2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/kernel.h>
28 #include <linux/uaccess.h>
29 #include <linux/module.h>
30 #include <asm/unaligned.h>
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/mgmt.h>
35 #include <net/bluetooth/smp.h>
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 0
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
83 static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
110 #define LE_SCAN_TYPE 0x01
111 #define LE_SCAN_WIN 0x12
112 #define LE_SCAN_INT 0x12
113 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
114 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
116 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
117 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
119 #define SERVICE_CACHE_TIMEOUT (5 * 1000)
121 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
125 struct list_head list;
133 /* HCI to MGMT error code conversion table */
134 static u8 mgmt_status_table[] = {
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
198 static u8 mgmt_status(u8 hci_status)
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
203 return MGMT_STATUS_FAILED;
206 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
222 hdr->index = cpu_to_le16(index);
223 hdr->len = cpu_to_le16(sizeof(*ev));
225 ev = (void *) skb_put(skb, sizeof(*ev));
227 put_unaligned_le16(cmd, &ev->opcode);
229 err = sock_queue_rcv_skb(sk, skb);
236 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237 void *rp, size_t rp_len)
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
244 BT_DBG("sock %p", sk);
246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
253 hdr->index = cpu_to_le16(index);
254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
261 memcpy(ev->data, rp, rp_len);
263 err = sock_queue_rcv_skb(sk, skb);
270 static int read_version(struct sock *sk)
272 struct mgmt_rp_read_version rp;
274 BT_DBG("sock %p", sk);
276 rp.version = MGMT_VERSION;
277 put_unaligned_le16(MGMT_REVISION, &rp.revision);
279 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
283 static int read_commands(struct sock *sk)
285 struct mgmt_rp_read_commands *rp;
286 u16 num_commands = ARRAY_SIZE(mgmt_commands);
287 u16 num_events = ARRAY_SIZE(mgmt_events);
292 BT_DBG("sock %p", sk);
294 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
296 rp = kmalloc(rp_size, GFP_KERNEL);
300 put_unaligned_le16(num_commands, &rp->num_commands);
301 put_unaligned_le16(num_events, &rp->num_events);
303 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
304 put_unaligned_le16(mgmt_commands[i], opcode);
306 for (i = 0; i < num_events; i++, opcode++)
307 put_unaligned_le16(mgmt_events[i], opcode);
309 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
316 static int read_index_list(struct sock *sk)
318 struct mgmt_rp_read_index_list *rp;
325 BT_DBG("sock %p", sk);
327 read_lock(&hci_dev_list_lock);
330 list_for_each(p, &hci_dev_list) {
334 rp_len = sizeof(*rp) + (2 * count);
335 rp = kmalloc(rp_len, GFP_ATOMIC);
337 read_unlock(&hci_dev_list_lock);
341 put_unaligned_le16(count, &rp->num_controllers);
344 list_for_each_entry(d, &hci_dev_list, list) {
345 if (test_bit(HCI_SETUP, &d->dev_flags))
348 put_unaligned_le16(d->id, &rp->index[i++]);
349 BT_DBG("Added hci%u", d->id);
352 read_unlock(&hci_dev_list_lock);
354 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
362 static u32 get_supported_settings(struct hci_dev *hdev)
366 settings |= MGMT_SETTING_POWERED;
367 settings |= MGMT_SETTING_CONNECTABLE;
368 settings |= MGMT_SETTING_FAST_CONNECTABLE;
369 settings |= MGMT_SETTING_DISCOVERABLE;
370 settings |= MGMT_SETTING_PAIRABLE;
372 if (hdev->features[6] & LMP_SIMPLE_PAIR)
373 settings |= MGMT_SETTING_SSP;
375 if (!(hdev->features[4] & LMP_NO_BREDR)) {
376 settings |= MGMT_SETTING_BREDR;
377 settings |= MGMT_SETTING_LINK_SECURITY;
381 settings |= MGMT_SETTING_HS;
384 if (hdev->features[4] & LMP_LE)
385 settings |= MGMT_SETTING_LE;
391 static u32 get_current_settings(struct hci_dev *hdev)
395 if (hdev_is_powered(hdev))
396 settings |= MGMT_SETTING_POWERED;
398 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
399 settings |= MGMT_SETTING_CONNECTABLE;
401 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
402 settings |= MGMT_SETTING_DISCOVERABLE;
404 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_PAIRABLE;
407 if (!(hdev->features[4] & LMP_NO_BREDR))
408 settings |= MGMT_SETTING_BREDR;
410 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
411 settings |= MGMT_SETTING_LE;
413 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
414 settings |= MGMT_SETTING_LINK_SECURITY;
416 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
417 settings |= MGMT_SETTING_SSP;
419 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
420 settings |= MGMT_SETTING_HS;
425 #define PNP_INFO_SVCLASS_ID 0x1200
427 static u8 bluetooth_base_uuid[] = {
428 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
429 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
432 static u16 get_uuid16(u8 *uuid128)
437 for (i = 0; i < 12; i++) {
438 if (bluetooth_base_uuid[i] != uuid128[i])
442 memcpy(&val, &uuid128[12], 4);
444 val = le32_to_cpu(val);
451 static void create_eir(struct hci_dev *hdev, u8 *data)
455 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
456 int i, truncated = 0;
457 struct bt_uuid *uuid;
460 name_len = strlen(hdev->dev_name);
466 ptr[1] = EIR_NAME_SHORT;
468 ptr[1] = EIR_NAME_COMPLETE;
470 /* EIR Data length */
471 ptr[0] = name_len + 1;
473 memcpy(ptr + 2, hdev->dev_name, name_len);
475 eir_len += (name_len + 2);
476 ptr += (name_len + 2);
479 memset(uuid16_list, 0, sizeof(uuid16_list));
481 /* Group all UUID16 types */
482 list_for_each_entry(uuid, &hdev->uuids, list) {
485 uuid16 = get_uuid16(uuid->uuid);
492 if (uuid16 == PNP_INFO_SVCLASS_ID)
495 /* Stop if not enough space to put next UUID */
496 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
501 /* Check for duplicates */
502 for (i = 0; uuid16_list[i] != 0; i++)
503 if (uuid16_list[i] == uuid16)
506 if (uuid16_list[i] == 0) {
507 uuid16_list[i] = uuid16;
508 eir_len += sizeof(u16);
512 if (uuid16_list[0] != 0) {
516 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
521 for (i = 0; uuid16_list[i] != 0; i++) {
522 *ptr++ = (uuid16_list[i] & 0x00ff);
523 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
526 /* EIR Data length */
527 *length = (i * sizeof(u16)) + 1;
531 static int update_eir(struct hci_dev *hdev)
533 struct hci_cp_write_eir cp;
535 if (!hdev_is_powered(hdev))
538 if (!(hdev->features[6] & LMP_EXT_INQ))
541 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
544 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
547 memset(&cp, 0, sizeof(cp));
549 create_eir(hdev, cp.data);
551 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
554 memcpy(hdev->eir, cp.data, sizeof(cp.data));
556 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
559 static u8 get_service_classes(struct hci_dev *hdev)
561 struct bt_uuid *uuid;
564 list_for_each_entry(uuid, &hdev->uuids, list)
565 val |= uuid->svc_hint;
570 static int update_class(struct hci_dev *hdev)
575 BT_DBG("%s", hdev->name);
577 if (!hdev_is_powered(hdev))
580 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
583 cod[0] = hdev->minor_class;
584 cod[1] = hdev->major_class;
585 cod[2] = get_service_classes(hdev);
587 if (memcmp(cod, hdev->dev_class, 3) == 0)
590 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
592 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
597 static void service_cache_off(struct work_struct *work)
599 struct hci_dev *hdev = container_of(work, struct hci_dev,
602 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
610 hci_dev_unlock(hdev);
613 static void mgmt_init_hdev(struct hci_dev *hdev)
615 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) {
616 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
618 /* Non-mgmt controlled devices get this bit set
619 * implicitly so that pairing works for them, however
620 * for mgmt we require user-space to explicitly enable
623 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
627 static int read_controller_info(struct sock *sk, u16 index)
629 struct mgmt_rp_read_info rp;
630 struct hci_dev *hdev;
632 BT_DBG("sock %p hci%u", sk, index);
634 hdev = hci_dev_get(index);
636 return cmd_status(sk, index, MGMT_OP_READ_INFO,
637 MGMT_STATUS_INVALID_PARAMS);
641 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
642 mgmt_init_hdev(hdev);
644 memset(&rp, 0, sizeof(rp));
646 bacpy(&rp.bdaddr, &hdev->bdaddr);
648 rp.version = hdev->hci_ver;
650 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
652 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
653 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
655 memcpy(rp.dev_class, hdev->dev_class, 3);
657 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
658 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
660 hci_dev_unlock(hdev);
663 return cmd_complete(sk, index, MGMT_OP_READ_INFO, 0, &rp, sizeof(rp));
666 static void mgmt_pending_free(struct pending_cmd *cmd)
673 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
