(struct hci_dev
*hdev
)
484 settings
|= MGMT_SETTING_POWERED
;
485 settings
|= MGMT_SETTING_PAIRABLE
;
486 settings
|= MGMT_SETTING_DEBUG_KEYS
;
488 if (lmp_bredr_capable(hdev
)) {
489 settings
|= MGMT_SETTING_CONNECTABLE
;
490 if (hdev
->hci_ver
>= BLUETOOTH_VER_1_2
)
491 settings
|= MGMT_SETTING_FAST_CONNECTABLE
;
492 settings
|= MGMT_SETTING_DISCOVERABLE
;
493 settings
|= MGMT_SETTING_BREDR
;
494 settings
|= MGMT_SETTING_LINK_SECURITY
;
496 if (lmp_ssp_capable(hdev
)) {
497 settings
|= MGMT_SETTING_SSP
;
498 settings
|= MGMT_SETTING_HS
;
501 if (lmp_sc_capable(hdev
) ||
502 test_bit(HCI_FORCE_SC
, &hdev
->dbg_flags
))
503 settings
|= MGMT_SETTING_SECURE_CONN
;
506 if (lmp_le_capable(hdev
)) {
507 settings
|= MGMT_SETTING_LE
;
508 settings
|= MGMT_SETTING_ADVERTISING
;
509 settings
|= MGMT_SETTING_PRIVACY
;
512 if (hdev
->set_bdaddr
)
513 settings
|= MGMT_SETTING_CONFIGURATION
;
518 static u32
get_current_settings(struct hci_dev
*hdev
)
522 if (hdev_is_powered(hdev
))
523 settings
|= MGMT_SETTING_POWERED
;
525 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
526 settings
|= MGMT_SETTING_CONNECTABLE
;
528 if (test_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
))
529 settings
|= MGMT_SETTING_FAST_CONNECTABLE
;
531 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
532 settings
|= MGMT_SETTING_DISCOVERABLE
;
534 if (test_bit(HCI_PAIRABLE
, &hdev
->dev_flags
))
535 settings
|= MGMT_SETTING_PAIRABLE
;
537 if (test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
538 settings
|= MGMT_SETTING_BREDR
;
540 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
541 settings
|= MGMT_SETTING_LE
;
543 if (test_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
544 settings
|= MGMT_SETTING_LINK_SECURITY
;
546 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
547 settings
|= MGMT_SETTING_SSP
;
549 if (test_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
))
550 settings
|= MGMT_SETTING_HS
;
552 if (test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
))
553 settings
|= MGMT_SETTING_ADVERTISING
;
555 if (test_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
))
556 settings
|= MGMT_SETTING_SECURE_CONN
;
558 if (test_bit(HCI_KEEP_DEBUG_KEYS
, &hdev
->dev_flags
))
559 settings
|= MGMT_SETTING_DEBUG_KEYS
;
561 if (test_bit(HCI_PRIVACY
, &hdev
->dev_flags
))
562 settings
|= MGMT_SETTING_PRIVACY
;
567 #define PNP_INFO_SVCLASS_ID 0x1200
569 static u8
*create_uuid16_list(struct hci_dev
*hdev
, u8
*data
, ptrdiff_t len
)
571 u8
*ptr
= data
, *uuids_start
= NULL
;
572 struct bt_uuid
*uuid
;
577 list_for_each_entry(uuid
, &hdev
->uuids
, list
) {
580 if (uuid
->size
!= 16)
583 uuid16
= get_unaligned_le16(&uuid
->uuid
[12]);
587 if (uuid16
== PNP_INFO_SVCLASS_ID
)
593 uuids_start
[1] = EIR_UUID16_ALL
;
597 /* Stop if not enough space to put next UUID */
598 if ((ptr
- data
) + sizeof(u16
) > len
) {
599 uuids_start
[1] = EIR_UUID16_SOME
;
603 *ptr
++ = (uuid16
& 0x00ff);
604 *ptr
++ = (uuid16
& 0xff00) >> 8;
605 uuids_start
[0] += sizeof(uuid16
);
611 static u8
*create_uuid32_list(struct hci_dev
*hdev
, u8
*data
, ptrdiff_t len
)
613 u8
*ptr
= data
, *uuids_start
= NULL
;
614 struct bt_uuid
*uuid
;
619 list_for_each_entry(uuid
, &hdev
->uuids
, list
) {
620 if (uuid
->size
!= 32)
626 uuids_start
[1] = EIR_UUID32_ALL
;
630 /* Stop if not enough space to put next UUID */
631 if ((ptr
- data
) + sizeof(u32
) > len
) {
632 uuids_start
[1] = EIR_UUID32_SOME
;
636 memcpy(ptr
, &uuid
->uuid
[12], sizeof(u32
));
638 uuids_start
[0] += sizeof(u32
);
644 static u8
*create_uuid128_list(struct hci_dev
*hdev
, u8
*data
, ptrdiff_t len
)
646 u8
*ptr
= data
, *uuids_start
= NULL
;
647 struct bt_uuid
*uuid
;
652 list_for_each_entry(uuid
, &hdev
->uuids
, list
) {
653 if (uuid
->size
!= 128)
659 uuids_start
[1] = EIR_UUID128_ALL
;
663 /* Stop if not enough space to put next UUID */
664 if ((ptr
- data
) + 16 > len
) {
665 uuids_start
[1] = EIR_UUID128_SOME
;
669 memcpy(ptr
, uuid
->uuid
, 16);
671 uuids_start
[0] += 16;
677 static struct pending_cmd
*mgmt_pending_find(u16 opcode
, struct hci_dev
*hdev
)
679 struct pending_cmd
*cmd
;
681 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
682 if (cmd
->opcode
== opcode
)
689 static struct pending_cmd
*mgmt_pending_find_data(u16 opcode
,
690 struct hci_dev
*hdev
,
693 struct pending_cmd
*cmd
;
695 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
696 if (cmd
->user_data
!= data
)
698 if (cmd
->opcode
== opcode
)
705 static u8
create_scan_rsp_data(struct hci_dev
*hdev
, u8
*ptr
)
710 name_len
= strlen(hdev
->dev_name
);
712 size_t max_len
= HCI_MAX_AD_LENGTH
- ad_len
- 2;
714 if (name_len
> max_len
) {
716 ptr
[1] = EIR_NAME_SHORT
;
718 ptr
[1] = EIR_NAME_COMPLETE
;
720 ptr
[0] = name_len
+ 1;
722 memcpy(ptr
+ 2, hdev
->dev_name
, name_len
);
724 ad_len
+= (name_len
+ 2);
725 ptr
+= (name_len
+ 2);
731 static void update_scan_rsp_data(struct hci_request
*req
)
733 struct hci_dev
*hdev
= req
->hdev
;
734 struct hci_cp_le_set_scan_rsp_data cp
;
737 if (!test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
740 memset(&cp
, 0, sizeof(cp
));
742 len
= create_scan_rsp_data(hdev
, cp
.data
);
744 if (hdev
->scan_rsp_data_len
== len
&&
745 memcmp(cp
.data
, hdev
->scan_rsp_data
, len
) == 0)
748 memcpy(hdev
->scan_rsp_data
, cp
.data
, sizeof(cp
.data
));
749 hdev
->scan_rsp_data_len
= len
;
753 hci_req_add(req
, HCI_OP_LE_SET_SCAN_RSP_DATA
, sizeof(cp
), &cp
);
756 static u8
get_adv_discov_flags(struct hci_dev
*hdev
)
758 struct pending_cmd
*cmd
;
760 /* If there's a pending mgmt command the flags will not yet have
761 * their final values, so check for this first.
763 cmd
= mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
);
765 struct mgmt_mode
*cp
= cmd
->param
;
767 return LE_AD_GENERAL
;
768 else if (cp
->val
== 0x02)
769 return LE_AD_LIMITED
;
771 if (test_bit(HCI_LIMITED_DISCOVERABLE
, &hdev
->dev_flags
))
772 return LE_AD_LIMITED
;
773 else if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
774 return LE_AD_GENERAL
;
780 static u8
create_adv_data(struct hci_dev
*hdev
, u8
*ptr
)
782 u8 ad_len
= 0, flags
= 0;
784 flags
|= get_adv_discov_flags(hdev
);
786 if (!test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
787 flags
|= LE_AD_NO_BREDR
;
790 BT_DBG("adv flags 0x%02x", flags
);
800 if (hdev
->adv_tx_power
!= HCI_TX_POWER_INVALID
) {
802 ptr
[1] = EIR_TX_POWER
;
803 ptr
[2] = (u8
) hdev
->adv_tx_power
;
812 static void update_adv_data(struct hci_request
*req
)
814 struct hci_dev
*hdev
= req
->hdev
;
815 struct hci_cp_le_set_adv_data cp
;
818 if (!test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
821 memset(&cp
, 0, sizeof(cp
));
823 len
= create_adv_data(hdev
, cp
.data
);
825 if (hdev
->adv_data_len
== len
&&
826 memcmp(cp
.data
, hdev
->adv_data
, len
) == 0)
829 memcpy(hdev
->adv_data
, cp
.data
, sizeof(cp
.data
));
830 hdev
->adv_data_len
= len
;
834 hci_req_add(req
, HCI_OP_LE_SET_ADV_DATA
, sizeof(cp
), &cp
);
837 static void create_eir(struct hci_dev
*hdev
, u8
*data
)
842 name_len
= strlen(hdev
->dev_name
);
848 ptr
[1] = EIR_NAME_SHORT
;
850 ptr
[1] = EIR_NAME_COMPLETE
;
852 /* EIR Data length */
853 ptr
[0] = name_len
+ 1;
855 memcpy(ptr
+ 2, hdev
->dev_name
, name_len
);
857 ptr
+= (name_len
+ 2);
860 if (hdev
->inq_tx_power
!= HCI_TX_POWER_INVALID
) {
862 ptr
[1] = EIR_TX_POWER
;
863 ptr
[2] = (u8
) hdev
->inq_tx_power
;
868 if (hdev
->devid_source
> 0) {
870 ptr
[1] = EIR_DEVICE_ID
;
872 put_unaligned_le16(hdev
->devid_source
, ptr
+ 2);
873 put_unaligned_le16(hdev
->devid_vendor
, ptr
+ 4);
874 put_unaligned_le16(hdev
->devid_product
, ptr
+ 6);
875 put_unaligned_le16(hdev
->devid_version
, ptr
+ 8);
880 ptr
= create_uuid16_list(hdev
, ptr
, HCI_MAX_EIR_LENGTH
- (ptr
- data
));
881 ptr
= create_uuid32_list(hdev
, ptr
, HCI_MAX_EIR_LENGTH
- (ptr
- data
));
882 ptr
= create_uuid128_list(hdev
, ptr
, HCI_MAX_EIR_LENGTH
- (ptr
- data
));
885 static void update_eir(struct hci_request
*req
)
887 struct hci_dev
*hdev
= req
->hdev
;
888 struct hci_cp_write_eir cp
;
890 if (!hdev_is_powered(hdev
))
893 if (!lmp_ext_inq_capable(hdev
))
896 if (!test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
899 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
902 memset(&cp
, 0, sizeof(cp
));
904 create_eir(hdev
, cp
.data
);
906 if (memcmp(cp
.data
, hdev
->eir
, sizeof(cp
.data
)) == 0)
909 memcpy(hdev
->eir
, cp
.data
, sizeof(cp
.data
));
911 hci_req_add(req
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
914 static u8
get_service_classes(struct hci_dev
*hdev
)
916 struct bt_uuid
*uuid
;
919 list_for_each_entry(uuid
, &hdev
->uuids
, list
)
920 val
|= uuid
->svc_hint
;
925 static void update_class(struct hci_request
*req
)
927 struct hci_dev
*hdev
= req
->hdev
;
930 BT_DBG("%s", hdev
->name
);
932 if (!hdev_is_powered(hdev
))
935 if (!test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
938 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
941 cod
[0] = hdev
->minor_class
;
942 cod
[1] = hdev
->major_class
;
943 cod
[2] = get_service_classes(hdev
);
945 if (test_bit(HCI_LIMITED_DISCOVERABLE
, &hdev
->dev_flags
))
948 if (memcmp(cod
, hdev
->dev_class
, 3) == 0)
951 hci_req_add(req
, HCI_OP_WRITE_CLASS_OF_DEV
, sizeof(cod
), cod
);
954 static bool get_connectable(struct hci_dev
*hdev
)
956 struct pending_cmd
*cmd
;
958 /* If there's a pending mgmt command the flag will not yet have
959 * it's final value, so check for this first.
961 cmd
= mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
);
963 struct mgmt_mode
*cp
= cmd
->param
;
967 return test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
970 static void enable_advertising(struct hci_request
*req
)
972 struct hci_dev
*hdev
= req
->hdev
;
973 struct hci_cp_le_set_adv_param cp
;
974 u8 own_addr_type
, enable
= 0x01;
977 /* Clear the HCI_ADVERTISING bit temporarily so that the
978 * hci_update_random_address knows that it's safe to go ahead
979 * and write a new random address. The flag will be set back on
980 * as soon as the SET_ADV_ENABLE HCI command completes.
982 clear_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
984 connectable
= get_connectable(hdev
);
986 /* Set require_privacy to true only when non-connectable
987 * advertising is used. In that case it is fine to use a
988 * non-resolvable private address.
990 if (hci_update_random_address(req
, !connectable
, &own_addr_type
) < 0)
993 memset(&cp
, 0, sizeof(cp
));
994 cp
.min_interval
= cpu_to_le16(0x0800);
995 cp
.max_interval
= cpu_to_le16(0x0800);
996 cp
.type
= connectable
? LE_ADV_IND
: LE_ADV_NONCONN_IND
;
997 cp
.own_address_type
= own_addr_type
;
998 cp
.channel_map
= hdev
->le_adv_channel_map
;
1000 hci_req_add(req
, HCI_OP_LE_SET_ADV_PARAM
, sizeof(cp
), &cp
);
1002 hci_req_add(req
, HCI_OP_LE_SET_ADV_ENABLE
, sizeof(enable
), &enable
);
1005 static void disable_advertising(struct hci_request
*req
)
1009 hci_req_add(req
, HCI_OP_LE_SET_ADV_ENABLE
, sizeof(enable
), &enable
);
1012 static void service_cache_off(struct work_struct
*work
)
1014 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
1015 service_cache
.work
);
1016 struct hci_request req
;
1018 if (!test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
1021 hci_req_init(&req
, hdev
);
1028 hci_dev_unlock(hdev
);
1030 hci_req_run(&req
, NULL
);
1033 static void rpa_expired(struct work_struct
*work
)
1035 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
1037 struct hci_request req
;
1041 set_bit(HCI_RPA_EXPIRED
, &hdev
->dev_flags
);
1043 if (!test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
) ||
1044 hci_conn_num(hdev
, LE_LINK
) > 0)
1047 /* The generation of a new RPA and programming it into the
1048 * controller happens in the enable_advertising() function.
