2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 2
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
81 static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102 MGMT_EV_PASSKEY_NOTIFY,
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
109 #define LE_SCAN_TYPE 0x01
110 #define LE_SCAN_WIN 0x12
111 #define LE_SCAN_INT 0x12
112 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
113 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
115 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
118 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
120 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124 struct list_head list;
132 /* HCI to MGMT error code conversion table */
133 static u8 mgmt_status_table[] = {
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
197 bool mgmt_valid_hdev(struct hci_dev *hdev)
199 return hdev->dev_type == HCI_BREDR;
202 static u8 mgmt_status(u8 hci_status)
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
207 return MGMT_STATUS_FAILED;
210 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
226 hdr->index = cpu_to_le16(index);
227 hdr->len = cpu_to_le16(sizeof(*ev));
229 ev = (void *) skb_put(skb, sizeof(*ev));
231 ev->opcode = cpu_to_le16(cmd);
233 err = sock_queue_rcv_skb(sk, skb);
240 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 void *rp, size_t rp_len)
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
248 BT_DBG("sock %p", sk);
250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
257 hdr->index = cpu_to_le16(index);
258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
261 ev->opcode = cpu_to_le16(cmd);
265 memcpy(ev->data, rp, rp_len);
267 err = sock_queue_rcv_skb(sk, skb);
274 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
277 struct mgmt_rp_read_version rp;
279 BT_DBG("sock %p", sk);
281 rp.version = MGMT_VERSION;
282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
288 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
291 struct mgmt_rp_read_commands *rp;
292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
298 BT_DBG("sock %p", sk);
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
302 rp = kmalloc(rp_size, GFP_KERNEL);
306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
322 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
325 struct mgmt_rp_read_index_list *rp;
331 BT_DBG("sock %p", sk);
333 read_lock(&hci_dev_list_lock);
336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
346 read_unlock(&hci_dev_list_lock);
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (test_bit(HCI_SETUP, &d->dev_flags))
355 if (!mgmt_valid_hdev(d))
358 rp->index[count++] = cpu_to_le16(d->id);
359 BT_DBG("Added hci%u", d->id);
362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
365 read_unlock(&hci_dev_list_lock);
367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
375 static u32 get_supported_settings(struct hci_dev *hdev)
379 settings |= MGMT_SETTING_POWERED;
380 settings |= MGMT_SETTING_PAIRABLE;
382 if (lmp_ssp_capable(hdev))
383 settings |= MGMT_SETTING_SSP;
385 if (lmp_bredr_capable(hdev)) {
386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
394 settings |= MGMT_SETTING_HS;
396 if (lmp_le_capable(hdev))
397 settings |= MGMT_SETTING_LE;
402 static u32 get_current_settings(struct hci_dev *hdev)
406 if (hdev_is_powered(hdev))
407 settings |= MGMT_SETTING_POWERED;
409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
410 settings |= MGMT_SETTING_CONNECTABLE;
412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_DISCOVERABLE;
415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
416 settings |= MGMT_SETTING_PAIRABLE;
418 if (lmp_bredr_capable(hdev))
419 settings |= MGMT_SETTING_BREDR;
421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
422 settings |= MGMT_SETTING_LE;
424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
425 settings |= MGMT_SETTING_LINK_SECURITY;
427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
428 settings |= MGMT_SETTING_SSP;
430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
436 #define PNP_INFO_SVCLASS_ID 0x1200
438 static u8 bluetooth_base_uuid[] = {
439 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
440 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
443 static u16 get_uuid16(u8 *uuid128)
448 for (i = 0; i < 12; i++) {
449 if (bluetooth_base_uuid[i] != uuid128[i])
453 val = get_unaligned_le32(&uuid128[12]);
460 static void create_eir(struct hci_dev *hdev, u8 *data)
464 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
465 int i, truncated = 0;
466 struct bt_uuid *uuid;
469 name_len = strlen(hdev->dev_name);
475 ptr[1] = EIR_NAME_SHORT;
477 ptr[1] = EIR_NAME_COMPLETE;
479 /* EIR Data length */
480 ptr[0] = name_len + 1;
482 memcpy(ptr + 2, hdev->dev_name, name_len);
484 eir_len += (name_len + 2);
485 ptr += (name_len + 2);
488 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
490 ptr[1] = EIR_TX_POWER;
491 ptr[2] = (u8) hdev->inq_tx_power;
497 if (hdev->devid_source > 0) {
499 ptr[1] = EIR_DEVICE_ID;
501 put_unaligned_le16(hdev->devid_source, ptr + 2);
502 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
503 put_unaligned_le16(hdev->devid_product, ptr + 6);
504 put_unaligned_le16(hdev->devid_version, ptr + 8);
510 memset(uuid16_list, 0, sizeof(uuid16_list));
512 /* Group all UUID16 types */
513 list_for_each_entry(uuid, &hdev->uuids, list) {
516 uuid16 = get_uuid16(uuid->uuid);
523 if (uuid16 == PNP_INFO_SVCLASS_ID)
526 /* Stop if not enough space to put next UUID */
527 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
532 /* Check for duplicates */
533 for (i = 0; uuid16_list[i] != 0; i++)
534 if (uuid16_list[i] == uuid16)
537 if (uuid16_list[i] == 0) {
538 uuid16_list[i] = uuid16;
539 eir_len += sizeof(u16);
543 if (uuid16_list[0] != 0) {
547 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
552 for (i = 0; uuid16_list[i] != 0; i++) {
553 *ptr++ = (uuid16_list[i] & 0x00ff);
554 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
557 /* EIR Data length */
558 *length = (i * sizeof(u16)) + 1;
562 static int update_eir(struct hci_dev *hdev)
564 struct hci_cp_write_eir cp;
566 if (!hdev_is_powered(hdev))
569 if (!lmp_ext_inq_capable(hdev))
572 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
575 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
578 memset(&cp, 0, sizeof(cp));
580 create_eir(hdev, cp.data);
582 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
585 memcpy(hdev->eir, cp.data, sizeof(cp.data));
587 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
590 static u8 get_service_classes(struct hci_dev *hdev)
592 struct bt_uuid *uuid;
595 list_for_each_entry(uuid, &hdev->uuids, list)
596 val |= uuid->svc_hint;
601 static int update_class(struct hci_dev *hdev)
606 BT_DBG("%s", hdev->name);
608 if (!hdev_is_powered(hdev))
611 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
614 cod[0] = hdev->minor_class;
615 cod[1] = hdev->major_class;
616 cod[2] = get_service_classes(hdev);
618 if (memcmp(cod, hdev->dev_class, 3) == 0)
621 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
623 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
628 static void service_cache_off(struct work_struct *work)
630 struct hci_dev *hdev = container_of(work, struct hci_dev,
633 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
641 hci_dev_unlock(hdev);
644 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
646 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
649 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
651 /* Non-mgmt controlled devices get this bit set
652 * implicitly so that pairing works for them, however
653 * for mgmt we require user-space to explicitly enable
656 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
659 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
660 void *data, u16 data_len)
662 struct mgmt_rp_read_info rp;
664 BT_DBG("sock %p %s", sk, hdev->name);
668 memset(&rp, 0, sizeof(rp));
670 bacpy(&rp.bdaddr, &hdev->bdaddr);
672 rp.version = hdev->hci_ver;
673 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
675 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
676 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
678 memcpy(rp.dev_class, hdev->dev_class, 3);
680 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