674 struct hci_dev *hdev,
677 struct pending_cmd *cmd;
679 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
683 cmd->opcode = opcode;
684 cmd->index = hdev->id;
686 cmd->param = kmalloc(len, GFP_ATOMIC);
693 memcpy(cmd->param, data, len);
698 list_add(&cmd->list, &hdev->mgmt_pending);
703 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
704 void (*cb)(struct pending_cmd *cmd, void *data),
707 struct list_head *p, *n;
709 list_for_each_safe(p, n, &hdev->mgmt_pending) {
710 struct pending_cmd *cmd;
712 cmd = list_entry(p, struct pending_cmd, list);
714 if (opcode > 0 && cmd->opcode != opcode)
721 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
723 struct pending_cmd *cmd;
725 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
726 if (cmd->opcode == opcode)
733 static void mgmt_pending_remove(struct pending_cmd *cmd)
735 list_del(&cmd->list);
736 mgmt_pending_free(cmd);
739 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
741 __le32 settings = cpu_to_le32(get_current_settings(hdev));
743 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
747 static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
749 struct mgmt_mode *cp = data;
750 struct hci_dev *hdev;
751 struct pending_cmd *cmd;
754 BT_DBG("request for hci%u", index);
756 if (len != sizeof(*cp))
757 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
758 MGMT_STATUS_INVALID_PARAMS);
760 hdev = hci_dev_get(index);
762 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
763 MGMT_STATUS_INVALID_PARAMS);
767 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
768 cancel_delayed_work(&hdev->power_off);
771 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
772 mgmt_powered(hdev, 1);
777 if (!!cp->val == hdev_is_powered(hdev)) {
778 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
782 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
783 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
788 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
795 schedule_work(&hdev->power_on);
797 schedule_work(&hdev->power_off.work);
802 hci_dev_unlock(hdev);
807 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
808 u16 data_len, struct sock *skip_sk)
811 struct mgmt_hdr *hdr;
813 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
817 hdr = (void *) skb_put(skb, sizeof(*hdr));
818 hdr->opcode = cpu_to_le16(event);
820 hdr->index = cpu_to_le16(hdev->id);
822 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
823 hdr->len = cpu_to_le16(data_len);
826 memcpy(skb_put(skb, data_len), data, data_len);
829 __net_timestamp(skb);
831 hci_send_to_control(skb, skip_sk);
837 static int new_settings(struct hci_dev *hdev, struct sock *skip)
841 ev = cpu_to_le32(get_current_settings(hdev));
843 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
846 static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
848 struct mgmt_cp_set_discoverable *cp = data;
849 struct hci_dev *hdev;
850 struct pending_cmd *cmd;
855 BT_DBG("request for hci%u", index);
857 if (len != sizeof(*cp))
858 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
859 MGMT_STATUS_INVALID_PARAMS);
861 timeout = get_unaligned_le16(&cp->timeout);
862 if (!cp->val && timeout > 0)
863 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
864 MGMT_STATUS_INVALID_PARAMS);
866 hdev = hci_dev_get(index);
868 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
869 MGMT_STATUS_INVALID_PARAMS);
873 if (!hdev_is_powered(hdev) && timeout > 0) {
874 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
875 MGMT_STATUS_NOT_POWERED);
879 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
880 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
881 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
886 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
887 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
888 MGMT_STATUS_REJECTED);
892 if (!hdev_is_powered(hdev)) {
893 bool changed = false;
895 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
896 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
900 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
905 err = new_settings(hdev, sk);
910 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
911 if (hdev->discov_timeout > 0) {
912 cancel_delayed_work(&hdev->discov_off);
913 hdev->discov_timeout = 0;
916 if (cp->val && timeout > 0) {
917 hdev->discov_timeout = timeout;
918 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
919 msecs_to_jiffies(hdev->discov_timeout * 1000));
922 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
926 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
935 scan |= SCAN_INQUIRY;
937 cancel_delayed_work(&hdev->discov_off);
939 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
941 mgmt_pending_remove(cmd);
944 hdev->discov_timeout = timeout;
947 hci_dev_unlock(hdev);
953 static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
955 struct mgmt_mode *cp = data;
956 struct hci_dev *hdev;
957 struct pending_cmd *cmd;
961 BT_DBG("request for hci%u", index);
963 if (len != sizeof(*cp))
964 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
965 MGMT_STATUS_INVALID_PARAMS);
967 hdev = hci_dev_get(index);
969 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
970 MGMT_STATUS_INVALID_PARAMS);
974 if (!hdev_is_powered(hdev)) {
975 bool changed = false;
977 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
981 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
983 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
984 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
987 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
992 err = new_settings(hdev, sk);
997 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
998 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
999 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
1004 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1005 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1009 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1020 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1021 hdev->discov_timeout > 0)
1022 cancel_delayed_work(&hdev->discov_off);
1025 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1027 mgmt_pending_remove(cmd);
1030 hci_dev_unlock(hdev);
1036 static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
1038 struct mgmt_mode *cp = data;
1039 struct hci_dev *hdev;
1042 BT_DBG("request for hci%u", index);
1044 if (len != sizeof(*cp))
1045 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1046 MGMT_STATUS_INVALID_PARAMS);
1048 hdev = hci_dev_get(index);
1050 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1051 MGMT_STATUS_INVALID_PARAMS);
1056 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1058 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1060 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1064 err = new_settings(hdev, sk);
1067 hci_dev_unlock(hdev);
1073 static int set_link_security(struct sock *sk, u16 index, void *data, u16 len)
1075 struct mgmt_mode *cp = data;
1076 struct pending_cmd *cmd;
1077 struct hci_dev *hdev;
1081 BT_DBG("request for hci%u", index);
1083 if (len != sizeof(*cp))
1084 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1085 MGMT_STATUS_INVALID_PARAMS);
1087 hdev = hci_dev_get(index);
1089 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1090 MGMT_STATUS_INVALID_PARAMS);
1094 if (!hdev_is_powered(hdev)) {
1095 bool changed = false;
1097 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1098 &hdev->dev_flags)) {
1099 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1103 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1108 err = new_settings(hdev, sk);
1113 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1114 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1121 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1122 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1126 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1132 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1134 mgmt_pending_remove(cmd);
1139 hci_dev_unlock(hdev);
1145 static int set_ssp(struct sock *sk, u16 index, void *data, u16 len)
1147 struct mgmt_mode *cp = data;
1148 struct pending_cmd *cmd;
1149 struct hci_dev *hdev;
1153 BT_DBG("request for hci%u", index);
1155 if (len != sizeof(*cp))
1156 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1157 MGMT_STATUS_INVALID_PARAMS);
1159 hdev = hci_dev_get(index);
1161 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1162 MGMT_STATUS_INVALID_PARAMS);
1166 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1167 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1168 MGMT_STATUS_NOT_SUPPORTED);
1174 if (!hdev_is_powered(hdev)) {
1175 bool changed = false;
1177 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1178 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1182 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1187 err = new_settings(hdev, sk);
1192 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1193 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY);