1051 hci_req_init(&req
, hdev
);
1053 disable_advertising(&req
);
1054 enable_advertising(&req
);
1056 hci_req_run(&req
, NULL
);
1059 static void mgmt_init_hdev(struct sock
*sk
, struct hci_dev
*hdev
)
1061 if (test_and_set_bit(HCI_MGMT
, &hdev
->dev_flags
))
1064 INIT_DELAYED_WORK(&hdev
->service_cache
, service_cache_off
);
1065 INIT_DELAYED_WORK(&hdev
->rpa_expired
, rpa_expired
);
1067 /* Non-mgmt controlled devices get this bit set
1068 * implicitly so that pairing works for them, however
1069 * for mgmt we require user-space to explicitly enable
1072 clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1075 static int read_controller_info(struct sock
*sk
, struct hci_dev
*hdev
,
1076 void *data
, u16 data_len
)
1078 struct mgmt_rp_read_info rp
;
1080 BT_DBG("sock %p %s", sk
, hdev
->name
);
1084 memset(&rp
, 0, sizeof(rp
));
1086 bacpy(&rp
.bdaddr
, &hdev
->bdaddr
);
1088 rp
.version
= hdev
->hci_ver
;
1089 rp
.manufacturer
= cpu_to_le16(hdev
->manufacturer
);
1091 rp
.supported_settings
= cpu_to_le32(get_supported_settings(hdev
));
1092 rp
.current_settings
= cpu_to_le32(get_current_settings(hdev
));
1094 memcpy(rp
.dev_class
, hdev
->dev_class
, 3);
1096 memcpy(rp
.name
, hdev
->dev_name
, sizeof(hdev
->dev_name
));
1097 memcpy(rp
.short_name
, hdev
->short_name
, sizeof(hdev
->short_name
));
1099 hci_dev_unlock(hdev
);
1101 return cmd_complete(sk
, hdev
->id
, MGMT_OP_READ_INFO
, 0, &rp
,
1105 static void mgmt_pending_free(struct pending_cmd
*cmd
)
1112 static struct pending_cmd
*mgmt_pending_add(struct sock
*sk
, u16 opcode
,
1113 struct hci_dev
*hdev
, void *data
,
1116 struct pending_cmd
*cmd
;
1118 cmd
= kzalloc(sizeof(*cmd
), GFP_KERNEL
);
1122 cmd
->opcode
= opcode
;
1123 cmd
->index
= hdev
->id
;
1125 cmd
->param
= kmalloc(len
, GFP_KERNEL
);
1132 memcpy(cmd
->param
, data
, len
);
1137 list_add(&cmd
->list
, &hdev
->mgmt_pending
);
1142 static void mgmt_pending_foreach(u16 opcode
, struct hci_dev
*hdev
,
1143 void (*cb
)(struct pending_cmd
*cmd
,
1147 struct pending_cmd
*cmd
, *tmp
;
1149 list_for_each_entry_safe(cmd
, tmp
, &hdev
->mgmt_pending
, list
) {
1150 if (opcode
> 0 && cmd
->opcode
!= opcode
)
1157 static void mgmt_pending_remove(struct pending_cmd
*cmd
)
1159 list_del(&cmd
->list
);
1160 mgmt_pending_free(cmd
);
1163 static int send_settings_rsp(struct sock
*sk
, u16 opcode
, struct hci_dev
*hdev
)
1165 __le32 settings
= cpu_to_le32(get_current_settings(hdev
));
1167 return cmd_complete(sk
, hdev
->id
, opcode
, 0, &settings
,
1171 static void clean_up_hci_complete(struct hci_dev
*hdev
, u8 status
)
1173 BT_DBG("%s status 0x%02x", hdev
->name
, status
);
1175 if (hci_conn_count(hdev
) == 0) {
1176 cancel_delayed_work(&hdev
->power_off
);
1177 queue_work(hdev
->req_workqueue
, &hdev
->power_off
.work
);
1181 static void hci_stop_discovery(struct hci_request
*req
)
1183 struct hci_dev
*hdev
= req
->hdev
;
1184 struct hci_cp_remote_name_req_cancel cp
;
1185 struct inquiry_entry
*e
;
1187 switch (hdev
->discovery
.state
) {
1188 case DISCOVERY_FINDING
:
1189 if (test_bit(HCI_INQUIRY
, &hdev
->flags
)) {
1190 hci_req_add(req
, HCI_OP_INQUIRY_CANCEL
, 0, NULL
);
1192 cancel_delayed_work(&hdev
->le_scan_disable
);
1193 hci_req_add_le_scan_disable(req
);
1198 case DISCOVERY_RESOLVING
:
1199 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
,
1204 bacpy(&cp
.bdaddr
, &e
->data
.bdaddr
);
1205 hci_req_add(req
, HCI_OP_REMOTE_NAME_REQ_CANCEL
, sizeof(cp
),
1211 /* Passive scanning */
1212 if (test_bit(HCI_LE_SCAN
, &hdev
->dev_flags
))
1213 hci_req_add_le_scan_disable(req
);
1218 static int clean_up_hci_state(struct hci_dev
*hdev
)
1220 struct hci_request req
;
1221 struct hci_conn
*conn
;
1223 hci_req_init(&req
, hdev
);
1225 if (test_bit(HCI_ISCAN
, &hdev
->flags
) ||
1226 test_bit(HCI_PSCAN
, &hdev
->flags
)) {
1228 hci_req_add(&req
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
1231 if (test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
))
1232 disable_advertising(&req
);
1234 hci_stop_discovery(&req
);
1236 list_for_each_entry(conn
, &hdev
->conn_hash
.list
, list
) {
1237 struct hci_cp_disconnect dc
;
1238 struct hci_cp_reject_conn_req rej
;
1240 switch (conn
->state
) {
1243 dc
.handle
= cpu_to_le16(conn
->handle
);
1244 dc
.reason
= 0x15; /* Terminated due to Power Off */
1245 hci_req_add(&req
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
1248 if (conn
->type
== LE_LINK
)
1249 hci_req_add(&req
, HCI_OP_LE_CREATE_CONN_CANCEL
,
1251 else if (conn
->type
== ACL_LINK
)
1252 hci_req_add(&req
, HCI_OP_CREATE_CONN_CANCEL
,
1256 bacpy(&rej
.bdaddr
, &conn
->dst
);
1257 rej
.reason
= 0x15; /* Terminated due to Power Off */
1258 if (conn
->type
== ACL_LINK
)
1259 hci_req_add(&req
, HCI_OP_REJECT_CONN_REQ
,
1261 else if (conn
->type
== SCO_LINK
)
1262 hci_req_add(&req
, HCI_OP_REJECT_SYNC_CONN_REQ
,
1268 return hci_req_run(&req
, clean_up_hci_complete
);
1271 static int set_powered(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1274 struct mgmt_mode
*cp
= data
;
1275 struct pending_cmd
*cmd
;
1278 BT_DBG("request for %s", hdev
->name
);
1280 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1281 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_POWERED
,
1282 MGMT_STATUS_INVALID_PARAMS
);
1286 if (mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
)) {
1287 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_POWERED
,
1292 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
)) {
1293 cancel_delayed_work(&hdev
->power_off
);
1296 mgmt_pending_add(sk
, MGMT_OP_SET_POWERED
, hdev
,
1298 err
= mgmt_powered(hdev
, 1);
1303 if (!!cp
->val
== hdev_is_powered(hdev
)) {
1304 err
= send_settings_rsp(sk
, MGMT_OP_SET_POWERED
, hdev
);
1308 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_POWERED
, hdev
, data
, len
);
1315 queue_work(hdev
->req_workqueue
, &hdev
->power_on
);
1318 /* Disconnect connections, stop scans, etc */
1319 err
= clean_up_hci_state(hdev
);
1321 queue_delayed_work(hdev
->req_workqueue
, &hdev
->power_off
,
1322 HCI_POWER_OFF_TIMEOUT
);
1324 /* ENODATA means there were no HCI commands queued */
1325 if (err
== -ENODATA
) {
1326 cancel_delayed_work(&hdev
->power_off
);
1327 queue_work(hdev
->req_workqueue
, &hdev
->power_off
.work
);
1333 hci_dev_unlock(hdev
);
1337 static int mgmt_event(u16 event
, struct hci_dev
*hdev
, void *data
, u16 data_len
,
1338 struct sock
*skip_sk
)
1340 struct sk_buff
*skb
;
1341 struct mgmt_hdr
*hdr
;
1343 skb
= alloc_skb(sizeof(*hdr
) + data_len
, GFP_KERNEL
);
1347 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
1348 hdr
->opcode
= cpu_to_le16(event
);
1350 hdr
->index
= cpu_to_le16(hdev
->id
);
1352 hdr
->index
= cpu_to_le16(MGMT_INDEX_NONE
);
1353 hdr
->len
= cpu_to_le16(data_len
);
1356 memcpy(skb_put(skb
, data_len
), data
, data_len
);
1359 __net_timestamp(skb
);
1361 hci_send_to_control(skb
, skip_sk
);
1367 static int new_settings(struct hci_dev
*hdev
, struct sock
*skip
)
1371 ev
= cpu_to_le32(get_current_settings(hdev
));
1373 return mgmt_event(MGMT_EV_NEW_SETTINGS
, hdev
, &ev
, sizeof(ev
), skip
);
1378 struct hci_dev
*hdev
;
1382 static void settings_rsp(struct pending_cmd
*cmd
, void *data
)
1384 struct cmd_lookup
*match
= data
;
1386 send_settings_rsp(cmd
->sk
, cmd
->opcode
, match
->hdev
);
1388 list_del(&cmd
->list
);
1390 if (match
->sk
== NULL
) {
1391 match
->sk
= cmd
->sk
;
1392 sock_hold(match
->sk
);
1395 mgmt_pending_free(cmd
);
1398 static void cmd_status_rsp(struct pending_cmd
*cmd
, void *data
)
1402 cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, *status
);
1403 mgmt_pending_remove(cmd
);
1406 static u8
mgmt_bredr_support(struct hci_dev
*hdev
)
1408 if (!lmp_bredr_capable(hdev
))
1409 return MGMT_STATUS_NOT_SUPPORTED
;
1410 else if (!test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
1411 return MGMT_STATUS_REJECTED
;
1413 return MGMT_STATUS_SUCCESS
;
1416 static u8
mgmt_le_support(struct hci_dev
*hdev
)
1418 if (!lmp_le_capable(hdev
))
1419 return MGMT_STATUS_NOT_SUPPORTED
;
1420 else if (!test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
1421 return MGMT_STATUS_REJECTED
;
1423 return MGMT_STATUS_SUCCESS
;
1426 static void set_discoverable_complete(struct hci_dev
*hdev
, u8 status
)
1428 struct pending_cmd
*cmd
;
1429 struct mgmt_mode
*cp
;
1430 struct hci_request req
;
1433 BT_DBG("status 0x%02x", status
);
1437 cmd
= mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
);
1442 u8 mgmt_err
= mgmt_status(status
);
1443 cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, mgmt_err
);
1444 clear_bit(HCI_LIMITED_DISCOVERABLE
, &hdev
->dev_flags
);
1450 changed
= !test_and_set_bit(HCI_DISCOVERABLE
,
1453 if (hdev
->discov_timeout
> 0) {
1454 int to
= msecs_to_jiffies(hdev
->discov_timeout
* 1000);
1455 queue_delayed_work(hdev
->workqueue
, &hdev
->discov_off
,
1459 changed
= test_and_clear_bit(HCI_DISCOVERABLE
,
1463 send_settings_rsp(cmd
->sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
1466 new_settings(hdev
, cmd
->sk
);
1468 /* When the discoverable mode gets changed, make sure
1469 * that class of device has the limited discoverable
1470 * bit correctly set.
1472 hci_req_init(&req
, hdev
);
1474 hci_req_run(&req
, NULL
);
1477 mgmt_pending_remove(cmd
);
1480 hci_dev_unlock(hdev
);
1483 static int set_discoverable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1486 struct mgmt_cp_set_discoverable
*cp
= data
;
1487 struct pending_cmd
*cmd
;
1488 struct hci_request req
;
1493 BT_DBG("request for %s", hdev
->name
);
1495 if (!test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
) &&
1496 !test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
1497 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
1498 MGMT_STATUS_REJECTED
);
1500 if (cp
->val
!= 0x00 && cp
->val
!= 0x01 && cp
->val
!= 0x02)
1501 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
1502 MGMT_STATUS_INVALID_PARAMS
);
1504 timeout
= __le16_to_cpu(cp
->timeout
);
1506 /* Disabling discoverable requires that no timeout is set,
1507 * and enabling limited discoverable requires a timeout.
1509 if ((cp
->val
== 0x00 && timeout
> 0) ||
1510 (cp
->val
== 0x02 && timeout
== 0))
1511 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
1512 MGMT_STATUS_INVALID_PARAMS
);
1516 if (!hdev_is_powered(hdev
) && timeout
> 0) {
1517 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
1518 MGMT_STATUS_NOT_POWERED
);
1522 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
1523 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
1524 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
1529 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
)) {
1530 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
1531 MGMT_STATUS_REJECTED
);
1535 if (!hdev_is_powered(hdev
)) {
1536 bool changed
= false;
1538 /* Setting limited discoverable when powered off is
1539 * not a valid operation since it requires a timeout
1540 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1542 if (!!cp
->val
!= test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
)) {
1543 change_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
1547 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
1552 err
= new_settings(hdev
, sk
);
1557 /* If the current mode is the same, then just update the timeout
1558 * value with the new value. And if only the timeout gets updated,
1559 * then no need for any HCI transactions.
1561 if (!!cp
->val
== test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
) &&
1562 (cp
->val
== 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE
,
1563 &hdev
->dev_flags
)) {
1564 cancel_delayed_work(&hdev
->discov_off
);
1565 hdev
->discov_timeout
= timeout
;
1567 if (cp
->val
&& hdev
->discov_timeout
> 0) {
1568 int to
= msecs_to_jiffies(hdev
->discov_timeout
* 1000);
1569 queue_delayed_work(hdev
->workqueue
, &hdev
->discov_off
,
1573 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
1577 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
, data
, len
);
1583 /* Cancel any potential discoverable timeout that might be
1584 * still active and store new timeout value. The arming of
1585 * the timeout happens in the complete handler.
1587 cancel_delayed_work(&hdev
->discov_off
);
1588 hdev
->discov_timeout
= timeout
;
1590 /* Limited discoverable mode */
1591 if (cp
->val
== 0x02)
1592 set_bit(HCI_LIMITED_DISCOVERABLE
, &hdev
->dev_flags
);
1594 clear_bit(HCI_LIMITED_DISCOVERABLE
, &hdev
->dev_flags
);
1596 hci_req_init(&req
, hdev
);
1598 /* The procedure for LE-only controllers is much simpler - just
1599 * update the advertising data.
1601 if (!test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
1607 struct hci_cp_write_current_iac_lap hci_cp
;
1609 if (cp
->val
== 0x02) {
1610 /* Limited discoverable mode */
1611 hci_cp
.num_iac
= min_t(u8
, hdev
->num_iac
, 2);
1612 hci_cp
.iac_lap
[0] = 0x00; /* LIAC */
1613 hci_cp
.iac_lap
[1] = 0x8b;
1614 hci_cp
.iac_lap
[2] = 0x9e;
1615 hci_cp
.iac_lap
[3] = 0x33; /* GIAC */
1616 hci_cp
.iac_lap
[4] = 0x8b;
1617 hci_cp
.iac_lap
[5] = 0x9e;
1619 /* General discoverable mode */
1621 hci_cp
.iac_lap
[0] = 0x33; /* GIAC */
1622 hci_cp
.iac_lap
[1] = 0x8b;
1623 hci_cp
.iac_lap
[2] = 0x9e;
1626 hci_req_add(&req
, HCI_OP_WRITE_CURRENT_IAC_LAP
,
1627 (hci_cp
.num_iac
* 3) + 1, &hci_cp
);
1629 scan
|= SCAN_INQUIRY
;
1631 clear_bit(HCI_LIMITED_DISCOVERABLE
, &hdev
->dev_flags
);
1634 hci_req_add(&req
, HCI_OP_WRITE_SCAN_ENABLE
, sizeof(scan
), &scan
);
1637 update_adv_data(&req
);
1639 err
= hci_req_run(&req
, set_discoverable_complete
);
1641 mgmt_pending_remove(cmd
);
1644 hci_dev_unlock(hdev
);
1648 static void write_fast_connectable(struct hci_request
*req
, bool enable
)
1650 struct hci_dev
*hdev
= req
->hdev
;
1651 struct hci_cp_write_page_scan_activity acp
;
1654 if (!test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
1657 if (hdev
->hci_ver
< BLUETOOTH_VER_1_2
)
1661 type
= PAGE_SCAN_TYPE_INTERLACED
;
1663 /* 160 msec page scan interval */
1664 acp
.interval
= cpu_to_le16(0x0100);
1666 type
= PAGE_SCAN_TYPE_STANDARD
; /* default */
1668 /* default 1.28 sec page scan */
1669 acp
.interval
= cpu_to_le16(0x0800);
1672 acp
.window
= cpu_to_le16(0x0012);
1674 if (__cpu_to_le16(hdev
->page_scan_interval
) != acp
.interval
||
1675 __cpu_to_le16(hdev
->page_scan_window
) != acp
.window
)
1676 hci_req_add(req
, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY
,
1679 if (hdev
->page_scan_type
!= type
)
1680 hci_req_add(req
, HCI_OP_WRITE_PAGE_SCAN_TYPE
, 1, &type
);
1683 static void set_connectable_complete(struct hci_dev
*hdev
, u8 status
)
1685 struct pending_cmd
*cmd
;
1686 struct mgmt_mode
*cp
;
1689 BT_DBG("status 0x%02x", status
);
1693 cmd
= mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
);
1698 u8 mgmt_err
= mgmt_status(status
);
1699 cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, mgmt_err
);
1705 changed
= !test_and_set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
1707 changed
= test_and_clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
1709 send_settings_rsp(cmd
->sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
1712 new_settings(hdev
, cmd
->sk
);
1715 mgmt_pending_remove(cmd
);
1718 hci_dev_unlock(hdev
);
1721 static int set_connectable_update_settings(struct hci_dev
*hdev
,
1722 struct sock
*sk
, u8 val
)
1724 bool changed
= false;
1727 if (!!val
!= test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
1731 set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
1733 clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
1734 clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
1737 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
1742 return new_settings(hdev
, sk
);
1747 static int set_connectable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1750 struct mgmt_mode
*cp
= data
;
1751 struct pending_cmd
*cmd
;
1752 struct hci_request req
;
1756 BT_DBG("request for %s", hdev
->name
);
1758 if (!test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
) &&
1759 !test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
1760 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
1761 MGMT_STATUS_REJECTED
);
1763 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1764 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
1765 MGMT_STATUS_INVALID_PARAMS
);
1769 if (!hdev_is_powered(hdev
)) {
1770 err
= set_connectable_update_settings(hdev
, sk
, cp
->val
);
1774 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
1775 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
1776 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
1781 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
, data
, len
);
1787 hci_req_init(&req
, hdev
);
1789 /* If BR/EDR is not enabled and we disable advertising as a
1790 * by-product of disabling connectable, we need to update the
1791 * advertising flags.
1793 if (!test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
)) {
1795 clear_bit(HCI_LIMITED_DISCOVERABLE
, &hdev
->dev_flags
);
1796 clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
1798 update_adv_data(&req
);
1799 } else if (cp
->val
!= test_bit(HCI_PSCAN
, &hdev
->flags
)) {
1805 if (test_bit(HCI_ISCAN
, &hdev
->flags
) &&
1806 hdev
->discov_timeout
> 0)
1807 cancel_delayed_work(&hdev
->discov_off
);
1810 hci_req_add(&req
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
1813 /* If we're going from non-connectable to connectable or
1814 * vice-versa when fast connectable is enabled ensure that fast
1815 * connectable gets disabled. write_fast_connectable won't do
1816 * anything if the page scan parameters are already what they
1819 if (cp
->val
|| test_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
))
1820 write_fast_connectable(&req
, false);
1822 if (test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
) &&
1823 hci_conn_num(hdev
, LE_LINK
) == 0) {
1824 disable_advertising(&req
);
1825 enable_advertising(&req
);
1828 err
= hci_req_run(&req
, set_connectable_complete
);
1830 mgmt_pending_remove(cmd
);
1831 if (err
== -ENODATA
)
1832 err
= set_connectable_update_settings(hdev
, sk
,
1838 hci_dev_unlock(hdev
);
1842 static int set_pairable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1845 struct mgmt_mode
*cp
= data
;
1849 BT_DBG("request for %s", hdev
->name
);
1851 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1852 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_PAIRABLE
,
1853 MGMT_STATUS_INVALID_PARAMS
);
1858 changed
= !test_and_set_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1860 changed
= test_and_clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1862 err
= send_settings_rsp(sk
, MGMT_OP_SET_PAIRABLE
, hdev
);
1867 err
= new_settings(hdev
, sk
);
1870 hci_dev_unlock(hdev
);
1874 static int set_link_security(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1877 struct mgmt_mode
*cp
= data
;
1878 struct pending_cmd
*cmd
;
1882 BT_DBG("request for %s", hdev
->name
);
1884 status
= mgmt_bredr_support(hdev
);
1886 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1889 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1890 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1891 MGMT_STATUS_INVALID_PARAMS
);
1895 if (!hdev_is_powered(hdev
)) {
1896 bool changed
= false;
1898 if (!!cp
->val
!= test_bit(HCI_LINK_SECURITY
,
1899 &hdev
->dev_flags
)) {
1900 change_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
);
1904 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1909 err
= new_settings(hdev
, sk
);
1914 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY
, hdev
)) {
1915 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1922 if (test_bit(HCI_AUTH
, &hdev
->flags
) == val
) {
1923 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1927 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
, data
, len
);
1933 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, sizeof(val
), &val
);
1935 mgmt_pending_remove(cmd
);
1940 hci_dev_unlock(hdev
);
1944 static int set_ssp(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1946 struct mgmt_mode
*cp
= data
;
1947 struct pending_cmd
*cmd
;
1951 BT_DBG("request for %s", hdev
->name
);
1953 status
= mgmt_bredr_support(hdev
);
1955 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
, status
);
1957 if (!lmp_ssp_capable(hdev
))
1958 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1959 MGMT_STATUS_NOT_SUPPORTED
);
1961 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1962 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1963 MGMT_STATUS_INVALID_PARAMS
);
1967 if (!hdev_is_powered(hdev
)) {
1971 changed
= !test_and_set_bit(HCI_SSP_ENABLED
,
1974 changed
= test_and_clear_bit(HCI_SSP_ENABLED
,
1977 changed
= test_and_clear_bit(HCI_HS_ENABLED
,
1980 clear_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1983 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1988 err
= new_settings(hdev
, sk
);
1993 if (mgmt_pending_find(MGMT_OP_SET_SSP
, hdev
) ||
1994 mgmt_pending_find(MGMT_OP_SET_HS
, hdev
)) {
1995 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
2000 if (!!cp
->val
== test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
2001 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
2005 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_SSP
, hdev
, data
, len
);
2011 if (!cp
->val
&& test_bit(HCI_USE_DEBUG_KEYS
, &hdev
->dev_flags
))
2012 hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_DEBUG_MODE
,
2013 sizeof(cp
->val
), &cp
->val
);
2015 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_MODE
, 1, &cp
->val
);
2017 mgmt_pending_remove(cmd
);
2022 hci_dev_unlock(hdev
);
2026 static int set_hs(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
2028 struct mgmt_mode
*cp
= data
;
2033 BT_DBG("request for %s", hdev
->name
);
2035 status
= mgmt_bredr_support(hdev
);
2037 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
, status
);
2039 if (!lmp_ssp_capable(hdev
))
2040 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
2041 MGMT_STATUS_NOT_SUPPORTED
);
2043 if (!test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
2044 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
2045 MGMT_STATUS_REJECTED
);
2047 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
2048 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
2049 MGMT_STATUS_INVALID_PARAMS
);
2054 changed
= !test_and_set_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
2056 if (hdev_is_powered(hdev
)) {
2057 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
2058 MGMT_STATUS_REJECTED
);
2062 changed
= test_and_clear_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
2065 err
= send_settings_rsp(sk
, MGMT_OP_SET_HS
, hdev
);
2070 err
= new_settings(hdev
, sk
);
2073 hci_dev_unlock(hdev
);
2077 static void le_enable_complete(struct hci_dev
*hdev
, u8 status
)
2079 struct cmd_lookup match
= { NULL
, hdev
};
2082 u8 mgmt_err
= mgmt_status(status
);
2084 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, cmd_status_rsp
,
2089 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, settings_rsp
, &match
);
2091 new_settings(hdev
, match
.sk
);
2096 /* Make sure the controller has a good default for
2097 * advertising data. Restrict the update to when LE
2098 * has actually been enabled. During power on, the
2099 * update in powered_update_hci will take care of it.
