2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 2
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
81 static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102 MGMT_EV_PASSKEY_NOTIFY,
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
109 #define LE_SCAN_TYPE 0x01
110 #define LE_SCAN_WIN 0x12
111 #define LE_SCAN_INT 0x12
112 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
113 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
115 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
118 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
120 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124 struct list_head list;
132 /* HCI to MGMT error code conversion table */
133 static u8 mgmt_status_table[] = {
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
197 bool mgmt_valid_hdev(struct hci_dev *hdev)
199 return hdev->dev_type == HCI_BREDR;
202 static u8 mgmt_status(u8 hci_status)
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
207 return MGMT_STATUS_FAILED;
210 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
226 hdr->index = cpu_to_le16(index);
227 hdr->len = cpu_to_le16(sizeof(*ev));
229 ev = (void *) skb_put(skb, sizeof(*ev));
231 ev->opcode = cpu_to_le16(cmd);
233 err = sock_queue_rcv_skb(sk, skb);
240 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 void *rp, size_t rp_len)
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
248 BT_DBG("sock %p", sk);
250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
257 hdr->index = cpu_to_le16(index);
258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
261 ev->opcode = cpu_to_le16(cmd);
265 memcpy(ev->data, rp, rp_len);
267 err = sock_queue_rcv_skb(sk, skb);
274 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
277 struct mgmt_rp_read_version rp;
279 BT_DBG("sock %p", sk);
281 rp.version = MGMT_VERSION;
282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
288 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
291 struct mgmt_rp_read_commands *rp;
292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
298 BT_DBG("sock %p", sk);
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
302 rp = kmalloc(rp_size, GFP_KERNEL);
306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
322 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
325 struct mgmt_rp_read_index_list *rp;
331 BT_DBG("sock %p", sk);
333 read_lock(&hci_dev_list_lock);
336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
346 read_unlock(&hci_dev_list_lock);
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (test_bit(HCI_SETUP, &d->dev_flags))
355 if (!mgmt_valid_hdev(d))
358 rp->index[count++] = cpu_to_le16(d->id);
359 BT_DBG("Added hci%u", d->id);
362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
365 read_unlock(&hci_dev_list_lock);
367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
375 static u32 get_supported_settings(struct hci_dev *hdev)
379 settings |= MGMT_SETTING_POWERED;
380 settings |= MGMT_SETTING_PAIRABLE;
382 if (lmp_ssp_capable(hdev))
383 settings |= MGMT_SETTING_SSP;
385 if (lmp_bredr_capable(hdev)) {
386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
394 settings |= MGMT_SETTING_HS;
396 if (lmp_le_capable(hdev))
397 settings |= MGMT_SETTING_LE;
402 static u32 get_current_settings(struct hci_dev *hdev)
406 if (hdev_is_powered(hdev))
407 settings |= MGMT_SETTING_POWERED;
409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
410 settings |= MGMT_SETTING_CONNECTABLE;
412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_DISCOVERABLE;
415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
416 settings |= MGMT_SETTING_PAIRABLE;
418 if (lmp_bredr_capable(hdev))
419 settings |= MGMT_SETTING_BREDR;
421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
422 settings |= MGMT_SETTING_LE;
424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
425 settings |= MGMT_SETTING_LINK_SECURITY;
427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
428 settings |= MGMT_SETTING_SSP;
430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
436 #define PNP_INFO_SVCLASS_ID 0x1200
438 static void create_eir(struct hci_dev *hdev, u8 *data)
443 struct bt_uuid *uuid;
446 name_len = strlen(hdev->dev_name);
452 ptr[1] = EIR_NAME_SHORT;
454 ptr[1] = EIR_NAME_COMPLETE;
456 /* EIR Data length */
457 ptr[0] = name_len + 1;
459 memcpy(ptr + 2, hdev->dev_name, name_len);
461 eir_len += (name_len + 2);
462 ptr += (name_len + 2);
465 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
467 ptr[1] = EIR_TX_POWER;
468 ptr[2] = (u8) hdev->inq_tx_power;
474 if (hdev->devid_source > 0) {
476 ptr[1] = EIR_DEVICE_ID;
478 put_unaligned_le16(hdev->devid_source, ptr + 2);
479 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
480 put_unaligned_le16(hdev->devid_product, ptr + 6);
481 put_unaligned_le16(hdev->devid_version, ptr + 8);
489 /* Group all UUID16 types */
490 list_for_each_entry(uuid, &hdev->uuids, list) {
493 if (uuid->size != 16)
496 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
500 if (uuid16 == PNP_INFO_SVCLASS_ID)
506 uuids_start[1] = EIR_UUID16_ALL;
511 /* Stop if not enough space to put next UUID */
512 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
513 uuids_start[1] = EIR_UUID16_SOME;
517 *ptr++ = (uuid16 & 0x00ff);
518 *ptr++ = (uuid16 & 0xff00) >> 8;
519 eir_len += sizeof(uuid16);
520 uuids_start[0] += sizeof(uuid16);
524 static int update_eir(struct hci_dev *hdev)
526 struct hci_cp_write_eir cp;
528 if (!hdev_is_powered(hdev))
531 if (!lmp_ext_inq_capable(hdev))
534 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
537 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
540 memset(&cp, 0, sizeof(cp));
542 create_eir(hdev, cp.data);
544 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
547 memcpy(hdev->eir, cp.data, sizeof(cp.data));
549 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
552 static u8 get_service_classes(struct hci_dev *hdev)
554 struct bt_uuid *uuid;
557 list_for_each_entry(uuid, &hdev->uuids, list)
558 val |= uuid->svc_hint;
563 static int update_class(struct hci_dev *hdev)
568 BT_DBG("%s", hdev->name);
570 if (!hdev_is_powered(hdev))
573 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
576 cod[0] = hdev->minor_class;
577 cod[1] = hdev->major_class;
578 cod[2] = get_service_classes(hdev);
580 if (memcmp(cod, hdev->dev_class, 3) == 0)
583 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
585 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
590 static void service_cache_off(struct work_struct *work)
592 struct hci_dev *hdev = container_of(work, struct hci_dev,
595 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
603 hci_dev_unlock(hdev);
606 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
608 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
611 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
613 /* Non-mgmt controlled devices get this bit set
614 * implicitly so that pairing works for them, however
615 * for mgmt we require user-space to explicitly enable
618 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
621 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
622 void *data, u16 data_len)
624 struct mgmt_rp_read_info rp;
626 BT_DBG("sock %p %s", sk, hdev->name);
630 memset(&rp, 0, sizeof(rp));
632 bacpy(&rp.bdaddr, &hdev->bdaddr);
634 rp.version = hdev->hci_ver;
635 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
637 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
638 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
640 memcpy(rp.dev_class, hdev->dev_class, 3);
642 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
643 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
645 hci_dev_unlock(hdev);
647 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
651 static void mgmt_pending_free(struct pending_cmd *cmd)
658 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
659 struct hci_dev *hdev, void *data,
662 struct pending_cmd *cmd;
664 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
668 cmd->opcode = opcode;
669 cmd->index = hdev->id;
671 cmd->param = kmalloc(len, GFP_KERNEL);
678 memcpy(cmd->param, data, len);
683 list_add(&cmd->list, &hdev->mgmt_pending);
688 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
689 void (*cb)(struct pending_cmd *cmd,
693 struct list_head *p, *n;
695 list_for_each_safe(p, n, &hdev->mgmt_pending) {
696 struct pending_cmd *cmd;
698 cmd = list_entry(p, struct pending_cmd, list);
700 if (opcode > 0 && cmd->opcode != opcode)
707 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
709 struct pending_cmd *cmd;
711 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
712 if (cmd->opcode == opcode)
719 static void mgmt_pending_remove(struct pending_cmd *cmd)
721 list_del(&cmd->list);
722 mgmt_pending_free(cmd);
