2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/kernel.h>
26 #include <linux/uaccess.h>
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
33 #define MGMT_VERSION 0
34 #define MGMT_REVISION 1
36 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
38 #define SERVICE_CACHE_TIMEOUT (5 * 1000)
41 struct list_head list;
49 /* HCI to MGMT error code conversion table */
50 static u8 mgmt_status_table[] = {
52 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
53 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
54 MGMT_STATUS_FAILED, /* Hardware Failure */
55 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
56 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
57 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
58 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
59 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
60 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
61 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
62 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
63 MGMT_STATUS_BUSY, /* Command Disallowed */
64 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
65 MGMT_STATUS_REJECTED, /* Rejected Security */
66 MGMT_STATUS_REJECTED, /* Rejected Personal */
67 MGMT_STATUS_TIMEOUT, /* Host Timeout */
68 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
69 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
70 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
71 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
72 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
73 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
74 MGMT_STATUS_BUSY, /* Repeated Attempts */
75 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
76 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
77 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
78 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
79 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
80 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
81 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
82 MGMT_STATUS_FAILED, /* Unspecified Error */
83 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
84 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
85 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
86 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
87 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
88 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
89 MGMT_STATUS_FAILED, /* Unit Link Key Used */
90 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
91 MGMT_STATUS_TIMEOUT, /* Instant Passed */
92 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
93 MGMT_STATUS_FAILED, /* Transaction Collision */
94 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
95 MGMT_STATUS_REJECTED, /* QoS Rejected */
96 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
97 MGMT_STATUS_REJECTED, /* Insufficient Security */
98 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
99 MGMT_STATUS_BUSY, /* Role Switch Pending */
100 MGMT_STATUS_FAILED, /* Slot Violation */
101 MGMT_STATUS_FAILED, /* Role Switch Failed */
102 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
103 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
104 MGMT_STATUS_BUSY, /* Host Busy Pairing */
105 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
106 MGMT_STATUS_BUSY, /* Controller Busy */
107 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
108 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
109 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
110 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
111 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
114 static u8 mgmt_status(u8 hci_status)
116 if (hci_status < ARRAY_SIZE(mgmt_status_table))
117 return mgmt_status_table[hci_status];
119 return MGMT_STATUS_FAILED;
122 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
125 struct mgmt_hdr *hdr;
126 struct mgmt_ev_cmd_status *ev;
129 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
131 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
135 hdr = (void *) skb_put(skb, sizeof(*hdr));
137 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
138 hdr->index = cpu_to_le16(index);
139 hdr->len = cpu_to_le16(sizeof(*ev));
141 ev = (void *) skb_put(skb, sizeof(*ev));
143 put_unaligned_le16(cmd, &ev->opcode);
145 err = sock_queue_rcv_skb(sk, skb);
152 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
156 struct mgmt_hdr *hdr;
157 struct mgmt_ev_cmd_complete *ev;
160 BT_DBG("sock %p", sk);
162 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
166 hdr = (void *) skb_put(skb, sizeof(*hdr));
168 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
169 hdr->index = cpu_to_le16(index);
170 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
172 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
173 put_unaligned_le16(cmd, &ev->opcode);
176 memcpy(ev->data, rp, rp_len);
178 err = sock_queue_rcv_skb(sk, skb);
185 static int read_version(struct sock *sk)
187 struct mgmt_rp_read_version rp;
189 BT_DBG("sock %p", sk);
191 rp.version = MGMT_VERSION;
192 put_unaligned_le16(MGMT_REVISION, &rp.revision);
194 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
198 static int read_index_list(struct sock *sk)
200 struct mgmt_rp_read_index_list *rp;
207 BT_DBG("sock %p", sk);
209 read_lock(&hci_dev_list_lock);
212 list_for_each(p, &hci_dev_list) {
216 rp_len = sizeof(*rp) + (2 * count);
217 rp = kmalloc(rp_len, GFP_ATOMIC);
219 read_unlock(&hci_dev_list_lock);
223 put_unaligned_le16(count, &rp->num_controllers);
226 list_for_each_entry(d, &hci_dev_list, list) {
227 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
228 cancel_delayed_work(&d->power_off);
230 if (test_bit(HCI_SETUP, &d->flags))
233 put_unaligned_le16(d->id, &rp->index[i++]);
234 BT_DBG("Added hci%u", d->id);
237 read_unlock(&hci_dev_list_lock);
239 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
247 static u32 get_supported_settings(struct hci_dev *hdev)
251 settings |= MGMT_SETTING_POWERED;
252 settings |= MGMT_SETTING_CONNECTABLE;
253 settings |= MGMT_SETTING_FAST_CONNECTABLE;
254 settings |= MGMT_SETTING_DISCOVERABLE;