2101 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
2102 struct hci_request req
;
2106 hci_req_init(&req
, hdev
);
2107 update_adv_data(&req
);
2108 update_scan_rsp_data(&req
);
2109 hci_req_run(&req
, NULL
);
2111 hci_dev_unlock(hdev
);
2115 static int set_le(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
2117 struct mgmt_mode
*cp
= data
;
2118 struct hci_cp_write_le_host_supported hci_cp
;
2119 struct pending_cmd
*cmd
;
2120 struct hci_request req
;
2124 BT_DBG("request for %s", hdev
->name
);
2126 if (!lmp_le_capable(hdev
))
2127 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
2128 MGMT_STATUS_NOT_SUPPORTED
);
2130 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
2131 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
2132 MGMT_STATUS_INVALID_PARAMS
);
2134 /* LE-only devices do not allow toggling LE on/off */
2135 if (!test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
2136 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
2137 MGMT_STATUS_REJECTED
);
2142 enabled
= lmp_host_le_capable(hdev
);
2144 if (!hdev_is_powered(hdev
) || val
== enabled
) {
2145 bool changed
= false;
2147 if (val
!= test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
2148 change_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
);
2152 if (!val
&& test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
)) {
2153 clear_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
2157 err
= send_settings_rsp(sk
, MGMT_OP_SET_LE
, hdev
);
2162 err
= new_settings(hdev
, sk
);
2167 if (mgmt_pending_find(MGMT_OP_SET_LE
, hdev
) ||
2168 mgmt_pending_find(MGMT_OP_SET_ADVERTISING
, hdev
)) {
2169 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
2174 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LE
, hdev
, data
, len
);
2180 hci_req_init(&req
, hdev
);
2182 memset(&hci_cp
, 0, sizeof(hci_cp
));
2186 hci_cp
.simul
= lmp_le_br_capable(hdev
);
2188 if (test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
))
2189 disable_advertising(&req
);
2192 hci_req_add(&req
, HCI_OP_WRITE_LE_HOST_SUPPORTED
, sizeof(hci_cp
),
2195 err
= hci_req_run(&req
, le_enable_complete
);
2197 mgmt_pending_remove(cmd
);
2200 hci_dev_unlock(hdev
);
2204 /* This is a helper function to test for pending mgmt commands that can
2205 * cause CoD or EIR HCI commands. We can only allow one such pending
2206 * mgmt command at a time since otherwise we cannot easily track what
2207 * the current values are, will be, and based on that calculate if a new
2208 * HCI command needs to be sent and if yes with what value.
2210 static bool pending_eir_or_class(struct hci_dev
*hdev
)
2212 struct pending_cmd
*cmd
;
2214 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
2215 switch (cmd
->opcode
) {
2216 case MGMT_OP_ADD_UUID
:
2217 case MGMT_OP_REMOVE_UUID
:
2218 case MGMT_OP_SET_DEV_CLASS
:
2219 case MGMT_OP_SET_POWERED
:
2227 static const u8 bluetooth_base_uuid
[] = {
2228 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2229 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2232 static u8
get_uuid_size(const u8
*uuid
)
2236 if (memcmp(uuid
, bluetooth_base_uuid
, 12))
2239 val
= get_unaligned_le32(&uuid
[12]);
2246 static void mgmt_class_complete(struct hci_dev
*hdev
, u16 mgmt_op
, u8 status
)
2248 struct pending_cmd
*cmd
;
2252 cmd
= mgmt_pending_find(mgmt_op
, hdev
);
2256 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, mgmt_status(status
),
2257 hdev
->dev_class
, 3);
2259 mgmt_pending_remove(cmd
);
2262 hci_dev_unlock(hdev
);
2265 static void add_uuid_complete(struct hci_dev
*hdev
, u8 status
)
2267 BT_DBG("status 0x%02x", status
);
2269 mgmt_class_complete(hdev
, MGMT_OP_ADD_UUID
, status
);
2272 static int add_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
2274 struct mgmt_cp_add_uuid
*cp
= data
;
2275 struct pending_cmd
*cmd
;
2276 struct hci_request req
;
2277 struct bt_uuid
*uuid
;
2280 BT_DBG("request for %s", hdev
->name
);
2284 if (pending_eir_or_class(hdev
)) {
2285 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_UUID
,
2290 uuid
= kmalloc(sizeof(*uuid
), GFP_KERNEL
);
2296 memcpy(uuid
->uuid
, cp
->uuid
, 16);
2297 uuid
->svc_hint
= cp
->svc_hint
;
2298 uuid
->size
= get_uuid_size(cp
->uuid
);
2300 list_add_tail(&uuid
->list
, &hdev
->uuids
);
2302 hci_req_init(&req
, hdev
);
2307 err
= hci_req_run(&req
, add_uuid_complete
);
2309 if (err
!= -ENODATA
)
2312 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_UUID
, 0,
2313 hdev
->dev_class
, 3);
2317 cmd
= mgmt_pending_add(sk
, MGMT_OP_ADD_UUID
, hdev
, data
, len
);
2326 hci_dev_unlock(hdev
);
2330 static bool enable_service_cache(struct hci_dev
*hdev
)
2332 if (!hdev_is_powered(hdev
))
2335 if (!test_and_set_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
2336 queue_delayed_work(hdev
->workqueue
, &hdev
->service_cache
,
2344 static void remove_uuid_complete(struct hci_dev
*hdev
, u8 status
)
2346 BT_DBG("status 0x%02x", status
);
2348 mgmt_class_complete(hdev
, MGMT_OP_REMOVE_UUID
, status
);
2351 static int remove_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2354 struct mgmt_cp_remove_uuid
*cp
= data
;
2355 struct pending_cmd
*cmd
;
2356 struct bt_uuid
*match
, *tmp
;
2357 u8 bt_uuid_any
[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2358 struct hci_request req
;
2361 BT_DBG("request for %s", hdev
->name
);
2365 if (pending_eir_or_class(hdev
)) {
2366 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
2371 if (memcmp(cp
->uuid
, bt_uuid_any
, 16) == 0) {
2372 hci_uuids_clear(hdev
);
2374 if (enable_service_cache(hdev
)) {
2375 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
2376 0, hdev
->dev_class
, 3);
2385 list_for_each_entry_safe(match
, tmp
, &hdev
->uuids
, list
) {
2386 if (memcmp(match
->uuid
, cp
->uuid
, 16) != 0)
2389 list_del(&match
->list
);
2395 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
2396 MGMT_STATUS_INVALID_PARAMS
);
2401 hci_req_init(&req
, hdev
);
2406 err
= hci_req_run(&req
, remove_uuid_complete
);
2408 if (err
!= -ENODATA
)
2411 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
, 0,
2412 hdev
->dev_class
, 3);
2416 cmd
= mgmt_pending_add(sk
, MGMT_OP_REMOVE_UUID
, hdev
, data
, len
);
2425 hci_dev_unlock(hdev
);
2429 static void set_class_complete(struct hci_dev
*hdev
, u8 status
)
2431 BT_DBG("status 0x%02x", status
);
2433 mgmt_class_complete(hdev
, MGMT_OP_SET_DEV_CLASS
, status
);
2436 static int set_dev_class(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2439 struct mgmt_cp_set_dev_class
*cp
= data
;
2440 struct pending_cmd
*cmd
;
2441 struct hci_request req
;
2444 BT_DBG("request for %s", hdev
->name
);
2446 if (!lmp_bredr_capable(hdev
))
2447 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
2448 MGMT_STATUS_NOT_SUPPORTED
);
2452 if (pending_eir_or_class(hdev
)) {
2453 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
2458 if ((cp
->minor
& 0x03) != 0 || (cp
->major
& 0xe0) != 0) {
2459 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
2460 MGMT_STATUS_INVALID_PARAMS
);
2464 hdev
->major_class
= cp
->major
;
2465 hdev
->minor_class
= cp
->minor
;
2467 if (!hdev_is_powered(hdev
)) {
2468 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
2469 hdev
->dev_class
, 3);
2473 hci_req_init(&req
, hdev
);
2475 if (test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
2476 hci_dev_unlock(hdev
);
2477 cancel_delayed_work_sync(&hdev
->service_cache
);
2484 err
= hci_req_run(&req
, set_class_complete
);
2486 if (err
!= -ENODATA
)
2489 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
2490 hdev
->dev_class
, 3);
2494 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DEV_CLASS
, hdev
, data
, len
);
2503 hci_dev_unlock(hdev
);
2507 static int load_link_keys(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2510 struct mgmt_cp_load_link_keys
*cp
= data
;
2511 const u16 max_key_count
= ((U16_MAX
- sizeof(*cp
)) /
2512 sizeof(struct mgmt_link_key_info
));
2513 u16 key_count
, expected_len
;
2517 BT_DBG("request for %s", hdev
->name
);
2519 if (!lmp_bredr_capable(hdev
))
2520 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
2521 MGMT_STATUS_NOT_SUPPORTED
);
2523 key_count
= __le16_to_cpu(cp
->key_count
);
2524 if (key_count
> max_key_count
) {
2525 BT_ERR("load_link_keys: too big key_count value %u",
2527 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
2528 MGMT_STATUS_INVALID_PARAMS
);
2531 expected_len
= sizeof(*cp
) + key_count
*
2532 sizeof(struct mgmt_link_key_info
);
2533 if (expected_len
!= len
) {
2534 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2536 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
2537 MGMT_STATUS_INVALID_PARAMS
);
2540 if (cp
->debug_keys
!= 0x00 && cp
->debug_keys
!= 0x01)
2541 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
2542 MGMT_STATUS_INVALID_PARAMS
);
2544 BT_DBG("%s debug_keys %u key_count %u", hdev
->name
, cp
->debug_keys
,
2547 for (i
= 0; i
< key_count
; i
++) {
2548 struct mgmt_link_key_info
*key
= &cp
->keys
[i
];
2550 if (key
->addr
.type
!= BDADDR_BREDR
|| key
->type
> 0x08)
2551 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
2552 MGMT_STATUS_INVALID_PARAMS
);
2557 hci_link_keys_clear(hdev
);
2560 changed
= !test_and_set_bit(HCI_KEEP_DEBUG_KEYS
,
2563 changed
= test_and_clear_bit(HCI_KEEP_DEBUG_KEYS
,
2567 new_settings(hdev
, NULL
);
2569 for (i
= 0; i
< key_count
; i
++) {
2570 struct mgmt_link_key_info
*key
= &cp
->keys
[i
];
2572 /* Always ignore debug keys and require a new pairing if
2573 * the user wants to use them.
2575 if (key
->type
== HCI_LK_DEBUG_COMBINATION
)
2578 hci_add_link_key(hdev
, NULL
, &key
->addr
.bdaddr
, key
->val
,
2579 key
->type
, key
->pin_len
, NULL
);
2582 cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
, 0, NULL
, 0);
2584 hci_dev_unlock(hdev
);
2589 static int device_unpaired(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
2590 u8 addr_type
, struct sock
*skip_sk
)
2592 struct mgmt_ev_device_unpaired ev
;
2594 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
2595 ev
.addr
.type
= addr_type
;
2597 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED
, hdev
, &ev
, sizeof(ev
),
2601 static int unpair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2604 struct mgmt_cp_unpair_device
*cp
= data
;
2605 struct mgmt_rp_unpair_device rp
;
2606 struct hci_cp_disconnect dc
;
2607 struct pending_cmd
*cmd
;
2608 struct hci_conn
*conn
;
2611 memset(&rp
, 0, sizeof(rp
));
2612 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
2613 rp
.addr
.type
= cp
->addr
.type
;
2615 if (!bdaddr_type_is_valid(cp
->addr
.type
))
2616 return cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
2617 MGMT_STATUS_INVALID_PARAMS
,
2620 if (cp
->disconnect
!= 0x00 && cp
->disconnect
!= 0x01)
2621 return cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
2622 MGMT_STATUS_INVALID_PARAMS
,
2627 if (!hdev_is_powered(hdev
)) {
2628 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
2629 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
2633 if (cp
->addr
.type
== BDADDR_BREDR
) {
2634 err
= hci_remove_link_key(hdev
, &cp
->addr
.bdaddr
);
2638 if (cp
->addr
.type
== BDADDR_LE_PUBLIC
)
2639 addr_type
= ADDR_LE_DEV_PUBLIC
;
2641 addr_type
= ADDR_LE_DEV_RANDOM
;
2643 hci_remove_irk(hdev
, &cp
->addr
.bdaddr
, addr_type
);
2645 hci_conn_params_del(hdev
, &cp
->addr
.bdaddr
, addr_type
);
2647 err
= hci_remove_ltk(hdev
, &cp
->addr
.bdaddr
, addr_type
);
2651 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
2652 MGMT_STATUS_NOT_PAIRED
, &rp
, sizeof(rp
));
2656 if (cp
->disconnect
) {
2657 if (cp
->addr
.type
== BDADDR_BREDR
)
2658 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
2661 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
,
2668 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
, 0,
2670 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, sk
);
2674 cmd
= mgmt_pending_add(sk
, MGMT_OP_UNPAIR_DEVICE
, hdev
, cp
,
2681 dc
.handle
= cpu_to_le16(conn
->handle
);
2682 dc
.reason
= 0x13; /* Remote User Terminated Connection */
2683 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
2685 mgmt_pending_remove(cmd
);
2688 hci_dev_unlock(hdev
);
2692 static int disconnect(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2695 struct mgmt_cp_disconnect
*cp
= data
;
2696 struct mgmt_rp_disconnect rp
;
2697 struct hci_cp_disconnect dc
;
2698 struct pending_cmd
*cmd
;
2699 struct hci_conn
*conn
;
2704 memset(&rp
, 0, sizeof(rp
));
2705 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
2706 rp
.addr
.type
= cp
->addr
.type
;
2708 if (!bdaddr_type_is_valid(cp
->addr
.type
))
2709 return cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
2710 MGMT_STATUS_INVALID_PARAMS
,
2715 if (!test_bit(HCI_UP
, &hdev
->flags
)) {
2716 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
2717 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
2721 if (mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
)) {
2722 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
2723 MGMT_STATUS_BUSY
, &rp
, sizeof(rp
));
2727 if (cp
->addr
.type
== BDADDR_BREDR
)
2728 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
2731 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->addr
.bdaddr
);
2733 if (!conn
|| conn
->state
== BT_OPEN
|| conn
->state
== BT_CLOSED
) {
2734 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
2735 MGMT_STATUS_NOT_CONNECTED
, &rp
, sizeof(rp
));
2739 cmd
= mgmt_pending_add(sk
, MGMT_OP_DISCONNECT
, hdev
, data
, len
);
2745 dc
.handle
= cpu_to_le16(conn
->handle
);
2746 dc
.reason
= HCI_ERROR_REMOTE_USER_TERM
;
2748 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
2750 mgmt_pending_remove(cmd
);
2753 hci_dev_unlock(hdev
);
2757 static u8
link_to_bdaddr(u8 link_type
, u8 addr_type
)
2759 switch (link_type
) {
2761 switch (addr_type
) {
2762 case ADDR_LE_DEV_PUBLIC
:
2763 return BDADDR_LE_PUBLIC
;
2766 /* Fallback to LE Random address type */
2767 return BDADDR_LE_RANDOM
;
2771 /* Fallback to BR/EDR type */
2772 return BDADDR_BREDR
;
2776 static int get_connections(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2779 struct mgmt_rp_get_connections
*rp
;
2789 if (!hdev_is_powered(hdev
)) {
2790 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
,
2791 MGMT_STATUS_NOT_POWERED
);
2796 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
2797 if (test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
2801 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
2802 rp
= kmalloc(rp_len
, GFP_KERNEL
);
2809 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
2810 if (!test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
2812 bacpy(&rp
->addr
[i
].bdaddr
, &c
->dst
);
2813 rp
->addr
[i
].type
= link_to_bdaddr(c
->type
, c
->dst_type
);
2814 if (c
->type
== SCO_LINK
|| c
->type
== ESCO_LINK
)
2819 rp
->conn_count
= cpu_to_le16(i
);
2821 /* Recalculate length in case of filtered SCO connections, etc */
2822 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
2824 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
, 0, rp
,
2830 hci_dev_unlock(hdev
);
2834 static int send_pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2835 struct mgmt_cp_pin_code_neg_reply
*cp
)
2837 struct pending_cmd
*cmd
;
2840 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
, cp
,
2845 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
2846 sizeof(cp
->addr
.bdaddr
), &cp
->addr
.bdaddr
);
2848 mgmt_pending_remove(cmd
);
2853 static int pin_code_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2856 struct hci_conn
*conn
;
2857 struct mgmt_cp_pin_code_reply
*cp
= data
;
2858 struct hci_cp_pin_code_reply reply
;
2859 struct pending_cmd
*cmd
;
2866 if (!hdev_is_powered(hdev
)) {
2867 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
2868 MGMT_STATUS_NOT_POWERED
);
2872 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
);
2874 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
2875 MGMT_STATUS_NOT_CONNECTED
);
2879 if (conn
->pending_sec_level
== BT_SECURITY_HIGH
&& cp
->pin_len
!= 16) {
2880 struct mgmt_cp_pin_code_neg_reply ncp
;
2882 memcpy(&ncp
.addr
, &cp
->addr
, sizeof(ncp
.addr
));
2884 BT_ERR("PIN code is not 16 bytes long");
2886 err
= send_pin_code_neg_reply(sk
, hdev
, &ncp
);
2888 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
2889 MGMT_STATUS_INVALID_PARAMS
);
2894 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_REPLY
, hdev
, data
, len
);
2900 bacpy(&reply
.bdaddr
, &cp
->addr
.bdaddr
);
2901 reply
.pin_len
= cp
->pin_len
;
2902 memcpy(reply
.pin_code
, cp
->pin_code
, sizeof(reply
.pin_code
));
2904 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_REPLY
, sizeof(reply
), &reply
);
2906 mgmt_pending_remove(cmd
);
2909 hci_dev_unlock(hdev
);
2913 static int set_io_capability(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2916 struct mgmt_cp_set_io_capability
*cp
= data
;
2920 if (cp
->io_capability
> SMP_IO_KEYBOARD_DISPLAY
)
2921 return cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_IO_CAPABILITY
,
2922 MGMT_STATUS_INVALID_PARAMS
, NULL
, 0);
2926 hdev
->io_capability
= cp
->io_capability
;
2928 BT_DBG("%s IO capability set to 0x%02x", hdev
->name
,
2929 hdev
->io_capability
);
2931 hci_dev_unlock(hdev
);
2933 return cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_IO_CAPABILITY
, 0, NULL
,
2937 static struct pending_cmd
*find_pairing(struct hci_conn
*conn
)
2939 struct hci_dev
*hdev
= conn
->hdev
;
2940 struct pending_cmd
*cmd
;
2942 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
2943 if (cmd
->opcode
!= MGMT_OP_PAIR_DEVICE
)
2946 if (cmd
->user_data
!= conn
)
2955 static void pairing_complete(struct pending_cmd
*cmd
, u8 status
)
2957 struct mgmt_rp_pair_device rp
;
2958 struct hci_conn
*conn
= cmd
->user_data
;
2960 bacpy(&rp
.addr
.bdaddr
, &conn
->dst
);
2961 rp
.addr
.type
= link_to_bdaddr(conn
->type
, conn
->dst_type
);
2963 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_PAIR_DEVICE
, status
,
2966 /* So we don't get further callbacks for this connection */
2967 conn
->connect_cfm_cb
= NULL
;
2968 conn
->security_cfm_cb
= NULL
;
2969 conn
->disconn_cfm_cb
= NULL
;
2971 hci_conn_drop(conn
);
2973 mgmt_pending_remove(cmd
);
2976 void mgmt_smp_complete(struct hci_conn
*conn
, bool complete
)
2978 u8 status
= complete
? MGMT_STATUS_SUCCESS
: MGMT_STATUS_FAILED
;
2979 struct pending_cmd
*cmd
;
2981 cmd
= find_pairing(conn
);
2983 pairing_complete(cmd
, status
);
2986 static void pairing_complete_cb(struct hci_conn
*conn
, u8 status
)
2988 struct pending_cmd
*cmd
;
2990 BT_DBG("status %u", status
);
2992 cmd
= find_pairing(conn
);
2994 BT_DBG("Unable to find a pending command");
2996 pairing_complete(cmd
, mgmt_status(status
));
2999 static void le_pairing_complete_cb(struct hci_conn
*conn
, u8 status
)
3001 struct pending_cmd
*cmd
;
3003 BT_DBG("status %u", status
);
3008 cmd
= find_pairing(conn
);
3010 BT_DBG("Unable to find a pending command");
3012 pairing_complete(cmd
, mgmt_status(status
));
3015 static int pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3018 struct mgmt_cp_pair_device
*cp
= data
;
3019 struct mgmt_rp_pair_device rp
;
3020 struct pending_cmd
*cmd
;
3021 u8 sec_level
, auth_type
;
3022 struct hci_conn
*conn
;
3027 memset(&rp
, 0, sizeof(rp
));
3028 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
3029 rp
.addr
.type
= cp
->addr
.type
;
3031 if (!bdaddr_type_is_valid(cp
->addr
.type
))
3032 return cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
3033 MGMT_STATUS_INVALID_PARAMS
,
3036 if (cp
->io_cap
> SMP_IO_KEYBOARD_DISPLAY
)
3037 return cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
3038 MGMT_STATUS_INVALID_PARAMS
,
3043 if (!hdev_is_powered(hdev
)) {
3044 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
3045 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
3049 sec_level
= BT_SECURITY_MEDIUM
;
3050 auth_type
= HCI_AT_DEDICATED_BONDING
;
3052 if (cp
->addr
.type
== BDADDR_BREDR
) {
3053 conn
= hci_connect_acl(hdev
, &cp
->addr
.bdaddr
, sec_level
,
3058 /* Convert from L2CAP channel address type to HCI address type
3060 if (cp
->addr
.type
== BDADDR_LE_PUBLIC
)
3061 addr_type
= ADDR_LE_DEV_PUBLIC
;
3063 addr_type
= ADDR_LE_DEV_RANDOM
;
3065 /* When pairing a new device, it is expected to remember
3066 * this device for future connections. Adding the connection
3067 * parameter information ahead of time allows tracking
3068 * of the slave preferred values and will speed up any
3069 * further connection establishment.