725 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
727 __le32 settings = cpu_to_le32(get_current_settings(hdev));
729 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
733 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
736 struct mgmt_mode *cp = data;
737 struct pending_cmd *cmd;
740 BT_DBG("request for %s", hdev->name);
742 if (cp->val != 0x00 && cp->val != 0x01)
743 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
744 MGMT_STATUS_INVALID_PARAMS);
748 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
749 cancel_delayed_work(&hdev->power_off);
752 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
754 err = mgmt_powered(hdev, 1);
759 if (!!cp->val == hdev_is_powered(hdev)) {
760 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
764 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
765 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
770 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
777 queue_work(hdev->req_workqueue, &hdev->power_on);
779 queue_work(hdev->req_workqueue, &hdev->power_off.work);
784 hci_dev_unlock(hdev);
788 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
789 struct sock *skip_sk)
792 struct mgmt_hdr *hdr;
794 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
798 hdr = (void *) skb_put(skb, sizeof(*hdr));
799 hdr->opcode = cpu_to_le16(event);
801 hdr->index = cpu_to_le16(hdev->id);
803 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
804 hdr->len = cpu_to_le16(data_len);
807 memcpy(skb_put(skb, data_len), data, data_len);
810 __net_timestamp(skb);
812 hci_send_to_control(skb, skip_sk);
818 static int new_settings(struct hci_dev *hdev, struct sock *skip)
822 ev = cpu_to_le32(get_current_settings(hdev));
824 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
827 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
830 struct mgmt_cp_set_discoverable *cp = data;
831 struct pending_cmd *cmd;
836 BT_DBG("request for %s", hdev->name);
838 if (!lmp_bredr_capable(hdev))
839 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
840 MGMT_STATUS_NOT_SUPPORTED);
842 if (cp->val != 0x00 && cp->val != 0x01)
843 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
844 MGMT_STATUS_INVALID_PARAMS);
846 timeout = __le16_to_cpu(cp->timeout);
847 if (!cp->val && timeout > 0)
848 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
849 MGMT_STATUS_INVALID_PARAMS);
853 if (!hdev_is_powered(hdev) && timeout > 0) {
854 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
855 MGMT_STATUS_NOT_POWERED);
859 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
860 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
861 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
866 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
867 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
868 MGMT_STATUS_REJECTED);
872 if (!hdev_is_powered(hdev)) {
873 bool changed = false;
875 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
876 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
880 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
885 err = new_settings(hdev, sk);
890 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
891 if (hdev->discov_timeout > 0) {
892 cancel_delayed_work(&hdev->discov_off);
893 hdev->discov_timeout = 0;
896 if (cp->val && timeout > 0) {
897 hdev->discov_timeout = timeout;
898 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
899 msecs_to_jiffies(hdev->discov_timeout * 1000));
902 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
906 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
915 scan |= SCAN_INQUIRY;
917 cancel_delayed_work(&hdev->discov_off);
919 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
921 mgmt_pending_remove(cmd);
924 hdev->discov_timeout = timeout;
927 hci_dev_unlock(hdev);
931 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
934 struct mgmt_mode *cp = data;
935 struct pending_cmd *cmd;
939 BT_DBG("request for %s", hdev->name);
941 if (!lmp_bredr_capable(hdev))
942 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
943 MGMT_STATUS_NOT_SUPPORTED);
945 if (cp->val != 0x00 && cp->val != 0x01)
946 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
947 MGMT_STATUS_INVALID_PARAMS);
951 if (!hdev_is_powered(hdev)) {
952 bool changed = false;
954 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
958 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
960 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
961 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
964 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
969 err = new_settings(hdev, sk);
974 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
975 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
976 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
981 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
982 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
986 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
997 if (test_bit(HCI_ISCAN, &hdev->flags) &&
998 hdev->discov_timeout > 0)
999 cancel_delayed_work(&hdev->discov_off);
1002 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1004 mgmt_pending_remove(cmd);
1007 hci_dev_unlock(hdev);
1011 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1014 struct mgmt_mode *cp = data;
1017 BT_DBG("request for %s", hdev->name);
1019 if (cp->val != 0x00 && cp->val != 0x01)
1020 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1021 MGMT_STATUS_INVALID_PARAMS);
1026 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1028 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1030 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1034 err = new_settings(hdev, sk);
1037 hci_dev_unlock(hdev);
1041 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1044 struct mgmt_mode *cp = data;
1045 struct pending_cmd *cmd;
1049 BT_DBG("request for %s", hdev->name);
1051 if (!lmp_bredr_capable(hdev))
1052 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1053 MGMT_STATUS_NOT_SUPPORTED);
1055 if (cp->val != 0x00 && cp->val != 0x01)
1056 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1057 MGMT_STATUS_INVALID_PARAMS);
1061 if (!hdev_is_powered(hdev)) {
1062 bool changed = false;
1064 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1065 &hdev->dev_flags)) {
1066 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1070 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1075 err = new_settings(hdev, sk);
1080 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1081 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1088 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1089 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1093 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1099 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1101 mgmt_pending_remove(cmd);
1106 hci_dev_unlock(hdev);
1110 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1112 struct mgmt_mode *cp = data;
1113 struct pending_cmd *cmd;
1117 BT_DBG("request for %s", hdev->name);
1119 if (!lmp_ssp_capable(hdev))
1120 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1121 MGMT_STATUS_NOT_SUPPORTED);
1123 if (cp->val != 0x00 && cp->val != 0x01)
1124 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1125 MGMT_STATUS_INVALID_PARAMS);
1131 if (!hdev_is_powered(hdev)) {
1132 bool changed = false;
1134 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1135 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1139 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1144 err = new_settings(hdev, sk);
1149 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1150 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1155 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1156 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1160 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1166 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1168 mgmt_pending_remove(cmd);
1173 hci_dev_unlock(hdev);
1177 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1179 struct mgmt_mode *cp = data;
1181 BT_DBG("request for %s", hdev->name);
1184 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1185 MGMT_STATUS_NOT_SUPPORTED);
1187 if (cp->val != 0x00 && cp->val != 0x01)
1188 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1189 MGMT_STATUS_INVALID_PARAMS);
1192 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1194 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1196 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1199 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1201 struct mgmt_mode *cp = data;
1202 struct hci_cp_write_le_host_supported hci_cp;
1203 struct pending_cmd *cmd;
1207 BT_DBG("request for %s", hdev->name);
1209 if (!lmp_le_capable(hdev))
1210 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1211 MGMT_STATUS_NOT_SUPPORTED);