1197 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1198 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1202 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1208 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1210 mgmt_pending_remove(cmd);
1215 hci_dev_unlock(hdev);
1221 static int set_hs(struct sock *sk, u16 index, void *data, u16 len)
1223 struct mgmt_mode *cp = data;
1224 struct hci_dev *hdev;
1227 BT_DBG("request for hci%u", index);
1229 if (len != sizeof(*cp))
1230 return cmd_status(sk, index, MGMT_OP_SET_HS,
1231 MGMT_STATUS_INVALID_PARAMS);
1233 hdev = hci_dev_get(index);
1235 return cmd_status(sk, index, MGMT_OP_SET_HS,
1236 MGMT_STATUS_INVALID_PARAMS);
1239 err = cmd_status(sk, index, MGMT_OP_SET_HS,
1240 MGMT_STATUS_NOT_SUPPORTED);
1245 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1247 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1249 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1256 static int set_le(struct sock *sk, u16 index, void *data, u16 len)
1258 struct mgmt_mode *cp = data;
1259 struct hci_cp_write_le_host_supported hci_cp;
1260 struct pending_cmd *cmd;
1261 struct hci_dev *hdev;
1265 BT_DBG("request for hci%u", index);
1267 if (len != sizeof(*cp))
1268 return cmd_status(sk, index, MGMT_OP_SET_LE,
1269 MGMT_STATUS_INVALID_PARAMS);
1271 hdev = hci_dev_get(index);
1273 return cmd_status(sk, index, MGMT_OP_SET_LE,
1274 MGMT_STATUS_INVALID_PARAMS);
1276 if (!enable_le || !(hdev->features[4] & LMP_LE)) {
1277 err = cmd_status(sk, index, MGMT_OP_SET_LE,
1278 MGMT_STATUS_NOT_SUPPORTED);
1284 if (!hdev_is_powered(hdev)) {
1285 bool changed = false;
1287 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1288 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1292 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1297 err = new_settings(hdev, sk);
1302 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1303 err = cmd_status(sk, index, MGMT_OP_SET_LE, MGMT_STATUS_BUSY);
1307 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1313 memset(&hci_cp, 0, sizeof(hci_cp));
1317 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1320 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
1321 sizeof(hci_cp), &hci_cp);
1323 mgmt_pending_remove(cmd);
1332 static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
1334 struct mgmt_cp_add_uuid *cp = data;
1335 struct pending_cmd *cmd;
1336 struct hci_dev *hdev;
1337 struct bt_uuid *uuid;
1340 BT_DBG("request for hci%u", index);
1342 if (len != sizeof(*cp))
1343 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1344 MGMT_STATUS_INVALID_PARAMS);
1346 hdev = hci_dev_get(index);
1348 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1349 MGMT_STATUS_INVALID_PARAMS);
1353 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1354 err = cmd_status(sk, index, MGMT_OP_ADD_UUID,
1359 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1365 memcpy(uuid->uuid, cp->uuid, 16);
1366 uuid->svc_hint = cp->svc_hint;
1368 list_add(&uuid->list, &hdev->uuids);
1370 err = update_class(hdev);
1374 err = update_eir(hdev);
1378 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1379 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, 0,
1380 hdev->dev_class, 3);
1384 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1391 hci_dev_unlock(hdev);
1397 static bool enable_service_cache(struct hci_dev *hdev)
1399 if (!hdev_is_powered(hdev))
1402 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1403 schedule_delayed_work(&hdev->service_cache,
1404 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
1411 static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
1413 struct mgmt_cp_remove_uuid *cp = data;
1414 struct pending_cmd *cmd;
1415 struct list_head *p, *n;
1416 struct hci_dev *hdev;
1417 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1420 BT_DBG("request for hci%u", index);
1422 if (len != sizeof(*cp))
1423 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1424 MGMT_STATUS_INVALID_PARAMS);
1426 hdev = hci_dev_get(index);
1428 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1429 MGMT_STATUS_INVALID_PARAMS);
1433 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1434 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1439 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1440 err = hci_uuids_clear(hdev);
1442 if (enable_service_cache(hdev)) {
1443 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0,
1444 hdev->dev_class, 3);
1453 list_for_each_safe(p, n, &hdev->uuids) {
1454 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1456 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1459 list_del(&match->list);
1464 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1465 MGMT_STATUS_INVALID_PARAMS);
1470 err = update_class(hdev);
1474 err = update_eir(hdev);
1478 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1479 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0,
1480 hdev->dev_class, 3);
1484 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1491 hci_dev_unlock(hdev);
1497 static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1499 struct hci_dev *hdev;
1500 struct mgmt_cp_set_dev_class *cp = data;
1501 struct pending_cmd *cmd;
1504 BT_DBG("request for hci%u", index);
1506 if (len != sizeof(*cp))
1507 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1508 MGMT_STATUS_INVALID_PARAMS);
1510 hdev = hci_dev_get(index);
1512 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1513 MGMT_STATUS_INVALID_PARAMS);
1517 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1518 err = cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1523 hdev->major_class = cp->major;
1524 hdev->minor_class = cp->minor;
1526 if (!hdev_is_powered(hdev)) {
1527 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
1528 hdev->dev_class, 3);
1532 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1533 hci_dev_unlock(hdev);
1534 cancel_delayed_work_sync(&hdev->service_cache);
1539 err = update_class(hdev);
1543 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1544 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
1545 hdev->dev_class, 3);
1549 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1556 hci_dev_unlock(hdev);
1562 static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
1564 struct hci_dev *hdev;
1565 struct mgmt_cp_load_link_keys *cp = data;
1566 u16 key_count, expected_len;
1569 if (len < sizeof(*cp))
1570 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1571 MGMT_STATUS_INVALID_PARAMS);
1573 key_count = get_unaligned_le16(&cp->key_count);
1575 expected_len = sizeof(*cp) + key_count *
1576 sizeof(struct mgmt_link_key_info);
1577 if (expected_len != len) {
1578 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1580 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1581 MGMT_STATUS_INVALID_PARAMS);
1584 hdev = hci_dev_get(index);
1586 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1587 MGMT_STATUS_INVALID_PARAMS);
1589 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1594 hci_link_keys_clear(hdev);
1596 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1599 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1601 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1603 for (i = 0; i < key_count; i++) {
1604 struct mgmt_link_key_info *key = &cp->keys[i];
1606 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1607 key->type, key->pin_len);
1610 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1612 hci_dev_unlock(hdev);
1618 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1619 u8 addr_type, struct sock *skip_sk)
1621 struct mgmt_ev_device_unpaired ev;
1623 bacpy(&ev.addr.bdaddr, bdaddr);
1624 ev.addr.type = addr_type;
1626 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1630 static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
1632 struct hci_dev *hdev;
1633 struct mgmt_cp_unpair_device *cp = data;
1634 struct mgmt_rp_unpair_device rp;
1635 struct hci_cp_disconnect dc;
1636 struct pending_cmd *cmd;
1637 struct hci_conn *conn;
1640 if (len != sizeof(*cp))
1641 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1642 MGMT_STATUS_INVALID_PARAMS);
1644 hdev = hci_dev_get(index);
1646 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1647 MGMT_STATUS_INVALID_PARAMS);
1651 memset(&rp, 0, sizeof(rp));
1652 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1653 rp.addr.type = cp->addr.type;
1655 if (!hdev_is_powered(hdev)) {
1656 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE,
1657 MGMT_STATUS_NOT_POWERED,
1662 if (cp->addr.type == MGMT_ADDR_BREDR)
1663 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1665 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1668 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE,
1669 MGMT_STATUS_NOT_PAIRED,
1674 if (cp->disconnect) {
1675 if (cp->addr.type == MGMT_ADDR_BREDR)
1676 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1679 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1686 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, 0,
1688 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1692 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1699 put_unaligned_le16(conn->handle, &dc.handle);
1700 dc.reason = 0x13; /* Remote User Terminated Connection */