3071 * If connection parameters already exist, then they
3072 * will be kept and this function does nothing.
3074 hci_conn_params_add(hdev
, &cp
->addr
.bdaddr
, addr_type
);
3076 conn
= hci_connect_le(hdev
, &cp
->addr
.bdaddr
, addr_type
,
3077 sec_level
, auth_type
);
3083 if (PTR_ERR(conn
) == -EBUSY
)
3084 status
= MGMT_STATUS_BUSY
;
3086 status
= MGMT_STATUS_CONNECT_FAILED
;
3088 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
3094 if (conn
->connect_cfm_cb
) {
3095 hci_conn_drop(conn
);
3096 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
3097 MGMT_STATUS_BUSY
, &rp
, sizeof(rp
));
3101 cmd
= mgmt_pending_add(sk
, MGMT_OP_PAIR_DEVICE
, hdev
, data
, len
);
3104 hci_conn_drop(conn
);
3108 /* For LE, just connecting isn't a proof that the pairing finished */
3109 if (cp
->addr
.type
== BDADDR_BREDR
) {
3110 conn
->connect_cfm_cb
= pairing_complete_cb
;
3111 conn
->security_cfm_cb
= pairing_complete_cb
;
3112 conn
->disconn_cfm_cb
= pairing_complete_cb
;
3114 conn
->connect_cfm_cb
= le_pairing_complete_cb
;
3115 conn
->security_cfm_cb
= le_pairing_complete_cb
;
3116 conn
->disconn_cfm_cb
= le_pairing_complete_cb
;
3119 conn
->io_capability
= cp
->io_cap
;
3120 cmd
->user_data
= conn
;
3122 if (conn
->state
== BT_CONNECTED
&&
3123 hci_conn_security(conn
, sec_level
, auth_type
))
3124 pairing_complete(cmd
, 0);
3129 hci_dev_unlock(hdev
);
3133 static int cancel_pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3136 struct mgmt_addr_info
*addr
= data
;
3137 struct pending_cmd
*cmd
;
3138 struct hci_conn
*conn
;
3145 if (!hdev_is_powered(hdev
)) {
3146 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
3147 MGMT_STATUS_NOT_POWERED
);
3151 cmd
= mgmt_pending_find(MGMT_OP_PAIR_DEVICE
, hdev
);
3153 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
3154 MGMT_STATUS_INVALID_PARAMS
);
3158 conn
= cmd
->user_data
;
3160 if (bacmp(&addr
->bdaddr
, &conn
->dst
) != 0) {
3161 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
3162 MGMT_STATUS_INVALID_PARAMS
);
3166 pairing_complete(cmd
, MGMT_STATUS_CANCELLED
);
3168 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
, 0,
3169 addr
, sizeof(*addr
));
3171 hci_dev_unlock(hdev
);
3175 static int user_pairing_resp(struct sock
*sk
, struct hci_dev
*hdev
,
3176 struct mgmt_addr_info
*addr
, u16 mgmt_op
,
3177 u16 hci_op
, __le32 passkey
)
3179 struct pending_cmd
*cmd
;
3180 struct hci_conn
*conn
;
3185 if (!hdev_is_powered(hdev
)) {
3186 err
= cmd_complete(sk
, hdev
->id
, mgmt_op
,
3187 MGMT_STATUS_NOT_POWERED
, addr
,
3192 if (addr
->type
== BDADDR_BREDR
)
3193 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &addr
->bdaddr
);
3195 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &addr
->bdaddr
);
3198 err
= cmd_complete(sk
, hdev
->id
, mgmt_op
,
3199 MGMT_STATUS_NOT_CONNECTED
, addr
,
3204 if (addr
->type
== BDADDR_LE_PUBLIC
|| addr
->type
== BDADDR_LE_RANDOM
) {
3205 err
= smp_user_confirm_reply(conn
, mgmt_op
, passkey
);
3207 err
= cmd_complete(sk
, hdev
->id
, mgmt_op
,
3208 MGMT_STATUS_SUCCESS
, addr
,
3211 err
= cmd_complete(sk
, hdev
->id
, mgmt_op
,
3212 MGMT_STATUS_FAILED
, addr
,
3218 cmd
= mgmt_pending_add(sk
, mgmt_op
, hdev
, addr
, sizeof(*addr
));
3224 /* Continue with pairing via HCI */
3225 if (hci_op
== HCI_OP_USER_PASSKEY_REPLY
) {
3226 struct hci_cp_user_passkey_reply cp
;
3228 bacpy(&cp
.bdaddr
, &addr
->bdaddr
);
3229 cp
.passkey
= passkey
;
3230 err
= hci_send_cmd(hdev
, hci_op
, sizeof(cp
), &cp
);
3232 err
= hci_send_cmd(hdev
, hci_op
, sizeof(addr
->bdaddr
),
3236 mgmt_pending_remove(cmd
);
3239 hci_dev_unlock(hdev
);
3243 static int pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
3244 void *data
, u16 len
)
3246 struct mgmt_cp_pin_code_neg_reply
*cp
= data
;
3250 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
3251 MGMT_OP_PIN_CODE_NEG_REPLY
,
3252 HCI_OP_PIN_CODE_NEG_REPLY
, 0);
3255 static int user_confirm_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3258 struct mgmt_cp_user_confirm_reply
*cp
= data
;
3262 if (len
!= sizeof(*cp
))
3263 return cmd_status(sk
, hdev
->id
, MGMT_OP_USER_CONFIRM_REPLY
,
3264 MGMT_STATUS_INVALID_PARAMS
);
3266 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
3267 MGMT_OP_USER_CONFIRM_REPLY
,
3268 HCI_OP_USER_CONFIRM_REPLY
, 0);
3271 static int user_confirm_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
3272 void *data
, u16 len
)
3274 struct mgmt_cp_user_confirm_neg_reply
*cp
= data
;
3278 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
3279 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
3280 HCI_OP_USER_CONFIRM_NEG_REPLY
, 0);
3283 static int user_passkey_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3286 struct mgmt_cp_user_passkey_reply
*cp
= data
;
3290 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
3291 MGMT_OP_USER_PASSKEY_REPLY
,
3292 HCI_OP_USER_PASSKEY_REPLY
, cp
->passkey
);
3295 static int user_passkey_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
3296 void *data
, u16 len
)
3298 struct mgmt_cp_user_passkey_neg_reply
*cp
= data
;
3302 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
3303 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
3304 HCI_OP_USER_PASSKEY_NEG_REPLY
, 0);
3307 static void update_name(struct hci_request
*req
)
3309 struct hci_dev
*hdev
= req
->hdev
;
3310 struct hci_cp_write_local_name cp
;
3312 memcpy(cp
.name
, hdev
->dev_name
, sizeof(cp
.name
));
3314 hci_req_add(req
, HCI_OP_WRITE_LOCAL_NAME
, sizeof(cp
), &cp
);
3317 static void set_name_complete(struct hci_dev
*hdev
, u8 status
)
3319 struct mgmt_cp_set_local_name
*cp
;
3320 struct pending_cmd
*cmd
;
3322 BT_DBG("status 0x%02x", status
);
3326 cmd
= mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME
, hdev
);
3333 cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
,
3334 mgmt_status(status
));
3336 cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
3339 mgmt_pending_remove(cmd
);
3342 hci_dev_unlock(hdev
);
3345 static int set_local_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3348 struct mgmt_cp_set_local_name
*cp
= data
;
3349 struct pending_cmd
*cmd
;
3350 struct hci_request req
;
3357 /* If the old values are the same as the new ones just return a
3358 * direct command complete event.
3360 if (!memcmp(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
)) &&
3361 !memcmp(hdev
->short_name
, cp
->short_name
,
3362 sizeof(hdev
->short_name
))) {
3363 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
3368 memcpy(hdev
->short_name
, cp
->short_name
, sizeof(hdev
->short_name
));
3370 if (!hdev_is_powered(hdev
)) {
3371 memcpy(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
));
3373 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
3378 err
= mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, data
, len
,
3384 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LOCAL_NAME
, hdev
, data
, len
);
3390 memcpy(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
));
3392 hci_req_init(&req
, hdev
);
3394 if (lmp_bredr_capable(hdev
)) {
3399 /* The name is stored in the scan response data and so
3400 * no need to udpate the advertising data here.
3402 if (lmp_le_capable(hdev
))
3403 update_scan_rsp_data(&req
);
3405 err
= hci_req_run(&req
, set_name_complete
);
3407 mgmt_pending_remove(cmd
);
3410 hci_dev_unlock(hdev
);
3414 static int read_local_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
3415 void *data
, u16 data_len
)
3417 struct pending_cmd
*cmd
;
3420 BT_DBG("%s", hdev
->name
);
3424 if (!hdev_is_powered(hdev
)) {
3425 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
3426 MGMT_STATUS_NOT_POWERED
);
3430 if (!lmp_ssp_capable(hdev
)) {
3431 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
3432 MGMT_STATUS_NOT_SUPPORTED
);
3436 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
)) {
3437 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
3442 cmd
= mgmt_pending_add(sk
, MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
, NULL
, 0);
3448 if (test_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
))
3449 err
= hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_OOB_EXT_DATA
,
3452 err
= hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_OOB_DATA
, 0, NULL
);
3455 mgmt_pending_remove(cmd
);
3458 hci_dev_unlock(hdev
);
3462 static int add_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
3463 void *data
, u16 len
)
3467 BT_DBG("%s ", hdev
->name
);
3471 if (len
== MGMT_ADD_REMOTE_OOB_DATA_SIZE
) {
3472 struct mgmt_cp_add_remote_oob_data
*cp
= data
;
3475 err
= hci_add_remote_oob_data(hdev
, &cp
->addr
.bdaddr
,
3476 cp
->hash
, cp
->randomizer
);
3478 status
= MGMT_STATUS_FAILED
;
3480 status
= MGMT_STATUS_SUCCESS
;
3482 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
,
3483 status
, &cp
->addr
, sizeof(cp
->addr
));
3484 } else if (len
== MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE
) {
3485 struct mgmt_cp_add_remote_oob_ext_data
*cp
= data
;
3488 err
= hci_add_remote_oob_ext_data(hdev
, &cp
->addr
.bdaddr
,
3494 status
= MGMT_STATUS_FAILED
;
3496 status
= MGMT_STATUS_SUCCESS
;
3498 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
,
3499 status
, &cp
->addr
, sizeof(cp
->addr
));
3501 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len
);
3502 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
,
3503 MGMT_STATUS_INVALID_PARAMS
);
3506 hci_dev_unlock(hdev
);
3510 static int remove_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
3511 void *data
, u16 len
)
3513 struct mgmt_cp_remove_remote_oob_data
*cp
= data
;
3517 BT_DBG("%s", hdev
->name
);
3521 err
= hci_remove_remote_oob_data(hdev
, &cp
->addr
.bdaddr
);
3523 status
= MGMT_STATUS_INVALID_PARAMS
;
3525 status
= MGMT_STATUS_SUCCESS
;
3527 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
3528 status
, &cp
->addr
, sizeof(cp
->addr
));
3530 hci_dev_unlock(hdev
);
3534 static int mgmt_start_discovery_failed(struct hci_dev
*hdev
, u8 status
)
3536 struct pending_cmd
*cmd
;
3540 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
3542 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
3546 type
= hdev
->discovery
.type
;
3548 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
3549 &type
, sizeof(type
));
3550 mgmt_pending_remove(cmd
);
3555 static void start_discovery_complete(struct hci_dev
*hdev
, u8 status
)
3557 unsigned long timeout
= 0;
3559 BT_DBG("status %d", status
);
3563 mgmt_start_discovery_failed(hdev
, status
);
3564 hci_dev_unlock(hdev
);
3569 hci_discovery_set_state(hdev
, DISCOVERY_FINDING
);
3570 hci_dev_unlock(hdev
);
3572 switch (hdev
->discovery
.type
) {
3573 case DISCOV_TYPE_LE
:
3574 timeout
= msecs_to_jiffies(DISCOV_LE_TIMEOUT
);
3577 case DISCOV_TYPE_INTERLEAVED
:
3578 timeout
= msecs_to_jiffies(hdev
->discov_interleaved_timeout
);
3581 case DISCOV_TYPE_BREDR
:
3585 BT_ERR("Invalid discovery type %d", hdev
->discovery
.type
);
3591 queue_delayed_work(hdev
->workqueue
, &hdev
->le_scan_disable
, timeout
);
3594 static int start_discovery(struct sock
*sk
, struct hci_dev
*hdev
,
3595 void *data
, u16 len
)
3597 struct mgmt_cp_start_discovery
*cp
= data
;
3598 struct pending_cmd
*cmd
;
3599 struct hci_cp_le_set_scan_param param_cp
;
3600 struct hci_cp_le_set_scan_enable enable_cp
;
3601 struct hci_cp_inquiry inq_cp
;
3602 struct hci_request req
;
3603 /* General inquiry access code (GIAC) */
3604 u8 lap
[3] = { 0x33, 0x8b, 0x9e };
3605 u8 status
, own_addr_type
;
3608 BT_DBG("%s", hdev
->name
);
3612 if (!hdev_is_powered(hdev
)) {
3613 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3614 MGMT_STATUS_NOT_POWERED
);
3618 if (test_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
)) {
3619 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3624 if (hdev
->discovery
.state
!= DISCOVERY_STOPPED
) {
3625 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3630 cmd
= mgmt_pending_add(sk
, MGMT_OP_START_DISCOVERY
, hdev
, NULL
, 0);
3636 hdev
->discovery
.type
= cp
->type
;
3638 hci_req_init(&req
, hdev
);
3640 switch (hdev
->discovery
.type
) {
3641 case DISCOV_TYPE_BREDR
:
3642 status
= mgmt_bredr_support(hdev
);
3644 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3646 mgmt_pending_remove(cmd
);
3650 if (test_bit(HCI_INQUIRY
, &hdev
->flags
)) {
3651 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3653 mgmt_pending_remove(cmd
);
3657 hci_inquiry_cache_flush(hdev
);
3659 memset(&inq_cp
, 0, sizeof(inq_cp
));
3660 memcpy(&inq_cp
.lap
, lap
, sizeof(inq_cp
.lap
));
3661 inq_cp
.length
= DISCOV_BREDR_INQUIRY_LEN
;
3662 hci_req_add(&req
, HCI_OP_INQUIRY
, sizeof(inq_cp
), &inq_cp
);
3665 case DISCOV_TYPE_LE
:
3666 case DISCOV_TYPE_INTERLEAVED
:
3667 status
= mgmt_le_support(hdev
);
3669 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3671 mgmt_pending_remove(cmd
);
3675 if (hdev
->discovery
.type
== DISCOV_TYPE_INTERLEAVED
&&
3676 !test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
)) {
3677 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3678 MGMT_STATUS_NOT_SUPPORTED
);
3679 mgmt_pending_remove(cmd
);
3683 if (test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
)) {
3684 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3685 MGMT_STATUS_REJECTED
);
3686 mgmt_pending_remove(cmd
);
3690 /* If controller is scanning, it means the background scanning
3691 * is running. Thus, we should temporarily stop it in order to
3692 * set the discovery scanning parameters.
3694 if (test_bit(HCI_LE_SCAN
, &hdev
->dev_flags
))
3695 hci_req_add_le_scan_disable(&req
);
3697 memset(¶m_cp
, 0, sizeof(param_cp
));
3699 /* All active scans will be done with either a resolvable
3700 * private address (when privacy feature has been enabled)
3701 * or unresolvable private address.