1213 if (cp->val != 0x00 && cp->val != 0x01)
1214 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1215 MGMT_STATUS_INVALID_PARAMS);
1220 enabled = lmp_host_le_capable(hdev);
1222 if (!hdev_is_powered(hdev) || val == enabled) {
1223 bool changed = false;
1225 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1226 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1230 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1235 err = new_settings(hdev, sk);
1240 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1241 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1246 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1252 memset(&hci_cp, 0, sizeof(hci_cp));
1256 hci_cp.simul = lmp_le_br_capable(hdev);
1259 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1262 mgmt_pending_remove(cmd);
1265 hci_dev_unlock(hdev);
1269 static const u8 bluetooth_base_uuid[] = {
1270 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1271 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1274 static u8 get_uuid_size(const u8 *uuid)
1278 if (memcmp(uuid, bluetooth_base_uuid, 12))
1281 val = get_unaligned_le32(&uuid[12]);
1288 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1290 struct mgmt_cp_add_uuid *cp = data;
1291 struct pending_cmd *cmd;
1292 struct bt_uuid *uuid;
1295 BT_DBG("request for %s", hdev->name);
1299 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1300 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1305 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1311 memcpy(uuid->uuid, cp->uuid, 16);
1312 uuid->svc_hint = cp->svc_hint;
1313 uuid->size = get_uuid_size(cp->uuid);
1315 list_add_tail(&uuid->list, &hdev->uuids);
1317 err = update_class(hdev);
1321 err = update_eir(hdev);
1325 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1326 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1327 hdev->dev_class, 3);
1331 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1336 hci_dev_unlock(hdev);
1340 static bool enable_service_cache(struct hci_dev *hdev)
1342 if (!hdev_is_powered(hdev))
1345 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1346 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1354 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1357 struct mgmt_cp_remove_uuid *cp = data;
1358 struct pending_cmd *cmd;
1359 struct bt_uuid *match, *tmp;
1360 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1363 BT_DBG("request for %s", hdev->name);
1367 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1368 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1373 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1374 err = hci_uuids_clear(hdev);
1376 if (enable_service_cache(hdev)) {
1377 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1378 0, hdev->dev_class, 3);
1387 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1388 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1391 list_del(&match->list);
1397 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1398 MGMT_STATUS_INVALID_PARAMS);
1403 err = update_class(hdev);
1407 err = update_eir(hdev);
1411 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1412 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1413 hdev->dev_class, 3);
1417 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1422 hci_dev_unlock(hdev);
1426 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1429 struct mgmt_cp_set_dev_class *cp = data;
1430 struct pending_cmd *cmd;
1433 BT_DBG("request for %s", hdev->name);
1435 if (!lmp_bredr_capable(hdev))
1436 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1437 MGMT_STATUS_NOT_SUPPORTED);
1439 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags))
1440 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1443 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0)
1444 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1445 MGMT_STATUS_INVALID_PARAMS);
1449 hdev->major_class = cp->major;
1450 hdev->minor_class = cp->minor;
1452 if (!hdev_is_powered(hdev)) {
1453 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1454 hdev->dev_class, 3);
1458 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1459 hci_dev_unlock(hdev);
1460 cancel_delayed_work_sync(&hdev->service_cache);
1465 err = update_class(hdev);
1469 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1470 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1471 hdev->dev_class, 3);
1475 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1480 hci_dev_unlock(hdev);
1484 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1487 struct mgmt_cp_load_link_keys *cp = data;
1488 u16 key_count, expected_len;
1491 key_count = __le16_to_cpu(cp->key_count);
1493 expected_len = sizeof(*cp) + key_count *
1494 sizeof(struct mgmt_link_key_info);
1495 if (expected_len != len) {
1496 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1498 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1499 MGMT_STATUS_INVALID_PARAMS);
1502 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1503 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1504 MGMT_STATUS_INVALID_PARAMS);
1506 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1509 for (i = 0; i < key_count; i++) {
1510 struct mgmt_link_key_info *key = &cp->keys[i];
1512 if (key->addr.type != BDADDR_BREDR)
1513 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1514 MGMT_STATUS_INVALID_PARAMS);
1519 hci_link_keys_clear(hdev);
1521 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1524 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1526 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1528 for (i = 0; i < key_count; i++) {
1529 struct mgmt_link_key_info *key = &cp->keys[i];
1531 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1532 key->type, key->pin_len);
1535 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1537 hci_dev_unlock(hdev);
1542 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1543 u8 addr_type, struct sock *skip_sk)
1545 struct mgmt_ev_device_unpaired ev;
1547 bacpy(&ev.addr.bdaddr, bdaddr);
1548 ev.addr.type = addr_type;
1550 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1554 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1557 struct mgmt_cp_unpair_device *cp = data;
1558 struct mgmt_rp_unpair_device rp;
1559 struct hci_cp_disconnect dc;
1560 struct pending_cmd *cmd;
1561 struct hci_conn *conn;
1564 memset(&rp, 0, sizeof(rp));
1565 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1566 rp.addr.type = cp->addr.type;
1568 if (!bdaddr_type_is_valid(cp->addr.type))
1569 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1570 MGMT_STATUS_INVALID_PARAMS,
1573 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1574 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1575 MGMT_STATUS_INVALID_PARAMS,
1580 if (!hdev_is_powered(hdev)) {
1581 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1582 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1586 if (cp->addr.type == BDADDR_BREDR)
1587 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1589 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1592 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1593 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1597 if (cp->disconnect) {
1598 if (cp->addr.type == BDADDR_BREDR)
1599 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1602 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1609 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1611 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1615 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1622 dc.handle = cpu_to_le16(conn->handle);
1623 dc.reason = 0x13; /* Remote User Terminated Connection */
1624 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1626 mgmt_pending_remove(cmd);
1629 hci_dev_unlock(hdev);
1633 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1636 struct mgmt_cp_disconnect *cp = data;
1637 struct mgmt_rp_disconnect rp;
1638 struct hci_cp_disconnect dc;
1639 struct pending_cmd *cmd;
1640 struct hci_conn *conn;
1645 memset(&rp, 0, sizeof(rp));
1646 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1647 rp.addr.type = cp->addr.type;
1649 if (!bdaddr_type_is_valid(cp->addr.type))
1650 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1651 MGMT_STATUS_INVALID_PARAMS,
1656 if (!test_bit(HCI_UP, &hdev->flags)) {
1657 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1658 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1662 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1663 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1664 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1668 if (cp->addr.type == BDADDR_BREDR)
