2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/kernel.h>
26 #include <linux/uaccess.h>
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
33 #define MGMT_VERSION 0
34 #define MGMT_REVISION 1
36 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
39 struct list_head list;
47 /* HCI to MGMT error code conversion table */
48 static u8 mgmt_status_table[] = {
50 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
51 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
52 MGMT_STATUS_FAILED, /* Hardware Failure */
53 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
54 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
55 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
56 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
57 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
58 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
59 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
60 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
61 MGMT_STATUS_BUSY, /* Command Disallowed */
62 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
63 MGMT_STATUS_REJECTED, /* Rejected Security */
64 MGMT_STATUS_REJECTED, /* Rejected Personal */
65 MGMT_STATUS_TIMEOUT, /* Host Timeout */
66 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
67 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
68 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
69 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
70 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
71 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
72 MGMT_STATUS_BUSY, /* Repeated Attempts */
73 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
74 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
75 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
76 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
77 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
78 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
79 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
80 MGMT_STATUS_FAILED, /* Unspecified Error */
81 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
82 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
83 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
84 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
85 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
86 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
87 MGMT_STATUS_FAILED, /* Unit Link Key Used */
88 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
89 MGMT_STATUS_TIMEOUT, /* Instant Passed */
90 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
91 MGMT_STATUS_FAILED, /* Transaction Collision */
92 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
93 MGMT_STATUS_REJECTED, /* QoS Rejected */
94 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
95 MGMT_STATUS_REJECTED, /* Insufficient Security */
96 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
97 MGMT_STATUS_BUSY, /* Role Switch Pending */
98 MGMT_STATUS_FAILED, /* Slot Violation */
99 MGMT_STATUS_FAILED, /* Role Switch Failed */
100 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
101 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
102 MGMT_STATUS_BUSY, /* Host Busy Pairing */
103 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
104 MGMT_STATUS_BUSY, /* Controller Busy */
105 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
106 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
107 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
108 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
109 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
112 static u8 mgmt_status(u8 hci_status)
114 if (hci_status < ARRAY_SIZE(mgmt_status_table))
115 return mgmt_status_table[hci_status];
117 return MGMT_STATUS_FAILED;
120 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
123 struct mgmt_hdr *hdr;
124 struct mgmt_ev_cmd_status *ev;
127 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
129 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
133 hdr = (void *) skb_put(skb, sizeof(*hdr));
135 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
136 hdr->index = cpu_to_le16(index);
137 hdr->len = cpu_to_le16(sizeof(*ev));
139 ev = (void *) skb_put(skb, sizeof(*ev));
141 put_unaligned_le16(cmd, &ev->opcode);
143 err = sock_queue_rcv_skb(sk, skb);
150 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
154 struct mgmt_hdr *hdr;
155 struct mgmt_ev_cmd_complete *ev;
158 BT_DBG("sock %p", sk);
160 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
164 hdr = (void *) skb_put(skb, sizeof(*hdr));
166 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
167 hdr->index = cpu_to_le16(index);
168 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
170 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
171 put_unaligned_le16(cmd, &ev->opcode);
174 memcpy(ev->data, rp, rp_len);
176 err = sock_queue_rcv_skb(sk, skb);
183 static int read_version(struct sock *sk)
185 struct mgmt_rp_read_version rp;
187 BT_DBG("sock %p", sk);
189 rp.version = MGMT_VERSION;
190 put_unaligned_le16(MGMT_REVISION, &rp.revision);
192 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
196 static int read_index_list(struct sock *sk)
198 struct mgmt_rp_read_index_list *rp;
205 BT_DBG("sock %p", sk);
207 read_lock(&hci_dev_list_lock);
210 list_for_each(p, &hci_dev_list) {
214 rp_len = sizeof(*rp) + (2 * count);
215 rp = kmalloc(rp_len, GFP_ATOMIC);
217 read_unlock(&hci_dev_list_lock);
221 put_unaligned_le16(count, &rp->num_controllers);
224 list_for_each_entry(d, &hci_dev_list, list) {
225 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
226 cancel_delayed_work(&d->power_off);
228 if (test_bit(HCI_SETUP, &d->flags))
231 put_unaligned_le16(d->id, &rp->index[i++]);
232 BT_DBG("Added hci%u", d->id);
235 read_unlock(&hci_dev_list_lock);
237 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
245 static u32 get_supported_settings(struct hci_dev *hdev)
249 settings |= MGMT_SETTING_POWERED;
250 settings |= MGMT_SETTING_CONNECTABLE;
251 settings |= MGMT_SETTING_FAST_CONNECTABLE;
252 settings |= MGMT_SETTING_DISCOVERABLE;
253 settings |= MGMT_SETTING_PAIRABLE;
255 if (hdev->features[6] & LMP_SIMPLE_PAIR)
256 settings |= MGMT_SETTING_SSP;
258 if (!(hdev->features[4] & LMP_NO_BREDR)) {
259 settings |= MGMT_SETTING_BREDR;
260 settings |= MGMT_SETTING_LINK_SECURITY;
263 if (hdev->features[4] & LMP_LE)
264 settings |= MGMT_SETTING_LE;
269 static u32 get_current_settings(struct hci_dev *hdev)
273 if (test_bit(HCI_UP, &hdev->flags))
274 settings |= MGMT_SETTING_POWERED;
278 if (test_bit(HCI_PSCAN, &hdev->flags))
279 settings |= MGMT_SETTING_CONNECTABLE;
281 if (test_bit(HCI_ISCAN, &hdev->flags))