1701 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1703 mgmt_pending_remove(cmd);
1706 hci_dev_unlock(hdev);
1712 static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
1714 struct hci_dev *hdev;
1715 struct mgmt_cp_disconnect *cp = data;
1716 struct hci_cp_disconnect dc;
1717 struct pending_cmd *cmd;
1718 struct hci_conn *conn;
1723 if (len != sizeof(*cp))
1724 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1725 MGMT_STATUS_INVALID_PARAMS);
1727 hdev = hci_dev_get(index);
1729 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1730 MGMT_STATUS_INVALID_PARAMS);
1734 if (!test_bit(HCI_UP, &hdev->flags)) {
1735 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1736 MGMT_STATUS_NOT_POWERED);
1740 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1741 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1746 if (cp->addr.type == MGMT_ADDR_BREDR)
1747 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1749 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1752 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1753 MGMT_STATUS_NOT_CONNECTED);
1757 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1763 put_unaligned_le16(conn->handle, &dc.handle);
1764 dc.reason = 0x13; /* Remote User Terminated Connection */
1766 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1768 mgmt_pending_remove(cmd);
1771 hci_dev_unlock(hdev);
1777 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1779 switch (link_type) {
1781 switch (addr_type) {
1782 case ADDR_LE_DEV_PUBLIC:
1783 return MGMT_ADDR_LE_PUBLIC;
1784 case ADDR_LE_DEV_RANDOM:
1785 return MGMT_ADDR_LE_RANDOM;
1787 return MGMT_ADDR_INVALID;
1790 return MGMT_ADDR_BREDR;
1792 return MGMT_ADDR_INVALID;
1796 static int get_connections(struct sock *sk, u16 index)
1798 struct mgmt_rp_get_connections *rp;
1799 struct hci_dev *hdev;
1807 hdev = hci_dev_get(index);
1809 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1810 MGMT_STATUS_INVALID_PARAMS);
1814 if (!hdev_is_powered(hdev)) {
1815 err = cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1816 MGMT_STATUS_NOT_POWERED);
1821 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1822 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1826 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1827 rp = kmalloc(rp_len, GFP_ATOMIC);
1834 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1835 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1837 bacpy(&rp->addr[i].bdaddr, &c->dst);
1838 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1839 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1844 put_unaligned_le16(i, &rp->conn_count);
1846 /* Recalculate length in case of filtered SCO connections, etc */
1847 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1849 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, 0, rp, rp_len);
1854 hci_dev_unlock(hdev);
1859 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1860 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1862 struct pending_cmd *cmd;
1865 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1870 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1871 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1873 mgmt_pending_remove(cmd);
1878 static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
1880 struct hci_dev *hdev;
1881 struct hci_conn *conn;
1882 struct mgmt_cp_pin_code_reply *cp = data;
1883 struct hci_cp_pin_code_reply reply;
1884 struct pending_cmd *cmd;
1889 if (len != sizeof(*cp))
1890 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1891 MGMT_STATUS_INVALID_PARAMS);
1893 hdev = hci_dev_get(index);
1895 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1896 MGMT_STATUS_INVALID_PARAMS);
1900 if (!hdev_is_powered(hdev)) {
1901 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1902 MGMT_STATUS_NOT_POWERED);
1906 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1908 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1909 MGMT_STATUS_NOT_CONNECTED);
1913 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1914 struct mgmt_cp_pin_code_neg_reply ncp;
1916 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1918 BT_ERR("PIN code is not 16 bytes long");
1920 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1922 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1923 MGMT_STATUS_INVALID_PARAMS);
1928 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1935 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1936 reply.pin_len = cp->pin_len;
1937 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1939 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1941 mgmt_pending_remove(cmd);
1944 hci_dev_unlock(hdev);
1950 static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
1952 struct hci_dev *hdev;
1953 struct mgmt_cp_pin_code_neg_reply *cp = data;
1958 if (len != sizeof(*cp))
1959 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1960 MGMT_STATUS_INVALID_PARAMS);
1962 hdev = hci_dev_get(index);
1964 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1965 MGMT_STATUS_INVALID_PARAMS);
1969 if (!hdev_is_powered(hdev)) {
1970 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1971 MGMT_STATUS_NOT_POWERED);
1975 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1978 hci_dev_unlock(hdev);
1984 static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
1986 struct hci_dev *hdev;
1987 struct mgmt_cp_set_io_capability *cp = data;
1991 if (len != sizeof(*cp))
1992 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1993 MGMT_STATUS_INVALID_PARAMS);
1995 hdev = hci_dev_get(index);
1997 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1998 MGMT_STATUS_INVALID_PARAMS);
2002 hdev->io_capability = cp->io_capability;
2004 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
2005 hdev->io_capability);
2007 hci_dev_unlock(hdev);
2010 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 0);
2013 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
2015 struct hci_dev *hdev = conn->hdev;
2016 struct pending_cmd *cmd;
2018 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2019 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2022 if (cmd->user_data != conn)
2031 static void pairing_complete(struct pending_cmd *cmd, u8 status)
2033 struct mgmt_rp_pair_device rp;
2034 struct hci_conn *conn = cmd->user_data;
2036 bacpy(&rp.addr.bdaddr, &conn->dst);
2037 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
2039 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2042 /* So we don't get further callbacks for this connection */
2043 conn->connect_cfm_cb = NULL;
2044 conn->security_cfm_cb = NULL;
2045 conn->disconn_cfm_cb = NULL;
2049 mgmt_pending_remove(cmd);
2052 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2054 struct pending_cmd *cmd;
2056 BT_DBG("status %u", status);
2058 cmd = find_pairing(conn);
2060 BT_DBG("Unable to find a pending command");
2062 pairing_complete(cmd, mgmt_status(status));
2065 static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
2067 struct hci_dev *hdev;
2068 struct mgmt_cp_pair_device *cp = data;
2069 struct mgmt_rp_pair_device rp;
2070 struct pending_cmd *cmd;
2071 u8 sec_level, auth_type;
2072 struct hci_conn *conn;
2077 if (len != sizeof(*cp))
2078 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
2079 MGMT_STATUS_INVALID_PARAMS);
2081 hdev = hci_dev_get(index);
2083 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
2084 MGMT_STATUS_INVALID_PARAMS);
2088 if (!hdev_is_powered(hdev)) {
2089 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
2090 MGMT_STATUS_NOT_POWERED);
2094 sec_level = BT_SECURITY_MEDIUM;
2095 if (cp->io_cap == 0x03)
2096 auth_type = HCI_AT_DEDICATED_BONDING;
2098 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2100 if (cp->addr.type == MGMT_ADDR_BREDR)
2101 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
2104 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
2107 memset(&rp, 0, sizeof(rp));
2108 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2109 rp.addr.type = cp->addr.type;
2112 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
2113 MGMT_STATUS_CONNECT_FAILED,
2118 if (conn->connect_cfm_cb) {
2120 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
2121 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2125 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2132 /* For LE, just connecting isn't a proof that the pairing finished */
2133 if (cp->addr.type == MGMT_ADDR_BREDR)
2134 conn->connect_cfm_cb = pairing_complete_cb;
2136 conn->security_cfm_cb = pairing_complete_cb;
2137 conn->disconn_cfm_cb = pairing_complete_cb;
2138 conn->io_capability = cp->io_cap;
2139 cmd->user_data = conn;
2141 if (conn->state == BT_CONNECTED &&
2142 hci_conn_security(conn, sec_level, auth_type))
2143 pairing_complete(cmd, 0);
2148 hci_dev_unlock(hdev);
2154 static int cancel_pair_device(struct sock *sk, u16 index,
2155 unsigned char *data, u16 len)
2157 struct mgmt_addr_info *addr = (void *) data;
2158 struct hci_dev *hdev;
2159 struct pending_cmd *cmd;
2160 struct hci_conn *conn;
2165 if (len != sizeof(*addr))
2166 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2167 MGMT_STATUS_INVALID_PARAMS);