1669 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1672 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1674 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1675 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1676 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
1680 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1686 dc.handle = cpu_to_le16(conn->handle);
1687 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1689 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1691 mgmt_pending_remove(cmd);
1694 hci_dev_unlock(hdev);
1698 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1700 switch (link_type) {
1702 switch (addr_type) {
1703 case ADDR_LE_DEV_PUBLIC:
1704 return BDADDR_LE_PUBLIC;
1707 /* Fallback to LE Random address type */
1708 return BDADDR_LE_RANDOM;
1712 /* Fallback to BR/EDR type */
1713 return BDADDR_BREDR;
1717 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1720 struct mgmt_rp_get_connections *rp;
1730 if (!hdev_is_powered(hdev)) {
1731 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1732 MGMT_STATUS_NOT_POWERED);
1737 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1738 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1742 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1743 rp = kmalloc(rp_len, GFP_KERNEL);
1750 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1751 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1753 bacpy(&rp->addr[i].bdaddr, &c->dst);
1754 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1755 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1760 rp->conn_count = cpu_to_le16(i);
1762 /* Recalculate length in case of filtered SCO connections, etc */
1763 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1765 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1771 hci_dev_unlock(hdev);
1775 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1776 struct mgmt_cp_pin_code_neg_reply *cp)
1778 struct pending_cmd *cmd;
1781 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1786 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1787 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1789 mgmt_pending_remove(cmd);
1794 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1797 struct hci_conn *conn;
1798 struct mgmt_cp_pin_code_reply *cp = data;
1799 struct hci_cp_pin_code_reply reply;
1800 struct pending_cmd *cmd;
1807 if (!hdev_is_powered(hdev)) {
1808 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1809 MGMT_STATUS_NOT_POWERED);
1813 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1815 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1816 MGMT_STATUS_NOT_CONNECTED);
1820 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1821 struct mgmt_cp_pin_code_neg_reply ncp;
1823 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1825 BT_ERR("PIN code is not 16 bytes long");
1827 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1829 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1830 MGMT_STATUS_INVALID_PARAMS);
1835 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1841 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1842 reply.pin_len = cp->pin_len;
1843 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1845 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1847 mgmt_pending_remove(cmd);
1850 hci_dev_unlock(hdev);
1854 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1857 struct mgmt_cp_set_io_capability *cp = data;
1863 hdev->io_capability = cp->io_capability;
1865 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1866 hdev->io_capability);
1868 hci_dev_unlock(hdev);
1870 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1874 static struct pending_cmd *find_pairing(struct hci_conn *conn)
1876 struct hci_dev *hdev = conn->hdev;
1877 struct pending_cmd *cmd;
1879 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1880 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1883 if (cmd->user_data != conn)
1892 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1894 struct mgmt_rp_pair_device rp;
1895 struct hci_conn *conn = cmd->user_data;
1897 bacpy(&rp.addr.bdaddr, &conn->dst);
1898 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1900 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1903 /* So we don't get further callbacks for this connection */
1904 conn->connect_cfm_cb = NULL;
1905 conn->security_cfm_cb = NULL;
1906 conn->disconn_cfm_cb = NULL;
1910 mgmt_pending_remove(cmd);
1913 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1915 struct pending_cmd *cmd;
1917 BT_DBG("status %u", status);
1919 cmd = find_pairing(conn);
1921 BT_DBG("Unable to find a pending command");
1923 pairing_complete(cmd, mgmt_status(status));
1926 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1928 struct pending_cmd *cmd;
1930 BT_DBG("status %u", status);
1935 cmd = find_pairing(conn);
1937 BT_DBG("Unable to find a pending command");
1939 pairing_complete(cmd, mgmt_status(status));
1942 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1945 struct mgmt_cp_pair_device *cp = data;
1946 struct mgmt_rp_pair_device rp;
1947 struct pending_cmd *cmd;
1948 u8 sec_level, auth_type;
1949 struct hci_conn *conn;
1954 memset(&rp, 0, sizeof(rp));
1955 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1956 rp.addr.type = cp->addr.type;
1958 if (!bdaddr_type_is_valid(cp->addr.type))
1959 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1960 MGMT_STATUS_INVALID_PARAMS,
1965 if (!hdev_is_powered(hdev)) {
1966 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1967 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1971 sec_level = BT_SECURITY_MEDIUM;
1972 if (cp->io_cap == 0x03)
1973 auth_type = HCI_AT_DEDICATED_BONDING;
1975 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1977 if (cp->addr.type == BDADDR_BREDR)
1978 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1979 cp->addr.type, sec_level, auth_type);
1981 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1982 cp->addr.type, sec_level, auth_type);
1987 if (PTR_ERR(conn) == -EBUSY)
1988 status = MGMT_STATUS_BUSY;
1990 status = MGMT_STATUS_CONNECT_FAILED;
1992 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1998 if (conn->connect_cfm_cb) {
2000 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2001 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2005 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2012 /* For LE, just connecting isn't a proof that the pairing finished */
2013 if (cp->addr.type == BDADDR_BREDR)
2014 conn->connect_cfm_cb = pairing_complete_cb;
2016 conn->connect_cfm_cb = le_connect_complete_cb;
2018 conn->security_cfm_cb = pairing_complete_cb;
2019 conn->disconn_cfm_cb = pairing_complete_cb;
2020 conn->io_capability = cp->io_cap;
2021 cmd->user_data = conn;
2023 if (conn->state == BT_CONNECTED &&
2024 hci_conn_security(conn, sec_level, auth_type))
2025 pairing_complete(cmd, 0);
2030 hci_dev_unlock(hdev);
2034 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2037 struct mgmt_addr_info *addr = data;
2038 struct pending_cmd *cmd;
2039 struct hci_conn *conn;
2046 if (!hdev_is_powered(hdev)) {
2047 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2048 MGMT_STATUS_NOT_POWERED);
2052 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2054 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2055 MGMT_STATUS_INVALID_PARAMS);
2059 conn = cmd->user_data;
2061 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2062 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2063 MGMT_STATUS_INVALID_PARAMS);
2067 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2069 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2070 addr, sizeof(*addr));
2072 hci_dev_unlock(hdev);
2076 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2077 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2078 u16 hci_op, __le32 passkey)
2080 struct pending_cmd *cmd;
2081 struct hci_conn *conn;
2086 if (!hdev_is_powered(hdev)) {
2087 err = cmd_status(sk, hdev->id, mgmt_op,
2088 MGMT_STATUS_NOT_POWERED);
2092 if (type == BDADDR_BREDR)
2093 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2095 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2098 err = cmd_status(sk, hdev->id, mgmt_op,
2099 MGMT_STATUS_NOT_CONNECTED);
2103 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2104 /* Continue with pairing via SMP */
2105 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2108 err = cmd_status(sk, hdev->id, mgmt_op,
2109 MGMT_STATUS_SUCCESS);
2111 err = cmd_status(sk, hdev->id, mgmt_op,
2112 MGMT_STATUS_FAILED);
2117 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2123 /* Continue with pairing via HCI */
2124 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2125 struct hci_cp_user_passkey_reply cp;
2127 bacpy(&cp.bdaddr, bdaddr);
2128 cp.passkey = passkey;