255 settings |= MGMT_SETTING_PAIRABLE;
257 if (hdev->features[6] & LMP_SIMPLE_PAIR)
258 settings |= MGMT_SETTING_SSP;
260 if (!(hdev->features[4] & LMP_NO_BREDR)) {
261 settings |= MGMT_SETTING_BREDR;
262 settings |= MGMT_SETTING_LINK_SECURITY;
265 if (hdev->features[4] & LMP_LE)
266 settings |= MGMT_SETTING_LE;
271 static u32 get_current_settings(struct hci_dev *hdev)
275 if (test_bit(HCI_UP, &hdev->flags))
276 settings |= MGMT_SETTING_POWERED;
280 if (test_bit(HCI_PSCAN, &hdev->flags))
281 settings |= MGMT_SETTING_CONNECTABLE;
283 if (test_bit(HCI_ISCAN, &hdev->flags))
284 settings |= MGMT_SETTING_DISCOVERABLE;
286 if (test_bit(HCI_PAIRABLE, &hdev->flags))
287 settings |= MGMT_SETTING_PAIRABLE;
289 if (!(hdev->features[4] & LMP_NO_BREDR))
290 settings |= MGMT_SETTING_BREDR;
292 if (hdev->extfeatures[0] & LMP_HOST_LE)
293 settings |= MGMT_SETTING_LE;
295 if (test_bit(HCI_AUTH, &hdev->flags))
296 settings |= MGMT_SETTING_LINK_SECURITY;
298 if (hdev->ssp_mode > 0)
299 settings |= MGMT_SETTING_SSP;
304 #define EIR_FLAGS 0x01 /* flags */
305 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
306 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
307 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
308 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
309 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
310 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
311 #define EIR_NAME_SHORT 0x08 /* shortened local name */
312 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
313 #define EIR_TX_POWER 0x0A /* transmit power level */
314 #define EIR_DEVICE_ID 0x10 /* device ID */
316 #define PNP_INFO_SVCLASS_ID 0x1200
318 static u8 bluetooth_base_uuid[] = {
319 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
320 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
323 static u16 get_uuid16(u8 *uuid128)
328 for (i = 0; i < 12; i++) {
329 if (bluetooth_base_uuid[i] != uuid128[i])
333 memcpy(&val, &uuid128[12], 4);
335 val = le32_to_cpu(val);
342 static void create_eir(struct hci_dev *hdev, u8 *data)
346 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
347 int i, truncated = 0;
348 struct bt_uuid *uuid;
351 name_len = strlen(hdev->dev_name);
357 ptr[1] = EIR_NAME_SHORT;
359 ptr[1] = EIR_NAME_COMPLETE;
361 /* EIR Data length */
362 ptr[0] = name_len + 1;
364 memcpy(ptr + 2, hdev->dev_name, name_len);
366 eir_len += (name_len + 2);
367 ptr += (name_len + 2);
370 memset(uuid16_list, 0, sizeof(uuid16_list));
372 /* Group all UUID16 types */
373 list_for_each_entry(uuid, &hdev->uuids, list) {
376 uuid16 = get_uuid16(uuid->uuid);
383 if (uuid16 == PNP_INFO_SVCLASS_ID)
386 /* Stop if not enough space to put next UUID */
387 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
392 /* Check for duplicates */
393 for (i = 0; uuid16_list[i] != 0; i++)
394 if (uuid16_list[i] == uuid16)
397 if (uuid16_list[i] == 0) {
398 uuid16_list[i] = uuid16;
399 eir_len += sizeof(u16);
403 if (uuid16_list[0] != 0) {
407 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
412 for (i = 0; uuid16_list[i] != 0; i++) {
413 *ptr++ = (uuid16_list[i] & 0x00ff);
414 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
417 /* EIR Data length */
418 *length = (i * sizeof(u16)) + 1;
422 static int update_eir(struct hci_dev *hdev)
424 struct hci_cp_write_eir cp;
426 if (!(hdev->features[6] & LMP_EXT_INQ))
429 if (hdev->ssp_mode == 0)
432 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
435 memset(&cp, 0, sizeof(cp));
437 create_eir(hdev, cp.data);
439 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
442 memcpy(hdev->eir, cp.data, sizeof(cp.data));
444 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
447 static u8 get_service_classes(struct hci_dev *hdev)
449 struct bt_uuid *uuid;
452 list_for_each_entry(uuid, &hdev->uuids, list)
453 val |= uuid->svc_hint;
458 static int update_class(struct hci_dev *hdev)
462 BT_DBG("%s", hdev->name);
464 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
467 cod[0] = hdev->minor_class;
468 cod[1] = hdev->major_class;
469 cod[2] = get_service_classes(hdev);
471 if (memcmp(cod, hdev->dev_class, 3) == 0)
474 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
477 static void service_cache_off(struct work_struct *work)
479 struct hci_dev *hdev = container_of(work, struct hci_dev,
482 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->flags))
490 hci_dev_unlock(hdev);
493 static void mgmt_init_hdev(struct hci_dev *hdev)
495 if (!test_and_set_bit(HCI_MGMT, &hdev->flags))
496 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
498 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->flags))
499 schedule_delayed_work(&hdev->service_cache,
500 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
503 static int read_controller_info(struct sock *sk, u16 index)
505 struct mgmt_rp_read_info rp;
506 struct hci_dev *hdev;
508 BT_DBG("sock %p hci%u", sk, index);
510 hdev = hci_dev_get(index);
512 return cmd_status(sk, index, MGMT_OP_READ_INFO,
513 MGMT_STATUS_INVALID_PARAMS);
515 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
516 cancel_delayed_work_sync(&hdev->power_off);
520 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
521 mgmt_init_hdev(hdev);
523 memset(&rp, 0, sizeof(rp));
525 bacpy(&rp.bdaddr, &hdev->bdaddr);
527 rp.version = hdev->hci_ver;
529 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
531 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
532 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
534 memcpy(rp.dev_class, hdev->dev_class, 3);
536 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
538 hci_dev_unlock(hdev);
541 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
544 static void mgmt_pending_free(struct pending_cmd *cmd)
551 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
552 struct hci_dev *hdev,
555 struct pending_cmd *cmd;
557 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
561 cmd->opcode = opcode;
562 cmd->index = hdev->id;
564 cmd->param = kmalloc(len, GFP_ATOMIC);
571 memcpy(cmd->param, data, len);
576 list_add(&cmd->list, &hdev->mgmt_pending);
581 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
582 void (*cb)(struct pending_cmd *cmd, void *data),