282 settings |= MGMT_SETTING_DISCOVERABLE;
284 if (test_bit(HCI_PAIRABLE, &hdev->flags))
285 settings |= MGMT_SETTING_PAIRABLE;
287 if (!(hdev->features[4] & LMP_NO_BREDR))
288 settings |= MGMT_SETTING_BREDR;
290 if (hdev->extfeatures[0] & LMP_HOST_LE)
291 settings |= MGMT_SETTING_LE;
293 if (test_bit(HCI_AUTH, &hdev->flags))
294 settings |= MGMT_SETTING_LINK_SECURITY;
296 if (hdev->ssp_mode > 0)
297 settings |= MGMT_SETTING_SSP;
302 static int read_controller_info(struct sock *sk, u16 index)
304 struct mgmt_rp_read_info rp;
305 struct hci_dev *hdev;
307 BT_DBG("sock %p hci%u", sk, index);
309 hdev = hci_dev_get(index);
311 return cmd_status(sk, index, MGMT_OP_READ_INFO,
312 MGMT_STATUS_INVALID_PARAMS);
314 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
315 cancel_delayed_work_sync(&hdev->power_off);
319 set_bit(HCI_MGMT, &hdev->flags);
321 memset(&rp, 0, sizeof(rp));
323 bacpy(&rp.bdaddr, &hdev->bdaddr);
325 rp.version = hdev->hci_ver;
327 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
329 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
330 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
332 memcpy(rp.dev_class, hdev->dev_class, 3);
334 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
336 hci_dev_unlock(hdev);
339 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
342 static void mgmt_pending_free(struct pending_cmd *cmd)
349 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
350 struct hci_dev *hdev,
353 struct pending_cmd *cmd;
355 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
359 cmd->opcode = opcode;
360 cmd->index = hdev->id;
362 cmd->param = kmalloc(len, GFP_ATOMIC);
369 memcpy(cmd->param, data, len);
374 list_add(&cmd->list, &hdev->mgmt_pending);
379 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
380 void (*cb)(struct pending_cmd *cmd, void *data),
383 struct list_head *p, *n;
385 list_for_each_safe(p, n, &hdev->mgmt_pending) {
386 struct pending_cmd *cmd;
388 cmd = list_entry(p, struct pending_cmd, list);
390 if (opcode > 0 && cmd->opcode != opcode)
397 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
399 struct pending_cmd *cmd;
401 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
402 if (cmd->opcode == opcode)
409 static void mgmt_pending_remove(struct pending_cmd *cmd)
411 list_del(&cmd->list);
412 mgmt_pending_free(cmd);
415 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
417 __le32 settings = cpu_to_le32(get_current_settings(hdev));
419 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings));
422 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
424 struct mgmt_mode *cp;
425 struct hci_dev *hdev;
426 struct pending_cmd *cmd;
431 BT_DBG("request for hci%u", index);
433 if (len != sizeof(*cp))
434 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
435 MGMT_STATUS_INVALID_PARAMS);
437 hdev = hci_dev_get(index);
439 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
440 MGMT_STATUS_INVALID_PARAMS);
444 up = test_bit(HCI_UP, &hdev->flags);
445 if ((cp->val && up) || (!cp->val && !up)) {
446 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
450 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
451 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
456 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
463 schedule_work(&hdev->power_on);
465 schedule_work(&hdev->power_off.work);
470 hci_dev_unlock(hdev);
475 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
478 struct mgmt_cp_set_discoverable *cp;
479 struct hci_dev *hdev;
480 struct pending_cmd *cmd;
486 BT_DBG("request for hci%u", index);
488 if (len != sizeof(*cp))
489 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
490 MGMT_STATUS_INVALID_PARAMS);
492 hdev = hci_dev_get(index);
494 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
495 MGMT_STATUS_INVALID_PARAMS);
499 if (!test_bit(HCI_UP, &hdev->flags)) {
500 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
501 MGMT_STATUS_NOT_POWERED);
505 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
506 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
507 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
512 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
513 test_bit(HCI_PSCAN, &hdev->flags)) {
514 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
518 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
527 scan |= SCAN_INQUIRY;
529 cancel_delayed_work(&hdev->discov_off);
531 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
533 mgmt_pending_remove(cmd);
536 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
539 hci_dev_unlock(hdev);
545 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
548 struct mgmt_mode *cp;
549 struct hci_dev *hdev;
550 struct pending_cmd *cmd;
556 BT_DBG("request for hci%u", index);
558 if (len != sizeof(*cp))
559 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
560 MGMT_STATUS_INVALID_PARAMS);
562 hdev = hci_dev_get(index);
564 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
565 MGMT_STATUS_INVALID_PARAMS);
569 if (!test_bit(HCI_UP, &hdev->flags)) {
570 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
571 MGMT_STATUS_NOT_POWERED);
575 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
576 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
577 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
582 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
583 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
587 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
598 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
600 mgmt_pending_remove(cmd);
603 hci_dev_unlock(hdev);
609 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
610 u16 data_len, struct sock *skip_sk)
613 struct mgmt_hdr *hdr;
615 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
619 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
621 hdr = (void *) skb_put(skb, sizeof(*hdr));
622 hdr->opcode = cpu_to_le16(event);
624 hdr->index = cpu_to_le16(hdev->id);
626 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
627 hdr->len = cpu_to_le16(data_len);
630 memcpy(skb_put(skb, data_len), data, data_len);
632 hci_send_to_sock(NULL, skb, skip_sk);
638 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
641 struct mgmt_mode *cp;
642 struct hci_dev *hdev;
648 BT_DBG("request for hci%u", index);
650 if (len != sizeof(*cp))
651 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
652 MGMT_STATUS_INVALID_PARAMS);
654 hdev = hci_dev_get(index);
656 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
657 MGMT_STATUS_INVALID_PARAMS);
662 set_bit(HCI_PAIRABLE, &hdev->flags);
664 clear_bit(HCI_PAIRABLE, &hdev->flags);
666 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
670 ev = cpu_to_le32(get_current_settings(hdev));