2129 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2131 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2134 mgmt_pending_remove(cmd);
2137 hci_dev_unlock(hdev);
2141 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2142 void *data, u16 len)
2144 struct mgmt_cp_pin_code_neg_reply *cp = data;
2148 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2149 MGMT_OP_PIN_CODE_NEG_REPLY,
2150 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2153 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2156 struct mgmt_cp_user_confirm_reply *cp = data;
2160 if (len != sizeof(*cp))
2161 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2162 MGMT_STATUS_INVALID_PARAMS);
2164 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2165 MGMT_OP_USER_CONFIRM_REPLY,
2166 HCI_OP_USER_CONFIRM_REPLY, 0);
2169 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2170 void *data, u16 len)
2172 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2176 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2177 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2178 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2181 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2184 struct mgmt_cp_user_passkey_reply *cp = data;
2188 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2189 MGMT_OP_USER_PASSKEY_REPLY,
2190 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2193 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2194 void *data, u16 len)
2196 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2200 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2201 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2202 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2205 static int update_name(struct hci_dev *hdev, const char *name)
2207 struct hci_cp_write_local_name cp;
2209 memcpy(cp.name, name, sizeof(cp.name));
2211 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2214 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2217 struct mgmt_cp_set_local_name *cp = data;
2218 struct pending_cmd *cmd;
2225 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2227 if (!hdev_is_powered(hdev)) {
2228 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2230 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2235 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2241 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2247 err = update_name(hdev, cp->name);
2249 mgmt_pending_remove(cmd);
2252 hci_dev_unlock(hdev);
2256 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2257 void *data, u16 data_len)
2259 struct pending_cmd *cmd;
2262 BT_DBG("%s", hdev->name);
2266 if (!hdev_is_powered(hdev)) {
2267 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2268 MGMT_STATUS_NOT_POWERED);
2272 if (!lmp_ssp_capable(hdev)) {
2273 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2274 MGMT_STATUS_NOT_SUPPORTED);
2278 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2279 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2284 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2290 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2292 mgmt_pending_remove(cmd);
2295 hci_dev_unlock(hdev);
2299 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2300 void *data, u16 len)
2302 struct mgmt_cp_add_remote_oob_data *cp = data;
2306 BT_DBG("%s ", hdev->name);
2310 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2313 status = MGMT_STATUS_FAILED;
2315 status = MGMT_STATUS_SUCCESS;
2317 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2318 &cp->addr, sizeof(cp->addr));
2320 hci_dev_unlock(hdev);
2324 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2325 void *data, u16 len)
2327 struct mgmt_cp_remove_remote_oob_data *cp = data;
2331 BT_DBG("%s", hdev->name);
2335 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2337 status = MGMT_STATUS_INVALID_PARAMS;
2339 status = MGMT_STATUS_SUCCESS;
2341 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2342 status, &cp->addr, sizeof(cp->addr));
2344 hci_dev_unlock(hdev);
2348 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2352 BT_DBG("%s", hdev->name);
2356 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2358 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2360 hci_dev_unlock(hdev);
2365 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2366 void *data, u16 len)
2368 struct mgmt_cp_start_discovery *cp = data;
2369 struct pending_cmd *cmd;
2372 BT_DBG("%s", hdev->name);
2376 if (!hdev_is_powered(hdev)) {
2377 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2378 MGMT_STATUS_NOT_POWERED);
2382 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2383 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2388 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2389 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2394 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2400 hdev->discovery.type = cp->type;
2402 switch (hdev->discovery.type) {
2403 case DISCOV_TYPE_BREDR:
2404 if (!lmp_bredr_capable(hdev)) {
2405 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2406 MGMT_STATUS_NOT_SUPPORTED);
2407 mgmt_pending_remove(cmd);
2411 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2414 case DISCOV_TYPE_LE:
2415 if (!lmp_host_le_capable(hdev)) {
2416 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2417 MGMT_STATUS_NOT_SUPPORTED);
2418 mgmt_pending_remove(cmd);
2422 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2423 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2426 case DISCOV_TYPE_INTERLEAVED:
2427 if (!lmp_host_le_capable(hdev) || !lmp_bredr_capable(hdev)) {
2428 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2429 MGMT_STATUS_NOT_SUPPORTED);
2430 mgmt_pending_remove(cmd);
2434 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN,
2435 LE_SCAN_TIMEOUT_BREDR_LE);
2439 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2440 MGMT_STATUS_INVALID_PARAMS);
2441 mgmt_pending_remove(cmd);
2446 mgmt_pending_remove(cmd);
2448 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2451 hci_dev_unlock(hdev);
2455 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2458 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2459 struct pending_cmd *cmd;
2460 struct hci_cp_remote_name_req_cancel cp;
2461 struct inquiry_entry *e;
2464 BT_DBG("%s", hdev->name);
2468 if (!hci_discovery_active(hdev)) {
2469 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2470 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2471 sizeof(mgmt_cp->type));
2475 if (hdev->discovery.type != mgmt_cp->type) {
2476 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2477 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2478 sizeof(mgmt_cp->type));
2482 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2488 switch (hdev->discovery.state) {
2489 case DISCOVERY_FINDING:
2490 if (test_bit(HCI_INQUIRY, &hdev->flags))
2491 err = hci_cancel_inquiry(hdev);
2493 err = hci_cancel_le_scan(hdev);
2497 case DISCOVERY_RESOLVING:
2498 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2501 mgmt_pending_remove(cmd);
2502 err = cmd_complete(sk, hdev->id,
2503 MGMT_OP_STOP_DISCOVERY, 0,
2505 sizeof(mgmt_cp->type));
2506 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2510 bacpy(&cp.bdaddr, &e->data.bdaddr);
2511 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2517 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2522 mgmt_pending_remove(cmd);
2524 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2527 hci_dev_unlock(hdev);
2531 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2534 struct mgmt_cp_confirm_name *cp = data;
2535 struct inquiry_entry *e;
2538 BT_DBG("%s", hdev->name);
2542 if (!hci_discovery_active(hdev)) {
2543 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2544 MGMT_STATUS_FAILED);
2548 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2550 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2551 MGMT_STATUS_INVALID_PARAMS);
2555 if (cp->name_known) {
2556 e->name_state = NAME_KNOWN;
2559 e->name_state = NAME_NEEDED;
2560 hci_inquiry_cache_update_resolve(hdev, e);
2563 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2567 hci_dev_unlock(hdev);
2571 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2574 struct mgmt_cp_block_device *cp = data;
2578 BT_DBG("%s", hdev->name);
2580 if (!bdaddr_type_is_valid(cp->addr.type))
2581 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
2582 MGMT_STATUS_INVALID_PARAMS,
2583 &cp->addr, sizeof(cp->addr));
2587 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2589 status = MGMT_STATUS_FAILED;
2591 status = MGMT_STATUS_SUCCESS;
2593 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2594 &cp->addr, sizeof(cp->addr));
2596 hci_dev_unlock(hdev);
2601 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2604 struct mgmt_cp_unblock_device *cp = data;