585 struct list_head *p, *n;
587 list_for_each_safe(p, n, &hdev->mgmt_pending) {
588 struct pending_cmd *cmd;
590 cmd = list_entry(p, struct pending_cmd, list);
592 if (opcode > 0 && cmd->opcode != opcode)
599 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
601 struct pending_cmd *cmd;
603 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
604 if (cmd->opcode == opcode)
611 static void mgmt_pending_remove(struct pending_cmd *cmd)
613 list_del(&cmd->list);
614 mgmt_pending_free(cmd);
617 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
619 __le32 settings = cpu_to_le32(get_current_settings(hdev));
621 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings));
624 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
626 struct mgmt_mode *cp;
627 struct hci_dev *hdev;
628 struct pending_cmd *cmd;
633 BT_DBG("request for hci%u", index);
635 if (len != sizeof(*cp))
636 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
637 MGMT_STATUS_INVALID_PARAMS);
639 hdev = hci_dev_get(index);
641 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
642 MGMT_STATUS_INVALID_PARAMS);
646 up = test_bit(HCI_UP, &hdev->flags);
647 if ((cp->val && up) || (!cp->val && !up)) {
648 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
652 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
653 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
658 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
665 schedule_work(&hdev->power_on);
667 schedule_work(&hdev->power_off.work);
672 hci_dev_unlock(hdev);
677 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
680 struct mgmt_cp_set_discoverable *cp;
681 struct hci_dev *hdev;
682 struct pending_cmd *cmd;
688 BT_DBG("request for hci%u", index);
690 if (len != sizeof(*cp))
691 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
692 MGMT_STATUS_INVALID_PARAMS);
694 hdev = hci_dev_get(index);
696 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
697 MGMT_STATUS_INVALID_PARAMS);
701 if (!test_bit(HCI_UP, &hdev->flags)) {
702 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
703 MGMT_STATUS_NOT_POWERED);
707 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
708 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
709 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
714 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
715 test_bit(HCI_PSCAN, &hdev->flags)) {
716 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
720 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
729 scan |= SCAN_INQUIRY;
731 cancel_delayed_work(&hdev->discov_off);
733 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
735 mgmt_pending_remove(cmd);
738 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
741 hci_dev_unlock(hdev);
747 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
750 struct mgmt_mode *cp;
751 struct hci_dev *hdev;
752 struct pending_cmd *cmd;
758 BT_DBG("request for hci%u", index);
760 if (len != sizeof(*cp))
761 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
762 MGMT_STATUS_INVALID_PARAMS);
764 hdev = hci_dev_get(index);
766 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
767 MGMT_STATUS_INVALID_PARAMS);
771 if (!test_bit(HCI_UP, &hdev->flags)) {
772 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
773 MGMT_STATUS_NOT_POWERED);
777 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
778 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
779 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
784 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
785 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
789 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
800 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
802 mgmt_pending_remove(cmd);
805 hci_dev_unlock(hdev);
811 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
812 u16 data_len, struct sock *skip_sk)
815 struct mgmt_hdr *hdr;
817 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
821 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
823 hdr = (void *) skb_put(skb, sizeof(*hdr));
824 hdr->opcode = cpu_to_le16(event);
826 hdr->index = cpu_to_le16(hdev->id);
828 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
829 hdr->len = cpu_to_le16(data_len);
832 memcpy(skb_put(skb, data_len), data, data_len);
834 hci_send_to_sock(NULL, skb, skip_sk);
840 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
843 struct mgmt_mode *cp;
844 struct hci_dev *hdev;
850 BT_DBG("request for hci%u", index);
852 if (len != sizeof(*cp))
853 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
854 MGMT_STATUS_INVALID_PARAMS);
856 hdev = hci_dev_get(index);
858 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
859 MGMT_STATUS_INVALID_PARAMS);
864 set_bit(HCI_PAIRABLE, &hdev->flags);
866 clear_bit(HCI_PAIRABLE, &hdev->flags);
868 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
872 ev = cpu_to_le32(get_current_settings(hdev));
874 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
877 hci_dev_unlock(hdev);
883 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
885 struct mgmt_cp_add_uuid *cp;
886 struct hci_dev *hdev;
887 struct bt_uuid *uuid;
892 BT_DBG("request for hci%u", index);
894 if (len != sizeof(*cp))
895 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
896 MGMT_STATUS_INVALID_PARAMS);
898 hdev = hci_dev_get(index);
900 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
901 MGMT_STATUS_INVALID_PARAMS);
905 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
911 memcpy(uuid->uuid, cp->uuid, 16);
912 uuid->svc_hint = cp->svc_hint;
914 list_add(&uuid->list, &hdev->uuids);
916 err = update_class(hdev);
920 err = update_eir(hdev);
924 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
927 hci_dev_unlock(hdev);
933 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
935 struct list_head *p, *n;
936 struct mgmt_cp_remove_uuid *cp;
937 struct hci_dev *hdev;
938 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
943 BT_DBG("request for hci%u", index);
945 if (len != sizeof(*cp))
946 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
947 MGMT_STATUS_INVALID_PARAMS);
949 hdev = hci_dev_get(index);
951 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