3703 err
= hci_update_random_address(&req
, true, &own_addr_type
);
3705 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3706 MGMT_STATUS_FAILED
);
3707 mgmt_pending_remove(cmd
);
3711 param_cp
.type
= LE_SCAN_ACTIVE
;
3712 param_cp
.interval
= cpu_to_le16(DISCOV_LE_SCAN_INT
);
3713 param_cp
.window
= cpu_to_le16(DISCOV_LE_SCAN_WIN
);
3714 param_cp
.own_address_type
= own_addr_type
;
3715 hci_req_add(&req
, HCI_OP_LE_SET_SCAN_PARAM
, sizeof(param_cp
),
3718 memset(&enable_cp
, 0, sizeof(enable_cp
));
3719 enable_cp
.enable
= LE_SCAN_ENABLE
;
3720 enable_cp
.filter_dup
= LE_SCAN_FILTER_DUP_ENABLE
;
3721 hci_req_add(&req
, HCI_OP_LE_SET_SCAN_ENABLE
, sizeof(enable_cp
),
3726 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
3727 MGMT_STATUS_INVALID_PARAMS
);
3728 mgmt_pending_remove(cmd
);
3732 err
= hci_req_run(&req
, start_discovery_complete
);
3734 mgmt_pending_remove(cmd
);
3736 hci_discovery_set_state(hdev
, DISCOVERY_STARTING
);
3739 hci_dev_unlock(hdev
);
3743 static int mgmt_stop_discovery_failed(struct hci_dev
*hdev
, u8 status
)
3745 struct pending_cmd
*cmd
;
3748 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
3752 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
3753 &hdev
->discovery
.type
, sizeof(hdev
->discovery
.type
));
3754 mgmt_pending_remove(cmd
);
3759 static void stop_discovery_complete(struct hci_dev
*hdev
, u8 status
)
3761 BT_DBG("status %d", status
);
3766 mgmt_stop_discovery_failed(hdev
, status
);
3770 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
3773 hci_dev_unlock(hdev
);
3776 static int stop_discovery(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3779 struct mgmt_cp_stop_discovery
*mgmt_cp
= data
;
3780 struct pending_cmd
*cmd
;
3781 struct hci_request req
;
3784 BT_DBG("%s", hdev
->name
);
3788 if (!hci_discovery_active(hdev
)) {
3789 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
3790 MGMT_STATUS_REJECTED
, &mgmt_cp
->type
,
3791 sizeof(mgmt_cp
->type
));
3795 if (hdev
->discovery
.type
!= mgmt_cp
->type
) {
3796 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
3797 MGMT_STATUS_INVALID_PARAMS
, &mgmt_cp
->type
,
3798 sizeof(mgmt_cp
->type
));
3802 cmd
= mgmt_pending_add(sk
, MGMT_OP_STOP_DISCOVERY
, hdev
, NULL
, 0);
3808 hci_req_init(&req
, hdev
);
3810 hci_stop_discovery(&req
);
3812 err
= hci_req_run(&req
, stop_discovery_complete
);
3814 hci_discovery_set_state(hdev
, DISCOVERY_STOPPING
);
3818 mgmt_pending_remove(cmd
);
3820 /* If no HCI commands were sent we're done */
3821 if (err
== -ENODATA
) {
3822 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
, 0,
3823 &mgmt_cp
->type
, sizeof(mgmt_cp
->type
));
3824 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
3828 hci_dev_unlock(hdev
);
3832 static int confirm_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3835 struct mgmt_cp_confirm_name
*cp
= data
;
3836 struct inquiry_entry
*e
;
3839 BT_DBG("%s", hdev
->name
);
3843 if (!hci_discovery_active(hdev
)) {
3844 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
3845 MGMT_STATUS_FAILED
, &cp
->addr
,
3850 e
= hci_inquiry_cache_lookup_unknown(hdev
, &cp
->addr
.bdaddr
);
3852 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
3853 MGMT_STATUS_INVALID_PARAMS
, &cp
->addr
,
3858 if (cp
->name_known
) {
3859 e
->name_state
= NAME_KNOWN
;
3862 e
->name_state
= NAME_NEEDED
;
3863 hci_inquiry_cache_update_resolve(hdev
, e
);
3866 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
, 0, &cp
->addr
,
3870 hci_dev_unlock(hdev
);
3874 static int block_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3877 struct mgmt_cp_block_device
*cp
= data
;
3881 BT_DBG("%s", hdev
->name
);
3883 if (!bdaddr_type_is_valid(cp
->addr
.type
))
3884 return cmd_complete(sk
, hdev
->id
, MGMT_OP_BLOCK_DEVICE
,
3885 MGMT_STATUS_INVALID_PARAMS
,
3886 &cp
->addr
, sizeof(cp
->addr
));
3890 err
= hci_blacklist_add(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
3892 status
= MGMT_STATUS_FAILED
;
3896 mgmt_event(MGMT_EV_DEVICE_BLOCKED
, hdev
, &cp
->addr
, sizeof(cp
->addr
),
3898 status
= MGMT_STATUS_SUCCESS
;
3901 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_BLOCK_DEVICE
, status
,
3902 &cp
->addr
, sizeof(cp
->addr
));
3904 hci_dev_unlock(hdev
);
3909 static int unblock_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3912 struct mgmt_cp_unblock_device
*cp
= data
;
3916 BT_DBG("%s", hdev
->name
);
3918 if (!bdaddr_type_is_valid(cp
->addr
.type
))
3919 return cmd_complete(sk
, hdev
->id
, MGMT_OP_UNBLOCK_DEVICE
,
3920 MGMT_STATUS_INVALID_PARAMS
,
3921 &cp
->addr
, sizeof(cp
->addr
));
3925 err
= hci_blacklist_del(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
3927 status
= MGMT_STATUS_INVALID_PARAMS
;
3931 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED
, hdev
, &cp
->addr
, sizeof(cp
->addr
),
3933 status
= MGMT_STATUS_SUCCESS
;
3936 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNBLOCK_DEVICE
, status
,
3937 &cp
->addr
, sizeof(cp
->addr
));
3939 hci_dev_unlock(hdev
);
3944 static int set_device_id(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3947 struct mgmt_cp_set_device_id
*cp
= data
;
3948 struct hci_request req
;
3952 BT_DBG("%s", hdev
->name
);
3954 source
= __le16_to_cpu(cp
->source
);
3956 if (source
> 0x0002)
3957 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEVICE_ID
,
3958 MGMT_STATUS_INVALID_PARAMS
);
3962 hdev
->devid_source
= source
;
3963 hdev
->devid_vendor
= __le16_to_cpu(cp
->vendor
);
3964 hdev
->devid_product
= __le16_to_cpu(cp
->product
);
3965 hdev
->devid_version
= __le16_to_cpu(cp
->version
);
3967 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEVICE_ID
, 0, NULL
, 0);
3969 hci_req_init(&req
, hdev
);
3971 hci_req_run(&req
, NULL
);
3973 hci_dev_unlock(hdev
);
3978 static void set_advertising_complete(struct hci_dev
*hdev
, u8 status
)
3980 struct cmd_lookup match
= { NULL
, hdev
};
3983 u8 mgmt_err
= mgmt_status(status
);
3985 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING
, hdev
,
3986 cmd_status_rsp
, &mgmt_err
);
3990 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING
, hdev
, settings_rsp
,
3993 new_settings(hdev
, match
.sk
);
3999 static int set_advertising(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
4002 struct mgmt_mode
*cp
= data
;
4003 struct pending_cmd
*cmd
;
4004 struct hci_request req
;
4005 u8 val
, enabled
, status
;
4008 BT_DBG("request for %s", hdev
->name
);
4010 status
= mgmt_le_support(hdev
);
4012 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_ADVERTISING
,
4015 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
4016 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_ADVERTISING
,
4017 MGMT_STATUS_INVALID_PARAMS
);
4022 enabled
= test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
4024 /* The following conditions are ones which mean that we should
4025 * not do any HCI communication but directly send a mgmt
4026 * response to user space (after toggling the flag if
4029 if (!hdev_is_powered(hdev
) || val
== enabled
||
4030 hci_conn_num(hdev
, LE_LINK
) > 0) {
4031 bool changed
= false;
4033 if (val
!= test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
)) {
4034 change_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
4038 err
= send_settings_rsp(sk
, MGMT_OP_SET_ADVERTISING
, hdev
);
4043 err
= new_settings(hdev
, sk
);
4048 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING
, hdev
) ||
4049 mgmt_pending_find(MGMT_OP_SET_LE
, hdev
)) {
4050 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_ADVERTISING
,
4055 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_ADVERTISING
, hdev
, data
, len
);
4061 hci_req_init(&req
, hdev
);
4064 enable_advertising(&req
);
4066 disable_advertising(&req
);
4068 err
= hci_req_run(&req
, set_advertising_complete
);
4070 mgmt_pending_remove(cmd
);
4073 hci_dev_unlock(hdev
);
4077 static int set_static_address(struct sock
*sk
, struct hci_dev
*hdev
,
4078 void *data
, u16 len
)
4080 struct mgmt_cp_set_static_address
*cp
= data
;
4083 BT_DBG("%s", hdev
->name
);
4085 if (!lmp_le_capable(hdev
))
4086 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_STATIC_ADDRESS
,
4087 MGMT_STATUS_NOT_SUPPORTED
);
4089 if (hdev_is_powered(hdev
))
4090 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_STATIC_ADDRESS
,
4091 MGMT_STATUS_REJECTED
);
4093 if (bacmp(&cp
->bdaddr
, BDADDR_ANY
)) {
4094 if (!bacmp(&cp
->bdaddr
, BDADDR_NONE
))
4095 return cmd_status(sk
, hdev
->id
,
4096 MGMT_OP_SET_STATIC_ADDRESS
,
4097 MGMT_STATUS_INVALID_PARAMS
);
4099 /* Two most significant bits shall be set */
4100 if ((cp
->bdaddr
.b
[5] & 0xc0) != 0xc0)
4101 return cmd_status(sk
, hdev
->id
,
4102 MGMT_OP_SET_STATIC_ADDRESS
,
4103 MGMT_STATUS_INVALID_PARAMS
);
4108 bacpy(&hdev
->static_addr
, &cp
->bdaddr
);
4110 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_STATIC_ADDRESS
, 0, NULL
, 0);
4112 hci_dev_unlock(hdev
);
4117 static int set_scan_params(struct sock
*sk
, struct hci_dev
*hdev
,
4118 void *data
, u16 len
)
4120 struct mgmt_cp_set_scan_params
*cp
= data
;
4121 __u16 interval
, window
;
4124 BT_DBG("%s", hdev
->name
);
4126 if (!lmp_le_capable(hdev
))
4127 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SCAN_PARAMS
,
4128 MGMT_STATUS_NOT_SUPPORTED
);
4130 interval
= __le16_to_cpu(cp
->interval
);
4132 if (interval
< 0x0004 || interval
> 0x4000)
4133 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SCAN_PARAMS
,
4134 MGMT_STATUS_INVALID_PARAMS
);
4136 window
= __le16_to_cpu(cp
->window
);
4138 if (window
< 0x0004 || window
> 0x4000)
4139 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SCAN_PARAMS
,
4140 MGMT_STATUS_INVALID_PARAMS
);
4142 if (window
> interval
)
4143 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SCAN_PARAMS
,
4144 MGMT_STATUS_INVALID_PARAMS
);
4148 hdev
->le_scan_interval
= interval
;
4149 hdev
->le_scan_window
= window
;
4151 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_SCAN_PARAMS
, 0, NULL
, 0);
4153 /* If background scan is running, restart it so new parameters are
4156 if (test_bit(HCI_LE_SCAN
, &hdev
->dev_flags
) &&
4157 hdev
->discovery
.state
== DISCOVERY_STOPPED
) {
4158 struct hci_request req
;
4160 hci_req_init(&req
, hdev
);
4162 hci_req_add_le_scan_disable(&req
);
4163 hci_req_add_le_passive_scan(&req
);
4165 hci_req_run(&req
, NULL
);
4168 hci_dev_unlock(hdev
);
4173 static void fast_connectable_complete(struct hci_dev
*hdev
, u8 status
)
4175 struct pending_cmd
*cmd
;
4177 BT_DBG("status 0x%02x", status
);
4181 cmd
= mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE
, hdev
);
4186 cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4187 mgmt_status(status
));
4189 struct mgmt_mode
*cp
= cmd
->param
;
4192 set_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
);
4194 clear_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
);
4196 send_settings_rsp(cmd
->sk
, MGMT_OP_SET_FAST_CONNECTABLE
, hdev
);
4197 new_settings(hdev
, cmd
->sk
);
4200 mgmt_pending_remove(cmd
);
4203 hci_dev_unlock(hdev
);
4206 static int set_fast_connectable(struct sock
*sk
, struct hci_dev
*hdev
,
4207 void *data
, u16 len
)
4209 struct mgmt_mode
*cp
= data
;
4210 struct pending_cmd
*cmd
;
4211 struct hci_request req
;
4214 BT_DBG("%s", hdev
->name
);
4216 if (!test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
) ||
4217 hdev
->hci_ver
< BLUETOOTH_VER_1_2
)
4218 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4219 MGMT_STATUS_NOT_SUPPORTED
);
4221 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
4222 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4223 MGMT_STATUS_INVALID_PARAMS
);
4225 if (!hdev_is_powered(hdev
))
4226 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4227 MGMT_STATUS_NOT_POWERED
);
4229 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
4230 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4231 MGMT_STATUS_REJECTED
);
4235 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE
, hdev
)) {
4236 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4241 if (!!cp
->val
== test_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
)) {
4242 err
= send_settings_rsp(sk
, MGMT_OP_SET_FAST_CONNECTABLE
,
4247 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_FAST_CONNECTABLE
, hdev
,
4254 hci_req_init(&req
, hdev
);
4256 write_fast_connectable(&req
, cp
->val
);
4258 err
= hci_req_run(&req
, fast_connectable_complete
);
4260 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
4261 MGMT_STATUS_FAILED
);
4262 mgmt_pending_remove(cmd
);
4266 hci_dev_unlock(hdev
);
4271 static void set_bredr_scan(struct hci_request
*req
)
4273 struct hci_dev
*hdev
= req
->hdev
;
4276 /* Ensure that fast connectable is disabled. This function will
4277 * not do anything if the page scan parameters are already what
4280 write_fast_connectable(req
, false);
4282 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
4284 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
4285 scan
|= SCAN_INQUIRY
;
4288 hci_req_add(req
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
4291 static void set_bredr_complete(struct hci_dev
*hdev
, u8 status
)
4293 struct pending_cmd
*cmd
;
4295 BT_DBG("status 0x%02x", status
);
4299 cmd
= mgmt_pending_find(MGMT_OP_SET_BREDR
, hdev
);
4304 u8 mgmt_err
= mgmt_status(status
);
4306 /* We need to restore the flag if related HCI commands
4309 clear_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
);
4311 cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, mgmt_err
);
4313 send_settings_rsp(cmd
->sk
, MGMT_OP_SET_BREDR
, hdev
);
4314 new_settings(hdev
, cmd
->sk
);
4317 mgmt_pending_remove(cmd
);
4320 hci_dev_unlock(hdev
);
4323 static int set_bredr(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
4325 struct mgmt_mode
*cp
= data
;
4326 struct pending_cmd
*cmd
;
4327 struct hci_request req
;
4330 BT_DBG("request for %s", hdev
->name
);
4332 if (!lmp_bredr_capable(hdev
) || !lmp_le_capable(hdev
))
4333 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_BREDR
,
4334 MGMT_STATUS_NOT_SUPPORTED
);
4336 if (!test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
4337 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_BREDR
,
4338 MGMT_STATUS_REJECTED
);
4340 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
4341 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_BREDR
,
4342 MGMT_STATUS_INVALID_PARAMS
);
4346 if (cp
->val
== test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
)) {
4347 err
= send_settings_rsp(sk
, MGMT_OP_SET_BREDR
, hdev
);
4351 if (!hdev_is_powered(hdev
)) {
4353 clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
4354 clear_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
4355 clear_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
);
4356 clear_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
);
4357 clear_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
4360 change_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
);
4362 err
= send_settings_rsp(sk
, MGMT_OP_SET_BREDR
, hdev
);
4366 err
= new_settings(hdev
, sk
);
4370 /* Reject disabling when powered on */
4372 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_BREDR
,
4373 MGMT_STATUS_REJECTED
);
4377 if (mgmt_pending_find(MGMT_OP_SET_BREDR
, hdev
)) {
4378 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_BREDR
,
4383 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_BREDR
, hdev
, data
, len
);
4389 /* We need to flip the bit already here so that update_adv_data
4390 * generates the correct flags.
4392 set_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
);
4394 hci_req_init(&req
, hdev
);
4396 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
4397 set_bredr_scan(&req
);
4399 /* Since only the advertising data flags will change, there
4400 * is no need to update the scan response data.
4402 update_adv_data(&req
);
4404 err
= hci_req_run(&req
, set_bredr_complete
);
4406 mgmt_pending_remove(cmd
);
4409 hci_dev_unlock(hdev
);
4413 static int set_secure_conn(struct sock
*sk
, struct hci_dev
*hdev
,
4414 void *data
, u16 len
)
4416 struct mgmt_mode
*cp
= data
;
4417 struct pending_cmd
*cmd
;
4421 BT_DBG("request for %s", hdev
->name
);
4423 status
= mgmt_bredr_support(hdev
);
4425 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SECURE_CONN
,
4428 if (!lmp_sc_capable(hdev
) &&
4429 !test_bit(HCI_FORCE_SC
, &hdev
->dbg_flags
))
4430 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SECURE_CONN
,
4431 MGMT_STATUS_NOT_SUPPORTED
);
4433 if (cp
->val
!= 0x00 && cp
->val
!= 0x01 && cp
->val
!= 0x02)
4434 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SECURE_CONN
,
4435 MGMT_STATUS_INVALID_PARAMS
);
4439 if (!hdev_is_powered(hdev
)) {
4443 changed
= !test_and_set_bit(HCI_SC_ENABLED
,
4445 if (cp
->val
== 0x02)
4446 set_bit(HCI_SC_ONLY
, &hdev
->dev_flags
);
4448 clear_bit(HCI_SC_ONLY
, &hdev
->dev_flags
);
4450 changed
= test_and_clear_bit(HCI_SC_ENABLED
,
4452 clear_bit(HCI_SC_ONLY
, &hdev
->dev_flags
);
4455 err
= send_settings_rsp(sk
, MGMT_OP_SET_SECURE_CONN
, hdev
);
4460 err
= new_settings(hdev
, sk
);
4465 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN
, hdev
)) {
4466 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SECURE_CONN
,
4473 if (val
== test_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
) &&
4474 (cp
->val
== 0x02) == test_bit(HCI_SC_ONLY
, &hdev
->dev_flags
)) {
4475 err
= send_settings_rsp(sk
, MGMT_OP_SET_SECURE_CONN
, hdev
);
4479 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_SECURE_CONN
, hdev
, data
, len
);
4485 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SC_SUPPORT
, 1, &val
);
4487 mgmt_pending_remove(cmd
);
4491 if (cp
->val
== 0x02)
4492 set_bit(HCI_SC_ONLY
, &hdev
->dev_flags
);
4494 clear_bit(HCI_SC_ONLY
, &hdev
->dev_flags
);
4497 hci_dev_unlock(hdev
);
4501 static int set_debug_keys(struct sock
*sk
, struct hci_dev
*hdev
,
4502 void *data
, u16 len
)
4504 struct mgmt_mode
*cp
= data
;
4505 bool changed
, use_changed
;
4508 BT_DBG("request for %s", hdev
->name
);
4510 if (cp
->val
!= 0x00 && cp
->val
!= 0x01 && cp
->val
!= 0x02)
4511 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEBUG_KEYS
,
4512 MGMT_STATUS_INVALID_PARAMS
);
4517 changed
= !test_and_set_bit(HCI_KEEP_DEBUG_KEYS
,
4520 changed
= test_and_clear_bit(HCI_KEEP_DEBUG_KEYS
,
4523 if (cp
->val
== 0x02)
4524 use_changed
= !test_and_set_bit(HCI_USE_DEBUG_KEYS
,
4527 use_changed
= test_and_clear_bit(HCI_USE_DEBUG_KEYS
,
4530 if (hdev_is_powered(hdev
) && use_changed
&&
4531 test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
4532 u8 mode
= (cp
->val
== 0x02) ? 0x01 : 0x00;
4533 hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_DEBUG_MODE
,
4534 sizeof(mode
), &mode
);
4537 err
= send_settings_rsp(sk
, MGMT_OP_SET_DEBUG_KEYS
, hdev
);
4542 err
= new_settings(hdev
, sk
);
4545 hci_dev_unlock(hdev
);
4549 static int set_privacy(struct sock
*sk
, struct hci_dev
*hdev
, void *cp_data
,
4552 struct mgmt_cp_set_privacy
*cp
= cp_data
;
4556 BT_DBG("request for %s", hdev
->name
);
4558 if (!lmp_le_capable(hdev
))
4559 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_PRIVACY
,
4560 MGMT_STATUS_NOT_SUPPORTED
);
4562 if (cp
->privacy
!= 0x00 && cp
->privacy
!= 0x01)
4563 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_PRIVACY
,
4564 MGMT_STATUS_INVALID_PARAMS
);
4566 if (hdev_is_powered(hdev
))
4567 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_PRIVACY
,
4568 MGMT_STATUS_REJECTED
);
4572 /* If user space supports this command it is also expected to
4573 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4575 set_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
);
4578 changed
= !test_and_set_bit(HCI_PRIVACY
, &hdev
->dev_flags
);
4579 memcpy(hdev
->irk
, cp
->irk
, sizeof(hdev
->irk
));
4580 set_bit(HCI_RPA_EXPIRED
, &hdev
->dev_flags
);
4582 changed
= test_and_clear_bit(HCI_PRIVACY
, &hdev
->dev_flags
);
4583 memset(hdev
->irk
, 0, sizeof(hdev
->irk
));
4584 clear_bit(HCI_RPA_EXPIRED
, &hdev
->dev_flags
);
4587 err
= send_settings_rsp(sk
, MGMT_OP_SET_PRIVACY
, hdev
);
4592 err
= new_settings(hdev
, sk
);
4595 hci_dev_unlock(hdev
);
4599 static bool irk_is_valid(struct mgmt_irk_info
*irk
)
4601 switch (irk
->addr
.type
) {
4602 case BDADDR_LE_PUBLIC
:
4605 case BDADDR_LE_RANDOM
:
4606 /* Two most significant bits shall be set */
4607 if ((irk
->addr
.bdaddr
.b
[5] & 0xc0) != 0xc0)
4615 static int load_irks(struct sock
*sk
, struct hci_dev
*hdev
, void *cp_data
,
4618 struct mgmt_cp_load_irks
*cp
= cp_data
;
4619 const u16 max_irk_count
= ((U16_MAX
- sizeof(*cp
)) /
4620 sizeof(struct mgmt_irk_info
));
4621 u16 irk_count
, expected_len
;
4624 BT_DBG("request for %s", hdev
->name
);
4626 if (!lmp_le_capable(hdev
))
4627 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_IRKS
,
4628 MGMT_STATUS_NOT_SUPPORTED
);
4630 irk_count
= __le16_to_cpu(cp
->irk_count
);
4631 if (irk_count
> max_irk_count
) {
4632 BT_ERR("load_irks: too big irk_count value %u", irk_count
);
4633 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_IRKS
,
4634 MGMT_STATUS_INVALID_PARAMS
);
4637 expected_len
= sizeof(*cp
) + irk_count
* sizeof(struct mgmt_irk_info
);
4638 if (expected_len
!= len
) {
4639 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4641 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_IRKS
,
4642 MGMT_STATUS_INVALID_PARAMS
);
4645 BT_DBG("%s irk_count %u", hdev
->name
, irk_count
);
4647 for (i
= 0; i
< irk_count
; i
++) {
4648 struct mgmt_irk_info
*key
= &cp
->irks
[i
];
4650 if (!irk_is_valid(key
))
4651 return cmd_status(sk
, hdev
->id
,
4653 MGMT_STATUS_INVALID_PARAMS
);
4658 hci_smp_irks_clear(hdev
);
4660 for (i
= 0; i
< irk_count
; i
++) {
4661 struct mgmt_irk_info
*irk
= &cp
->irks
[i
];
4664 if (irk
->addr
.type
== BDADDR_LE_PUBLIC
)
4665 addr_type
= ADDR_LE_DEV_PUBLIC
;
4667 addr_type
= ADDR_LE_DEV_RANDOM
;
4669 hci_add_irk(hdev
, &irk
->addr
.bdaddr
, addr_type
, irk
->val
,
4673 set_bit(HCI_RPA_RESOLVING
, &hdev
->dev_flags
);
4675 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_IRKS
, 0, NULL
, 0);
4677 hci_dev_unlock(hdev
);
4682 static bool ltk_is_valid(struct mgmt_ltk_info
*key
)
4684 if (key
->master
!= 0x00 && key
->master
!= 0x01)
4687 switch (key
->addr
.type
) {
4688 case BDADDR_LE_PUBLIC
:
4691 case BDADDR_LE_RANDOM
:
4692 /* Two most significant bits shall be set */
4693 if ((key
->addr
.bdaddr
.b
[5] & 0xc0) != 0xc0)
4701 static int load_long_term_keys(struct sock
*sk
, struct hci_dev
*hdev
,
4702 void *cp_data
, u16 len
)
4704 struct mgmt_cp_load_long_term_keys
*cp
= cp_data
;
4705 const u16 max_key_count
= ((U16_MAX
- sizeof(*cp
)) /
4706 sizeof(struct mgmt_ltk_info
));
4707 u16 key_count
, expected_len
;
4710 BT_DBG("request for %s", hdev
->name
);
4712 if (!lmp_le_capable(hdev
))
4713 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
,
4714 MGMT_STATUS_NOT_SUPPORTED
);
4716 key_count
= __le16_to_cpu(cp
->key_count
);
4717 if (key_count
> max_key_count
) {
4718 BT_ERR("load_ltks: too big key_count value %u", key_count
);
4719 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
,
4720 MGMT_STATUS_INVALID_PARAMS
);
4723 expected_len
= sizeof(*cp
) + key_count
*
4724 sizeof(struct mgmt_ltk_info
);
4725 if (expected_len
!= len
) {
4726 BT_ERR("load_keys: expected %u bytes, got %u bytes",
4728 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
,
4729 MGMT_STATUS_INVALID_PARAMS
);
4732 BT_DBG("%s key_count %u", hdev
->name
, key_count
);
4734 for (i
= 0; i
< key_count
; i
++) {
4735 struct mgmt_ltk_info
*key
= &cp
->keys
[i
];
4737 if (!ltk_is_valid(key
))
4738 return cmd_status(sk
, hdev
->id
,
4739 MGMT_OP_LOAD_LONG_TERM_KEYS
,
4740 MGMT_STATUS_INVALID_PARAMS
);
4745 hci_smp_ltks_clear(hdev
);
4747 for (i
= 0; i
< key_count
; i
++) {
4748 struct mgmt_ltk_info
*key
= &cp
->keys
[i
];
4749 u8 type
, addr_type
, authenticated
;
4751 if (key
->addr
.type
== BDADDR_LE_PUBLIC
)
4752 addr_type
= ADDR_LE_DEV_PUBLIC
;
4754 addr_type
= ADDR_LE_DEV_RANDOM
;
4759 type
= SMP_LTK_SLAVE
;
4761 switch (key
->type
) {
4762 case MGMT_LTK_UNAUTHENTICATED
:
4763 authenticated
= 0x00;
4765 case MGMT_LTK_AUTHENTICATED
:
4766 authenticated
= 0x01;
4772 hci_add_ltk(hdev
, &key
->addr
.bdaddr
, addr_type
, type
,
4773 authenticated
, key
->val
, key
->enc_size
, key
->ediv
,
4777 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
, 0,
4780 hci_dev_unlock(hdev
);
4785 struct cmd_conn_lookup
{
4786 struct hci_conn
*conn
;
4787 bool valid_tx_power
;
4791 static void get_conn_info_complete(struct pending_cmd
*cmd
, void *data
)
4793 struct cmd_conn_lookup
*match
= data
;
4794 struct mgmt_cp_get_conn_info
*cp
;
4795 struct mgmt_rp_get_conn_info rp
;
4796 struct hci_conn
*conn
= cmd
->user_data
;
4798 if (conn
!= match
->conn
)
4801 cp
= (struct mgmt_cp_get_conn_info
*) cmd
->param
;
4803 memset(&rp
, 0, sizeof(rp
));
4804 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
4805 rp
.addr
.type
= cp
->addr
.type
;
4807 if (!match
->mgmt_status
) {
4808 rp
.rssi
= conn
->rssi
;
4810 if (match
->valid_tx_power
) {
4811 rp
.tx_power
= conn
->tx_power
;
4812 rp
.max_tx_power
= conn
->max_tx_power
;
4814 rp
.tx_power
= HCI_TX_POWER_INVALID
;
4815 rp
.max_tx_power
= HCI_TX_POWER_INVALID
;
4819 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_GET_CONN_INFO
,
4820 match
->mgmt_status
, &rp
, sizeof(rp
));
4822 hci_conn_drop(conn
);
4824 mgmt_pending_remove(cmd
);
4827 static void conn_info_refresh_complete(struct hci_dev
*hdev
, u8 status
)
4829 struct hci_cp_read_rssi
*cp
;
4830 struct hci_conn
*conn
;
4831 struct cmd_conn_lookup match
;
4834 BT_DBG("status 0x%02x", status
);
4838 /* TX power data is valid in case request completed successfully,
4839 * otherwise we assume it's not valid. At the moment we assume that
4840 * either both or none of current and max values are valid to keep code
4843 match
.valid_tx_power
= !status
;
4845 /* Commands sent in request are either Read RSSI or Read Transmit Power
4846 * Level so we check which one was last sent to retrieve connection
4847 * handle. Both commands have handle as first parameter so it's safe to
4848 * cast data on the same command struct.