2608 BT_DBG("%s", hdev->name);
2610 if (!bdaddr_type_is_valid(cp->addr.type))
2611 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
2612 MGMT_STATUS_INVALID_PARAMS,
2613 &cp->addr, sizeof(cp->addr));
2617 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2619 status = MGMT_STATUS_INVALID_PARAMS;
2621 status = MGMT_STATUS_SUCCESS;
2623 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2624 &cp->addr, sizeof(cp->addr));
2626 hci_dev_unlock(hdev);
2631 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2634 struct mgmt_cp_set_device_id *cp = data;
2638 BT_DBG("%s", hdev->name);
2640 source = __le16_to_cpu(cp->source);
2642 if (source > 0x0002)
2643 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2644 MGMT_STATUS_INVALID_PARAMS);
2648 hdev->devid_source = source;
2649 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2650 hdev->devid_product = __le16_to_cpu(cp->product);
2651 hdev->devid_version = __le16_to_cpu(cp->version);
2653 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2657 hci_dev_unlock(hdev);
2662 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2663 void *data, u16 len)
2665 struct mgmt_mode *cp = data;
2666 struct hci_cp_write_page_scan_activity acp;
2670 BT_DBG("%s", hdev->name);
2672 if (!lmp_bredr_capable(hdev))
2673 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2674 MGMT_STATUS_NOT_SUPPORTED);
2676 if (cp->val != 0x00 && cp->val != 0x01)
2677 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2678 MGMT_STATUS_INVALID_PARAMS);
2680 if (!hdev_is_powered(hdev))
2681 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2682 MGMT_STATUS_NOT_POWERED);
2684 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2685 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2686 MGMT_STATUS_REJECTED);
2691 type = PAGE_SCAN_TYPE_INTERLACED;
2693 /* 160 msec page scan interval */
2694 acp.interval = __constant_cpu_to_le16(0x0100);
2696 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2698 /* default 1.28 sec page scan */
2699 acp.interval = __constant_cpu_to_le16(0x0800);
2702 /* default 11.25 msec page scan window */
2703 acp.window = __constant_cpu_to_le16(0x0012);
2705 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2708 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2709 MGMT_STATUS_FAILED);
2713 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2715 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2716 MGMT_STATUS_FAILED);
2720 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2723 hci_dev_unlock(hdev);
2727 static bool ltk_is_valid(struct mgmt_ltk_info *key)
2729 if (key->authenticated != 0x00 && key->authenticated != 0x01)
2731 if (key->master != 0x00 && key->master != 0x01)
2733 if (!bdaddr_type_is_le(key->addr.type))
2738 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2739 void *cp_data, u16 len)
2741 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2742 u16 key_count, expected_len;
2745 key_count = __le16_to_cpu(cp->key_count);
2747 expected_len = sizeof(*cp) + key_count *
2748 sizeof(struct mgmt_ltk_info);
2749 if (expected_len != len) {
2750 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2752 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2753 MGMT_STATUS_INVALID_PARAMS);
2756 BT_DBG("%s key_count %u", hdev->name, key_count);
2758 for (i = 0; i < key_count; i++) {
2759 struct mgmt_ltk_info *key = &cp->keys[i];
2761 if (!ltk_is_valid(key))
2762 return cmd_status(sk, hdev->id,
2763 MGMT_OP_LOAD_LONG_TERM_KEYS,
2764 MGMT_STATUS_INVALID_PARAMS);
2769 hci_smp_ltks_clear(hdev);
2771 for (i = 0; i < key_count; i++) {
2772 struct mgmt_ltk_info *key = &cp->keys[i];
2778 type = HCI_SMP_LTK_SLAVE;
2780 hci_add_ltk(hdev, &key->addr.bdaddr,
2781 bdaddr_to_le(key->addr.type),
2782 type, 0, key->authenticated, key->val,
2783 key->enc_size, key->ediv, key->rand);
2786 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
2789 hci_dev_unlock(hdev);
2794 static const struct mgmt_handler {
2795 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2799 } mgmt_handlers[] = {
2800 { NULL }, /* 0x0000 (no command) */
2801 { read_version, false, MGMT_READ_VERSION_SIZE },
2802 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2803 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2804 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2805 { set_powered, false, MGMT_SETTING_SIZE },
2806 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2807 { set_connectable, false, MGMT_SETTING_SIZE },
2808 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2809 { set_pairable, false, MGMT_SETTING_SIZE },
2810 { set_link_security, false, MGMT_SETTING_SIZE },
2811 { set_ssp, false, MGMT_SETTING_SIZE },
2812 { set_hs, false, MGMT_SETTING_SIZE },
2813 { set_le, false, MGMT_SETTING_SIZE },
2814 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2815 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2816 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2817 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2818 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2819 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2820 { disconnect, false, MGMT_DISCONNECT_SIZE },
2821 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2822 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2823 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2824 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2825 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2826 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2827 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2828 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2829 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2830 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2831 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2832 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2833 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2834 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2835 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2836 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2837 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2838 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2839 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2840 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2844 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2848 struct mgmt_hdr *hdr;
2849 u16 opcode, index, len;
2850 struct hci_dev *hdev = NULL;
2851 const struct mgmt_handler *handler;
2854 BT_DBG("got %zu bytes", msglen);
2856 if (msglen < sizeof(*hdr))
2859 buf = kmalloc(msglen, GFP_KERNEL);
2863 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2869 opcode = __le16_to_cpu(hdr->opcode);
2870 index = __le16_to_cpu(hdr->index);
2871 len = __le16_to_cpu(hdr->len);
2873 if (len != msglen - sizeof(*hdr)) {
2878 if (index != MGMT_INDEX_NONE) {
2879 hdev = hci_dev_get(index);
2881 err = cmd_status(sk, index, opcode,
2882 MGMT_STATUS_INVALID_INDEX);
2887 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2888 mgmt_handlers[opcode].func == NULL) {
2889 BT_DBG("Unknown op %u", opcode);
2890 err = cmd_status(sk, index, opcode,
2891 MGMT_STATUS_UNKNOWN_COMMAND);
2895 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2896 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2897 err = cmd_status(sk, index, opcode,
2898 MGMT_STATUS_INVALID_INDEX);
2902 handler = &mgmt_handlers[opcode];
2904 if ((handler->var_len && len < handler->data_len) ||
2905 (!handler->var_len && len != handler->data_len)) {
2906 err = cmd_status(sk, index, opcode,
2907 MGMT_STATUS_INVALID_PARAMS);
2912 mgmt_init_hdev(sk, hdev);
2914 cp = buf + sizeof(*hdr);
2916 err = handler->func(sk, hdev, cp, len);
2930 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2934 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2935 mgmt_pending_remove(cmd);
2938 int mgmt_index_added(struct hci_dev *hdev)
2940 if (!mgmt_valid_hdev(hdev))
2943 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2946 int mgmt_index_removed(struct hci_dev *hdev)
2948 u8 status = MGMT_STATUS_INVALID_INDEX;
2950 if (!mgmt_valid_hdev(hdev))
2953 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2955 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2960 struct hci_dev *hdev;
2964 static void settings_rsp(struct pending_cmd *cmd, void *data)
2966 struct cmd_lookup *match = data;
2968 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2970 list_del(&cmd->list);
2972 if (match->sk == NULL) {
2973 match->sk = cmd->sk;
2974 sock_hold(match->sk);
2977 mgmt_pending_free(cmd);
2980 static int set_bredr_scan(struct hci_dev *hdev)
2984 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2986 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2987 scan |= SCAN_INQUIRY;