952 MGMT_STATUS_INVALID_PARAMS);
956 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
957 err = hci_uuids_clear(hdev);
963 list_for_each_safe(p, n, &hdev->uuids) {
964 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
966 if (memcmp(match->uuid, cp->uuid, 16) != 0)
969 list_del(&match->list);
974 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
975 MGMT_STATUS_INVALID_PARAMS);
979 err = update_class(hdev);
983 err = update_eir(hdev);
987 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
990 hci_dev_unlock(hdev);
996 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
999 struct hci_dev *hdev;
1000 struct mgmt_cp_set_dev_class *cp;
1005 BT_DBG("request for hci%u", index);
1007 if (len != sizeof(*cp))
1008 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1009 MGMT_STATUS_INVALID_PARAMS);
1011 hdev = hci_dev_get(index);
1013 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1014 MGMT_STATUS_INVALID_PARAMS);
1018 hdev->major_class = cp->major;
1019 hdev->minor_class = cp->minor;
1021 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->flags)) {
1022 hci_dev_unlock(hdev);
1023 cancel_delayed_work_sync(&hdev->service_cache);
1028 err = update_class(hdev);
1031 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1033 hci_dev_unlock(hdev);
1039 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
1042 struct hci_dev *hdev;
1043 struct mgmt_cp_load_link_keys *cp;
1044 u16 key_count, expected_len;
1049 if (len < sizeof(*cp))
1050 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1051 MGMT_STATUS_INVALID_PARAMS);
1053 key_count = get_unaligned_le16(&cp->key_count);
1055 expected_len = sizeof(*cp) + key_count *
1056 sizeof(struct mgmt_link_key_info);
1057 if (expected_len != len) {
1058 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1060 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1061 MGMT_STATUS_INVALID_PARAMS);
1064 hdev = hci_dev_get(index);
1066 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1067 MGMT_STATUS_INVALID_PARAMS);
1069 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1074 hci_link_keys_clear(hdev);
1076 set_bit(HCI_LINK_KEYS, &hdev->flags);
1079 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
1081 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
1083 for (i = 0; i < key_count; i++) {
1084 struct mgmt_link_key_info *key = &cp->keys[i];
1086 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
1090 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0);
1092 hci_dev_unlock(hdev);
1098 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
1101 struct hci_dev *hdev;
1102 struct mgmt_cp_remove_keys *cp;
1103 struct mgmt_rp_remove_keys rp;
1104 struct hci_cp_disconnect dc;
1105 struct pending_cmd *cmd;
1106 struct hci_conn *conn;
1111 if (len != sizeof(*cp))
1112 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1113 MGMT_STATUS_INVALID_PARAMS);
1115 hdev = hci_dev_get(index);
1117 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1118 MGMT_STATUS_INVALID_PARAMS);
1122 memset(&rp, 0, sizeof(rp));
1123 bacpy(&rp.bdaddr, &cp->bdaddr);
1124 rp.status = MGMT_STATUS_FAILED;
1126 err = hci_remove_link_key(hdev, &cp->bdaddr);
1128 rp.status = MGMT_STATUS_NOT_PAIRED;
1132 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1133 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1138 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1140 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1145 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp));
1151 put_unaligned_le16(conn->handle, &dc.handle);
1152 dc.reason = 0x13; /* Remote User Terminated Connection */
1153 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1155 mgmt_pending_remove(cmd);
1159 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1161 hci_dev_unlock(hdev);
1167 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1169 struct hci_dev *hdev;
1170 struct mgmt_cp_disconnect *cp;
1171 struct hci_cp_disconnect dc;
1172 struct pending_cmd *cmd;
1173 struct hci_conn *conn;
1180 if (len != sizeof(*cp))
1181 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1182 MGMT_STATUS_INVALID_PARAMS);
1184 hdev = hci_dev_get(index);
1186 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1187 MGMT_STATUS_INVALID_PARAMS);
1191 if (!test_bit(HCI_UP, &hdev->flags)) {
1192 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1193 MGMT_STATUS_NOT_POWERED);
1197 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1198 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1203 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1205 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1208 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1209 MGMT_STATUS_NOT_CONNECTED);
1213 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1219 put_unaligned_le16(conn->handle, &dc.handle);
1220 dc.reason = 0x13; /* Remote User Terminated Connection */
1222 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1224 mgmt_pending_remove(cmd);
1227 hci_dev_unlock(hdev);
1233 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1235 switch (link_type) {
1237 switch (addr_type) {
1238 case ADDR_LE_DEV_PUBLIC:
1239 return MGMT_ADDR_LE_PUBLIC;
1240 case ADDR_LE_DEV_RANDOM:
1241 return MGMT_ADDR_LE_RANDOM;
1243 return MGMT_ADDR_INVALID;
1246 return MGMT_ADDR_BREDR;
1248 return MGMT_ADDR_INVALID;
1252 static int get_connections(struct sock *sk, u16 index)
1254 struct mgmt_rp_get_connections *rp;
1255 struct hci_dev *hdev;
1257 struct list_head *p;
1264 hdev = hci_dev_get(index);
1266 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1267 MGMT_STATUS_INVALID_PARAMS);
1272 list_for_each(p, &hdev->conn_hash.list) {
1276 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1277 rp = kmalloc(rp_len, GFP_ATOMIC);
1283 put_unaligned_le16(count, &rp->conn_count);
1286 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1287 bacpy(&rp->addr[i].bdaddr, &c->dst);
1288 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1289 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1294 /* Recalculate length in case of filtered SCO connections, etc */
1295 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1297 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1301 hci_dev_unlock(hdev);