672 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
675 hci_dev_unlock(hdev);
681 #define EIR_FLAGS 0x01 /* flags */
682 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
683 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
684 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
685 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
686 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
687 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
688 #define EIR_NAME_SHORT 0x08 /* shortened local name */
689 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
690 #define EIR_TX_POWER 0x0A /* transmit power level */
691 #define EIR_DEVICE_ID 0x10 /* device ID */
693 #define PNP_INFO_SVCLASS_ID 0x1200
695 static u8 bluetooth_base_uuid[] = {
696 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
697 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
700 static u16 get_uuid16(u8 *uuid128)
705 for (i = 0; i < 12; i++) {
706 if (bluetooth_base_uuid[i] != uuid128[i])
710 memcpy(&val, &uuid128[12], 4);
712 val = le32_to_cpu(val);
719 static void create_eir(struct hci_dev *hdev, u8 *data)
723 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
724 int i, truncated = 0;
725 struct bt_uuid *uuid;
728 name_len = strlen(hdev->dev_name);
734 ptr[1] = EIR_NAME_SHORT;
736 ptr[1] = EIR_NAME_COMPLETE;
738 /* EIR Data length */
739 ptr[0] = name_len + 1;
741 memcpy(ptr + 2, hdev->dev_name, name_len);
743 eir_len += (name_len + 2);
744 ptr += (name_len + 2);
747 memset(uuid16_list, 0, sizeof(uuid16_list));
749 /* Group all UUID16 types */
750 list_for_each_entry(uuid, &hdev->uuids, list) {
753 uuid16 = get_uuid16(uuid->uuid);
760 if (uuid16 == PNP_INFO_SVCLASS_ID)
763 /* Stop if not enough space to put next UUID */
764 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
769 /* Check for duplicates */
770 for (i = 0; uuid16_list[i] != 0; i++)
771 if (uuid16_list[i] == uuid16)
774 if (uuid16_list[i] == 0) {
775 uuid16_list[i] = uuid16;
776 eir_len += sizeof(u16);
780 if (uuid16_list[0] != 0) {
784 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
789 for (i = 0; uuid16_list[i] != 0; i++) {
790 *ptr++ = (uuid16_list[i] & 0x00ff);
791 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
794 /* EIR Data length */
795 *length = (i * sizeof(u16)) + 1;
799 static int update_eir(struct hci_dev *hdev)
801 struct hci_cp_write_eir cp;
803 if (!(hdev->features[6] & LMP_EXT_INQ))
806 if (hdev->ssp_mode == 0)
809 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
812 memset(&cp, 0, sizeof(cp));
814 create_eir(hdev, cp.data);
816 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
819 memcpy(hdev->eir, cp.data, sizeof(cp.data));
821 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
824 static u8 get_service_classes(struct hci_dev *hdev)
826 struct bt_uuid *uuid;
829 list_for_each_entry(uuid, &hdev->uuids, list)
830 val |= uuid->svc_hint;
835 static int update_class(struct hci_dev *hdev)
839 BT_DBG("%s", hdev->name);
841 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
844 cod[0] = hdev->minor_class;
845 cod[1] = hdev->major_class;
846 cod[2] = get_service_classes(hdev);
848 if (memcmp(cod, hdev->dev_class, 3) == 0)
851 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
854 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
856 struct mgmt_cp_add_uuid *cp;
857 struct hci_dev *hdev;
858 struct bt_uuid *uuid;
863 BT_DBG("request for hci%u", index);
865 if (len != sizeof(*cp))
866 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
867 MGMT_STATUS_INVALID_PARAMS);
869 hdev = hci_dev_get(index);
871 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
872 MGMT_STATUS_INVALID_PARAMS);
876 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
882 memcpy(uuid->uuid, cp->uuid, 16);
883 uuid->svc_hint = cp->svc_hint;
885 list_add(&uuid->list, &hdev->uuids);
887 err = update_class(hdev);
891 err = update_eir(hdev);
895 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
898 hci_dev_unlock(hdev);
904 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
906 struct list_head *p, *n;
907 struct mgmt_cp_remove_uuid *cp;
908 struct hci_dev *hdev;
909 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
914 BT_DBG("request for hci%u", index);
916 if (len != sizeof(*cp))
917 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
918 MGMT_STATUS_INVALID_PARAMS);
920 hdev = hci_dev_get(index);
922 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
923 MGMT_STATUS_INVALID_PARAMS);
927 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
928 err = hci_uuids_clear(hdev);
934 list_for_each_safe(p, n, &hdev->uuids) {
935 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
937 if (memcmp(match->uuid, cp->uuid, 16) != 0)
940 list_del(&match->list);
945 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
946 MGMT_STATUS_INVALID_PARAMS);
950 err = update_class(hdev);
954 err = update_eir(hdev);
958 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
961 hci_dev_unlock(hdev);
967 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
970 struct hci_dev *hdev;
971 struct mgmt_cp_set_dev_class *cp;
976 BT_DBG("request for hci%u", index);
978 if (len != sizeof(*cp))
979 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
980 MGMT_STATUS_INVALID_PARAMS);
982 hdev = hci_dev_get(index);
984 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
985 MGMT_STATUS_INVALID_PARAMS);
989 hdev->major_class = cp->major;
990 hdev->minor_class = cp->minor;
992 err = update_class(hdev);
995 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
997 hci_dev_unlock(hdev);
1003 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
1006 struct hci_dev *hdev;
1007 struct mgmt_cp_set_service_cache *cp;
1012 if (len != sizeof(*cp))
1013 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE,
1014 MGMT_STATUS_INVALID_PARAMS);
1016 hdev = hci_dev_get(index);
1018 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE,
1019 MGMT_STATUS_INVALID_PARAMS);
1023 BT_DBG("hci%u enable %d", index, cp->enable);
1026 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
1029 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
1030 err = update_class(hdev);
1032 err = update_eir(hdev);
1036 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
1039 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
1042 hci_dev_unlock(hdev);
1048 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
1051 struct hci_dev *hdev;
1052 struct mgmt_cp_load_link_keys *cp;
1053 u16 key_count, expected_len;
1058 if (len < sizeof(*cp))
1059 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1060 MGMT_STATUS_INVALID_PARAMS);
1062 key_count = get_unaligned_le16(&cp->key_count);
1064 expected_len = sizeof(*cp) + key_count *