681 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
683 hci_dev_unlock(hdev);
685 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
689 static void mgmt_pending_free(struct pending_cmd *cmd)
696 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
697 struct hci_dev *hdev, void *data,
700 struct pending_cmd *cmd;
702 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
706 cmd->opcode = opcode;
707 cmd->index = hdev->id;
709 cmd->param = kmalloc(len, GFP_KERNEL);
716 memcpy(cmd->param, data, len);
721 list_add(&cmd->list, &hdev->mgmt_pending);
726 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
727 void (*cb)(struct pending_cmd *cmd,
731 struct list_head *p, *n;
733 list_for_each_safe(p, n, &hdev->mgmt_pending) {
734 struct pending_cmd *cmd;
736 cmd = list_entry(p, struct pending_cmd, list);
738 if (opcode > 0 && cmd->opcode != opcode)
745 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
747 struct pending_cmd *cmd;
749 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
750 if (cmd->opcode == opcode)
757 static void mgmt_pending_remove(struct pending_cmd *cmd)
759 list_del(&cmd->list);
760 mgmt_pending_free(cmd);
763 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
765 __le32 settings = cpu_to_le32(get_current_settings(hdev));
767 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
771 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
774 struct mgmt_mode *cp = data;
775 struct pending_cmd *cmd;
778 BT_DBG("request for %s", hdev->name);
782 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
783 cancel_delayed_work(&hdev->power_off);
786 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
787 mgmt_powered(hdev, 1);
792 if (!!cp->val == hdev_is_powered(hdev)) {
793 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
797 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
798 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
803 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
810 schedule_work(&hdev->power_on);
812 schedule_work(&hdev->power_off.work);
817 hci_dev_unlock(hdev);
821 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
822 struct sock *skip_sk)
825 struct mgmt_hdr *hdr;
827 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
831 hdr = (void *) skb_put(skb, sizeof(*hdr));
832 hdr->opcode = cpu_to_le16(event);
834 hdr->index = cpu_to_le16(hdev->id);
836 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
837 hdr->len = cpu_to_le16(data_len);
840 memcpy(skb_put(skb, data_len), data, data_len);
843 __net_timestamp(skb);
845 hci_send_to_control(skb, skip_sk);
851 static int new_settings(struct hci_dev *hdev, struct sock *skip)
855 ev = cpu_to_le32(get_current_settings(hdev));
857 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
860 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
863 struct mgmt_cp_set_discoverable *cp = data;
864 struct pending_cmd *cmd;
869 BT_DBG("request for %s", hdev->name);
871 if (!lmp_bredr_capable(hdev))
872 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
873 MGMT_STATUS_NOT_SUPPORTED);
875 timeout = __le16_to_cpu(cp->timeout);
876 if (!cp->val && timeout > 0)
877 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
878 MGMT_STATUS_INVALID_PARAMS);
882 if (!hdev_is_powered(hdev) && timeout > 0) {
883 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
884 MGMT_STATUS_NOT_POWERED);
888 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
889 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
890 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
895 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
896 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
897 MGMT_STATUS_REJECTED);
901 if (!hdev_is_powered(hdev)) {
902 bool changed = false;
904 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
905 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
909 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
914 err = new_settings(hdev, sk);
919 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
920 if (hdev->discov_timeout > 0) {
921 cancel_delayed_work(&hdev->discov_off);
922 hdev->discov_timeout = 0;
925 if (cp->val && timeout > 0) {
926 hdev->discov_timeout = timeout;
927 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
928 msecs_to_jiffies(hdev->discov_timeout * 1000));
931 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
935 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
944 scan |= SCAN_INQUIRY;
946 cancel_delayed_work(&hdev->discov_off);
948 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
950 mgmt_pending_remove(cmd);
953 hdev->discov_timeout = timeout;
956 hci_dev_unlock(hdev);
960 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
963 struct mgmt_mode *cp = data;
964 struct pending_cmd *cmd;
968 BT_DBG("request for %s", hdev->name);
970 if (!lmp_bredr_capable(hdev))
971 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
972 MGMT_STATUS_NOT_SUPPORTED);
976 if (!hdev_is_powered(hdev)) {
977 bool changed = false;
979 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
983 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
985 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
986 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
989 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
994 err = new_settings(hdev, sk);
999 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1000 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1001 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1006 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1007 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1011 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1022 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1023 hdev->discov_timeout > 0)
1024 cancel_delayed_work(&hdev->discov_off);
1027 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1029 mgmt_pending_remove(cmd);
1032 hci_dev_unlock(hdev);
1036 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1039 struct mgmt_mode *cp = data;
1042 BT_DBG("request for %s", hdev->name);
1047 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1049 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1051 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1055 err = new_settings(hdev, sk);
1058 hci_dev_unlock(hdev);
1062 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1065 struct mgmt_mode *cp = data;
1066 struct pending_cmd *cmd;
1070 BT_DBG("request for %s", hdev->name);
1072 if (!lmp_bredr_capable(hdev))
1073 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1074 MGMT_STATUS_NOT_SUPPORTED);
1078 if (!hdev_is_powered(hdev)) {
1079 bool changed = false;
1081 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1082 &hdev->dev_flags)) {
1083 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1087 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1092 err = new_settings(hdev, sk);
1097 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1098 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1105 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1106 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1110 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1116 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1118 mgmt_pending_remove(cmd);
1123 hci_dev_unlock(hdev);
1127 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1129 struct mgmt_mode *cp = data;
1130 struct pending_cmd *cmd;
1134 BT_DBG("request for %s", hdev->name);
1136 if (!lmp_ssp_capable(hdev))
1137 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1138 MGMT_STATUS_NOT_SUPPORTED);
1144 if (!hdev_is_powered(hdev)) {
1145 bool changed = false;
1147 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1148 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1152 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1157 err = new_settings(hdev, sk);
1162 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1163 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1168 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1169 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1173 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1179 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1181 mgmt_pending_remove(cmd);
1186 hci_dev_unlock(hdev);
1190 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1192 struct mgmt_mode *cp = data;