1306 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1307 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1309 struct pending_cmd *cmd;
1312 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1317 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1320 mgmt_pending_remove(cmd);
1325 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1328 struct hci_dev *hdev;
1329 struct hci_conn *conn;
1330 struct mgmt_cp_pin_code_reply *cp;
1331 struct mgmt_cp_pin_code_neg_reply ncp;
1332 struct hci_cp_pin_code_reply reply;
1333 struct pending_cmd *cmd;
1340 if (len != sizeof(*cp))
1341 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1342 MGMT_STATUS_INVALID_PARAMS);
1344 hdev = hci_dev_get(index);
1346 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1347 MGMT_STATUS_INVALID_PARAMS);
1351 if (!test_bit(HCI_UP, &hdev->flags)) {
1352 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1353 MGMT_STATUS_NOT_POWERED);
1357 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1359 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1360 MGMT_STATUS_NOT_CONNECTED);
1364 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1365 bacpy(&ncp.bdaddr, &cp->bdaddr);
1367 BT_ERR("PIN code is not 16 bytes long");
1369 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1371 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1372 MGMT_STATUS_INVALID_PARAMS);
1377 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1383 bacpy(&reply.bdaddr, &cp->bdaddr);
1384 reply.pin_len = cp->pin_len;
1385 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1387 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1389 mgmt_pending_remove(cmd);
1392 hci_dev_unlock(hdev);
1398 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1401 struct hci_dev *hdev;
1402 struct mgmt_cp_pin_code_neg_reply *cp;
1409 if (len != sizeof(*cp))
1410 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1411 MGMT_STATUS_INVALID_PARAMS);
1413 hdev = hci_dev_get(index);
1415 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1416 MGMT_STATUS_INVALID_PARAMS);
1420 if (!test_bit(HCI_UP, &hdev->flags)) {
1421 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1422 MGMT_STATUS_NOT_POWERED);
1426 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1429 hci_dev_unlock(hdev);
1435 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1438 struct hci_dev *hdev;
1439 struct mgmt_cp_set_io_capability *cp;
1445 if (len != sizeof(*cp))
1446 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1447 MGMT_STATUS_INVALID_PARAMS);
1449 hdev = hci_dev_get(index);
1451 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1452 MGMT_STATUS_INVALID_PARAMS);
1456 hdev->io_capability = cp->io_capability;
1458 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1459 hdev->io_capability);
1461 hci_dev_unlock(hdev);
1464 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1467 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1469 struct hci_dev *hdev = conn->hdev;
1470 struct pending_cmd *cmd;
1472 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1473 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1476 if (cmd->user_data != conn)
1485 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1487 struct mgmt_rp_pair_device rp;
1488 struct hci_conn *conn = cmd->user_data;
1490 bacpy(&rp.addr.bdaddr, &conn->dst);
1491 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1494 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1496 /* So we don't get further callbacks for this connection */
1497 conn->connect_cfm_cb = NULL;
1498 conn->security_cfm_cb = NULL;
1499 conn->disconn_cfm_cb = NULL;
1503 mgmt_pending_remove(cmd);
1506 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1508 struct pending_cmd *cmd;
1510 BT_DBG("status %u", status);
1512 cmd = find_pairing(conn);
1514 BT_DBG("Unable to find a pending command");
1516 pairing_complete(cmd, status);
1519 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1521 struct hci_dev *hdev;
1522 struct mgmt_cp_pair_device *cp;
1523 struct mgmt_rp_pair_device rp;
1524 struct pending_cmd *cmd;
1525 u8 sec_level, auth_type;
1526 struct hci_conn *conn;
1533 if (len != sizeof(*cp))
1534 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1535 MGMT_STATUS_INVALID_PARAMS);
1537 hdev = hci_dev_get(index);
1539 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1540 MGMT_STATUS_INVALID_PARAMS);
1544 sec_level = BT_SECURITY_MEDIUM;
1545 if (cp->io_cap == 0x03)
1546 auth_type = HCI_AT_DEDICATED_BONDING;
1548 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1550 if (cp->addr.type == MGMT_ADDR_BREDR)
1551 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1554 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1557 memset(&rp, 0, sizeof(rp));
1558 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1559 rp.addr.type = cp->addr.type;
1562 rp.status = -PTR_ERR(conn);
1563 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1568 if (conn->connect_cfm_cb) {
1571 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1576 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1583 /* For LE, just connecting isn't a proof that the pairing finished */
1584 if (cp->addr.type == MGMT_ADDR_BREDR)
1585 conn->connect_cfm_cb = pairing_complete_cb;
1587 conn->security_cfm_cb = pairing_complete_cb;
1588 conn->disconn_cfm_cb = pairing_complete_cb;
1589 conn->io_capability = cp->io_cap;
1590 cmd->user_data = conn;
1592 if (conn->state == BT_CONNECTED &&
1593 hci_conn_security(conn, sec_level, auth_type))
1594 pairing_complete(cmd, 0);
1599 hci_dev_unlock(hdev);
1605 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1606 u16 mgmt_op, u16 hci_op, __le32 passkey)
1608 struct pending_cmd *cmd;
1609 struct hci_dev *hdev;
1610 struct hci_conn *conn;
1613 hdev = hci_dev_get(index);
1615 return cmd_status(sk, index, mgmt_op,
1616 MGMT_STATUS_INVALID_PARAMS);
1620 if (!test_bit(HCI_UP, &hdev->flags)) {
1621 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1626 * Check for an existing ACL link, if present pair via
1629 * If no ACL link is present, check for an LE link and if
1630 * present, pair via the SMP engine.