4850 * First command sent is always Read RSSI and we fail only if it fails.
4851 * In other case we simply override error to indicate success as we
4852 * already remembered if TX power value is actually valid.
4854 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_RSSI
);
4856 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_TX_POWER
);
4861 BT_ERR("invalid sent_cmd in response");
4865 handle
= __le16_to_cpu(cp
->handle
);
4866 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
4868 BT_ERR("unknown handle (%d) in response", handle
);
4873 match
.mgmt_status
= mgmt_status(status
);
4875 /* Cache refresh is complete, now reply for mgmt request for given
4878 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO
, hdev
,
4879 get_conn_info_complete
, &match
);
4882 hci_dev_unlock(hdev
);
4885 static int get_conn_info(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
4888 struct mgmt_cp_get_conn_info
*cp
= data
;
4889 struct mgmt_rp_get_conn_info rp
;
4890 struct hci_conn
*conn
;
4891 unsigned long conn_info_age
;
4894 BT_DBG("%s", hdev
->name
);
4896 memset(&rp
, 0, sizeof(rp
));
4897 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
4898 rp
.addr
.type
= cp
->addr
.type
;
4900 if (!bdaddr_type_is_valid(cp
->addr
.type
))
4901 return cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONN_INFO
,
4902 MGMT_STATUS_INVALID_PARAMS
,
4907 if (!hdev_is_powered(hdev
)) {
4908 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONN_INFO
,
4909 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
4913 if (cp
->addr
.type
== BDADDR_BREDR
)
4914 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
4917 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->addr
.bdaddr
);
4919 if (!conn
|| conn
->state
!= BT_CONNECTED
) {
4920 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONN_INFO
,
4921 MGMT_STATUS_NOT_CONNECTED
, &rp
, sizeof(rp
));
4925 /* To avoid client trying to guess when to poll again for information we
4926 * calculate conn info age as random value between min/max set in hdev.
4928 conn_info_age
= hdev
->conn_info_min_age
+
4929 prandom_u32_max(hdev
->conn_info_max_age
-
4930 hdev
->conn_info_min_age
);
4932 /* Query controller to refresh cached values if they are too old or were
4935 if (time_after(jiffies
, conn
->conn_info_timestamp
+
4936 msecs_to_jiffies(conn_info_age
)) ||
4937 !conn
->conn_info_timestamp
) {
4938 struct hci_request req
;
4939 struct hci_cp_read_tx_power req_txp_cp
;
4940 struct hci_cp_read_rssi req_rssi_cp
;
4941 struct pending_cmd
*cmd
;
4943 hci_req_init(&req
, hdev
);
4944 req_rssi_cp
.handle
= cpu_to_le16(conn
->handle
);
4945 hci_req_add(&req
, HCI_OP_READ_RSSI
, sizeof(req_rssi_cp
),
4948 /* For LE links TX power does not change thus we don't need to
4949 * query for it once value is known.
4951 if (!bdaddr_type_is_le(cp
->addr
.type
) ||
4952 conn
->tx_power
== HCI_TX_POWER_INVALID
) {
4953 req_txp_cp
.handle
= cpu_to_le16(conn
->handle
);
4954 req_txp_cp
.type
= 0x00;
4955 hci_req_add(&req
, HCI_OP_READ_TX_POWER
,
4956 sizeof(req_txp_cp
), &req_txp_cp
);
4959 /* Max TX power needs to be read only once per connection */
4960 if (conn
->max_tx_power
== HCI_TX_POWER_INVALID
) {
4961 req_txp_cp
.handle
= cpu_to_le16(conn
->handle
);
4962 req_txp_cp
.type
= 0x01;
4963 hci_req_add(&req
, HCI_OP_READ_TX_POWER
,
4964 sizeof(req_txp_cp
), &req_txp_cp
);
4967 err
= hci_req_run(&req
, conn_info_refresh_complete
);
4971 cmd
= mgmt_pending_add(sk
, MGMT_OP_GET_CONN_INFO
, hdev
,
4978 hci_conn_hold(conn
);
4979 cmd
->user_data
= conn
;
4981 conn
->conn_info_timestamp
= jiffies
;
4983 /* Cache is valid, just reply with values cached in hci_conn */
4984 rp
.rssi
= conn
->rssi
;
4985 rp
.tx_power
= conn
->tx_power
;
4986 rp
.max_tx_power
= conn
->max_tx_power
;
4988 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONN_INFO
,
4989 MGMT_STATUS_SUCCESS
, &rp
, sizeof(rp
));
4993 hci_dev_unlock(hdev
);
4997 static void get_clock_info_complete(struct hci_dev
*hdev
, u8 status
)
4999 struct mgmt_cp_get_clock_info
*cp
;
5000 struct mgmt_rp_get_clock_info rp
;
5001 struct hci_cp_read_clock
*hci_cp
;
5002 struct pending_cmd
*cmd
;
5003 struct hci_conn
*conn
;
5005 BT_DBG("%s status %u", hdev
->name
, status
);
5009 hci_cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_CLOCK
);
5013 if (hci_cp
->which
) {
5014 u16 handle
= __le16_to_cpu(hci_cp
->handle
);
5015 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
5020 cmd
= mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO
, hdev
, conn
);
5026 memset(&rp
, 0, sizeof(rp
));
5027 memcpy(&rp
.addr
, &cp
->addr
, sizeof(rp
.addr
));
5032 rp
.local_clock
= cpu_to_le32(hdev
->clock
);
5035 rp
.piconet_clock
= cpu_to_le32(conn
->clock
);
5036 rp
.accuracy
= cpu_to_le16(conn
->clock_accuracy
);
5040 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, mgmt_status(status
),
5042 mgmt_pending_remove(cmd
);
5044 hci_conn_drop(conn
);
5047 hci_dev_unlock(hdev
);
5050 static int get_clock_info(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
5053 struct mgmt_cp_get_clock_info
*cp
= data
;
5054 struct mgmt_rp_get_clock_info rp
;
5055 struct hci_cp_read_clock hci_cp
;
5056 struct pending_cmd
*cmd
;
5057 struct hci_request req
;
5058 struct hci_conn
*conn
;
5061 BT_DBG("%s", hdev
->name
);
5063 memset(&rp
, 0, sizeof(rp
));
5064 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
5065 rp
.addr
.type
= cp
->addr
.type
;
5067 if (cp
->addr
.type
!= BDADDR_BREDR
)
5068 return cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CLOCK_INFO
,
5069 MGMT_STATUS_INVALID_PARAMS
,
5074 if (!hdev_is_powered(hdev
)) {
5075 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CLOCK_INFO
,
5076 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
5080 if (bacmp(&cp
->addr
.bdaddr
, BDADDR_ANY
)) {
5081 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
5083 if (!conn
|| conn
->state
!= BT_CONNECTED
) {
5084 err
= cmd_complete(sk
, hdev
->id
,
5085 MGMT_OP_GET_CLOCK_INFO
,
5086 MGMT_STATUS_NOT_CONNECTED
,
5094 cmd
= mgmt_pending_add(sk
, MGMT_OP_GET_CLOCK_INFO
, hdev
, data
, len
);
5100 hci_req_init(&req
, hdev
);
5102 memset(&hci_cp
, 0, sizeof(hci_cp
));
5103 hci_req_add(&req
, HCI_OP_READ_CLOCK
, sizeof(hci_cp
), &hci_cp
);
5106 hci_conn_hold(conn
);
5107 cmd
->user_data
= conn
;
5109 hci_cp
.handle
= cpu_to_le16(conn
->handle
);
5110 hci_cp
.which
= 0x01; /* Piconet clock */
5111 hci_req_add(&req
, HCI_OP_READ_CLOCK
, sizeof(hci_cp
), &hci_cp
);
5114 err
= hci_req_run(&req
, get_clock_info_complete
);
5116 mgmt_pending_remove(cmd
);
5119 hci_dev_unlock(hdev
);
5123 static void device_added(struct sock
*sk
, struct hci_dev
*hdev
,
5124 bdaddr_t
*bdaddr
, u8 type
, u8 action
)
5126 struct mgmt_ev_device_added ev
;
5128 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
5129 ev
.addr
.type
= type
;
5132 mgmt_event(MGMT_EV_DEVICE_ADDED
, hdev
, &ev
, sizeof(ev
), sk
);
5135 static int add_device(struct sock
*sk
, struct hci_dev
*hdev
,
5136 void *data
, u16 len
)
5138 struct mgmt_cp_add_device
*cp
= data
;
5139 u8 auto_conn
, addr_type
;
5142 BT_DBG("%s", hdev
->name
);
5144 if (!bdaddr_type_is_le(cp
->addr
.type
) ||
5145 !bacmp(&cp
->addr
.bdaddr
, BDADDR_ANY
))
5146 return cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_DEVICE
,
5147 MGMT_STATUS_INVALID_PARAMS
,
5148 &cp
->addr
, sizeof(cp
->addr
));
5150 if (cp
->action
!= 0x00 && cp
->action
!= 0x01)
5151 return cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_DEVICE
,
5152 MGMT_STATUS_INVALID_PARAMS
,
5153 &cp
->addr
, sizeof(cp
->addr
));
5157 if (cp
->addr
.type
== BDADDR_LE_PUBLIC
)
5158 addr_type
= ADDR_LE_DEV_PUBLIC
;
5160 addr_type
= ADDR_LE_DEV_RANDOM
;
5163 auto_conn
= HCI_AUTO_CONN_ALWAYS
;
5165 auto_conn
= HCI_AUTO_CONN_REPORT
;
5167 /* If the connection parameters don't exist for this device,
5168 * they will be created and configured with defaults.