2169 hdev = hci_dev_get(index);
2171 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2172 MGMT_STATUS_INVALID_PARAMS);
2176 if (!hdev_is_powered(hdev)) {
2177 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2178 MGMT_STATUS_NOT_POWERED);
2182 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2184 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2185 MGMT_STATUS_INVALID_PARAMS);
2189 conn = cmd->user_data;
2191 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2192 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2193 MGMT_STATUS_INVALID_PARAMS);
2197 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2199 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 0, addr,
2202 hci_dev_unlock(hdev);
2208 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
2209 u8 type, u16 mgmt_op, u16 hci_op,
2212 struct pending_cmd *cmd;
2213 struct hci_dev *hdev;
2214 struct hci_conn *conn;
2217 hdev = hci_dev_get(index);
2219 return cmd_status(sk, index, mgmt_op,
2220 MGMT_STATUS_INVALID_PARAMS);
2224 if (!hdev_is_powered(hdev)) {
2225 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
2229 if (type == MGMT_ADDR_BREDR)
2230 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2232 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2235 err = cmd_status(sk, index, mgmt_op,
2236 MGMT_STATUS_NOT_CONNECTED);
2240 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
2241 /* Continue with pairing via SMP */
2242 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2245 err = cmd_status(sk, index, mgmt_op,
2246 MGMT_STATUS_SUCCESS);
2248 err = cmd_status(sk, index, mgmt_op,
2249 MGMT_STATUS_FAILED);
2254 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2260 /* Continue with pairing via HCI */
2261 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2262 struct hci_cp_user_passkey_reply cp;
2264 bacpy(&cp.bdaddr, bdaddr);
2265 cp.passkey = passkey;
2266 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2268 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2271 mgmt_pending_remove(cmd);
2274 hci_dev_unlock(hdev);
2280 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
2282 struct mgmt_cp_user_confirm_reply *cp = data;
2286 if (len != sizeof(*cp))
2287 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
2288 MGMT_STATUS_INVALID_PARAMS);
2290 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2291 MGMT_OP_USER_CONFIRM_REPLY,
2292 HCI_OP_USER_CONFIRM_REPLY, 0);
2295 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
2298 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2302 if (len != sizeof(*cp))
2303 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
2304 MGMT_STATUS_INVALID_PARAMS);
2306 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2307 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2308 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2311 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
2313 struct mgmt_cp_user_passkey_reply *cp = data;
2317 if (len != sizeof(*cp))
2318 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
2321 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2322 MGMT_OP_USER_PASSKEY_REPLY,
2323 HCI_OP_USER_PASSKEY_REPLY,
2327 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
2330 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2334 if (len != sizeof(*cp))
2335 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
2338 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2339 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2340 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2343 static int set_local_name(struct sock *sk, u16 index, void *data,
2346 struct mgmt_cp_set_local_name *mgmt_cp = data;
2347 struct hci_cp_write_local_name hci_cp;
2348 struct hci_dev *hdev;
2349 struct pending_cmd *cmd;
2354 if (len != sizeof(*mgmt_cp))
2355 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2356 MGMT_STATUS_INVALID_PARAMS);
2358 hdev = hci_dev_get(index);
2360 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2361 MGMT_STATUS_INVALID_PARAMS);
2365 memcpy(hdev->short_name, mgmt_cp->short_name,
2366 sizeof(hdev->short_name));
2368 if (!hdev_is_powered(hdev)) {
2369 memcpy(hdev->dev_name, mgmt_cp->name, sizeof(hdev->dev_name));
2371 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2376 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2382 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2388 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2389 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2392 mgmt_pending_remove(cmd);
2395 hci_dev_unlock(hdev);
2401 static int read_local_oob_data(struct sock *sk, u16 index)
2403 struct hci_dev *hdev;
2404 struct pending_cmd *cmd;
2407 BT_DBG("hci%u", index);
2409 hdev = hci_dev_get(index);
2411 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2412 MGMT_STATUS_INVALID_PARAMS);
2416 if (!hdev_is_powered(hdev)) {
2417 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2418 MGMT_STATUS_NOT_POWERED);
2422 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2423 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2424 MGMT_STATUS_NOT_SUPPORTED);
2428 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2429 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2434 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2440 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2442 mgmt_pending_remove(cmd);
2445 hci_dev_unlock(hdev);
2451 static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
2454 struct hci_dev *hdev;
2455 struct mgmt_cp_add_remote_oob_data *cp = data;
2459 BT_DBG("hci%u ", index);
2461 if (len != sizeof(*cp))
2462 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2463 MGMT_STATUS_INVALID_PARAMS);
2465 hdev = hci_dev_get(index);
2467 return cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2468 MGMT_STATUS_INVALID_PARAMS,
2469 &cp->addr, sizeof(cp->addr));
2473 if (!hdev_is_powered(hdev)) {
2474 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2475 MGMT_STATUS_NOT_POWERED,
2476 &cp->addr, sizeof(cp->addr));
2480 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2483 status = MGMT_STATUS_FAILED;
2487 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2488 &cp->addr, sizeof(cp->addr));
2491 hci_dev_unlock(hdev);
2497 static int remove_remote_oob_data(struct sock *sk, u16 index,
2498 void *data, u16 len)
2500 struct hci_dev *hdev;
2501 struct mgmt_cp_remove_remote_oob_data *cp = data;
2505 BT_DBG("hci%u ", index);
2507 if (len != sizeof(*cp))
2508 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2509 MGMT_STATUS_INVALID_PARAMS);
2511 hdev = hci_dev_get(index);
2513 return cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2514 MGMT_STATUS_INVALID_PARAMS,
2515 &cp->addr, sizeof(cp->addr));
2519 if (!hdev_is_powered(hdev)) {
2520 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2521 MGMT_STATUS_NOT_POWERED,
2522 &cp->addr, sizeof(cp->addr));
2526 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2528 status = MGMT_STATUS_INVALID_PARAMS;
2532 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, status,
2533 &cp->addr, sizeof(cp->addr));
2536 hci_dev_unlock(hdev);
2542 static int discovery(struct hci_dev *hdev)
2546 if (lmp_host_le_capable(hdev)) {
2547 if (lmp_bredr_capable(hdev)) {
2548 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2549 LE_SCAN_INT, LE_SCAN_WIN,
2550 LE_SCAN_TIMEOUT_BREDR_LE);
2552 hdev->discovery.type = DISCOV_TYPE_LE;
2553 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2554 LE_SCAN_INT, LE_SCAN_WIN,
2555 LE_SCAN_TIMEOUT_LE_ONLY);
2558 hdev->discovery.type = DISCOV_TYPE_BREDR;
2559 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2565 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2569 BT_DBG("%s", hdev->name);
2573 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2575 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2577 hci_dev_unlock(hdev);
2582 static int start_discovery(struct sock *sk, u16 index,
2583 void *data, u16 len)
2585 struct mgmt_cp_start_discovery *cp = data;
2586 struct pending_cmd *cmd;
2587 struct hci_dev *hdev;
2590 BT_DBG("hci%u", index);
2592 if (len != sizeof(*cp))
2593 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2594 MGMT_STATUS_INVALID_PARAMS);
2596 hdev = hci_dev_get(index);
2598 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2599 MGMT_STATUS_INVALID_PARAMS);
2603 if (!hdev_is_powered(hdev)) {
2604 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2605 MGMT_STATUS_NOT_POWERED);
2609 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2610 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2615 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2621 hdev->discovery.type = cp->type;
2623 switch (hdev->discovery.type) {
2624 case DISCOV_TYPE_BREDR:
2625 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2628 case DISCOV_TYPE_LE:
2629 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2630 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2633 case DISCOV_TYPE_INTERLEAVED:
2634 err = discovery(hdev);
2642 mgmt_pending_remove(cmd);
2644 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2647 hci_dev_unlock(hdev);