1632 * If neither ACL nor LE links are present, fail with error.
1634 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1636 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1638 err = cmd_status(sk, index, mgmt_op,
1639 MGMT_STATUS_NOT_CONNECTED);
1643 /* Continue with pairing via SMP */
1645 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_SUCCESS);
1649 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
1655 /* Continue with pairing via HCI */
1656 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1657 struct hci_cp_user_passkey_reply cp;
1659 bacpy(&cp.bdaddr, bdaddr);
1660 cp.passkey = passkey;
1661 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1663 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1666 mgmt_pending_remove(cmd);
1669 hci_dev_unlock(hdev);
1675 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1677 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1681 if (len != sizeof(*cp))
1682 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1683 MGMT_STATUS_INVALID_PARAMS);
1685 return user_pairing_resp(sk, index, &cp->bdaddr,
1686 MGMT_OP_USER_CONFIRM_REPLY,
1687 HCI_OP_USER_CONFIRM_REPLY, 0);
1690 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1693 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1697 if (len != sizeof(*cp))
1698 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1699 MGMT_STATUS_INVALID_PARAMS);
1701 return user_pairing_resp(sk, index, &cp->bdaddr,
1702 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1703 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1706 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1708 struct mgmt_cp_user_passkey_reply *cp = (void *) data;
1712 if (len != sizeof(*cp))
1713 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1716 return user_pairing_resp(sk, index, &cp->bdaddr,
1717 MGMT_OP_USER_PASSKEY_REPLY,
1718 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
1721 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1724 struct mgmt_cp_user_passkey_neg_reply *cp = (void *) data;
1728 if (len != sizeof(*cp))
1729 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1732 return user_pairing_resp(sk, index, &cp->bdaddr,
1733 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1734 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
1737 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1740 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1741 struct hci_cp_write_local_name hci_cp;
1742 struct hci_dev *hdev;
1743 struct pending_cmd *cmd;
1748 if (len != sizeof(*mgmt_cp))
1749 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1750 MGMT_STATUS_INVALID_PARAMS);
1752 hdev = hci_dev_get(index);
1754 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1755 MGMT_STATUS_INVALID_PARAMS);
1759 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
1765 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1766 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1769 mgmt_pending_remove(cmd);
1772 hci_dev_unlock(hdev);
1778 static int read_local_oob_data(struct sock *sk, u16 index)
1780 struct hci_dev *hdev;
1781 struct pending_cmd *cmd;
1784 BT_DBG("hci%u", index);
1786 hdev = hci_dev_get(index);
1788 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1789 MGMT_STATUS_INVALID_PARAMS);
1793 if (!test_bit(HCI_UP, &hdev->flags)) {
1794 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1795 MGMT_STATUS_NOT_POWERED);
1799 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1800 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1801 MGMT_STATUS_NOT_SUPPORTED);
1805 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1806 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1811 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1817 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1819 mgmt_pending_remove(cmd);
1822 hci_dev_unlock(hdev);
1828 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1831 struct hci_dev *hdev;
1832 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1835 BT_DBG("hci%u ", index);
1837 if (len != sizeof(*cp))
1838 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1839 MGMT_STATUS_INVALID_PARAMS);
1841 hdev = hci_dev_get(index);
1843 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1844 MGMT_STATUS_INVALID_PARAMS);
1848 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1851 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1852 MGMT_STATUS_FAILED);
1854 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1857 hci_dev_unlock(hdev);
1863 static int remove_remote_oob_data(struct sock *sk, u16 index,
1864 unsigned char *data, u16 len)
1866 struct hci_dev *hdev;
1867 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1870 BT_DBG("hci%u ", index);
1872 if (len != sizeof(*cp))
1873 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1874 MGMT_STATUS_INVALID_PARAMS);
1876 hdev = hci_dev_get(index);
1878 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1879 MGMT_STATUS_INVALID_PARAMS);
1883 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1885 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1886 MGMT_STATUS_INVALID_PARAMS);
1888 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1891 hci_dev_unlock(hdev);
1897 static int start_discovery(struct sock *sk, u16 index,
1898 unsigned char *data, u16 len)
1900 struct mgmt_cp_start_discovery *cp = (void *) data;
1901 struct pending_cmd *cmd;
1902 struct hci_dev *hdev;
1905 BT_DBG("hci%u", index);
1907 if (len != sizeof(*cp))
1908 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1909 MGMT_STATUS_INVALID_PARAMS);
1911 hdev = hci_dev_get(index);
1913 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1914 MGMT_STATUS_INVALID_PARAMS);
1918 if (!test_bit(HCI_UP, &hdev->flags)) {
1919 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1920 MGMT_STATUS_NOT_POWERED);
1924 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1930 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1932 mgmt_pending_remove(cmd);