2992 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2995 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2997 struct cmd_lookup match = { NULL, hdev };
3000 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3003 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3006 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3007 !lmp_host_ssp_capable(hdev)) {
3010 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
3013 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
3014 struct hci_cp_write_le_host_supported cp;
3017 cp.simul = lmp_le_br_capable(hdev);
3019 /* Check first if we already have the right
3020 * host state (host features set)
3022 if (cp.le != lmp_host_le_capable(hdev) ||
3023 cp.simul != lmp_host_le_br_capable(hdev))
3025 HCI_OP_WRITE_LE_HOST_SUPPORTED,
3029 if (lmp_bredr_capable(hdev)) {
3030 set_bredr_scan(hdev);
3032 update_name(hdev, hdev->dev_name);
3036 u8 status = MGMT_STATUS_NOT_POWERED;
3037 u8 zero_cod[] = { 0, 0, 0 };
3039 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3041 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3042 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3043 zero_cod, sizeof(zero_cod), NULL);
3046 err = new_settings(hdev, match.sk);
3054 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3056 struct cmd_lookup match = { NULL, hdev };
3057 bool changed = false;
3061 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3064 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3068 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3072 err = new_settings(hdev, match.sk);
3080 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3082 struct cmd_lookup match = { NULL, hdev };
3083 bool changed = false;
3087 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3090 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3094 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3098 err = new_settings(hdev, match.sk);
3106 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3108 u8 mgmt_err = mgmt_status(status);
3110 if (scan & SCAN_PAGE)
3111 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3112 cmd_status_rsp, &mgmt_err);
3114 if (scan & SCAN_INQUIRY)
3115 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3116 cmd_status_rsp, &mgmt_err);
3121 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3124 struct mgmt_ev_new_link_key ev;
3126 memset(&ev, 0, sizeof(ev));
3128 ev.store_hint = persistent;
3129 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3130 ev.key.addr.type = BDADDR_BREDR;
3131 ev.key.type = key->type;
3132 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
3133 ev.key.pin_len = key->pin_len;
3135 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3138 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3140 struct mgmt_ev_new_long_term_key ev;
3142 memset(&ev, 0, sizeof(ev));
3144 ev.store_hint = persistent;
3145 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3146 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3147 ev.key.authenticated = key->authenticated;
3148 ev.key.enc_size = key->enc_size;
3149 ev.key.ediv = key->ediv;
3151 if (key->type == HCI_SMP_LTK)
3154 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3155 memcpy(ev.key.val, key->val, sizeof(key->val));
3157 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3161 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3162 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3166 struct mgmt_ev_device_connected *ev = (void *) buf;
3169 bacpy(&ev->addr.bdaddr, bdaddr);
3170 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3172 ev->flags = __cpu_to_le32(flags);
3175 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3178 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3179 eir_len = eir_append_data(ev->eir, eir_len,
3180 EIR_CLASS_OF_DEV, dev_class, 3);
3182 ev->eir_len = cpu_to_le16(eir_len);
3184 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3185 sizeof(*ev) + eir_len, NULL);
3188 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3190 struct mgmt_cp_disconnect *cp = cmd->param;
3191 struct sock **sk = data;
3192 struct mgmt_rp_disconnect rp;
3194 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3195 rp.addr.type = cp->addr.type;
3197 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3203 mgmt_pending_remove(cmd);
3206 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3208 struct hci_dev *hdev = data;
3209 struct mgmt_cp_unpair_device *cp = cmd->param;
3210 struct mgmt_rp_unpair_device rp;
3212 memset(&rp, 0, sizeof(rp));
3213 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3214 rp.addr.type = cp->addr.type;
3216 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3218 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3220 mgmt_pending_remove(cmd);
3223 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3224 u8 link_type, u8 addr_type, u8 reason)
3226 struct mgmt_ev_device_disconnected ev;
3227 struct sock *sk = NULL;
3230 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3232 bacpy(&ev.addr.bdaddr, bdaddr);
3233 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3236 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3242 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3248 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3249 u8 link_type, u8 addr_type, u8 status)
3251 struct mgmt_rp_disconnect rp;
3252 struct pending_cmd *cmd;
3255 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3258 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3262 bacpy(&rp.addr.bdaddr, bdaddr);
3263 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3265 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3266 mgmt_status(status), &rp, sizeof(rp));
3268 mgmt_pending_remove(cmd);
3273 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3274 u8 addr_type, u8 status)
3276 struct mgmt_ev_connect_failed ev;
3278 bacpy(&ev.addr.bdaddr, bdaddr);
3279 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3280 ev.status = mgmt_status(status);
3282 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3285 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3287 struct mgmt_ev_pin_code_request ev;
3289 bacpy(&ev.addr.bdaddr, bdaddr);
3290 ev.addr.type = BDADDR_BREDR;
3293 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3297 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3300 struct pending_cmd *cmd;
3301 struct mgmt_rp_pin_code_reply rp;
3304 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3308 bacpy(&rp.addr.bdaddr, bdaddr);
3309 rp.addr.type = BDADDR_BREDR;
3311 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3312 mgmt_status(status), &rp, sizeof(rp));
3314 mgmt_pending_remove(cmd);
3319 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3322 struct pending_cmd *cmd;
3323 struct mgmt_rp_pin_code_reply rp;
3326 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3330 bacpy(&rp.addr.bdaddr, bdaddr);
3331 rp.addr.type = BDADDR_BREDR;
3333 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3334 mgmt_status(status), &rp, sizeof(rp));
3336 mgmt_pending_remove(cmd);
3341 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3342 u8 link_type, u8 addr_type, __le32 value,
3345 struct mgmt_ev_user_confirm_request ev;
3347 BT_DBG("%s", hdev->name);
3349 bacpy(&ev.addr.bdaddr, bdaddr);
3350 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3351 ev.confirm_hint = confirm_hint;
3354 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3358 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3359 u8 link_type, u8 addr_type)
3361 struct mgmt_ev_user_passkey_request ev;
3363 BT_DBG("%s", hdev->name);
3365 bacpy(&ev.addr.bdaddr, bdaddr);
3366 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3368 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3372 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3373 u8 link_type, u8 addr_type, u8 status,
3376 struct pending_cmd *cmd;
3377 struct mgmt_rp_user_confirm_reply rp;
3380 cmd = mgmt_pending_find(opcode, hdev);
3384 bacpy(&rp.addr.bdaddr, bdaddr);
3385 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3386 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3389 mgmt_pending_remove(cmd);
3394 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3395 u8 link_type, u8 addr_type, u8 status)
3397 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3398 status, MGMT_OP_USER_CONFIRM_REPLY);
3401 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3402 u8 link_type, u8 addr_type, u8 status)
3404 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3406 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3409 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3410 u8 link_type, u8 addr_type, u8 status)
3412 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3413 status, MGMT_OP_USER_PASSKEY_REPLY);