5170 if (hci_conn_params_set(hdev
, &cp
->addr
.bdaddr
, addr_type
,
5172 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_DEVICE
,
5174 &cp
->addr
, sizeof(cp
->addr
));
5178 device_added(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, cp
->action
);
5180 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_DEVICE
,
5181 MGMT_STATUS_SUCCESS
, &cp
->addr
, sizeof(cp
->addr
));
5184 hci_dev_unlock(hdev
);
5188 static void device_removed(struct sock
*sk
, struct hci_dev
*hdev
,
5189 bdaddr_t
*bdaddr
, u8 type
)
5191 struct mgmt_ev_device_removed ev
;
5193 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
5194 ev
.addr
.type
= type
;
5196 mgmt_event(MGMT_EV_DEVICE_REMOVED
, hdev
, &ev
, sizeof(ev
), sk
);
5199 static int remove_device(struct sock
*sk
, struct hci_dev
*hdev
,
5200 void *data
, u16 len
)
5202 struct mgmt_cp_remove_device
*cp
= data
;
5205 BT_DBG("%s", hdev
->name
);
5209 if (bacmp(&cp
->addr
.bdaddr
, BDADDR_ANY
)) {
5210 struct hci_conn_params
*params
;
5213 if (!bdaddr_type_is_le(cp
->addr
.type
)) {
5214 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_DEVICE
,
5215 MGMT_STATUS_INVALID_PARAMS
,
5216 &cp
->addr
, sizeof(cp
->addr
));
5220 if (cp
->addr
.type
== BDADDR_LE_PUBLIC
)
5221 addr_type
= ADDR_LE_DEV_PUBLIC
;
5223 addr_type
= ADDR_LE_DEV_RANDOM
;
5225 params
= hci_conn_params_lookup(hdev
, &cp
->addr
.bdaddr
,
5228 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_DEVICE
,
5229 MGMT_STATUS_INVALID_PARAMS
,
5230 &cp
->addr
, sizeof(cp
->addr
));
5234 if (params
->auto_connect
== HCI_AUTO_CONN_DISABLED
) {
5235 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_DEVICE
,
5236 MGMT_STATUS_INVALID_PARAMS
,
5237 &cp
->addr
, sizeof(cp
->addr
));
5241 list_del(¶ms
->action
);
5242 list_del(¶ms
->list
);
5244 hci_update_background_scan(hdev
);
5246 device_removed(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
5248 if (cp
->addr
.type
) {
5249 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_DEVICE
,
5250 MGMT_STATUS_INVALID_PARAMS
,
5251 &cp
->addr
, sizeof(cp
->addr
));
5255 hci_conn_params_clear_enabled(hdev
);
5258 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_DEVICE
,
5259 MGMT_STATUS_SUCCESS
, &cp
->addr
, sizeof(cp
->addr
));
5262 hci_dev_unlock(hdev
);
5266 static int load_conn_param(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
5269 struct mgmt_cp_load_conn_param
*cp
= data
;
5270 const u16 max_param_count
= ((U16_MAX
- sizeof(*cp
)) /
5271 sizeof(struct mgmt_conn_param
));
5272 u16 param_count
, expected_len
;
5275 if (!lmp_le_capable(hdev
))
5276 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_CONN_PARAM
,
5277 MGMT_STATUS_NOT_SUPPORTED
);
5279 param_count
= __le16_to_cpu(cp
->param_count
);
5280 if (param_count
> max_param_count
) {
5281 BT_ERR("load_conn_param: too big param_count value %u",
5283 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_CONN_PARAM
,
5284 MGMT_STATUS_INVALID_PARAMS
);
5287 expected_len
= sizeof(*cp
) + param_count
*
5288 sizeof(struct mgmt_conn_param
);
5289 if (expected_len
!= len
) {
5290 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5292 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_CONN_PARAM
,
5293 MGMT_STATUS_INVALID_PARAMS
);
5296 BT_DBG("%s param_count %u", hdev
->name
, param_count
);
5300 hci_conn_params_clear_disabled(hdev
);
5302 for (i
= 0; i
< param_count
; i
++) {
5303 struct mgmt_conn_param
*param
= &cp
->params
[i
];
5304 struct hci_conn_params
*hci_param
;
5305 u16 min
, max
, latency
, timeout
;
5308 BT_DBG("Adding %pMR (type %u)", ¶m
->addr
.bdaddr
,
5311 if (param
->addr
.type
== BDADDR_LE_PUBLIC
) {
5312 addr_type
= ADDR_LE_DEV_PUBLIC
;
5313 } else if (param
->addr
.type
== BDADDR_LE_RANDOM
) {
5314 addr_type
= ADDR_LE_DEV_RANDOM
;
5316 BT_ERR("Ignoring invalid connection parameters");
5320 min
= le16_to_cpu(param
->min_interval
);
5321 max
= le16_to_cpu(param
->max_interval
);
5322 latency
= le16_to_cpu(param
->latency
);
5323 timeout
= le16_to_cpu(param
->timeout
);
5325 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5326 min
, max
, latency
, timeout
);
5328 if (hci_check_conn_params(min
, max
, latency
, timeout
) < 0) {
5329 BT_ERR("Ignoring invalid connection parameters");
5333 hci_param
= hci_conn_params_add(hdev
, ¶m
->addr
.bdaddr
,
5336 BT_ERR("Failed to add connection parameters");
5340 hci_param
->conn_min_interval
= min
;
5341 hci_param
->conn_max_interval
= max
;
5342 hci_param
->conn_latency
= latency
;
5343 hci_param
->supervision_timeout
= timeout
;
5346 hci_dev_unlock(hdev
);
5348 return cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_CONN_PARAM
, 0, NULL
, 0);
5351 static const struct mgmt_handler
{
5352 int (*func
) (struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
5356 } mgmt_handlers
[] = {
5357 { NULL
}, /* 0x0000 (no command) */
5358 { read_version
, false, MGMT_READ_VERSION_SIZE
},
5359 { read_commands
, false, MGMT_READ_COMMANDS_SIZE
},
5360 { read_index_list
, false, MGMT_READ_INDEX_LIST_SIZE
},
5361 { read_controller_info
, false, MGMT_READ_INFO_SIZE
},
5362 { set_powered
, false, MGMT_SETTING_SIZE
},
5363 { set_discoverable
, false, MGMT_SET_DISCOVERABLE_SIZE
},
5364 { set_connectable
, false, MGMT_SETTING_SIZE
},
5365 { set_fast_connectable
, false, MGMT_SETTING_SIZE
},
5366 { set_pairable
, false, MGMT_SETTING_SIZE
},
5367 { set_link_security
, false, MGMT_SETTING_SIZE
},
5368 { set_ssp
, false, MGMT_SETTING_SIZE
},
5369 { set_hs
, false, MGMT_SETTING_SIZE
},
5370 { set_le
, false, MGMT_SETTING_SIZE
},
5371 { set_dev_class
, false, MGMT_SET_DEV_CLASS_SIZE
},
5372 { set_local_name
, false, MGMT_SET_LOCAL_NAME_SIZE
},
5373 { add_uuid
, false, MGMT_ADD_UUID_SIZE
},
5374 { remove_uuid
, false, MGMT_REMOVE_UUID_SIZE
},
5375 { load_link_keys
, true, MGMT_LOAD_LINK_KEYS_SIZE
},
5376 { load_long_term_keys
, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE
},
5377 { disconnect
, false, MGMT_DISCONNECT_SIZE
},
5378 { get_connections
, false, MGMT_GET_CONNECTIONS_SIZE
},
5379 { pin_code_reply
, false, MGMT_PIN_CODE_REPLY_SIZE
},
5380 { pin_code_neg_reply
, false, MGMT_PIN_CODE_NEG_REPLY_SIZE
},
5381 { set_io_capability
, false, MGMT_SET_IO_CAPABILITY_SIZE
},
5382 { pair_device
, false, MGMT_PAIR_DEVICE_SIZE
},
5383 { cancel_pair_device
, false, MGMT_CANCEL_PAIR_DEVICE_SIZE
},
5384 { unpair_device
, false, MGMT_UNPAIR_DEVICE_SIZE
},
5385 { user_confirm_reply
, false, MGMT_USER_CONFIRM_REPLY_SIZE
},
5386 { user_confirm_neg_reply
, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE
},
5387 { user_passkey_reply
, false, MGMT_USER_PASSKEY_REPLY_SIZE
},
5388 { user_passkey_neg_reply
, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE
},
5389 { read_local_oob_data
, false, MGMT_READ_LOCAL_OOB_DATA_SIZE
},
5390 { add_remote_oob_data
, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE
},
5391 { remove_remote_oob_data
, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE
},
5392 { start_discovery
, false, MGMT_START_DISCOVERY_SIZE
},
5393 { stop_discovery
, false, MGMT_STOP_DISCOVERY_SIZE
},
5394 { confirm_name
, false, MGMT_CONFIRM_NAME_SIZE
},
5395 { block_device
, false, MGMT_BLOCK_DEVICE_SIZE
},
5396 { unblock_device
, false, MGMT_UNBLOCK_DEVICE_SIZE
},
5397 { set_device_id
, false, MGMT_SET_DEVICE_ID_SIZE
},
5398 { set_advertising
, false, MGMT_SETTING_SIZE
},
5399 { set_bredr
, false, MGMT_SETTING_SIZE
},
5400 { set_static_address
, false, MGMT_SET_STATIC_ADDRESS_SIZE
},
5401 { set_scan_params
, false, MGMT_SET_SCAN_PARAMS_SIZE
},
5402 { set_secure_conn
, false, MGMT_SETTING_SIZE
},
5403 { set_debug_keys
, false, MGMT_SETTING_SIZE
},
5404 { set_privacy
, false, MGMT_SET_PRIVACY_SIZE
},
5405 { load_irks
, true, MGMT_LOAD_IRKS_SIZE
},
5406 { get_conn_info
, false, MGMT_GET_CONN_INFO_SIZE
},
5407 { get_clock_info
, false, MGMT_GET_CLOCK_INFO_SIZE
},
5408 { add_device
, false, MGMT_ADD_DEVICE_SIZE
},
5409 { remove_device
, false, MGMT_REMOVE_DEVICE_SIZE
},
5410 { load_conn_param
, true, MGMT_LOAD_CONN_PARAM_SIZE
},
5411 { read_unconf_index_list
, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE
},
5412 { read_config_info
, false, MGMT_READ_CONFIG_INFO_SIZE
},
5415 int mgmt_control(struct sock
*sk
, struct msghdr
*msg
, size_t msglen
)
5419 struct mgmt_hdr
*hdr
;
5420 u16 opcode
, index
, len
;
5421 struct hci_dev
*hdev
= NULL
;
5422 const struct mgmt_handler
*handler
;
5425 BT_DBG("got %zu bytes", msglen
);
5427 if (msglen
< sizeof(*hdr
))
5430 buf
= kmalloc(msglen
, GFP_KERNEL
);
5434 if (memcpy_fromiovec(buf
, msg
->msg_iov
, msglen
)) {
5440 opcode
= __le16_to_cpu(hdr
->opcode
);
5441 index
= __le16_to_cpu(hdr
->index
);
5442 len
= __le16_to_cpu(hdr
->len
);
5444 if (len
!= msglen
- sizeof(*hdr
)) {
5449 if (index
!= MGMT_INDEX_NONE
) {
5450 hdev
= hci_dev_get(index
);
5452 err
= cmd_status(sk
, index
, opcode
,
5453 MGMT_STATUS_INVALID_INDEX
);
5457 if (test_bit(HCI_SETUP
, &hdev
->dev_flags
) ||
5458 test_bit(HCI_USER_CHANNEL
, &hdev
->dev_flags
)) {
5459 err
= cmd_status(sk
, index
, opcode
,
5460 MGMT_STATUS_INVALID_INDEX
);
5464 if (test_bit(HCI_UNCONFIGURED
, &hdev
->dev_flags
) &&
5465 opcode
!= MGMT_OP_READ_CONFIG_INFO
) {
5466 err
= cmd_status(sk
, index
, opcode
,
5467 MGMT_STATUS_INVALID_INDEX
);
5472 if (opcode
>= ARRAY_SIZE(mgmt_handlers
) ||
5473 mgmt_handlers
[opcode
].func
== NULL
) {
5474 BT_DBG("Unknown op %u", opcode
);
5475 err
= cmd_status(sk
, index
, opcode
,
5476 MGMT_STATUS_UNKNOWN_COMMAND
);
5480 if (hdev
&& (opcode
<= MGMT_OP_READ_INDEX_LIST
||
5481 opcode
== MGMT_OP_READ_UNCONF_INDEX_LIST
)) {
5482 err
= cmd_status(sk
, index
, opcode
,
5483 MGMT_STATUS_INVALID_INDEX
);
5487 if (!hdev
&& (opcode
> MGMT_OP_READ_INDEX_LIST
&&
5488 opcode
!= MGMT_OP_READ_UNCONF_INDEX_LIST
)) {
5489 err
= cmd_status(sk
, index
, opcode
,
5490 MGMT_STATUS_INVALID_INDEX
);
5494 handler
= &mgmt_handlers
[opcode
];
5496 if ((handler
->var_len
&& len
< handler
->data_len
) ||
5497 (!handler
->var_len
&& len
!= handler
->data_len
)) {
5498 err
= cmd_status(sk
, index
, opcode
,
5499 MGMT_STATUS_INVALID_PARAMS
);
5504 mgmt_init_hdev(sk
, hdev
);
5506 cp
= buf
+ sizeof(*hdr
);
5508 err
= handler
->func(sk
, hdev
, cp
, len
);
5522 void mgmt_index_added(struct hci_dev
*hdev
)
5524 if (hdev
->dev_type
!= HCI_BREDR
)
5527 if (test_bit(HCI_QUIRK_RAW_DEVICE
, &hdev
->quirks
))
5530 if (test_bit(HCI_UNCONFIGURED
, &hdev
->dev_flags
))
5531 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED
, hdev
, NULL
, 0, NULL
);
5533 mgmt_event(MGMT_EV_INDEX_ADDED
, hdev
, NULL
, 0, NULL
);
5536 void mgmt_index_removed(struct hci_dev
*hdev
)
5538 u8 status
= MGMT_STATUS_INVALID_INDEX
;
5540 if (hdev
->dev_type
!= HCI_BREDR
)
5543 if (test_bit(HCI_QUIRK_RAW_DEVICE
, &hdev
->quirks
))
5546 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status
);
5548 if (test_bit(HCI_UNCONFIGURED
, &hdev
->dev_flags
))
5549 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED
, hdev
, NULL
, 0, NULL
);
5551 mgmt_event(MGMT_EV_INDEX_REMOVED
, hdev
, NULL
, 0, NULL
);
5554 /* This function requires the caller holds hdev->lock */
5555 static void restart_le_actions(struct hci_dev
*hdev
)
5557 struct hci_conn_params
*p
;
5559 list_for_each_entry(p
, &hdev
->le_conn_params
, list
) {
5560 /* Needed for AUTO_OFF case where might not "really"
5561 * have been powered off.
5563 list_del_init(&p
->action
);
5565 switch (p
->auto_connect
) {
5566 case HCI_AUTO_CONN_ALWAYS
:
5567 list_add(&p
->action
, &hdev
->pend_le_conns
);
5569 case HCI_AUTO_CONN_REPORT
:
5570 list_add(&p
->action
, &hdev
->pend_le_reports
);
5577 hci_update_background_scan(hdev
);
5580 static void powered_complete(struct hci_dev
*hdev
, u8 status
)
5582 struct cmd_lookup match
= { NULL
, hdev
};
5584 BT_DBG("status 0x%02x", status
);
5588 restart_le_actions(hdev
);
5590 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
, &match
);
5592 new_settings(hdev
, match
.sk
);
5594 hci_dev_unlock(hdev
);
5600 static int powered_update_hci(struct hci_dev
*hdev
)
5602 struct hci_request req
;
5605 hci_req_init(&req
, hdev
);
5607 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
) &&
5608 !lmp_host_ssp_capable(hdev
)) {
5611 hci_req_add(&req
, HCI_OP_WRITE_SSP_MODE
, 1, &ssp
);
5614 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
) &&
5615 lmp_bredr_capable(hdev
)) {
5616 struct hci_cp_write_le_host_supported cp
;
5619 cp
.simul
= lmp_le_br_capable(hdev
);
5621 /* Check first if we already have the right
5622 * host state (host features set)
5624 if (cp
.le
!= lmp_host_le_capable(hdev
) ||
5625 cp
.simul
!= lmp_host_le_br_capable(hdev
))
5626 hci_req_add(&req
, HCI_OP_WRITE_LE_HOST_SUPPORTED
,
5630 if (lmp_le_capable(hdev
)) {
5631 /* Make sure the controller has a good default for
5632 * advertising data. This also applies to the case
5633 * where BR/EDR was toggled during the AUTO_OFF phase.
5635 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
5636 update_adv_data(&req
);
5637 update_scan_rsp_data(&req
);
5640 if (test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
))
5641 enable_advertising(&req
);
5644 link_sec
= test_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
);
5645 if (link_sec
!= test_bit(HCI_AUTH
, &hdev
->flags
))
5646 hci_req_add(&req
, HCI_OP_WRITE_AUTH_ENABLE
,
5647 sizeof(link_sec
), &link_sec
);
5649 if (lmp_bredr_capable(hdev
)) {
5650 if (test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
))
5651 set_bredr_scan(&req
);
5657 return hci_req_run(&req
, powered_complete
);
5660 int mgmt_powered(struct hci_dev
*hdev
, u8 powered
)
5662 struct cmd_lookup match
= { NULL
, hdev
};
5663 u8 status_not_powered
= MGMT_STATUS_NOT_POWERED
;
5664 u8 zero_cod
[] = { 0, 0, 0 };
5667 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
5671 if (powered_update_hci(hdev
) == 0)
5674 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
,
5679 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
, &match
);
5680 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status_not_powered
);
5682 if (memcmp(hdev
->dev_class
, zero_cod
, sizeof(zero_cod
)) != 0)
5683 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED
, hdev
,
5684 zero_cod
, sizeof(zero_cod
), NULL
);
5687 err
= new_settings(hdev
, match
.sk
);
5695 void mgmt_set_powered_failed(struct hci_dev
*hdev
, int err
)
5697 struct pending_cmd
*cmd
;
5700 cmd
= mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
);
5704 if (err
== -ERFKILL
)
5705 status
= MGMT_STATUS_RFKILLED
;
5707 status
= MGMT_STATUS_FAILED
;
5709 cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_POWERED
, status
);
5711 mgmt_pending_remove(cmd
);
5714 void mgmt_discoverable_timeout(struct hci_dev
*hdev
)
5716 struct hci_request req
;
5720 /* When discoverable timeout triggers, then just make sure
5721 * the limited discoverable flag is cleared. Even in the case
5722 * of a timeout triggered from general discoverable, it is
5723 * safe to unconditionally clear the flag.
5725 clear_bit(HCI_LIMITED_DISCOVERABLE
, &hdev
->dev_flags
);
5726 clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
5728 hci_req_init(&req
, hdev
);
5729 if (test_bit(HCI_BREDR_ENABLED
, &hdev
->dev_flags
)) {
5730 u8 scan
= SCAN_PAGE
;
5731 hci_req_add(&req
, HCI_OP_WRITE_SCAN_ENABLE
,
5732 sizeof(scan
), &scan
);
5735 update_adv_data(&req
);
5736 hci_req_run(&req
, NULL
);
5738 hdev
->discov_timeout
= 0;
5740 new_settings(hdev
, NULL
);
5742 hci_dev_unlock(hdev
);
5745 void mgmt_discoverable(struct hci_dev
*hdev
, u8 discoverable
)
5749 /* Nothing needed here if there's a pending command since that
5750 * commands request completion callback takes care of everything
5753 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
))
5756 /* Powering off may clear the scan mode - don't let that interfere */
5757 if (!discoverable
&& mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
))
5761 changed
= !test_and_set_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
5763 clear_bit(HCI_LIMITED_DISCOVERABLE
, &hdev
->dev_flags
);
5764 changed
= test_and_clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
5768 struct hci_request req
;
5770 /* In case this change in discoverable was triggered by
5771 * a disabling of connectable there could be a need to
5772 * update the advertising flags.
5774 hci_req_init(&req
, hdev
);
5775 update_adv_data(&req
);
5776 hci_req_run(&req
, NULL
);
5778 new_settings(hdev
, NULL
);
5782 void mgmt_connectable(struct hci_dev
*hdev
, u8 connectable
)
5786 /* Nothing needed here if there's a pending command since that
5787 * commands request completion callback takes care of everything
5790 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
))
5793 /* Powering off may clear the scan mode - don't let that interfere */
5794 if (!connectable
&& mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
))
5798 changed
= !test_and_set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
5800 changed
= test_and_clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
5803 new_settings(hdev
, NULL
);
5806 void mgmt_advertising(struct hci_dev
*hdev
, u8 advertising
)
5808 /* Powering off may stop advertising - don't let that interfere */
5809 if (!advertising
&& mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
))
5813 set_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
5815 clear_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
5818 void mgmt_write_scan_failed(struct hci_dev
*hdev
, u8 scan
, u8 status
)
5820 u8 mgmt_err
= mgmt_status(status
);
5822 if (scan
& SCAN_PAGE
)
5823 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE
, hdev
,
5824 cmd_status_rsp
, &mgmt_err
);
5826 if (scan
& SCAN_INQUIRY
)
5827 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE
, hdev
,
5828 cmd_status_rsp
, &mgmt_err
);
5831 void mgmt_new_link_key(struct hci_dev
*hdev
, struct link_key
*key
,
5834 struct mgmt_ev_new_link_key ev
;
5836 memset(&ev
, 0, sizeof(ev
));
5838 ev
.store_hint
= persistent
;
5839 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
5840 ev
.key
.addr
.type
= BDADDR_BREDR
;
5841 ev
.key
.type
= key
->type
;
5842 memcpy(ev
.key
.val
, key
->val
, HCI_LINK_KEY_SIZE
);
5843 ev
.key
.pin_len
= key
->pin_len
;
5845 mgmt_event(MGMT_EV_NEW_LINK_KEY
, hdev
, &ev
, sizeof(ev
), NULL
);
5848 static u8
mgmt_ltk_type(struct smp_ltk
*ltk
)
5850 if (ltk
->authenticated
)
5851 return MGMT_LTK_AUTHENTICATED
;
5853 return MGMT_LTK_UNAUTHENTICATED
;
5856 void mgmt_new_ltk(struct hci_dev
*hdev
, struct smp_ltk
*key
, bool persistent
)
5858 struct mgmt_ev_new_long_term_key ev
;
5860 memset(&ev
, 0, sizeof(ev
));
5862 /* Devices using resolvable or non-resolvable random addresses
5863 * without providing an indentity resolving key don't require
5864 * to store long term keys. Their addresses will change the
5867 * Only when a remote device provides an identity address
5868 * make sure the long term key is stored. If the remote
5869 * identity is known, the long term keys are internally
5870 * mapped to the identity address. So allow static random
5871 * and public addresses here.
5873 if (key
->bdaddr_type
== ADDR_LE_DEV_RANDOM
&&
5874 (key
->bdaddr
.b
[5] & 0xc0) != 0xc0)
5875 ev
.store_hint
= 0x00;
5877 ev
.store_hint
= persistent
;
5879 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
5880 ev
.key
.addr
.type
= link_to_bdaddr(LE_LINK
, key
->bdaddr_type
);
5881 ev
.key
.type
= mgmt_ltk_type(key
);
5882 ev
.key
.enc_size
= key
->enc_size
;
5883 ev
.key
.ediv
= key
->ediv
;
5884 ev
.key
.rand
= key
->rand
;
5886 if (key
->type
== SMP_LTK
)
5889 memcpy(ev
.key
.val
, key
->val
, sizeof(key
->val
));
5891 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY
, hdev
, &ev
, sizeof(ev
), NULL
);
5894 void mgmt_new_irk(struct hci_dev
*hdev
, struct smp_irk
*irk
)
5896 struct mgmt_ev_new_irk ev
;
5898 memset(&ev
, 0, sizeof(ev
));
5900 /* For identity resolving keys from devices that are already
5901 * using a public address or static random address, do not
5902 * ask for storing this key. The identity resolving key really
5903 * is only mandatory for devices using resovlable random
5906 * Storing all identity resolving keys has the downside that
5907 * they will be also loaded on next boot of they system. More
5908 * identity resolving keys, means more time during scanning is
5909 * needed to actually resolve these addresses.
5911 if (bacmp(&irk
->rpa
, BDADDR_ANY
))
5912 ev
.store_hint
= 0x01;
5914 ev
.store_hint
= 0x00;
5916 bacpy(&ev
.rpa
, &irk
->rpa
);
5917 bacpy(&ev
.irk
.addr
.bdaddr
, &irk
->bdaddr
);
5918 ev
.irk
.addr
.type
= link_to_bdaddr(LE_LINK
, irk
->addr_type
);
5919 memcpy(ev
.irk
.val
, irk
->val
, sizeof(irk
->val
));
5921 mgmt_event(MGMT_EV_NEW_IRK
, hdev
, &ev
, sizeof(ev
), NULL
);
5924 void mgmt_new_csrk(struct hci_dev
*hdev
, struct smp_csrk
*csrk
,
5927 struct mgmt_ev_new_csrk ev
;
5929 memset(&ev
, 0, sizeof(ev
));
5931 /* Devices using resolvable or non-resolvable random addresses
5932 * without providing an indentity resolving key don't require
5933 * to store signature resolving keys. Their addresses will change
5934 * the next time around.
5936 * Only when a remote device provides an identity address
5937 * make sure the signature resolving key is stored. So allow
5938 * static random and public addresses here.