1194 BT_DBG("request for %s", hdev->name);
1197 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1198 MGMT_STATUS_NOT_SUPPORTED);
1201 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1203 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1205 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1208 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1210 struct mgmt_mode *cp = data;
1211 struct hci_cp_write_le_host_supported hci_cp;
1212 struct pending_cmd *cmd;
1216 BT_DBG("request for %s", hdev->name);
1218 if (!lmp_le_capable(hdev))
1219 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1220 MGMT_STATUS_NOT_SUPPORTED);
1225 enabled = lmp_host_le_capable(hdev);
1227 if (!hdev_is_powered(hdev) || val == enabled) {
1228 bool changed = false;
1230 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1231 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1235 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1240 err = new_settings(hdev, sk);
1245 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1246 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1251 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1257 memset(&hci_cp, 0, sizeof(hci_cp));
1261 hci_cp.simul = lmp_le_br_capable(hdev);
1264 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1267 mgmt_pending_remove(cmd);
1270 hci_dev_unlock(hdev);
1274 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1276 struct mgmt_cp_add_uuid *cp = data;
1277 struct pending_cmd *cmd;
1278 struct bt_uuid *uuid;
1281 BT_DBG("request for %s", hdev->name);
1285 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1286 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1291 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1297 memcpy(uuid->uuid, cp->uuid, 16);
1298 uuid->svc_hint = cp->svc_hint;
1300 list_add(&uuid->list, &hdev->uuids);
1302 err = update_class(hdev);
1306 err = update_eir(hdev);
1310 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1311 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1312 hdev->dev_class, 3);
1316 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1321 hci_dev_unlock(hdev);
1325 static bool enable_service_cache(struct hci_dev *hdev)
1327 if (!hdev_is_powered(hdev))
1330 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1331 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1338 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1341 struct mgmt_cp_remove_uuid *cp = data;
1342 struct pending_cmd *cmd;
1343 struct list_head *p, *n;
1344 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1347 BT_DBG("request for %s", hdev->name);
1351 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1352 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1357 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1358 err = hci_uuids_clear(hdev);
1360 if (enable_service_cache(hdev)) {
1361 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1362 0, hdev->dev_class, 3);
1371 list_for_each_safe(p, n, &hdev->uuids) {
1372 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1374 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1377 list_del(&match->list);
1383 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1384 MGMT_STATUS_INVALID_PARAMS);
1389 err = update_class(hdev);
1393 err = update_eir(hdev);
1397 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1398 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1399 hdev->dev_class, 3);
1403 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1408 hci_dev_unlock(hdev);
1412 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1415 struct mgmt_cp_set_dev_class *cp = data;
1416 struct pending_cmd *cmd;
1419 BT_DBG("request for %s", hdev->name);
1421 if (!lmp_bredr_capable(hdev))
1422 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1423 MGMT_STATUS_NOT_SUPPORTED);
1425 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags))
1426 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1429 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0)
1430 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1431 MGMT_STATUS_INVALID_PARAMS);
1435 hdev->major_class = cp->major;
1436 hdev->minor_class = cp->minor;
1438 if (!hdev_is_powered(hdev)) {
1439 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1440 hdev->dev_class, 3);
1444 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1445 hci_dev_unlock(hdev);
1446 cancel_delayed_work_sync(&hdev->service_cache);
1451 err = update_class(hdev);
1455 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1456 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1457 hdev->dev_class, 3);
1461 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1466 hci_dev_unlock(hdev);
1470 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1473 struct mgmt_cp_load_link_keys *cp = data;
1474 u16 key_count, expected_len;
1477 key_count = __le16_to_cpu(cp->key_count);
1479 expected_len = sizeof(*cp) + key_count *
1480 sizeof(struct mgmt_link_key_info);
1481 if (expected_len != len) {
1482 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1484 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1485 MGMT_STATUS_INVALID_PARAMS);
1488 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1493 hci_link_keys_clear(hdev);
1495 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1498 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1500 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1502 for (i = 0; i < key_count; i++) {
1503 struct mgmt_link_key_info *key = &cp->keys[i];
1505 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1506 key->type, key->pin_len);
1509 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1511 hci_dev_unlock(hdev);
1516 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1517 u8 addr_type, struct sock *skip_sk)
1519 struct mgmt_ev_device_unpaired ev;
1521 bacpy(&ev.addr.bdaddr, bdaddr);
1522 ev.addr.type = addr_type;
1524 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1528 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1531 struct mgmt_cp_unpair_device *cp = data;
1532 struct mgmt_rp_unpair_device rp;
1533 struct hci_cp_disconnect dc;
1534 struct pending_cmd *cmd;
1535 struct hci_conn *conn;
1540 memset(&rp, 0, sizeof(rp));
1541 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1542 rp.addr.type = cp->addr.type;
1544 if (!hdev_is_powered(hdev)) {
1545 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1546 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1550 if (cp->addr.type == BDADDR_BREDR)
1551 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1553 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1556 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1557 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1561 if (cp->disconnect) {
1562 if (cp->addr.type == BDADDR_BREDR)
1563 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1566 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1573 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1575 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1579 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1586 dc.handle = cpu_to_le16(conn->handle);
1587 dc.reason = 0x13; /* Remote User Terminated Connection */
1588 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1590 mgmt_pending_remove(cmd);
1593 hci_dev_unlock(hdev);
1597 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1600 struct mgmt_cp_disconnect *cp = data;
1601 struct hci_cp_disconnect dc;
1602 struct pending_cmd *cmd;
1603 struct hci_conn *conn;
1610 if (!test_bit(HCI_UP, &hdev->flags)) {
1611 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1612 MGMT_STATUS_NOT_POWERED);
1616 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1617 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1622 if (cp->addr.type == BDADDR_BREDR)
1623 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1626 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1628 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1629 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1630 MGMT_STATUS_NOT_CONNECTED);
1634 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1640 dc.handle = cpu_to_le16(conn->handle);
1641 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1643 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1645 mgmt_pending_remove(cmd);