1065 sizeof(struct mgmt_link_key_info);
1066 if (expected_len != len) {
1067 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1069 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1070 MGMT_STATUS_INVALID_PARAMS);
1073 hdev = hci_dev_get(index);
1075 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1076 MGMT_STATUS_INVALID_PARAMS);
1078 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1083 hci_link_keys_clear(hdev);
1085 set_bit(HCI_LINK_KEYS, &hdev->flags);
1088 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
1090 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
1092 for (i = 0; i < key_count; i++) {
1093 struct mgmt_link_key_info *key = &cp->keys[i];
1095 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
1099 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0);
1101 hci_dev_unlock(hdev);
1107 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
1110 struct hci_dev *hdev;
1111 struct mgmt_cp_remove_keys *cp;
1112 struct mgmt_rp_remove_keys rp;
1113 struct hci_cp_disconnect dc;
1114 struct pending_cmd *cmd;
1115 struct hci_conn *conn;
1120 if (len != sizeof(*cp))
1121 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1122 MGMT_STATUS_INVALID_PARAMS);
1124 hdev = hci_dev_get(index);
1126 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1127 MGMT_STATUS_INVALID_PARAMS);
1131 memset(&rp, 0, sizeof(rp));
1132 bacpy(&rp.bdaddr, &cp->bdaddr);
1133 rp.status = MGMT_STATUS_FAILED;
1135 err = hci_remove_link_key(hdev, &cp->bdaddr);
1137 rp.status = MGMT_STATUS_NOT_PAIRED;
1141 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1142 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1147 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1149 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1154 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp));
1160 put_unaligned_le16(conn->handle, &dc.handle);
1161 dc.reason = 0x13; /* Remote User Terminated Connection */
1162 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1164 mgmt_pending_remove(cmd);
1168 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1170 hci_dev_unlock(hdev);
1176 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1178 struct hci_dev *hdev;
1179 struct mgmt_cp_disconnect *cp;
1180 struct hci_cp_disconnect dc;
1181 struct pending_cmd *cmd;
1182 struct hci_conn *conn;
1189 if (len != sizeof(*cp))
1190 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1191 MGMT_STATUS_INVALID_PARAMS);
1193 hdev = hci_dev_get(index);
1195 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1196 MGMT_STATUS_INVALID_PARAMS);
1200 if (!test_bit(HCI_UP, &hdev->flags)) {
1201 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1202 MGMT_STATUS_NOT_POWERED);
1206 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1207 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1212 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1214 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1217 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1218 MGMT_STATUS_NOT_CONNECTED);
1222 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1228 put_unaligned_le16(conn->handle, &dc.handle);
1229 dc.reason = 0x13; /* Remote User Terminated Connection */
1231 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1233 mgmt_pending_remove(cmd);
1236 hci_dev_unlock(hdev);
1242 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1244 switch (link_type) {
1246 switch (addr_type) {
1247 case ADDR_LE_DEV_PUBLIC:
1248 return MGMT_ADDR_LE_PUBLIC;
1249 case ADDR_LE_DEV_RANDOM:
1250 return MGMT_ADDR_LE_RANDOM;
1252 return MGMT_ADDR_INVALID;
1255 return MGMT_ADDR_BREDR;
1257 return MGMT_ADDR_INVALID;
1261 static int get_connections(struct sock *sk, u16 index)
1263 struct mgmt_rp_get_connections *rp;
1264 struct hci_dev *hdev;
1266 struct list_head *p;
1273 hdev = hci_dev_get(index);
1275 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1276 MGMT_STATUS_INVALID_PARAMS);
1281 list_for_each(p, &hdev->conn_hash.list) {
1285 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1286 rp = kmalloc(rp_len, GFP_ATOMIC);
1292 put_unaligned_le16(count, &rp->conn_count);
1295 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1296 bacpy(&rp->addr[i].bdaddr, &c->dst);
1297 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1298 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1303 /* Recalculate length in case of filtered SCO connections, etc */
1304 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1306 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1310 hci_dev_unlock(hdev);
1315 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1316 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1318 struct pending_cmd *cmd;
1321 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1326 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1329 mgmt_pending_remove(cmd);
1334 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1337 struct hci_dev *hdev;
1338 struct hci_conn *conn;
1339 struct mgmt_cp_pin_code_reply *cp;
1340 struct mgmt_cp_pin_code_neg_reply ncp;
1341 struct hci_cp_pin_code_reply reply;
1342 struct pending_cmd *cmd;
1349 if (len != sizeof(*cp))
1350 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1351 MGMT_STATUS_INVALID_PARAMS);
1353 hdev = hci_dev_get(index);
1355 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1356 MGMT_STATUS_INVALID_PARAMS);
1360 if (!test_bit(HCI_UP, &hdev->flags)) {
1361 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1362 MGMT_STATUS_NOT_POWERED);
1366 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1368 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1369 MGMT_STATUS_NOT_CONNECTED);
1373 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1374 bacpy(&ncp.bdaddr, &cp->bdaddr);
1376 BT_ERR("PIN code is not 16 bytes long");
1378 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1380 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1381 MGMT_STATUS_INVALID_PARAMS);
1386 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1392 bacpy(&reply.bdaddr, &cp->bdaddr);
1393 reply.pin_len = cp->pin_len;
1394 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1396 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1398 mgmt_pending_remove(cmd);
1401 hci_dev_unlock(hdev);
1407 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1410 struct hci_dev *hdev;
1411 struct mgmt_cp_pin_code_neg_reply *cp;
1418 if (len != sizeof(*cp))
1419 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1420 MGMT_STATUS_INVALID_PARAMS);
1422 hdev = hci_dev_get(index);
1424 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1425 MGMT_STATUS_INVALID_PARAMS);
1429 if (!test_bit(HCI_UP, &hdev->flags)) {