3416 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3417 u8 link_type, u8 addr_type, u8 status)
3419 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3421 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3424 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3425 u8 link_type, u8 addr_type, u32 passkey,
3428 struct mgmt_ev_passkey_notify ev;
3430 BT_DBG("%s", hdev->name);
3432 bacpy(&ev.addr.bdaddr, bdaddr);
3433 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3434 ev.passkey = __cpu_to_le32(passkey);
3435 ev.entered = entered;
3437 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3440 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3441 u8 addr_type, u8 status)
3443 struct mgmt_ev_auth_failed ev;
3445 bacpy(&ev.addr.bdaddr, bdaddr);
3446 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3447 ev.status = mgmt_status(status);
3449 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3452 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3454 struct cmd_lookup match = { NULL, hdev };
3455 bool changed = false;
3459 u8 mgmt_err = mgmt_status(status);
3460 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3461 cmd_status_rsp, &mgmt_err);
3465 if (test_bit(HCI_AUTH, &hdev->flags)) {
3466 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3469 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3473 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3477 err = new_settings(hdev, match.sk);
3485 static int clear_eir(struct hci_dev *hdev)
3487 struct hci_cp_write_eir cp;
3489 if (!lmp_ext_inq_capable(hdev))
3492 memset(hdev->eir, 0, sizeof(hdev->eir));
3494 memset(&cp, 0, sizeof(cp));
3496 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3499 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3501 struct cmd_lookup match = { NULL, hdev };
3502 bool changed = false;
3506 u8 mgmt_err = mgmt_status(status);
3508 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3510 err = new_settings(hdev, NULL);
3512 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3519 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3522 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3526 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3529 err = new_settings(hdev, match.sk);
3534 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3542 static void class_rsp(struct pending_cmd *cmd, void *data)
3544 struct cmd_lookup *match = data;
3546 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3547 match->hdev->dev_class, 3);
3549 list_del(&cmd->list);
3551 if (match->sk == NULL) {
3552 match->sk = cmd->sk;
3553 sock_hold(match->sk);
3556 mgmt_pending_free(cmd);
3559 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3562 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3565 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3567 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3568 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3569 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3572 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3581 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3583 struct pending_cmd *cmd;
3584 struct mgmt_cp_set_local_name ev;
3585 bool changed = false;
3588 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3589 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3593 memset(&ev, 0, sizeof(ev));
3594 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3595 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3597 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3601 /* Always assume that either the short or the complete name has
3602 * changed if there was a pending mgmt command */
3606 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3607 mgmt_status(status));
3611 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3618 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3619 sizeof(ev), cmd ? cmd->sk : NULL);
3621 /* EIR is taken care of separately when powering on the
3622 * adapter so only update them here if this is a name change
3623 * unrelated to power on.
3625 if (!test_bit(HCI_INIT, &hdev->flags))
3630 mgmt_pending_remove(cmd);
3634 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3635 u8 *randomizer, u8 status)
3637 struct pending_cmd *cmd;
3640 BT_DBG("%s status %u", hdev->name, status);
3642 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3647 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3648 mgmt_status(status));
3650 struct mgmt_rp_read_local_oob_data rp;
3652 memcpy(rp.hash, hash, sizeof(rp.hash));
3653 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3655 err = cmd_complete(cmd->sk, hdev->id,
3656 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3660 mgmt_pending_remove(cmd);
3665 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3667 struct cmd_lookup match = { NULL, hdev };
3668 bool changed = false;
3672 u8 mgmt_err = mgmt_status(status);
3674 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3676 err = new_settings(hdev, NULL);
3678 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3685 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3688 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3692 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3695 err = new_settings(hdev, match.sk);
3703 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3704 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3705 ssp, u8 *eir, u16 eir_len)
3708 struct mgmt_ev_device_found *ev = (void *) buf;
3711 /* Leave 5 bytes for a potential CoD field */
3712 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3715 memset(buf, 0, sizeof(buf));
3717 bacpy(&ev->addr.bdaddr, bdaddr);
3718 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3721 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3723 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3726 memcpy(ev->eir, eir, eir_len);
3728 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3729 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3732 ev->eir_len = cpu_to_le16(eir_len);
3733 ev_size = sizeof(*ev) + eir_len;
3735 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3738 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3739 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3741 struct mgmt_ev_device_found *ev;
3742 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3745 ev = (struct mgmt_ev_device_found *) buf;
3747 memset(buf, 0, sizeof(buf));
3749 bacpy(&ev->addr.bdaddr, bdaddr);
3750 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3753 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3756 ev->eir_len = cpu_to_le16(eir_len);
3758 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3759 sizeof(*ev) + eir_len, NULL);
3762 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3764 struct pending_cmd *cmd;
3768 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3770 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3774 type = hdev->discovery.type;
3776 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3777 &type, sizeof(type));
3778 mgmt_pending_remove(cmd);
3783 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3785 struct pending_cmd *cmd;
3788 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3792 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3793 &hdev->discovery.type, sizeof(hdev->discovery.type));
3794 mgmt_pending_remove(cmd);
3799 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3801 struct mgmt_ev_discovering ev;
3802 struct pending_cmd *cmd;
3804 BT_DBG("%s discovering %u", hdev->name, discovering);
3807 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3809 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3812 u8 type = hdev->discovery.type;
3814 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3816 mgmt_pending_remove(cmd);
3819 memset(&ev, 0, sizeof(ev));
3820 ev.type = hdev->discovery.type;
3821 ev.discovering = discovering;
3823 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3826 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3828 struct pending_cmd *cmd;
3829 struct mgmt_ev_device_blocked ev;
3831 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3833 bacpy(&ev.addr.bdaddr, bdaddr);
3834 ev.addr.type = type;
3836 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3837 cmd ? cmd->sk : NULL);
3840 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3842 struct pending_cmd *cmd;
3843 struct mgmt_ev_device_unblocked ev;
3845 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3847 bacpy(&ev.addr.bdaddr, bdaddr);
3848 ev.addr.type = type;
3850 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3851 cmd ? cmd->sk : NULL);
3854 module_param(enable_hs, bool, 0644);
3855 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
projects / karo-tx-linux.git / blob