2653 static int stop_discovery(struct sock *sk, u16 index, void *data, u16 len)
2655 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2656 struct hci_dev *hdev;
2657 struct pending_cmd *cmd;
2658 struct hci_cp_remote_name_req_cancel cp;
2659 struct inquiry_entry *e;
2662 BT_DBG("hci%u", index);
2664 if (len != sizeof(*mgmt_cp))
2665 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2666 MGMT_STATUS_INVALID_PARAMS);
2668 hdev = hci_dev_get(index);
2670 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2671 MGMT_STATUS_INVALID_PARAMS);
2675 if (!hci_discovery_active(hdev)) {
2676 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2677 MGMT_STATUS_REJECTED,
2678 &mgmt_cp->type, sizeof(mgmt_cp->type));
2682 if (hdev->discovery.type != mgmt_cp->type) {
2683 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2684 MGMT_STATUS_INVALID_PARAMS,
2685 &mgmt_cp->type, sizeof(mgmt_cp->type));
2689 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2695 if (hdev->discovery.state == DISCOVERY_FINDING) {
2696 err = hci_cancel_inquiry(hdev);
2698 mgmt_pending_remove(cmd);
2700 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2704 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2706 mgmt_pending_remove(cmd);
2707 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0,
2708 &mgmt_cp->type, sizeof(mgmt_cp->type));
2709 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2713 bacpy(&cp.bdaddr, &e->data.bdaddr);
2714 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2717 mgmt_pending_remove(cmd);
2719 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2722 hci_dev_unlock(hdev);
2728 static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
2730 struct mgmt_cp_confirm_name *cp = data;
2731 struct inquiry_entry *e;
2732 struct hci_dev *hdev;
2735 BT_DBG("hci%u", index);
2737 if (len != sizeof(*cp))
2738 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2739 MGMT_STATUS_INVALID_PARAMS);
2741 hdev = hci_dev_get(index);
2743 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2744 MGMT_STATUS_INVALID_PARAMS);
2748 if (!hci_discovery_active(hdev)) {
2749 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2750 MGMT_STATUS_FAILED);
2754 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2756 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2757 MGMT_STATUS_INVALID_PARAMS);
2761 if (cp->name_known) {
2762 e->name_state = NAME_KNOWN;
2765 e->name_state = NAME_NEEDED;
2766 hci_inquiry_cache_update_resolve(hdev, e);
2772 hci_dev_unlock(hdev);
2777 static int block_device(struct sock *sk, u16 index, void *data, u16 len)
2779 struct hci_dev *hdev;
2780 struct mgmt_cp_block_device *cp = data;
2784 BT_DBG("hci%u", index);
2786 if (len != sizeof(*cp))
2787 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2788 MGMT_STATUS_INVALID_PARAMS);
2790 hdev = hci_dev_get(index);
2792 return cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2793 MGMT_STATUS_INVALID_PARAMS,
2794 &cp->addr, sizeof(cp->addr));
2798 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2800 status = MGMT_STATUS_FAILED;
2804 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, status,
2805 &cp->addr, sizeof(cp->addr));
2807 hci_dev_unlock(hdev);
2813 static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
2815 struct hci_dev *hdev;
2816 struct mgmt_cp_unblock_device *cp = data;
2820 BT_DBG("hci%u", index);
2822 if (len != sizeof(*cp))
2823 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2824 MGMT_STATUS_INVALID_PARAMS);
2826 hdev = hci_dev_get(index);
2828 return cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2829 MGMT_STATUS_INVALID_PARAMS,
2830 &cp->addr, sizeof(cp->addr));
2834 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2836 status = MGMT_STATUS_INVALID_PARAMS;
2840 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, status,
2841 &cp->addr, sizeof(cp->addr));
2843 hci_dev_unlock(hdev);
2849 static int set_fast_connectable(struct sock *sk, u16 index,
2850 void *data, u16 len)
2852 struct hci_dev *hdev;
2853 struct mgmt_mode *cp = data;
2854 struct hci_cp_write_page_scan_activity acp;
2858 BT_DBG("hci%u", index);
2860 if (len != sizeof(*cp))
2861 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2862 MGMT_STATUS_INVALID_PARAMS);
2864 hdev = hci_dev_get(index);
2866 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2867 MGMT_STATUS_INVALID_PARAMS);
2868 if (!hdev_is_powered(hdev))
2869 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2870 MGMT_STATUS_NOT_POWERED);
2872 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2873 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2874 MGMT_STATUS_REJECTED);
2879 type = PAGE_SCAN_TYPE_INTERLACED;
2880 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2882 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2883 acp.interval = 0x0800; /* default 1.28 sec page scan */
2886 acp.window = 0x0012; /* default 11.25 msec page scan window */
2888 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2891 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2892 MGMT_STATUS_FAILED);
2896 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2898 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2899 MGMT_STATUS_FAILED);
2903 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2906 hci_dev_unlock(hdev);
2912 static int load_long_term_keys(struct sock *sk, u16 index,
2913 void *cp_data, u16 len)
2915 struct hci_dev *hdev;
2916 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2917 u16 key_count, expected_len;
2920 if (len < sizeof(*cp))
2921 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2924 key_count = get_unaligned_le16(&cp->key_count);
2926 expected_len = sizeof(*cp) + key_count *
2927 sizeof(struct mgmt_ltk_info);
2928 if (expected_len != len) {
2929 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2931 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2935 hdev = hci_dev_get(index);
2937 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2940 BT_DBG("hci%u key_count %u", index, key_count);
2944 hci_smp_ltks_clear(hdev);
2946 for (i = 0; i < key_count; i++) {
2947 struct mgmt_ltk_info *key = &cp->keys[i];
2953 type = HCI_SMP_LTK_SLAVE;
2955 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2956 type, 0, key->authenticated, key->val,
2957 key->enc_size, key->ediv, key->rand);
2960 hci_dev_unlock(hdev);
2966 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2970 struct mgmt_hdr *hdr;
2971 u16 opcode, index, len;
2974 BT_DBG("got %zu bytes", msglen);
2976 if (msglen < sizeof(*hdr))
2979 buf = kmalloc(msglen, GFP_KERNEL);
2983 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2989 opcode = get_unaligned_le16(&hdr->opcode);
2990 index = get_unaligned_le16(&hdr->index);
2991 len = get_unaligned_le16(&hdr->len);
2993 if (len != msglen - sizeof(*hdr)) {
2998 cp = buf + sizeof(*hdr);
3001 case MGMT_OP_READ_VERSION:
3002 err = read_version(sk);
3004 case MGMT_OP_READ_COMMANDS:
3005 err = read_commands(sk);
3007 case MGMT_OP_READ_INDEX_LIST:
3008 err = read_index_list(sk);
3010 case MGMT_OP_READ_INFO:
3011 err = read_controller_info(sk, index);
3013 case MGMT_OP_SET_POWERED:
3014 err = set_powered(sk, index, cp, len);
3016 case MGMT_OP_SET_DISCOVERABLE:
3017 err = set_discoverable(sk, index, cp, len);
3019 case MGMT_OP_SET_CONNECTABLE:
3020 err = set_connectable(sk, index, cp, len);
3022 case MGMT_OP_SET_FAST_CONNECTABLE:
3023 err = set_fast_connectable(sk, index, cp, len);
3025 case MGMT_OP_SET_PAIRABLE:
3026 err = set_pairable(sk, index, cp, len);
3028 case MGMT_OP_SET_LINK_SECURITY:
3029 err = set_link_security(sk, index, cp, len);
3031 case MGMT_OP_SET_SSP:
3032 err = set_ssp(sk, index, cp, len);
3034 case MGMT_OP_SET_HS:
3035 err = set_hs(sk, index, cp, len);
3037 case MGMT_OP_SET_LE:
3038 err = set_le(sk, index, cp, len);
3040 case MGMT_OP_ADD_UUID:
3041 err = add_uuid(sk, index, cp, len);
3043 case MGMT_OP_REMOVE_UUID:
3044 err = remove_uuid(sk, index, cp, len);
3046 case MGMT_OP_SET_DEV_CLASS:
3047 err = set_dev_class(sk, index, cp, len);
3049 case MGMT_OP_LOAD_LINK_KEYS:
3050 err = load_link_keys(sk, index, cp, len);
3052 case MGMT_OP_DISCONNECT:
3053 err = disconnect(sk, index, cp, len);
3055 case MGMT_OP_GET_CONNECTIONS:
3056 err = get_connections(sk, index);
3058 case MGMT_OP_PIN_CODE_REPLY:
3059 err = pin_code_reply(sk, index, cp, len);
3061 case MGMT_OP_PIN_CODE_NEG_REPLY:
3062 err = pin_code_neg_reply(sk, index, cp, len);
3064 case MGMT_OP_SET_IO_CAPABILITY:
3065 err = set_io_capability(sk, index, cp, len);
3067 case MGMT_OP_PAIR_DEVICE:
3068 err = pair_device(sk, index, cp, len);
3070 case MGMT_OP_CANCEL_PAIR_DEVICE:
3071 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
3073 case MGMT_OP_UNPAIR_DEVICE:
3074 err = unpair_device(sk, index, cp, len);
3076 case MGMT_OP_USER_CONFIRM_REPLY:
3077 err = user_confirm_reply(sk, index, cp, len);
3079 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
3080 err = user_confirm_neg_reply(sk, index, cp, len);
3082 case MGMT_OP_USER_PASSKEY_REPLY:
3083 err = user_passkey_reply(sk, index, cp, len);
3085 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
3086 err = user_passkey_neg_reply(sk, index, cp, len);