1430 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1431 MGMT_STATUS_NOT_POWERED);
1435 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1438 hci_dev_unlock(hdev);
1444 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1447 struct hci_dev *hdev;
1448 struct mgmt_cp_set_io_capability *cp;
1454 if (len != sizeof(*cp))
1455 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1456 MGMT_STATUS_INVALID_PARAMS);
1458 hdev = hci_dev_get(index);
1460 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1461 MGMT_STATUS_INVALID_PARAMS);
1465 hdev->io_capability = cp->io_capability;
1467 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1468 hdev->io_capability);
1470 hci_dev_unlock(hdev);
1473 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1476 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1478 struct hci_dev *hdev = conn->hdev;
1479 struct pending_cmd *cmd;
1481 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1482 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1485 if (cmd->user_data != conn)
1494 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1496 struct mgmt_rp_pair_device rp;
1497 struct hci_conn *conn = cmd->user_data;
1499 bacpy(&rp.addr.bdaddr, &conn->dst);
1500 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1503 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1505 /* So we don't get further callbacks for this connection */
1506 conn->connect_cfm_cb = NULL;
1507 conn->security_cfm_cb = NULL;
1508 conn->disconn_cfm_cb = NULL;
1512 mgmt_pending_remove(cmd);
1515 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1517 struct pending_cmd *cmd;
1519 BT_DBG("status %u", status);
1521 cmd = find_pairing(conn);
1523 BT_DBG("Unable to find a pending command");
1525 pairing_complete(cmd, status);
1528 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1530 struct hci_dev *hdev;
1531 struct mgmt_cp_pair_device *cp;
1532 struct mgmt_rp_pair_device rp;
1533 struct pending_cmd *cmd;
1534 u8 sec_level, auth_type;
1535 struct hci_conn *conn;
1542 if (len != sizeof(*cp))
1543 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1544 MGMT_STATUS_INVALID_PARAMS);
1546 hdev = hci_dev_get(index);
1548 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1549 MGMT_STATUS_INVALID_PARAMS);
1553 sec_level = BT_SECURITY_MEDIUM;
1554 if (cp->io_cap == 0x03)
1555 auth_type = HCI_AT_DEDICATED_BONDING;
1557 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1559 if (cp->addr.type == MGMT_ADDR_BREDR)
1560 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1563 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1566 memset(&rp, 0, sizeof(rp));
1567 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1568 rp.addr.type = cp->addr.type;
1571 rp.status = -PTR_ERR(conn);
1572 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1577 if (conn->connect_cfm_cb) {
1580 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1585 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1592 /* For LE, just connecting isn't a proof that the pairing finished */
1593 if (cp->addr.type == MGMT_ADDR_BREDR)
1594 conn->connect_cfm_cb = pairing_complete_cb;
1596 conn->security_cfm_cb = pairing_complete_cb;
1597 conn->disconn_cfm_cb = pairing_complete_cb;
1598 conn->io_capability = cp->io_cap;
1599 cmd->user_data = conn;
1601 if (conn->state == BT_CONNECTED &&
1602 hci_conn_security(conn, sec_level, auth_type))
1603 pairing_complete(cmd, 0);
1608 hci_dev_unlock(hdev);
1614 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1615 u16 mgmt_op, u16 hci_op, __le32 passkey)
1617 struct pending_cmd *cmd;
1618 struct hci_dev *hdev;
1619 struct hci_conn *conn;
1622 hdev = hci_dev_get(index);
1624 return cmd_status(sk, index, mgmt_op,
1625 MGMT_STATUS_INVALID_PARAMS);
1629 if (!test_bit(HCI_UP, &hdev->flags)) {
1630 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1635 * Check for an existing ACL link, if present pair via
1638 * If no ACL link is present, check for an LE link and if
1639 * present, pair via the SMP engine.
1641 * If neither ACL nor LE links are present, fail with error.
1643 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1645 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1647 err = cmd_status(sk, index, mgmt_op,
1648 MGMT_STATUS_NOT_CONNECTED);
1652 /* Continue with pairing via SMP */
1654 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_SUCCESS);
1658 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
1664 /* Continue with pairing via HCI */
1665 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1666 struct hci_cp_user_passkey_reply cp;
1668 bacpy(&cp.bdaddr, bdaddr);
1669 cp.passkey = passkey;
1670 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1672 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1675 mgmt_pending_remove(cmd);
1678 hci_dev_unlock(hdev);
1684 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1686 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1690 if (len != sizeof(*cp))
1691 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1692 MGMT_STATUS_INVALID_PARAMS);
1694 return user_pairing_resp(sk, index, &cp->bdaddr,
1695 MGMT_OP_USER_CONFIRM_REPLY,
1696 HCI_OP_USER_CONFIRM_REPLY, 0);
1699 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1702 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1706 if (len != sizeof(*cp))
1707 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1708 MGMT_STATUS_INVALID_PARAMS);
1710 return user_pairing_resp(sk, index, &cp->bdaddr,
1711 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1712 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1715 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1717 struct mgmt_cp_user_passkey_reply *cp = (void *) data;
1721 if (len != sizeof(*cp))
1722 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1725 return user_pairing_resp(sk, index, &cp->bdaddr,
1726 MGMT_OP_USER_PASSKEY_REPLY,
1727 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
1730 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1733 struct mgmt_cp_user_passkey_neg_reply *cp = (void *) data;
1737 if (len != sizeof(*cp))
1738 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1741 return user_pairing_resp(sk, index, &cp->bdaddr,
1742 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1743 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
1746 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1749 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1750 struct hci_cp_write_local_name hci_cp;
1751 struct hci_dev *hdev;
1752 struct pending_cmd *cmd;
1757 if (len != sizeof(*mgmt_cp))
1758 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1759 MGMT_STATUS_INVALID_PARAMS);
1761 hdev = hci_dev_get(index);
1763 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1764 MGMT_STATUS_INVALID_PARAMS);