1648 hci_dev_unlock(hdev);
1652 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1654 switch (link_type) {
1656 switch (addr_type) {
1657 case ADDR_LE_DEV_PUBLIC:
1658 return BDADDR_LE_PUBLIC;
1661 /* Fallback to LE Random address type */
1662 return BDADDR_LE_RANDOM;
1666 /* Fallback to BR/EDR type */
1667 return BDADDR_BREDR;
1671 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1674 struct mgmt_rp_get_connections *rp;
1684 if (!hdev_is_powered(hdev)) {
1685 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1686 MGMT_STATUS_NOT_POWERED);
1691 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1692 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1696 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1697 rp = kmalloc(rp_len, GFP_KERNEL);
1704 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1705 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1707 bacpy(&rp->addr[i].bdaddr, &c->dst);
1708 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1709 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1714 rp->conn_count = cpu_to_le16(i);
1716 /* Recalculate length in case of filtered SCO connections, etc */
1717 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1719 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1725 hci_dev_unlock(hdev);
1729 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1730 struct mgmt_cp_pin_code_neg_reply *cp)
1732 struct pending_cmd *cmd;
1735 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1740 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1741 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1743 mgmt_pending_remove(cmd);
1748 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1751 struct hci_conn *conn;
1752 struct mgmt_cp_pin_code_reply *cp = data;
1753 struct hci_cp_pin_code_reply reply;
1754 struct pending_cmd *cmd;
1761 if (!hdev_is_powered(hdev)) {
1762 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1763 MGMT_STATUS_NOT_POWERED);
1767 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1769 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1770 MGMT_STATUS_NOT_CONNECTED);
1774 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1775 struct mgmt_cp_pin_code_neg_reply ncp;
1777 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1779 BT_ERR("PIN code is not 16 bytes long");
1781 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1783 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1784 MGMT_STATUS_INVALID_PARAMS);
1789 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1795 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1796 reply.pin_len = cp->pin_len;
1797 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1799 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1801 mgmt_pending_remove(cmd);
1804 hci_dev_unlock(hdev);
1808 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1811 struct mgmt_cp_set_io_capability *cp = data;
1817 hdev->io_capability = cp->io_capability;
1819 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1820 hdev->io_capability);
1822 hci_dev_unlock(hdev);
1824 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1828 static struct pending_cmd *find_pairing(struct hci_conn *conn)
1830 struct hci_dev *hdev = conn->hdev;
1831 struct pending_cmd *cmd;
1833 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1834 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1837 if (cmd->user_data != conn)
1846 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1848 struct mgmt_rp_pair_device rp;
1849 struct hci_conn *conn = cmd->user_data;
1851 bacpy(&rp.addr.bdaddr, &conn->dst);
1852 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1854 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1857 /* So we don't get further callbacks for this connection */
1858 conn->connect_cfm_cb = NULL;
1859 conn->security_cfm_cb = NULL;
1860 conn->disconn_cfm_cb = NULL;
1864 mgmt_pending_remove(cmd);
1867 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1869 struct pending_cmd *cmd;
1871 BT_DBG("status %u", status);
1873 cmd = find_pairing(conn);
1875 BT_DBG("Unable to find a pending command");
1877 pairing_complete(cmd, mgmt_status(status));
1880 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1882 struct pending_cmd *cmd;
1884 BT_DBG("status %u", status);
1889 cmd = find_pairing(conn);
1891 BT_DBG("Unable to find a pending command");
1893 pairing_complete(cmd, mgmt_status(status));
1896 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1899 struct mgmt_cp_pair_device *cp = data;
1900 struct mgmt_rp_pair_device rp;
1901 struct pending_cmd *cmd;
1902 u8 sec_level, auth_type;
1903 struct hci_conn *conn;
1910 if (!hdev_is_powered(hdev)) {
1911 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1912 MGMT_STATUS_NOT_POWERED);
1916 sec_level = BT_SECURITY_MEDIUM;
1917 if (cp->io_cap == 0x03)
1918 auth_type = HCI_AT_DEDICATED_BONDING;
1920 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1922 if (cp->addr.type == BDADDR_BREDR)
1923 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1924 cp->addr.type, sec_level, auth_type);
1926 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1927 cp->addr.type, sec_level, auth_type);
1929 memset(&rp, 0, sizeof(rp));
1930 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1931 rp.addr.type = cp->addr.type;
1936 if (PTR_ERR(conn) == -EBUSY)
1937 status = MGMT_STATUS_BUSY;
1939 status = MGMT_STATUS_CONNECT_FAILED;
1941 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1947 if (conn->connect_cfm_cb) {
1949 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1950 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1954 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1961 /* For LE, just connecting isn't a proof that the pairing finished */
1962 if (cp->addr.type == BDADDR_BREDR)
1963 conn->connect_cfm_cb = pairing_complete_cb;
1965 conn->connect_cfm_cb = le_connect_complete_cb;
1967 conn->security_cfm_cb = pairing_complete_cb;
1968 conn->disconn_cfm_cb = pairing_complete_cb;
1969 conn->io_capability = cp->io_cap;
1970 cmd->user_data = conn;
1972 if (conn->state == BT_CONNECTED &&
1973 hci_conn_security(conn, sec_level, auth_type))
1974 pairing_complete(cmd, 0);
1979 hci_dev_unlock(hdev);
1983 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1986 struct mgmt_addr_info *addr = data;
1987 struct pending_cmd *cmd;
1988 struct hci_conn *conn;
1995 if (!hdev_is_powered(hdev)) {
1996 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1997 MGMT_STATUS_NOT_POWERED);
2001 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2003 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2004 MGMT_STATUS_INVALID_PARAMS);
2008 conn = cmd->user_data;
2010 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2011 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2012 MGMT_STATUS_INVALID_PARAMS);
2016 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2018 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2019 addr, sizeof(*addr));
2021 hci_dev_unlock(hdev);
2025 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2026 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2027 u16 hci_op, __le32 passkey)
2029 struct pending_cmd *cmd;
2030 struct hci_conn *conn;
2035 if (!hdev_is_powered(hdev)) {
2036 err = cmd_status(sk, hdev->id, mgmt_op,
2037 MGMT_STATUS_NOT_POWERED);
2041 if (type == BDADDR_BREDR)
2042 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2044 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2047 err = cmd_status(sk, hdev->id, mgmt_op,
2048 MGMT_STATUS_NOT_CONNECTED);
2052 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2053 /* Continue with pairing via SMP */
2054 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2057 err = cmd_status(sk, hdev->id, mgmt_op,
2058 MGMT_STATUS_SUCCESS);
2060 err = cmd_status(sk, hdev->id, mgmt_op,
2061 MGMT_STATUS_FAILED);
2066 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2072 /* Continue with pairing via HCI */
2073 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2074 struct hci_cp_user_passkey_reply cp;
2076 bacpy(&cp.bdaddr, bdaddr);
2077 cp.passkey = passkey;
2078 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2080 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2083 mgmt_pending_remove(cmd);
2086 hci_dev_unlock(hdev);