3088 case MGMT_OP_SET_LOCAL_NAME:
3089 err = set_local_name(sk, index, cp, len);
3091 case MGMT_OP_READ_LOCAL_OOB_DATA:
3092 err = read_local_oob_data(sk, index);
3094 case MGMT_OP_ADD_REMOTE_OOB_DATA:
3095 err = add_remote_oob_data(sk, index, cp, len);
3097 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
3098 err = remove_remote_oob_data(sk, index, cp, len);
3100 case MGMT_OP_START_DISCOVERY:
3101 err = start_discovery(sk, index, cp, len);
3103 case MGMT_OP_STOP_DISCOVERY:
3104 err = stop_discovery(sk, index, cp, len);
3106 case MGMT_OP_CONFIRM_NAME:
3107 err = confirm_name(sk, index, cp, len);
3109 case MGMT_OP_BLOCK_DEVICE:
3110 err = block_device(sk, index, cp, len);
3112 case MGMT_OP_UNBLOCK_DEVICE:
3113 err = unblock_device(sk, index, cp, len);
3115 case MGMT_OP_LOAD_LONG_TERM_KEYS:
3116 err = load_long_term_keys(sk, index, cp, len);
3119 BT_DBG("Unknown op %u", opcode);
3120 err = cmd_status(sk, index, opcode,
3121 MGMT_STATUS_UNKNOWN_COMMAND);
3135 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
3139 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
3140 mgmt_pending_remove(cmd);
3143 int mgmt_index_added(struct hci_dev *hdev)
3145 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
3148 int mgmt_index_removed(struct hci_dev *hdev)
3152 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3154 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
3159 struct hci_dev *hdev;
3163 static void settings_rsp(struct pending_cmd *cmd, void *data)
3165 struct cmd_lookup *match = data;
3167 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
3169 list_del(&cmd->list);
3171 if (match->sk == NULL) {
3172 match->sk = cmd->sk;
3173 sock_hold(match->sk);
3176 mgmt_pending_free(cmd);
3179 int mgmt_powered(struct hci_dev *hdev, u8 powered)
3181 struct cmd_lookup match = { NULL, hdev };
3184 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3187 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3192 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3194 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3195 scan |= SCAN_INQUIRY;
3198 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3203 u8 status = ENETDOWN;
3204 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3207 err = new_settings(hdev, match.sk);
3215 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3217 struct cmd_lookup match = { NULL, hdev };
3218 bool changed = false;
3222 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3225 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3229 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3233 err = new_settings(hdev, match.sk);
3241 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3243 struct cmd_lookup match = { NULL, hdev };
3244 bool changed = false;
3248 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3251 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3255 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3259 err = new_settings(hdev, match.sk);
3267 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3269 u8 mgmt_err = mgmt_status(status);
3271 if (scan & SCAN_PAGE)
3272 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3273 cmd_status_rsp, &mgmt_err);
3275 if (scan & SCAN_INQUIRY)
3276 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3277 cmd_status_rsp, &mgmt_err);
3282 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3285 struct mgmt_ev_new_link_key ev;
3287 memset(&ev, 0, sizeof(ev));
3289 ev.store_hint = persistent;
3290 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3291 ev.key.addr.type = MGMT_ADDR_BREDR;
3292 ev.key.type = key->type;
3293 memcpy(ev.key.val, key->val, 16);
3294 ev.key.pin_len = key->pin_len;
3296 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3299 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3301 struct mgmt_ev_new_long_term_key ev;
3303 memset(&ev, 0, sizeof(ev));
3305 ev.store_hint = persistent;
3306 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3307 ev.key.addr.type = key->bdaddr_type;
3308 ev.key.authenticated = key->authenticated;
3309 ev.key.enc_size = key->enc_size;
3310 ev.key.ediv = key->ediv;
3312 if (key->type == HCI_SMP_LTK)
3315 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3316 memcpy(ev.key.val, key->val, sizeof(key->val));
3318 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
3319 &ev, sizeof(ev), NULL);
3322 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3323 u8 addr_type, u32 flags, u8 *name,
3324 u8 name_len, u8 *dev_class)
3327 struct mgmt_ev_device_connected *ev = (void *) buf;
3330 bacpy(&ev->addr.bdaddr, bdaddr);
3331 ev->addr.type = link_to_mgmt(link_type, addr_type);
3333 ev->flags = __cpu_to_le32(flags);
3336 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3339 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3340 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
3341 EIR_CLASS_OF_DEV, dev_class, 3);
3343 put_unaligned_le16(eir_len, &ev->eir_len);
3345 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3346 sizeof(*ev) + eir_len, NULL);
3349 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3351 struct mgmt_cp_disconnect *cp = cmd->param;
3352 struct sock **sk = data;
3353 struct mgmt_rp_disconnect rp;
3355 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3356 rp.addr.type = cp->addr.type;
3358 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3364 mgmt_pending_remove(cmd);
3367 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3369 struct hci_dev *hdev = data;
3370 struct mgmt_cp_unpair_device *cp = cmd->param;
3371 struct mgmt_rp_unpair_device rp;
3373 memset(&rp, 0, sizeof(rp));
3374 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3375 rp.addr.type = cp->addr.type;
3377 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3379 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3381 mgmt_pending_remove(cmd);
3384 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3385 u8 link_type, u8 addr_type)
3387 struct mgmt_addr_info ev;
3388 struct sock *sk = NULL;
3391 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3393 bacpy(&ev.bdaddr, bdaddr);
3394 ev.type = link_to_mgmt(link_type, addr_type);
3396 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3402 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3408 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3409 u8 link_type, u8 addr_type, u8 status)
3411 struct mgmt_rp_disconnect rp;
3412 struct pending_cmd *cmd;
3415 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3419 bacpy(&rp.addr.bdaddr, bdaddr);
3420 rp.addr.type = link_to_mgmt(link_type, addr_type);
3422 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3423 mgmt_status(status), &rp, sizeof(rp));
3425 mgmt_pending_remove(cmd);
3427 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3432 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3433 u8 addr_type, u8 status)
3435 struct mgmt_ev_connect_failed ev;
3437 bacpy(&ev.addr.bdaddr, bdaddr);
3438 ev.addr.type = link_to_mgmt(link_type, addr_type);
3439 ev.status = mgmt_status(status);
3441 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3444 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3446 struct mgmt_ev_pin_code_request ev;
3448 bacpy(&ev.addr.bdaddr, bdaddr);
3449 ev.addr.type = MGMT_ADDR_BREDR;
3452 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3456 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3459 struct pending_cmd *cmd;
3460 struct mgmt_rp_pin_code_reply rp;
3463 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3467 bacpy(&rp.addr.bdaddr, bdaddr);
3468 rp.addr.type = MGMT_ADDR_BREDR;
3470 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3471 mgmt_status(status), &rp, sizeof(rp));
3473 mgmt_pending_remove(cmd);
3478 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3481 struct pending_cmd *cmd;
3482 struct mgmt_rp_pin_code_reply rp;
3485 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3489 bacpy(&rp.addr.bdaddr, bdaddr);
3490 rp.addr.type = MGMT_ADDR_BREDR;
3492 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3493 mgmt_status(status), &rp, sizeof(rp));
3495 mgmt_pending_remove(cmd);
3500 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3501 u8 link_type, u8 addr_type, __le32 value,
3504 struct mgmt_ev_user_confirm_request ev;
3506 BT_DBG("%s", hdev->name);
3508 bacpy(&ev.addr.bdaddr, bdaddr);
3509 ev.addr.type = link_to_mgmt(link_type, addr_type);
3510 ev.confirm_hint = confirm_hint;
3511 put_unaligned_le32(value, &ev.value);
3513 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3517 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3518 u8 link_type, u8 addr_type)
3520 struct mgmt_ev_user_passkey_request ev;
3522 BT_DBG("%s", hdev->name);
3524 bacpy(&ev.addr.bdaddr, bdaddr);
3525 ev.addr.type = link_to_mgmt(link_type, addr_type);
3527 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3531 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3532 u8 link_type, u8 addr_type, u8 status,
3535 struct pending_cmd *cmd;
3536 struct mgmt_rp_user_confirm_reply rp;
3539 cmd = mgmt_pending_find(opcode, hdev);
3543 bacpy(&rp.addr.bdaddr, bdaddr);
3544 rp.addr.type = link_to_mgmt(link_type, addr_type);