1768 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
1774 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1775 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1778 mgmt_pending_remove(cmd);
1781 hci_dev_unlock(hdev);
1787 static int read_local_oob_data(struct sock *sk, u16 index)
1789 struct hci_dev *hdev;
1790 struct pending_cmd *cmd;
1793 BT_DBG("hci%u", index);
1795 hdev = hci_dev_get(index);
1797 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1798 MGMT_STATUS_INVALID_PARAMS);
1802 if (!test_bit(HCI_UP, &hdev->flags)) {
1803 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1804 MGMT_STATUS_NOT_POWERED);
1808 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1809 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1810 MGMT_STATUS_NOT_SUPPORTED);
1814 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1815 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1820 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1826 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1828 mgmt_pending_remove(cmd);
1831 hci_dev_unlock(hdev);
1837 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1840 struct hci_dev *hdev;
1841 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1844 BT_DBG("hci%u ", index);
1846 if (len != sizeof(*cp))
1847 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1848 MGMT_STATUS_INVALID_PARAMS);
1850 hdev = hci_dev_get(index);
1852 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1853 MGMT_STATUS_INVALID_PARAMS);
1857 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1860 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1861 MGMT_STATUS_FAILED);
1863 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1866 hci_dev_unlock(hdev);
1872 static int remove_remote_oob_data(struct sock *sk, u16 index,
1873 unsigned char *data, u16 len)
1875 struct hci_dev *hdev;
1876 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1879 BT_DBG("hci%u ", index);
1881 if (len != sizeof(*cp))
1882 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1883 MGMT_STATUS_INVALID_PARAMS);
1885 hdev = hci_dev_get(index);
1887 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1888 MGMT_STATUS_INVALID_PARAMS);
1892 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1894 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1895 MGMT_STATUS_INVALID_PARAMS);
1897 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1900 hci_dev_unlock(hdev);
1906 static int start_discovery(struct sock *sk, u16 index,
1907 unsigned char *data, u16 len)
1909 struct mgmt_cp_start_discovery *cp = (void *) data;
1910 struct pending_cmd *cmd;
1911 struct hci_dev *hdev;
1914 BT_DBG("hci%u", index);
1916 if (len != sizeof(*cp))
1917 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1918 MGMT_STATUS_INVALID_PARAMS);
1920 hdev = hci_dev_get(index);
1922 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1923 MGMT_STATUS_INVALID_PARAMS);
1927 if (!test_bit(HCI_UP, &hdev->flags)) {
1928 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1929 MGMT_STATUS_NOT_POWERED);
1933 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1939 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1941 mgmt_pending_remove(cmd);
1944 hci_dev_unlock(hdev);
1950 static int stop_discovery(struct sock *sk, u16 index)
1952 struct hci_dev *hdev;
1953 struct pending_cmd *cmd;
1956 BT_DBG("hci%u", index);
1958 hdev = hci_dev_get(index);
1960 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
1961 MGMT_STATUS_INVALID_PARAMS);
1965 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
1971 err = hci_cancel_inquiry(hdev);
1973 mgmt_pending_remove(cmd);
1976 hci_dev_unlock(hdev);
1982 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1985 struct hci_dev *hdev;
1986 struct mgmt_cp_block_device *cp = (void *) data;
1989 BT_DBG("hci%u", index);
1991 if (len != sizeof(*cp))
1992 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1993 MGMT_STATUS_INVALID_PARAMS);
1995 hdev = hci_dev_get(index);
1997 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1998 MGMT_STATUS_INVALID_PARAMS);
2002 err = hci_blacklist_add(hdev, &cp->bdaddr);
2004 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2005 MGMT_STATUS_FAILED);
2007 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2010 hci_dev_unlock(hdev);
2016 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
2019 struct hci_dev *hdev;
2020 struct mgmt_cp_unblock_device *cp = (void *) data;
2023 BT_DBG("hci%u", index);
2025 if (len != sizeof(*cp))
2026 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2027 MGMT_STATUS_INVALID_PARAMS);
2029 hdev = hci_dev_get(index);
2031 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2032 MGMT_STATUS_INVALID_PARAMS);
2036 err = hci_blacklist_del(hdev, &cp->bdaddr);
2039 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2040 MGMT_STATUS_INVALID_PARAMS);
2042 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2045 hci_dev_unlock(hdev);
2051 static int set_fast_connectable(struct sock *sk, u16 index,
2052 unsigned char *data, u16 len)
2054 struct hci_dev *hdev;
2055 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
2056 struct hci_cp_write_page_scan_activity acp;
2060 BT_DBG("hci%u", index);
2062 if (len != sizeof(*cp))
2063 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2064 MGMT_STATUS_INVALID_PARAMS);
2066 hdev = hci_dev_get(index);
2068 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2069 MGMT_STATUS_INVALID_PARAMS);
2074 type = PAGE_SCAN_TYPE_INTERLACED;
2075 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2077 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2078 acp.interval = 0x0800; /* default 1.28 sec page scan */
2081 acp.window = 0x0012; /* default 11.25 msec page scan window */
2083 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2086 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2087 MGMT_STATUS_FAILED);
2091 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2093 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2094 MGMT_STATUS_FAILED);
2098 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2101 hci_dev_unlock(hdev);
2107 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2110 struct mgmt_hdr *hdr;
2111 u16 opcode, index, len;
2114 BT_DBG("got %zu bytes", msglen);
2116 if (msglen < sizeof(*hdr))
2119 buf = kmalloc(msglen, GFP_KERNEL);
2123 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2128 hdr = (struct mgmt_hdr *) buf;
2129 opcode = get_unaligned_le16(&hdr->opcode);
2130 index = get_unaligned_le16(&hdr->index);
2131 len = get_unaligned_le16(&hdr->len);
2133 if (len != msglen - sizeof(*hdr)) {
2139 case MGMT_OP_READ_VERSION:
2140 err = read_version(sk);
2142 case MGMT_OP_READ_INDEX_LIST:
2143 err = read_index_list(sk);
2145 case MGMT_OP_READ_INFO:
2146 err = read_controller_info(sk, index);
2148 case MGMT_OP_SET_POWERED:
2149 err = set_powered(sk, index, buf + sizeof(*hdr), len);
2151 case MGMT_OP_SET_DISCOVERABLE:
2152 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
2154 case MGMT_OP_SET_CONNECTABLE:
2155 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
2157 case MGMT_OP_SET_PAIRABLE:
2158 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
2160 case MGMT_OP_ADD_UUID:
2161 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
2163 case MGMT_OP_REMOVE_UUID:
2164 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
2166 case MGMT_OP_SET_DEV_CLASS:
2167 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
2169 case MGMT_OP_SET_SERVICE_CACHE:
2170 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
2172 case MGMT_OP_LOAD_LINK_KEYS:
2173 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
2175 case MGMT_OP_REMOVE_KEYS:
2176 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
2178 case MGMT_OP_DISCONNECT:
2179 err = disconnect(sk, index, buf + sizeof(*hdr), len);
2181 case MGMT_OP_GET_CONNECTIONS:
2182 err = get_connections(sk, index);
2184 case MGMT_OP_PIN_CODE_REPLY:
2185 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
2187 case MGMT_OP_PIN_CODE_NEG_REPLY:
2188 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
2190 case MGMT_OP_SET_IO_CAPABILITY:
2191 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
2193 case MGMT_OP_PAIR_DEVICE:
2194 err = pair_device(sk, index, buf + sizeof(*hdr), len);
2196 case MGMT_OP_USER_CONFIRM_REPLY:
2197 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len);
2199 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2200 err = user_confirm_neg_reply(sk, index, buf + sizeof(*hdr),
2203 case MGMT_OP_USER_PASSKEY_REPLY:
2204 err = user_passkey_reply(sk, index, buf + sizeof(*hdr), len);
2206 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2207 err = user_passkey_neg_reply(sk, index, buf + sizeof(*hdr),
2210 case MGMT_OP_SET_LOCAL_NAME:
2211 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
2213 case MGMT_OP_READ_LOCAL_OOB_DATA:
2214 err = read_local_oob_data(sk, index);
2216 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2217 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
2219 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2220 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
2223 case MGMT_OP_START_DISCOVERY:
2224 err = start_discovery(sk, index, buf + sizeof(*hdr), len);
2226 case MGMT_OP_STOP_DISCOVERY:
2227 err = stop_discovery(sk, index);
2229 case MGMT_OP_BLOCK_DEVICE:
2230 err = block_device(sk, index, buf + sizeof(*hdr), len);
2232 case MGMT_OP_UNBLOCK_DEVICE:
2233 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
2235 case MGMT_OP_SET_FAST_CONNECTABLE:
2236 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
2240 BT_DBG("Unknown op %u", opcode);
2241 err = cmd_status(sk, index, opcode,
2242 MGMT_STATUS_UNKNOWN_COMMAND);
2256 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2260 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2261 mgmt_pending_remove(cmd);
2264 int mgmt_index_added(struct hci_dev *hdev)
2266 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2269 int mgmt_index_removed(struct hci_dev *hdev)
2273 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2275 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2281 struct hci_dev *hdev;
2284 static void settings_rsp(struct pending_cmd *cmd, void *data)
2286 struct cmd_lookup *match = data;
2288 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2290 list_del(&cmd->list);
2292 if (match->sk == NULL) {
2293 match->sk = cmd->sk;
2294 sock_hold(match->sk);
2297 mgmt_pending_free(cmd);
2300 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2302 struct cmd_lookup match = { powered, NULL, hdev };
2306 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2309 u8 status = ENETDOWN;
2310 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2313 ev = cpu_to_le32(get_current_settings(hdev));
2315 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2324 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2326 struct cmd_lookup match = { discoverable, NULL, hdev };
2330 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
2332 ev = cpu_to_le32(get_current_settings(hdev));
2334 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2342 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2345 struct cmd_lookup match = { connectable, NULL, hdev };
2348 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2351 ev = cpu_to_le32(get_current_settings(hdev));
2353 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
2361 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2363 u8 mgmt_err = mgmt_status(status);
2365 if (scan & SCAN_PAGE)
2366 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2367 cmd_status_rsp, &mgmt_err);
2369 if (scan & SCAN_INQUIRY)
2370 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2371 cmd_status_rsp, &mgmt_err);
2376 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2379 struct mgmt_ev_new_link_key ev;
2381 memset(&ev, 0, sizeof(ev));
2383 ev.store_hint = persistent;
2384 bacpy(&ev.key.bdaddr, &key->bdaddr);
2385 ev.key.type = key->type;
2386 memcpy(ev.key.val, key->val, 16);
2387 ev.key.pin_len = key->pin_len;
2389 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2392 int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2395 struct mgmt_addr_info ev;
2397 bacpy(&ev.bdaddr, bdaddr);
2398 ev.type = link_to_mgmt(link_type, addr_type);
2400 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
2403 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2405 struct mgmt_cp_disconnect *cp = cmd->param;
2406 struct sock **sk = data;
2407 struct mgmt_rp_disconnect rp;
2409 bacpy(&rp.bdaddr, &cp->bdaddr);
2412 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2417 mgmt_pending_remove(cmd);
2420 static void remove_keys_rsp(struct pending_cmd *cmd, void *data)
2423 struct mgmt_cp_remove_keys *cp = cmd->param;
2424 struct mgmt_rp_remove_keys rp;
2426 memset(&rp, 0, sizeof(rp));
2427 bacpy(&rp.bdaddr, &cp->bdaddr);
2429 rp.status = *status;
2431 cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp,
2434 mgmt_pending_remove(cmd);
2437 int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2440 struct mgmt_addr_info ev;
2441 struct sock *sk = NULL;
2444 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2446 bacpy(&ev.bdaddr, bdaddr);
2447 ev.type = link_to_mgmt(link_type, addr_type);
2449 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
2454 mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL);
2459 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2461 struct pending_cmd *cmd;