2090 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2091 void *data, u16 len)
2093 struct mgmt_cp_pin_code_neg_reply *cp = data;
2097 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2098 MGMT_OP_PIN_CODE_NEG_REPLY,
2099 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2102 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2105 struct mgmt_cp_user_confirm_reply *cp = data;
2109 if (len != sizeof(*cp))
2110 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2111 MGMT_STATUS_INVALID_PARAMS);
2113 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2114 MGMT_OP_USER_CONFIRM_REPLY,
2115 HCI_OP_USER_CONFIRM_REPLY, 0);
2118 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2119 void *data, u16 len)
2121 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2125 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2126 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2127 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2130 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2133 struct mgmt_cp_user_passkey_reply *cp = data;
2137 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2138 MGMT_OP_USER_PASSKEY_REPLY,
2139 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2142 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2143 void *data, u16 len)
2145 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2149 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2150 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2151 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2154 static int update_name(struct hci_dev *hdev, const char *name)
2156 struct hci_cp_write_local_name cp;
2158 memcpy(cp.name, name, sizeof(cp.name));
2160 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2163 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2166 struct mgmt_cp_set_local_name *cp = data;
2167 struct pending_cmd *cmd;
2174 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2176 if (!hdev_is_powered(hdev)) {
2177 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2179 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2184 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2190 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2196 err = update_name(hdev, cp->name);
2198 mgmt_pending_remove(cmd);
2201 hci_dev_unlock(hdev);
2205 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2206 void *data, u16 data_len)
2208 struct pending_cmd *cmd;
2211 BT_DBG("%s", hdev->name);
2215 if (!hdev_is_powered(hdev)) {
2216 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2217 MGMT_STATUS_NOT_POWERED);
2221 if (!lmp_ssp_capable(hdev)) {
2222 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2223 MGMT_STATUS_NOT_SUPPORTED);
2227 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2228 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2233 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2239 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2241 mgmt_pending_remove(cmd);
2244 hci_dev_unlock(hdev);
2248 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2249 void *data, u16 len)
2251 struct mgmt_cp_add_remote_oob_data *cp = data;
2255 BT_DBG("%s ", hdev->name);
2259 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2262 status = MGMT_STATUS_FAILED;
2264 status = MGMT_STATUS_SUCCESS;
2266 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2267 &cp->addr, sizeof(cp->addr));
2269 hci_dev_unlock(hdev);
2273 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2274 void *data, u16 len)
2276 struct mgmt_cp_remove_remote_oob_data *cp = data;
2280 BT_DBG("%s", hdev->name);
2284 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2286 status = MGMT_STATUS_INVALID_PARAMS;
2288 status = MGMT_STATUS_SUCCESS;
2290 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2291 status, &cp->addr, sizeof(cp->addr));
2293 hci_dev_unlock(hdev);
2297 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2301 BT_DBG("%s", hdev->name);
2305 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2307 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2309 hci_dev_unlock(hdev);
2314 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2315 void *data, u16 len)
2317 struct mgmt_cp_start_discovery *cp = data;
2318 struct pending_cmd *cmd;
2321 BT_DBG("%s", hdev->name);
2325 if (!hdev_is_powered(hdev)) {
2326 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2327 MGMT_STATUS_NOT_POWERED);
2331 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2332 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2337 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2338 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2343 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2349 hdev->discovery.type = cp->type;
2351 switch (hdev->discovery.type) {
2352 case DISCOV_TYPE_BREDR:
2353 if (lmp_bredr_capable(hdev))
2354 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2359 case DISCOV_TYPE_LE:
2360 if (lmp_host_le_capable(hdev))
2361 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2362 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2367 case DISCOV_TYPE_INTERLEAVED:
2368 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2369 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2371 LE_SCAN_TIMEOUT_BREDR_LE);
2381 mgmt_pending_remove(cmd);
2383 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2386 hci_dev_unlock(hdev);
2390 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2393 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2394 struct pending_cmd *cmd;
2395 struct hci_cp_remote_name_req_cancel cp;
2396 struct inquiry_entry *e;
2399 BT_DBG("%s", hdev->name);
2403 if (!hci_discovery_active(hdev)) {
2404 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2405 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2406 sizeof(mgmt_cp->type));
2410 if (hdev->discovery.type != mgmt_cp->type) {
2411 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2412 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2413 sizeof(mgmt_cp->type));
2417 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2423 switch (hdev->discovery.state) {
2424 case DISCOVERY_FINDING:
2425 if (test_bit(HCI_INQUIRY, &hdev->flags))
2426 err = hci_cancel_inquiry(hdev);
2428 err = hci_cancel_le_scan(hdev);
2432 case DISCOVERY_RESOLVING:
2433 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2436 mgmt_pending_remove(cmd);
2437 err = cmd_complete(sk, hdev->id,
2438 MGMT_OP_STOP_DISCOVERY, 0,
2440 sizeof(mgmt_cp->type));
2441 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2445 bacpy(&cp.bdaddr, &e->data.bdaddr);
2446 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2452 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2457 mgmt_pending_remove(cmd);
2459 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2462 hci_dev_unlock(hdev);
2466 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2469 struct mgmt_cp_confirm_name *cp = data;
2470 struct inquiry_entry *e;
2473 BT_DBG("%s", hdev->name);
2477 if (!hci_discovery_active(hdev)) {
2478 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2479 MGMT_STATUS_FAILED);
2483 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2485 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2486 MGMT_STATUS_INVALID_PARAMS);
2490 if (cp->name_known) {
2491 e->name_state = NAME_KNOWN;
2494 e->name_state = NAME_NEEDED;
2495 hci_inquiry_cache_update_resolve(hdev, e);
2498 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2502 hci_dev_unlock(hdev);
2506 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2509 struct mgmt_cp_block_device *cp = data;
2513 BT_DBG("%s", hdev->name);
2517 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2519 status = MGMT_STATUS_FAILED;
2521 status = MGMT_STATUS_SUCCESS;
2523 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2524 &cp->addr, sizeof(cp->addr));
2526 hci_dev_unlock(hdev);
2531 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2534 struct mgmt_cp_unblock_device *cp = data;
2538 BT_DBG("%s", hdev->name);
2542 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2544 status = MGMT_STATUS_INVALID_PARAMS;
2546 status = MGMT_STATUS_SUCCESS;
2548 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2549 &cp->addr, sizeof(cp->addr));
2551 hci_dev_unlock(hdev);
2556 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2559 struct mgmt_cp_set_device_id *cp = data;