3545 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3548 mgmt_pending_remove(cmd);
3553 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3554 u8 link_type, u8 addr_type, u8 status)
3556 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3557 status, MGMT_OP_USER_CONFIRM_REPLY);
3560 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3561 u8 link_type, u8 addr_type, u8 status)
3563 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3564 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
3567 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3568 u8 link_type, u8 addr_type, u8 status)
3570 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3571 status, MGMT_OP_USER_PASSKEY_REPLY);
3574 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3575 u8 link_type, u8 addr_type, u8 status)
3577 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3578 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
3581 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3582 u8 addr_type, u8 status)
3584 struct mgmt_ev_auth_failed ev;
3586 bacpy(&ev.addr.bdaddr, bdaddr);
3587 ev.addr.type = link_to_mgmt(link_type, addr_type);
3588 ev.status = mgmt_status(status);
3590 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3593 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3595 struct cmd_lookup match = { NULL, hdev };
3596 bool changed = false;
3600 u8 mgmt_err = mgmt_status(status);
3601 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3602 cmd_status_rsp, &mgmt_err);
3606 if (test_bit(HCI_AUTH, &hdev->flags)) {
3607 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3610 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3614 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3618 err = new_settings(hdev, match.sk);
3626 static int clear_eir(struct hci_dev *hdev)
3628 struct hci_cp_write_eir cp;
3630 if (!(hdev->features[6] & LMP_EXT_INQ))
3633 memset(hdev->eir, 0, sizeof(hdev->eir));
3635 memset(&cp, 0, sizeof(cp));
3637 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3640 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3642 struct cmd_lookup match = { NULL, hdev };
3643 bool changed = false;
3647 u8 mgmt_err = mgmt_status(status);
3649 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3651 err = new_settings(hdev, NULL);
3653 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3654 cmd_status_rsp, &mgmt_err);
3660 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3663 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3667 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3670 err = new_settings(hdev, match.sk);
3675 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3683 static void class_rsp(struct pending_cmd *cmd, void *data)
3685 struct cmd_lookup *match = data;
3687 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3688 match->hdev->dev_class, 3);
3690 list_del(&cmd->list);
3692 if (match->sk == NULL) {
3693 match->sk = cmd->sk;
3694 sock_hold(match->sk);
3697 mgmt_pending_free(cmd);
3700 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3703 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3706 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3708 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3709 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3710 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3713 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3714 dev_class, 3, NULL);
3722 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3724 struct pending_cmd *cmd;
3725 struct mgmt_cp_set_local_name ev;
3726 bool changed = false;
3729 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3730 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3734 memset(&ev, 0, sizeof(ev));
3735 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3736 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3738 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3742 /* Always assume that either the short or the complete name has
3743 * changed if there was a pending mgmt command */
3747 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3748 mgmt_status(status));
3752 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3759 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3760 sizeof(ev), cmd ? cmd->sk : NULL);
3766 mgmt_pending_remove(cmd);
3770 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3771 u8 *randomizer, u8 status)
3773 struct pending_cmd *cmd;
3776 BT_DBG("%s status %u", hdev->name, status);
3778 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3783 err = cmd_status(cmd->sk, hdev->id,
3784 MGMT_OP_READ_LOCAL_OOB_DATA,
3785 mgmt_status(status));
3787 struct mgmt_rp_read_local_oob_data rp;
3789 memcpy(rp.hash, hash, sizeof(rp.hash));
3790 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3792 err = cmd_complete(cmd->sk, hdev->id,
3793 MGMT_OP_READ_LOCAL_OOB_DATA,
3794 0, &rp, sizeof(rp));
3797 mgmt_pending_remove(cmd);
3802 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3804 struct cmd_lookup match = { NULL, hdev };
3805 bool changed = false;
3809 u8 mgmt_err = mgmt_status(status);
3811 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3813 err = new_settings(hdev, NULL);
3815 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev,
3816 cmd_status_rsp, &mgmt_err);
3822 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3825 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3829 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3832 err = new_settings(hdev, match.sk);
3840 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3841 u8 addr_type, u8 *dev_class, s8 rssi,
3842 u8 cfm_name, u8 ssp, u8 *eir, u16 eir_len)
3845 struct mgmt_ev_device_found *ev = (void *) buf;
3848 /* Leave 5 bytes for a potential CoD field */
3849 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3852 memset(buf, 0, sizeof(buf));
3854 bacpy(&ev->addr.bdaddr, bdaddr);
3855 ev->addr.type = link_to_mgmt(link_type, addr_type);
3858 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME;
3860 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING;
3863 memcpy(ev->eir, eir, eir_len);
3865 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3866 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3869 put_unaligned_le16(eir_len, &ev->eir_len);
3871 ev_size = sizeof(*ev) + eir_len;
3873 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3876 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3877 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3879 struct mgmt_ev_device_found *ev;
3880 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3883 ev = (struct mgmt_ev_device_found *) buf;
3885 memset(buf, 0, sizeof(buf));
3887 bacpy(&ev->addr.bdaddr, bdaddr);
3888 ev->addr.type = link_to_mgmt(link_type, addr_type);
3891 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3894 put_unaligned_le16(eir_len, &ev->eir_len);
3896 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3897 sizeof(*ev) + eir_len, NULL);
3900 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3902 struct pending_cmd *cmd;
3906 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3908 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3912 type = hdev->discovery.type;
3914 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3915 &type, sizeof(type));
3916 mgmt_pending_remove(cmd);
3921 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3923 struct pending_cmd *cmd;
3926 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3930 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3931 &hdev->discovery.type,
3932 sizeof(hdev->discovery.type));
3933 mgmt_pending_remove(cmd);
3938 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3940 struct mgmt_ev_discovering ev;
3941 struct pending_cmd *cmd;
3943 BT_DBG("%s discovering %u", hdev->name, discovering);
3946 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3948 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3951 u8 type = hdev->discovery.type;
3953 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
3954 &type, sizeof(type));
3955 mgmt_pending_remove(cmd);
3958 memset(&ev, 0, sizeof(ev));
3959 ev.type = hdev->discovery.type;
3960 ev.discovering = discovering;
3962 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3965 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3967 struct pending_cmd *cmd;
3968 struct mgmt_ev_device_blocked ev;
3970 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3972 bacpy(&ev.addr.bdaddr, bdaddr);
3973 ev.addr.type = type;
3975 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3976 cmd ? cmd->sk : NULL);
3979 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3981 struct pending_cmd *cmd;
3982 struct mgmt_ev_device_unblocked ev;
3984 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3986 bacpy(&ev.addr.bdaddr, bdaddr);
3987 ev.addr.type = type;
3989 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3990 cmd ? cmd->sk : NULL);
3993 module_param(enable_hs, bool, 0644);
3994 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3996 module_param(enable_le, bool, 0644);
3997 MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
projects / mv-sheeva.git / blob