5940 if (csrk
->bdaddr_type
== ADDR_LE_DEV_RANDOM
&&
5941 (csrk
->bdaddr
.b
[5] & 0xc0) != 0xc0)
5942 ev
.store_hint
= 0x00;
5944 ev
.store_hint
= persistent
;
5946 bacpy(&ev
.key
.addr
.bdaddr
, &csrk
->bdaddr
);
5947 ev
.key
.addr
.type
= link_to_bdaddr(LE_LINK
, csrk
->bdaddr_type
);
5948 ev
.key
.master
= csrk
->master
;
5949 memcpy(ev
.key
.val
, csrk
->val
, sizeof(csrk
->val
));
5951 mgmt_event(MGMT_EV_NEW_CSRK
, hdev
, &ev
, sizeof(ev
), NULL
);
5954 void mgmt_new_conn_param(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
5955 u8 bdaddr_type
, u8 store_hint
, u16 min_interval
,
5956 u16 max_interval
, u16 latency
, u16 timeout
)
5958 struct mgmt_ev_new_conn_param ev
;
5960 if (!hci_is_identity_address(bdaddr
, bdaddr_type
))
5963 memset(&ev
, 0, sizeof(ev
));
5964 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
5965 ev
.addr
.type
= link_to_bdaddr(LE_LINK
, bdaddr_type
);
5966 ev
.store_hint
= store_hint
;
5967 ev
.min_interval
= cpu_to_le16(min_interval
);
5968 ev
.max_interval
= cpu_to_le16(max_interval
);
5969 ev
.latency
= cpu_to_le16(latency
);
5970 ev
.timeout
= cpu_to_le16(timeout
);
5972 mgmt_event(MGMT_EV_NEW_CONN_PARAM
, hdev
, &ev
, sizeof(ev
), NULL
);
5975 static inline u16
eir_append_data(u8
*eir
, u16 eir_len
, u8 type
, u8
*data
,
5978 eir
[eir_len
++] = sizeof(type
) + data_len
;
5979 eir
[eir_len
++] = type
;
5980 memcpy(&eir
[eir_len
], data
, data_len
);
5981 eir_len
+= data_len
;
5986 void mgmt_device_connected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
5987 u8 addr_type
, u32 flags
, u8
*name
, u8 name_len
,
5991 struct mgmt_ev_device_connected
*ev
= (void *) buf
;
5994 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
5995 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
5997 ev
->flags
= __cpu_to_le32(flags
);
6000 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
,
6003 if (dev_class
&& memcmp(dev_class
, "\0\0\0", 3) != 0)
6004 eir_len
= eir_append_data(ev
->eir
, eir_len
,
6005 EIR_CLASS_OF_DEV
, dev_class
, 3);
6007 ev
->eir_len
= cpu_to_le16(eir_len
);
6009 mgmt_event(MGMT_EV_DEVICE_CONNECTED
, hdev
, buf
,
6010 sizeof(*ev
) + eir_len
, NULL
);
6013 static void disconnect_rsp(struct pending_cmd
*cmd
, void *data
)
6015 struct mgmt_cp_disconnect
*cp
= cmd
->param
;
6016 struct sock
**sk
= data
;
6017 struct mgmt_rp_disconnect rp
;
6019 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
6020 rp
.addr
.type
= cp
->addr
.type
;
6022 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
, 0, &rp
,
6028 mgmt_pending_remove(cmd
);
6031 static void unpair_device_rsp(struct pending_cmd
*cmd
, void *data
)
6033 struct hci_dev
*hdev
= data
;
6034 struct mgmt_cp_unpair_device
*cp
= cmd
->param
;
6035 struct mgmt_rp_unpair_device rp
;
6037 memset(&rp
, 0, sizeof(rp
));
6038 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
6039 rp
.addr
.type
= cp
->addr
.type
;
6041 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, cmd
->sk
);
6043 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, 0, &rp
, sizeof(rp
));
6045 mgmt_pending_remove(cmd
);
6048 void mgmt_device_disconnected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6049 u8 link_type
, u8 addr_type
, u8 reason
,
6050 bool mgmt_connected
)
6052 struct mgmt_ev_device_disconnected ev
;
6053 struct pending_cmd
*power_off
;
6054 struct sock
*sk
= NULL
;
6056 power_off
= mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
);
6058 struct mgmt_mode
*cp
= power_off
->param
;
6060 /* The connection is still in hci_conn_hash so test for 1
6061 * instead of 0 to know if this is the last one.
6063 if (!cp
->val
&& hci_conn_count(hdev
) == 1) {
6064 cancel_delayed_work(&hdev
->power_off
);
6065 queue_work(hdev
->req_workqueue
, &hdev
->power_off
.work
);
6069 if (!mgmt_connected
)
6072 if (link_type
!= ACL_LINK
&& link_type
!= LE_LINK
)
6075 mgmt_pending_foreach(MGMT_OP_DISCONNECT
, hdev
, disconnect_rsp
, &sk
);
6077 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
6078 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
6081 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED
, hdev
, &ev
, sizeof(ev
), sk
);
6086 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
6090 void mgmt_disconnect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6091 u8 link_type
, u8 addr_type
, u8 status
)
6093 u8 bdaddr_type
= link_to_bdaddr(link_type
, addr_type
);
6094 struct mgmt_cp_disconnect
*cp
;
6095 struct mgmt_rp_disconnect rp
;
6096 struct pending_cmd
*cmd
;
6098 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
6101 cmd
= mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
);
6107 if (bacmp(bdaddr
, &cp
->addr
.bdaddr
))
6110 if (cp
->addr
.type
!= bdaddr_type
)
6113 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
6114 rp
.addr
.type
= bdaddr_type
;
6116 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
,
6117 mgmt_status(status
), &rp
, sizeof(rp
));
6119 mgmt_pending_remove(cmd
);
6122 void mgmt_connect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
6123 u8 addr_type
, u8 status
)
6125 struct mgmt_ev_connect_failed ev
;
6126 struct pending_cmd
*power_off
;
6128 power_off
= mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
);
6130 struct mgmt_mode
*cp
= power_off
->param
;
6132 /* The connection is still in hci_conn_hash so test for 1
6133 * instead of 0 to know if this is the last one.
6135 if (!cp
->val
&& hci_conn_count(hdev
) == 1) {
6136 cancel_delayed_work(&hdev
->power_off
);
6137 queue_work(hdev
->req_workqueue
, &hdev
->power_off
.work
);
6141 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
6142 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
6143 ev
.status
= mgmt_status(status
);
6145 mgmt_event(MGMT_EV_CONNECT_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
6148 void mgmt_pin_code_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 secure
)
6150 struct mgmt_ev_pin_code_request ev
;
6152 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
6153 ev
.addr
.type
= BDADDR_BREDR
;
6156 mgmt_event(MGMT_EV_PIN_CODE_REQUEST
, hdev
, &ev
, sizeof(ev
), NULL
);
6159 void mgmt_pin_code_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6162 struct pending_cmd
*cmd
;
6163 struct mgmt_rp_pin_code_reply rp
;
6165 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY
, hdev
);
6169 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
6170 rp
.addr
.type
= BDADDR_BREDR
;
6172 cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
6173 mgmt_status(status
), &rp
, sizeof(rp
));
6175 mgmt_pending_remove(cmd
);
6178 void mgmt_pin_code_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6181 struct pending_cmd
*cmd
;
6182 struct mgmt_rp_pin_code_reply rp
;
6184 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
);
6188 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
6189 rp
.addr
.type
= BDADDR_BREDR
;
6191 cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_NEG_REPLY
,
6192 mgmt_status(status
), &rp
, sizeof(rp
));
6194 mgmt_pending_remove(cmd
);
6197 int mgmt_user_confirm_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6198 u8 link_type
, u8 addr_type
, u32 value
,
6201 struct mgmt_ev_user_confirm_request ev
;
6203 BT_DBG("%s", hdev
->name
);
6205 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
6206 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
6207 ev
.confirm_hint
= confirm_hint
;
6208 ev
.value
= cpu_to_le32(value
);
6210 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST
, hdev
, &ev
, sizeof(ev
),
6214 int mgmt_user_passkey_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6215 u8 link_type
, u8 addr_type
)
6217 struct mgmt_ev_user_passkey_request ev
;
6219 BT_DBG("%s", hdev
->name
);
6221 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
6222 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
6224 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST
, hdev
, &ev
, sizeof(ev
),
6228 static int user_pairing_resp_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6229 u8 link_type
, u8 addr_type
, u8 status
,
6232 struct pending_cmd
*cmd
;
6233 struct mgmt_rp_user_confirm_reply rp
;
6236 cmd
= mgmt_pending_find(opcode
, hdev
);
6240 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
6241 rp
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
6242 err
= cmd_complete(cmd
->sk
, hdev
->id
, opcode
, mgmt_status(status
),
6245 mgmt_pending_remove(cmd
);
6250 int mgmt_user_confirm_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6251 u8 link_type
, u8 addr_type
, u8 status
)
6253 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
6254 status
, MGMT_OP_USER_CONFIRM_REPLY
);
6257 int mgmt_user_confirm_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6258 u8 link_type
, u8 addr_type
, u8 status
)
6260 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
6262 MGMT_OP_USER_CONFIRM_NEG_REPLY
);
6265 int mgmt_user_passkey_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6266 u8 link_type
, u8 addr_type
, u8 status
)
6268 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
6269 status
, MGMT_OP_USER_PASSKEY_REPLY
);
6272 int mgmt_user_passkey_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6273 u8 link_type
, u8 addr_type
, u8 status
)
6275 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
6277 MGMT_OP_USER_PASSKEY_NEG_REPLY
);
6280 int mgmt_user_passkey_notify(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
6281 u8 link_type
, u8 addr_type
, u32 passkey
,
6284 struct mgmt_ev_passkey_notify ev
;
6286 BT_DBG("%s", hdev
->name
);
6288 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
6289 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
6290 ev
.passkey
= __cpu_to_le32(passkey
);
6291 ev
.entered
= entered
;
6293 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY
, hdev
, &ev
, sizeof(ev
), NULL
);
6296 void mgmt_auth_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
6297 u8 addr_type
, u8 status
)
6299 struct mgmt_ev_auth_failed ev
;
6301 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
6302 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
6303 ev
.status
= mgmt_status(status
);
6305 mgmt_event(MGMT_EV_AUTH_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
6308 void mgmt_auth_enable_complete(struct hci_dev
*hdev
, u8 status
)
6310 struct cmd_lookup match
= { NULL
, hdev
};
6314 u8 mgmt_err
= mgmt_status(status
);
6315 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
,
6316 cmd_status_rsp
, &mgmt_err
);
6320 if (test_bit(HCI_AUTH
, &hdev
->flags
))
6321 changed
= !test_and_set_bit(HCI_LINK_SECURITY
,
6324 changed
= test_and_clear_bit(HCI_LINK_SECURITY
,
6327 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
, settings_rsp
,
6331 new_settings(hdev
, match
.sk
);
6337 static void clear_eir(struct hci_request
*req
)
6339 struct hci_dev
*hdev
= req
->hdev
;
6340 struct hci_cp_write_eir cp
;
6342 if (!lmp_ext_inq_capable(hdev
))
6345 memset(hdev
->eir
, 0, sizeof(hdev
->eir
));
6347 memset(&cp
, 0, sizeof(cp
));
6349 hci_req_add(req
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
6352 void mgmt_ssp_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
6354 struct cmd_lookup match
= { NULL
, hdev
};
6355 struct hci_request req
;
6356 bool changed
= false;
6359 u8 mgmt_err
= mgmt_status(status
);
6361 if (enable
&& test_and_clear_bit(HCI_SSP_ENABLED
,
6362 &hdev
->dev_flags
)) {
6363 clear_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
6364 new_settings(hdev
, NULL
);
6367 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, cmd_status_rsp
,
6373 changed
= !test_and_set_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
6375 changed
= test_and_clear_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
6377 changed
= test_and_clear_bit(HCI_HS_ENABLED
,
6380 clear_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
6383 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, settings_rsp
, &match
);
6386 new_settings(hdev
, match
.sk
);
6391 hci_req_init(&req
, hdev
);
6393 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
6394 if (test_bit(HCI_USE_DEBUG_KEYS
, &hdev
->dev_flags
))
6395 hci_req_add(&req
, HCI_OP_WRITE_SSP_DEBUG_MODE
,
6396 sizeof(enable
), &enable
);
6402 hci_req_run(&req
, NULL
);
6405 void mgmt_sc_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
6407 struct cmd_lookup match
= { NULL
, hdev
};
6408 bool changed
= false;
6411 u8 mgmt_err
= mgmt_status(status
);
6414 if (test_and_clear_bit(HCI_SC_ENABLED
,
6416 new_settings(hdev
, NULL
);
6417 clear_bit(HCI_SC_ONLY
, &hdev
->dev_flags
);
6420 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN
, hdev
,
6421 cmd_status_rsp
, &mgmt_err
);
6426 changed
= !test_and_set_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
);
6428 changed
= test_and_clear_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
);
6429 clear_bit(HCI_SC_ONLY
, &hdev
->dev_flags
);
6432 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN
, hdev
,
6433 settings_rsp
, &match
);
6436 new_settings(hdev
, match
.sk
);
6442 static void sk_lookup(struct pending_cmd
*cmd
, void *data
)
6444 struct cmd_lookup
*match
= data
;
6446 if (match
->sk
== NULL
) {
6447 match
->sk
= cmd
->sk
;
6448 sock_hold(match
->sk
);
6452 void mgmt_set_class_of_dev_complete(struct hci_dev
*hdev
, u8
*dev_class
,
6455 struct cmd_lookup match
= { NULL
, hdev
, mgmt_status(status
) };
6457 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS
, hdev
, sk_lookup
, &match
);
6458 mgmt_pending_foreach(MGMT_OP_ADD_UUID
, hdev
, sk_lookup
, &match
);
6459 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID
, hdev
, sk_lookup
, &match
);
6462 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED
, hdev
, dev_class
, 3,
6469 void mgmt_set_local_name_complete(struct hci_dev
*hdev
, u8
*name
, u8 status
)
6471 struct mgmt_cp_set_local_name ev
;
6472 struct pending_cmd
*cmd
;
6477 memset(&ev
, 0, sizeof(ev
));
6478 memcpy(ev
.name
, name
, HCI_MAX_NAME_LENGTH
);
6479 memcpy(ev
.short_name
, hdev
->short_name
, HCI_MAX_SHORT_NAME_LENGTH
);
6481 cmd
= mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME
, hdev
);
6483 memcpy(hdev
->dev_name
, name
, sizeof(hdev
->dev_name
));
6485 /* If this is a HCI command related to powering on the
6486 * HCI dev don't send any mgmt signals.
6488 if (mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
))
6492 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, &ev
, sizeof(ev
),
6493 cmd
? cmd
->sk
: NULL
);
6496 void mgmt_read_local_oob_data_complete(struct hci_dev
*hdev
, u8
*hash192
,
6497 u8
*randomizer192
, u8
*hash256
,
6498 u8
*randomizer256
, u8 status
)
6500 struct pending_cmd
*cmd
;
6502 BT_DBG("%s status %u", hdev
->name
, status
);
6504 cmd
= mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
);
6509 cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
6510 mgmt_status(status
));
6512 if (test_bit(HCI_SC_ENABLED
, &hdev
->dev_flags
) &&
6513 hash256
&& randomizer256
) {
6514 struct mgmt_rp_read_local_oob_ext_data rp
;
6516 memcpy(rp
.hash192
, hash192
, sizeof(rp
.hash192
));
6517 memcpy(rp
.randomizer192
, randomizer192
,
6518 sizeof(rp
.randomizer192
));
6520 memcpy(rp
.hash256
, hash256
, sizeof(rp
.hash256
));
6521 memcpy(rp
.randomizer256
, randomizer256
,
6522 sizeof(rp
.randomizer256
));
6524 cmd_complete(cmd
->sk
, hdev
->id
,
6525 MGMT_OP_READ_LOCAL_OOB_DATA
, 0,
6528 struct mgmt_rp_read_local_oob_data rp
;
6530 memcpy(rp
.hash
, hash192
, sizeof(rp
.hash
));
6531 memcpy(rp
.randomizer
, randomizer192
,
6532 sizeof(rp
.randomizer
));
6534 cmd_complete(cmd
->sk
, hdev
->id
,
6535 MGMT_OP_READ_LOCAL_OOB_DATA
, 0,
6540 mgmt_pending_remove(cmd
);
6543 void mgmt_device_found(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
6544 u8 addr_type
, u8
*dev_class
, s8 rssi
, u32 flags
,
6545 u8
*eir
, u16 eir_len
, u8
*scan_rsp
, u8 scan_rsp_len
)
6548 struct mgmt_ev_device_found
*ev
= (void *) buf
;
6549 struct smp_irk
*irk
;
6552 /* Don't send events for a non-kernel initiated discovery. With
6553 * LE one exception is if we have pend_le_reports > 0 in which
6554 * case we're doing passive scanning and want these events.
6556 if (!hci_discovery_active(hdev
)) {
6557 if (link_type
== ACL_LINK
)
6559 if (link_type
== LE_LINK
&& list_empty(&hdev
->pend_le_reports
))
6563 /* Make sure that the buffer is big enough. The 5 extra bytes
6564 * are for the potential CoD field.
6566 if (sizeof(*ev
) + eir_len
+ scan_rsp_len
+ 5 > sizeof(buf
))
6569 memset(buf
, 0, sizeof(buf
));
6571 irk
= hci_get_irk(hdev
, bdaddr
, addr_type
);
6573 bacpy(&ev
->addr
.bdaddr
, &irk
->bdaddr
);
6574 ev
->addr
.type
= link_to_bdaddr(link_type
, irk
->addr_type
);
6576 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
6577 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
6581 ev
->flags
= cpu_to_le32(flags
);
6584 memcpy(ev
->eir
, eir
, eir_len
);
6586 if (dev_class
&& !eir_has_data_type(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
))
6587 eir_len
= eir_append_data(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
,
6590 if (scan_rsp_len
> 0)
6591 memcpy(ev
->eir
+ eir_len
, scan_rsp
, scan_rsp_len
);
6593 ev
->eir_len
= cpu_to_le16(eir_len
+ scan_rsp_len
);
6594 ev_size
= sizeof(*ev
) + eir_len
+ scan_rsp_len
;
6596 mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
, ev_size
, NULL
);
6599 void mgmt_remote_name(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
6600 u8 addr_type
, s8 rssi
, u8
*name
, u8 name_len
)
6602 struct mgmt_ev_device_found
*ev
;
6603 char buf
[sizeof(*ev
) + HCI_MAX_NAME_LENGTH
+ 2];
6606 ev
= (struct mgmt_ev_device_found
*) buf
;
6608 memset(buf
, 0, sizeof(buf
));
6610 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
6611 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
6614 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
, name
,
6617 ev
->eir_len
= cpu_to_le16(eir_len
);
6619 mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
, sizeof(*ev
) + eir_len
, NULL
);
6622 void mgmt_discovering(struct hci_dev
*hdev
, u8 discovering
)
6624 struct mgmt_ev_discovering ev
;
6625 struct pending_cmd
*cmd
;
6627 BT_DBG("%s discovering %u", hdev
->name
, discovering
);
6630 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
6632 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
6635 u8 type
= hdev
->discovery
.type
;
6637 cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, 0, &type
,
6639 mgmt_pending_remove(cmd
);
6642 memset(&ev
, 0, sizeof(ev
));
6643 ev
.type
= hdev
->discovery
.type
;
6644 ev
.discovering
= discovering
;
6646 mgmt_event(MGMT_EV_DISCOVERING
, hdev
, &ev
, sizeof(ev
), NULL
);
6649 static void adv_enable_complete(struct hci_dev
*hdev
, u8 status
)
6651 BT_DBG("%s status %u", hdev
->name
, status
);
6653 /* Clear the advertising mgmt setting if we failed to re-enable it */
6655 clear_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
6656 new_settings(hdev
, NULL
);
6660 void mgmt_reenable_advertising(struct hci_dev
*hdev
)
6662 struct hci_request req
;
6664 if (hci_conn_num(hdev
, LE_LINK
) > 0)
6667 if (!test_bit(HCI_ADVERTISING
, &hdev
->dev_flags
))
6670 hci_req_init(&req
, hdev
);
6671 enable_advertising(&req
);
6673 /* If this fails we have no option but to let user space know
6674 * that we've disabled advertising.
6676 if (hci_req_run(&req
, adv_enable_complete
) < 0) {
6677 clear_bit(HCI_ADVERTISING
, &hdev
->dev_flags
);
6678 new_settings(hdev
, NULL
);