2563 BT_DBG("%s", hdev->name);
2565 source = __le16_to_cpu(cp->source);
2567 if (source > 0x0002)
2568 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2569 MGMT_STATUS_INVALID_PARAMS);
2573 hdev->devid_source = source;
2574 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2575 hdev->devid_product = __le16_to_cpu(cp->product);
2576 hdev->devid_version = __le16_to_cpu(cp->version);
2578 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2582 hci_dev_unlock(hdev);
2587 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2588 void *data, u16 len)
2590 struct mgmt_mode *cp = data;
2591 struct hci_cp_write_page_scan_activity acp;
2595 BT_DBG("%s", hdev->name);
2597 if (!lmp_bredr_capable(hdev))
2598 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2599 MGMT_STATUS_NOT_SUPPORTED);
2601 if (!hdev_is_powered(hdev))
2602 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2603 MGMT_STATUS_NOT_POWERED);
2605 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2606 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2607 MGMT_STATUS_REJECTED);
2612 type = PAGE_SCAN_TYPE_INTERLACED;
2614 /* 160 msec page scan interval */
2615 acp.interval = __constant_cpu_to_le16(0x0100);
2617 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2619 /* default 1.28 sec page scan */
2620 acp.interval = __constant_cpu_to_le16(0x0800);
2623 /* default 11.25 msec page scan window */
2624 acp.window = __constant_cpu_to_le16(0x0012);
2626 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2629 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2630 MGMT_STATUS_FAILED);
2634 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2636 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2637 MGMT_STATUS_FAILED);
2641 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2644 hci_dev_unlock(hdev);
2648 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2649 void *cp_data, u16 len)
2651 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2652 u16 key_count, expected_len;
2655 key_count = __le16_to_cpu(cp->key_count);
2657 expected_len = sizeof(*cp) + key_count *
2658 sizeof(struct mgmt_ltk_info);
2659 if (expected_len != len) {
2660 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2662 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2666 BT_DBG("%s key_count %u", hdev->name, key_count);
2670 hci_smp_ltks_clear(hdev);
2672 for (i = 0; i < key_count; i++) {
2673 struct mgmt_ltk_info *key = &cp->keys[i];
2679 type = HCI_SMP_LTK_SLAVE;
2681 hci_add_ltk(hdev, &key->addr.bdaddr,
2682 bdaddr_to_le(key->addr.type),
2683 type, 0, key->authenticated, key->val,
2684 key->enc_size, key->ediv, key->rand);
2687 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
2690 hci_dev_unlock(hdev);
2695 static const struct mgmt_handler {
2696 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2700 } mgmt_handlers[] = {
2701 { NULL }, /* 0x0000 (no command) */
2702 { read_version, false, MGMT_READ_VERSION_SIZE },
2703 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2704 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2705 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2706 { set_powered, false, MGMT_SETTING_SIZE },
2707 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2708 { set_connectable, false, MGMT_SETTING_SIZE },
2709 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2710 { set_pairable, false, MGMT_SETTING_SIZE },
2711 { set_link_security, false, MGMT_SETTING_SIZE },
2712 { set_ssp, false, MGMT_SETTING_SIZE },
2713 { set_hs, false, MGMT_SETTING_SIZE },
2714 { set_le, false, MGMT_SETTING_SIZE },
2715 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2716 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2717 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2718 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2719 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2720 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2721 { disconnect, false, MGMT_DISCONNECT_SIZE },
2722 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2723 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2724 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2725 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2726 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2727 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2728 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2729 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2730 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2731 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2732 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2733 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2734 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2735 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2736 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2737 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2738 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2739 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2740 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2741 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2745 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2749 struct mgmt_hdr *hdr;
2750 u16 opcode, index, len;
2751 struct hci_dev *hdev = NULL;
2752 const struct mgmt_handler *handler;
2755 BT_DBG("got %zu bytes", msglen);
2757 if (msglen < sizeof(*hdr))
2760 buf = kmalloc(msglen, GFP_KERNEL);
2764 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2770 opcode = __le16_to_cpu(hdr->opcode);
2771 index = __le16_to_cpu(hdr->index);
2772 len = __le16_to_cpu(hdr->len);
2774 if (len != msglen - sizeof(*hdr)) {
2779 if (index != MGMT_INDEX_NONE) {
2780 hdev = hci_dev_get(index);
2782 err = cmd_status(sk, index, opcode,
2783 MGMT_STATUS_INVALID_INDEX);
2788 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2789 mgmt_handlers[opcode].func == NULL) {
2790 BT_DBG("Unknown op %u", opcode);
2791 err = cmd_status(sk, index, opcode,
2792 MGMT_STATUS_UNKNOWN_COMMAND);
2796 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2797 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2798 err = cmd_status(sk, index, opcode,
2799 MGMT_STATUS_INVALID_INDEX);
2803 handler = &mgmt_handlers[opcode];
2805 if ((handler->var_len && len < handler->data_len) ||
2806 (!handler->var_len && len != handler->data_len)) {
2807 err = cmd_status(sk, index, opcode,
2808 MGMT_STATUS_INVALID_PARAMS);
2813 mgmt_init_hdev(sk, hdev);
2815 cp = buf + sizeof(*hdr);
2817 err = handler->func(sk, hdev, cp, len);
2831 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2835 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2836 mgmt_pending_remove(cmd);
2839 int mgmt_index_added(struct hci_dev *hdev)
2841 if (!mgmt_valid_hdev(hdev))
2844 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2847 int mgmt_index_removed(struct hci_dev *hdev)
2849 u8 status = MGMT_STATUS_INVALID_INDEX;
2851 if (!mgmt_valid_hdev(hdev))
2854 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2856 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2861 struct hci_dev *hdev;
2865 static void settings_rsp(struct pending_cmd *cmd, void *data)
2867 struct cmd_lookup *match = data;
2869 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2871 list_del(&cmd->list);
2873 if (match->sk == NULL) {
2874 match->sk = cmd->sk;
2875 sock_hold(match->sk);
2878 mgmt_pending_free(cmd);
2881 static int set_bredr_scan(struct hci_dev *hdev)
2885 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2887 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2888 scan |= SCAN_INQUIRY;
2893 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2896 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2898 struct cmd_lookup match = { NULL, hdev };
2901 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2904 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2907 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
2908 !lmp_host_ssp_capable(hdev)) {
2911 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2914 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2915 struct hci_cp_write_le_host_supported cp;
2918 cp.simul = lmp_le_br_capable(hdev);
2920 /* Check first if we already have the right
2921 * host state (host features set)
2923 if (cp.le != lmp_host_le_capable(hdev) ||