2462 u8 mgmt_err = mgmt_status(status);
2465 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2470 struct mgmt_rp_disconnect rp;
2472 bacpy(&rp.bdaddr, bdaddr);
2475 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2478 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT,
2481 mgmt_pending_remove(cmd);
2486 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2487 u8 addr_type, u8 status)
2489 struct mgmt_ev_connect_failed ev;
2491 bacpy(&ev.addr.bdaddr, bdaddr);
2492 ev.addr.type = link_to_mgmt(link_type, addr_type);
2493 ev.status = mgmt_status(status);
2495 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2498 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2500 struct mgmt_ev_pin_code_request ev;
2502 bacpy(&ev.bdaddr, bdaddr);
2505 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2509 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2512 struct pending_cmd *cmd;
2513 struct mgmt_rp_pin_code_reply rp;
2516 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2520 bacpy(&rp.bdaddr, bdaddr);
2521 rp.status = mgmt_status(status);
2523 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2526 mgmt_pending_remove(cmd);
2531 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2534 struct pending_cmd *cmd;
2535 struct mgmt_rp_pin_code_reply rp;
2538 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2542 bacpy(&rp.bdaddr, bdaddr);
2543 rp.status = mgmt_status(status);
2545 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2548 mgmt_pending_remove(cmd);
2553 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2554 __le32 value, u8 confirm_hint)
2556 struct mgmt_ev_user_confirm_request ev;
2558 BT_DBG("%s", hdev->name);
2560 bacpy(&ev.bdaddr, bdaddr);
2561 ev.confirm_hint = confirm_hint;
2562 put_unaligned_le32(value, &ev.value);
2564 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2568 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr)
2570 struct mgmt_ev_user_passkey_request ev;
2572 BT_DBG("%s", hdev->name);
2574 bacpy(&ev.bdaddr, bdaddr);
2576 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
2580 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2581 u8 status, u8 opcode)
2583 struct pending_cmd *cmd;
2584 struct mgmt_rp_user_confirm_reply rp;
2587 cmd = mgmt_pending_find(opcode, hdev);
2591 bacpy(&rp.bdaddr, bdaddr);
2592 rp.status = mgmt_status(status);
2593 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2595 mgmt_pending_remove(cmd);
2600 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2603 return user_pairing_resp_complete(hdev, bdaddr, status,
2604 MGMT_OP_USER_CONFIRM_REPLY);
2607 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2608 bdaddr_t *bdaddr, u8 status)
2610 return user_pairing_resp_complete(hdev, bdaddr, status,
2611 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2614 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2617 return user_pairing_resp_complete(hdev, bdaddr, status,
2618 MGMT_OP_USER_PASSKEY_REPLY);
2621 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev,
2622 bdaddr_t *bdaddr, u8 status)
2624 return user_pairing_resp_complete(hdev, bdaddr, status,
2625 MGMT_OP_USER_PASSKEY_NEG_REPLY);
2628 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2630 struct mgmt_ev_auth_failed ev;
2632 bacpy(&ev.bdaddr, bdaddr);
2633 ev.status = mgmt_status(status);
2635 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2638 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2640 struct pending_cmd *cmd;
2641 struct mgmt_cp_set_local_name ev;
2644 memset(&ev, 0, sizeof(ev));
2645 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2647 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2652 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2653 mgmt_status(status));
2659 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2665 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2666 cmd ? cmd->sk : NULL);
2670 mgmt_pending_remove(cmd);
2674 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2675 u8 *randomizer, u8 status)
2677 struct pending_cmd *cmd;
2680 BT_DBG("%s status %u", hdev->name, status);
2682 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2687 err = cmd_status(cmd->sk, hdev->id,
2688 MGMT_OP_READ_LOCAL_OOB_DATA,
2689 mgmt_status(status));
2691 struct mgmt_rp_read_local_oob_data rp;
2693 memcpy(rp.hash, hash, sizeof(rp.hash));
2694 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2696 err = cmd_complete(cmd->sk, hdev->id,
2697 MGMT_OP_READ_LOCAL_OOB_DATA,
2701 mgmt_pending_remove(cmd);
2706 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2707 u8 addr_type, u8 *dev_class, s8 rssi, u8 *eir)
2709 struct mgmt_ev_device_found ev;
2711 memset(&ev, 0, sizeof(ev));
2713 bacpy(&ev.addr.bdaddr, bdaddr);
2714 ev.addr.type = link_to_mgmt(link_type, addr_type);
2718 memcpy(ev.eir, eir, sizeof(ev.eir));
2721 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2723 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
2726 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
2728 struct mgmt_ev_remote_name ev;
2730 memset(&ev, 0, sizeof(ev));
2732 bacpy(&ev.bdaddr, bdaddr);
2733 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2735 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
2738 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2740 struct pending_cmd *cmd;
2743 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2747 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
2748 mgmt_pending_remove(cmd);
2753 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2755 struct pending_cmd *cmd;
2758 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2762 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status);
2763 mgmt_pending_remove(cmd);
2768 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2770 struct pending_cmd *cmd;
2773 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2775 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2778 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
2779 mgmt_pending_remove(cmd);
2782 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
2783 sizeof(discovering), NULL);
2786 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2788 struct pending_cmd *cmd;
2789 struct mgmt_ev_device_blocked ev;
2791 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
2793 bacpy(&ev.bdaddr, bdaddr);
2795 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2796 cmd ? cmd->sk : NULL);
2799 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2801 struct pending_cmd *cmd;
2802 struct mgmt_ev_device_unblocked ev;
2804 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
2806 bacpy(&ev.bdaddr, bdaddr);
2808 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2809 cmd ? cmd->sk : NULL);