2924 cp.simul != lmp_host_le_br_capable(hdev))
2926 HCI_OP_WRITE_LE_HOST_SUPPORTED,
2930 if (lmp_bredr_capable(hdev)) {
2931 set_bredr_scan(hdev);
2933 update_name(hdev, hdev->dev_name);
2937 u8 status = MGMT_STATUS_NOT_POWERED;
2938 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2941 err = new_settings(hdev, match.sk);
2949 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2951 struct cmd_lookup match = { NULL, hdev };
2952 bool changed = false;
2956 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2959 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2963 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2967 err = new_settings(hdev, match.sk);
2975 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2977 struct cmd_lookup match = { NULL, hdev };
2978 bool changed = false;
2982 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2985 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2989 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2993 err = new_settings(hdev, match.sk);
3001 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3003 u8 mgmt_err = mgmt_status(status);
3005 if (scan & SCAN_PAGE)
3006 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3007 cmd_status_rsp, &mgmt_err);
3009 if (scan & SCAN_INQUIRY)
3010 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3011 cmd_status_rsp, &mgmt_err);
3016 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3019 struct mgmt_ev_new_link_key ev;
3021 memset(&ev, 0, sizeof(ev));
3023 ev.store_hint = persistent;
3024 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3025 ev.key.addr.type = BDADDR_BREDR;
3026 ev.key.type = key->type;
3027 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
3028 ev.key.pin_len = key->pin_len;
3030 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3033 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3035 struct mgmt_ev_new_long_term_key ev;
3037 memset(&ev, 0, sizeof(ev));
3039 ev.store_hint = persistent;
3040 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3041 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3042 ev.key.authenticated = key->authenticated;
3043 ev.key.enc_size = key->enc_size;
3044 ev.key.ediv = key->ediv;
3046 if (key->type == HCI_SMP_LTK)
3049 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3050 memcpy(ev.key.val, key->val, sizeof(key->val));
3052 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3056 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3057 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3061 struct mgmt_ev_device_connected *ev = (void *) buf;
3064 bacpy(&ev->addr.bdaddr, bdaddr);
3065 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3067 ev->flags = __cpu_to_le32(flags);
3070 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3073 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3074 eir_len = eir_append_data(ev->eir, eir_len,
3075 EIR_CLASS_OF_DEV, dev_class, 3);
3077 ev->eir_len = cpu_to_le16(eir_len);
3079 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3080 sizeof(*ev) + eir_len, NULL);
3083 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3085 struct mgmt_cp_disconnect *cp = cmd->param;
3086 struct sock **sk = data;
3087 struct mgmt_rp_disconnect rp;
3089 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3090 rp.addr.type = cp->addr.type;
3092 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3098 mgmt_pending_remove(cmd);
3101 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3103 struct hci_dev *hdev = data;
3104 struct mgmt_cp_unpair_device *cp = cmd->param;
3105 struct mgmt_rp_unpair_device rp;
3107 memset(&rp, 0, sizeof(rp));
3108 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3109 rp.addr.type = cp->addr.type;
3111 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3113 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3115 mgmt_pending_remove(cmd);
3118 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3119 u8 link_type, u8 addr_type, u8 reason)
3121 struct mgmt_ev_device_disconnected ev;
3122 struct sock *sk = NULL;
3125 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3127 bacpy(&ev.addr.bdaddr, bdaddr);
3128 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3131 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3137 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3143 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3144 u8 link_type, u8 addr_type, u8 status)
3146 struct mgmt_rp_disconnect rp;
3147 struct pending_cmd *cmd;
3150 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3153 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3157 bacpy(&rp.addr.bdaddr, bdaddr);
3158 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3160 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3161 mgmt_status(status), &rp, sizeof(rp));
3163 mgmt_pending_remove(cmd);
3168 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3169 u8 addr_type, u8 status)
3171 struct mgmt_ev_connect_failed ev;
3173 bacpy(&ev.addr.bdaddr, bdaddr);
3174 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3175 ev.status = mgmt_status(status);
3177 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3180 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3182 struct mgmt_ev_pin_code_request ev;
3184 bacpy(&ev.addr.bdaddr, bdaddr);
3185 ev.addr.type = BDADDR_BREDR;
3188 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3192 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3195 struct pending_cmd *cmd;
3196 struct mgmt_rp_pin_code_reply rp;
3199 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3203 bacpy(&rp.addr.bdaddr, bdaddr);
3204 rp.addr.type = BDADDR_BREDR;
3206 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3207 mgmt_status(status), &rp, sizeof(rp));
3209 mgmt_pending_remove(cmd);
3214 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3217 struct pending_cmd *cmd;
3218 struct mgmt_rp_pin_code_reply rp;
3221 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3225 bacpy(&rp.addr.bdaddr, bdaddr);
3226 rp.addr.type = BDADDR_BREDR;
3228 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3229 mgmt_status(status), &rp, sizeof(rp));
3231 mgmt_pending_remove(cmd);
3236 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3237 u8 link_type, u8 addr_type, __le32 value,
3240 struct mgmt_ev_user_confirm_request ev;
3242 BT_DBG("%s", hdev->name);
3244 bacpy(&ev.addr.bdaddr, bdaddr);
3245 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3246 ev.confirm_hint = confirm_hint;
3249 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3253 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3254 u8 link_type, u8 addr_type)
3256 struct mgmt_ev_user_passkey_request ev;
3258 BT_DBG("%s", hdev->name);
3260 bacpy(&ev.addr.bdaddr, bdaddr);
3261 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3263 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3267 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3268 u8 link_type, u8 addr_type, u8 status,
3271 struct pending_cmd *cmd;
3272 struct mgmt_rp_user_confirm_reply rp;
3275 cmd = mgmt_pending_find(opcode, hdev);
3279 bacpy(&rp.addr.bdaddr, bdaddr);
3280 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3281 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3284 mgmt_pending_remove(cmd);
3289 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3290 u8 link_type, u8 addr_type, u8 status)
3292 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3293 status, MGMT_OP_USER_CONFIRM_REPLY);
3296 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3297 u8 link_type, u8 addr_type, u8 status)
3299 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3301 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3304 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3305 u8 link_type, u8 addr_type, u8 status)
3307 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3308 status, MGMT_OP_USER_PASSKEY_REPLY);
3311 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3312 u8 link_type, u8 addr_type, u8 status)
3314 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3316 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3319 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3320 u8 link_type, u8 addr_type, u32 passkey,
3323 struct mgmt_ev_passkey_notify ev;
3325 BT_DBG("%s", hdev->name);
3327 bacpy(&ev.addr.bdaddr, bdaddr);
3328 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3329 ev.passkey = __cpu_to_le32(passkey);
3330 ev.entered = entered;
3332 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3335 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3336 u8 addr_type, u8 status)
3338 struct mgmt_ev_auth_failed ev;
3340 bacpy(&ev.addr.bdaddr, bdaddr);
3341 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3342 ev.status = mgmt_status(status);
3344 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3347 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3349 struct cmd_lookup match = { NULL, hdev };
3350 bool changed = false;
3354 u8 mgmt_err = mgmt_status(status);
3355 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3356 cmd_status_rsp, &mgmt_err);
3360 if (test_bit(HCI_AUTH, &hdev->flags)) {
3361 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3364 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3368 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3372 err = new_settings(hdev, match.sk);
3380 static int clear_eir(struct hci_dev *hdev)
3382 struct hci_cp_write_eir cp;
3384 if (!lmp_ext_inq_capable(hdev))
3387 memset(hdev->eir, 0, sizeof(hdev->eir));
3389 memset(&cp, 0, sizeof(cp));
3391 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3394 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3396 struct cmd_lookup match = { NULL, hdev };
3397 bool changed = false;
3401 u8 mgmt_err = mgmt_status(status);
3403 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3405 err = new_settings(hdev, NULL);
3407 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3414 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3417 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3421 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3424 err = new_settings(hdev, match.sk);
3429 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3437 static void class_rsp(struct pending_cmd *cmd, void *data)
3439 struct cmd_lookup *match = data;
3441 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3442 match->hdev->dev_class, 3);
3444 list_del(&cmd->list);
3446 if (match->sk == NULL) {
3447 match->sk = cmd->sk;
3448 sock_hold(match->sk);
3451 mgmt_pending_free(cmd);
3454 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3457 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3460 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3462 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3463 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3464 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3467 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3476 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3478 struct pending_cmd *cmd;
3479 struct mgmt_cp_set_local_name ev;
3480 bool changed = false;
3483 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3484 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3488 memset(&ev, 0, sizeof(ev));
3489 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3490 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3492 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3496 /* Always assume that either the short or the complete name has
3497 * changed if there was a pending mgmt command */
3501 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3502 mgmt_status(status));
3506 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3513 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3514 sizeof(ev), cmd ? cmd->sk : NULL);
3516 /* EIR is taken care of separately when powering on the
3517 * adapter so only update them here if this is a name change
3518 * unrelated to power on.
3520 if (!test_bit(HCI_INIT, &hdev->flags))
3525 mgmt_pending_remove(cmd);
3529 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3530 u8 *randomizer, u8 status)
3532 struct pending_cmd *cmd;
3535 BT_DBG("%s status %u", hdev->name, status);
3537 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3542 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3543 mgmt_status(status));
3545 struct mgmt_rp_read_local_oob_data rp;
3547 memcpy(rp.hash, hash, sizeof(rp.hash));
3548 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3550 err = cmd_complete(cmd->sk, hdev->id,
3551 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3555 mgmt_pending_remove(cmd);
3560 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3562 struct cmd_lookup match = { NULL, hdev };
3563 bool changed = false;
3567 u8 mgmt_err = mgmt_status(status);
3569 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3571 err = new_settings(hdev, NULL);
3573 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3580 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3583 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3587 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3590 err = new_settings(hdev, match.sk);
3598 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3599 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3600 ssp, u8 *eir, u16 eir_len)
3603 struct mgmt_ev_device_found *ev = (void *) buf;
3606 /* Leave 5 bytes for a potential CoD field */
3607 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3610 memset(buf, 0, sizeof(buf));
3612 bacpy(&ev->addr.bdaddr, bdaddr);
3613 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3616 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3618 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3621 memcpy(ev->eir, eir, eir_len);
3623 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3624 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3627 ev->eir_len = cpu_to_le16(eir_len);
3628 ev_size = sizeof(*ev) + eir_len;
3630 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3633 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3634 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3636 struct mgmt_ev_device_found *ev;
3637 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3640 ev = (struct mgmt_ev_device_found *) buf;
3642 memset(buf, 0, sizeof(buf));
3644 bacpy(&ev->addr.bdaddr, bdaddr);
3645 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3648 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3651 ev->eir_len = cpu_to_le16(eir_len);
3653 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3654 sizeof(*ev) + eir_len, NULL);
3657 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3659 struct pending_cmd *cmd;
3663 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3665 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3669 type = hdev->discovery.type;
3671 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3672 &type, sizeof(type));
3673 mgmt_pending_remove(cmd);
3678 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3680 struct pending_cmd *cmd;
3683 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3687 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3688 &hdev->discovery.type, sizeof(hdev->discovery.type));
3689 mgmt_pending_remove(cmd);
3694 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3696 struct mgmt_ev_discovering ev;
3697 struct pending_cmd *cmd;
3699 BT_DBG("%s discovering %u", hdev->name, discovering);
3702 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3704 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3707 u8 type = hdev->discovery.type;
3709 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3711 mgmt_pending_remove(cmd);
3714 memset(&ev, 0, sizeof(ev));
3715 ev.type = hdev->discovery.type;
3716 ev.discovering = discovering;
3718 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3721 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3723 struct pending_cmd *cmd;
3724 struct mgmt_ev_device_blocked ev;
3726 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3728 bacpy(&ev.addr.bdaddr, bdaddr);
3729 ev.addr.type = type;
3731 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3732 cmd ? cmd->sk : NULL);
3735 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3737 struct pending_cmd *cmd;
3738 struct mgmt_ev_device_unblocked ev;
3740 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3742 bacpy(&ev.addr.bdaddr, bdaddr);
3743 ev.addr.type = type;
3745 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3746 cmd ? cmd->sk : NULL);
3749 module_param(enable_hs, bool, 0644);
3750 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
projects / karo-tx-linux.git / blob