1935 hci_dev_unlock(hdev);
1941 static int stop_discovery(struct sock *sk, u16 index)
1943 struct hci_dev *hdev;
1944 struct pending_cmd *cmd;
1947 BT_DBG("hci%u", index);
1949 hdev = hci_dev_get(index);
1951 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
1952 MGMT_STATUS_INVALID_PARAMS);
1956 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
1962 err = hci_cancel_inquiry(hdev);
1964 mgmt_pending_remove(cmd);
1967 hci_dev_unlock(hdev);
1973 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1976 struct hci_dev *hdev;
1977 struct mgmt_cp_block_device *cp = (void *) data;
1980 BT_DBG("hci%u", index);
1982 if (len != sizeof(*cp))
1983 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1984 MGMT_STATUS_INVALID_PARAMS);
1986 hdev = hci_dev_get(index);
1988 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1989 MGMT_STATUS_INVALID_PARAMS);
1993 err = hci_blacklist_add(hdev, &cp->bdaddr);
1995 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1996 MGMT_STATUS_FAILED);
1998 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2001 hci_dev_unlock(hdev);
2007 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
2010 struct hci_dev *hdev;
2011 struct mgmt_cp_unblock_device *cp = (void *) data;
2014 BT_DBG("hci%u", index);
2016 if (len != sizeof(*cp))
2017 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2018 MGMT_STATUS_INVALID_PARAMS);
2020 hdev = hci_dev_get(index);
2022 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2023 MGMT_STATUS_INVALID_PARAMS);
2027 err = hci_blacklist_del(hdev, &cp->bdaddr);
2030 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2031 MGMT_STATUS_INVALID_PARAMS);
2033 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2036 hci_dev_unlock(hdev);
2042 static int set_fast_connectable(struct sock *sk, u16 index,
2043 unsigned char *data, u16 len)
2045 struct hci_dev *hdev;
2046 struct mgmt_mode *cp = (void *) data;
2047 struct hci_cp_write_page_scan_activity acp;
2051 BT_DBG("hci%u", index);
2053 if (len != sizeof(*cp))
2054 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2055 MGMT_STATUS_INVALID_PARAMS);
2057 hdev = hci_dev_get(index);
2059 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2060 MGMT_STATUS_INVALID_PARAMS);
2065 type = PAGE_SCAN_TYPE_INTERLACED;
2066 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2068 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2069 acp.interval = 0x0800; /* default 1.28 sec page scan */
2072 acp.window = 0x0012; /* default 11.25 msec page scan window */
2074 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2077 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2078 MGMT_STATUS_FAILED);
2082 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2084 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2085 MGMT_STATUS_FAILED);
2089 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2092 hci_dev_unlock(hdev);
2098 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2101 struct mgmt_hdr *hdr;
2102 u16 opcode, index, len;
2105 BT_DBG("got %zu bytes", msglen);
2107 if (msglen < sizeof(*hdr))
2110 buf = kmalloc(msglen, GFP_KERNEL);
2114 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2119 hdr = (struct mgmt_hdr *) buf;
2120 opcode = get_unaligned_le16(&hdr->opcode);
2121 index = get_unaligned_le16(&hdr->index);
2122 len = get_unaligned_le16(&hdr->len);
2124 if (len != msglen - sizeof(*hdr)) {
2130 case MGMT_OP_READ_VERSION:
2131 err = read_version(sk);
2133 case MGMT_OP_READ_INDEX_LIST:
2134 err = read_index_list(sk);
2136 case MGMT_OP_READ_INFO:
2137 err = read_controller_info(sk, index);
2139 case MGMT_OP_SET_POWERED:
2140 err = set_powered(sk, index, buf + sizeof(*hdr), len);
2142 case MGMT_OP_SET_DISCOVERABLE:
2143 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
2145 case MGMT_OP_SET_CONNECTABLE:
2146 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
2148 case MGMT_OP_SET_FAST_CONNECTABLE:
2149 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
2152 case MGMT_OP_SET_PAIRABLE:
2153 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
2155 case MGMT_OP_ADD_UUID:
2156 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
2158 case MGMT_OP_REMOVE_UUID:
2159 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
2161 case MGMT_OP_SET_DEV_CLASS:
2162 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
2164 case MGMT_OP_LOAD_LINK_KEYS:
2165 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
2167 case MGMT_OP_REMOVE_KEYS:
2168 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
2170 case MGMT_OP_DISCONNECT:
2171 err = disconnect(sk, index, buf + sizeof(*hdr), len);
2173 case MGMT_OP_GET_CONNECTIONS:
2174 err = get_connections(sk, index);
2176 case MGMT_OP_PIN_CODE_REPLY:
2177 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
2179 case MGMT_OP_PIN_CODE_NEG_REPLY:
2180 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
2182 case MGMT_OP_SET_IO_CAPABILITY:
2183 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
2185 case MGMT_OP_PAIR_DEVICE:
2186 err = pair_device(sk, index, buf + sizeof(*hdr), len);
2188 case MGMT_OP_USER_CONFIRM_REPLY:
2189 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len);
2191 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2192 err = user_confirm_neg_reply(sk, index, buf + sizeof(*hdr),
2195 case MGMT_OP_USER_PASSKEY_REPLY:
2196 err = user_passkey_reply(sk, index, buf + sizeof(*hdr), len);
2198 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2199 err = user_passkey_neg_reply(sk, index, buf + sizeof(*hdr),
2202 case MGMT_OP_SET_LOCAL_NAME:
2203 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
2205 case MGMT_OP_READ_LOCAL_OOB_DATA:
2206 err = read_local_oob_data(sk, index);
2208 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2209 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
2211 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2212 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
2215 case MGMT_OP_START_DISCOVERY:
2216 err = start_discovery(sk, index, buf + sizeof(*hdr), len);
2218 case MGMT_OP_STOP_DISCOVERY:
2219 err = stop_discovery(sk, index);
2221 case MGMT_OP_BLOCK_DEVICE:
2222 err = block_device(sk, index, buf + sizeof(*hdr), len);
2224 case MGMT_OP_UNBLOCK_DEVICE:
2225 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
2228 BT_DBG("Unknown op %u", opcode);
2229 err = cmd_status(sk, index, opcode,
2230 MGMT_STATUS_UNKNOWN_COMMAND);
2244 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2248 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2249 mgmt_pending_remove(cmd);
2252 int mgmt_index_added(struct hci_dev *hdev)
2254 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2257 int mgmt_index_removed(struct hci_dev *hdev)
2261 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2263 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2269 struct hci_dev *hdev;
2272 static void settings_rsp(struct pending_cmd *cmd, void *data)
2274 struct cmd_lookup *match = data;
2276 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2278 list_del(&cmd->list);
2280 if (match->sk == NULL) {
2281 match->sk = cmd->sk;
2282 sock_hold(match->sk);
2285 mgmt_pending_free(cmd);
2288 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2290 struct cmd_lookup match = { powered, NULL, hdev };
2294 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2297 u8 status = ENETDOWN;
2298 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2301 ev = cpu_to_le32(get_current_settings(hdev));
2303 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2312 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2314 struct cmd_lookup match = { discoverable, NULL, hdev };
2318 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
2320 ev = cpu_to_le32(get_current_settings(hdev));
2322 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2330 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2333 struct cmd_lookup match = { connectable, NULL, hdev };
2336 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2339 ev = cpu_to_le32(get_current_settings(hdev));
2341 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
2349 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2351 u8 mgmt_err = mgmt_status(status);
2353 if (scan & SCAN_PAGE)
2354 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2355 cmd_status_rsp, &mgmt_err);
2357 if (scan & SCAN_INQUIRY)
2358 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2359 cmd_status_rsp, &mgmt_err);
2364 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2367 struct mgmt_ev_new_link_key ev;
2369 memset(&ev, 0, sizeof(ev));
2371 ev.store_hint = persistent;
2372 bacpy(&ev.key.bdaddr, &key->bdaddr);
2373 ev.key.type = key->type;
2374 memcpy(ev.key.val, key->val, 16);
2375 ev.key.pin_len = key->pin_len;
2377 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2380 int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2383 struct mgmt_addr_info ev;
2385 bacpy(&ev.bdaddr, bdaddr);
2386 ev.type = link_to_mgmt(link_type, addr_type);
2388 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
2391 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2393 struct mgmt_cp_disconnect *cp = cmd->param;
2394 struct sock **sk = data;
2395 struct mgmt_rp_disconnect rp;
2397 bacpy(&rp.bdaddr, &cp->bdaddr);
2400 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2405 mgmt_pending_remove(cmd);
2408 static void remove_keys_rsp(struct pending_cmd *cmd, void *data)
2411 struct mgmt_cp_remove_keys *cp = cmd->param;
2412 struct mgmt_rp_remove_keys rp;
2414 memset(&rp, 0, sizeof(rp));
2415 bacpy(&rp.bdaddr, &cp->bdaddr);
2417 rp.status = *status;
2419 cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp,
2422 mgmt_pending_remove(cmd);
2425 int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2428 struct mgmt_addr_info ev;
2429 struct sock *sk = NULL;
2432 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2434 bacpy(&ev.bdaddr, bdaddr);
2435 ev.type = link_to_mgmt(link_type, addr_type);
2437 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
2442 mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL);
2447 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2449 struct pending_cmd *cmd;
2450 u8 mgmt_err = mgmt_status(status);
2453 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2458 struct mgmt_rp_disconnect rp;
2460 bacpy(&rp.bdaddr, bdaddr);
2463 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2466 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT,
2469 mgmt_pending_remove(cmd);
2474 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2475 u8 addr_type, u8 status)
2477 struct mgmt_ev_connect_failed ev;
2479 bacpy(&ev.addr.bdaddr, bdaddr);
2480 ev.addr.type = link_to_mgmt(link_type, addr_type);
2481 ev.status = mgmt_status(status);
2483 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2486 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2488 struct mgmt_ev_pin_code_request ev;
2490 bacpy(&ev.bdaddr, bdaddr);
2493 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2497 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2500 struct pending_cmd *cmd;
2501 struct mgmt_rp_pin_code_reply rp;
2504 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2508 bacpy(&rp.bdaddr, bdaddr);
2509 rp.status = mgmt_status(status);
2511 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2514 mgmt_pending_remove(cmd);
2519 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2522 struct pending_cmd *cmd;
2523 struct mgmt_rp_pin_code_reply rp;
2526 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2530 bacpy(&rp.bdaddr, bdaddr);
2531 rp.status = mgmt_status(status);
2533 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2536 mgmt_pending_remove(cmd);
2541 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2542 __le32 value, u8 confirm_hint)
2544 struct mgmt_ev_user_confirm_request ev;
2546 BT_DBG("%s", hdev->name);
2548 bacpy(&ev.bdaddr, bdaddr);
2549 ev.confirm_hint = confirm_hint;
2550 put_unaligned_le32(value, &ev.value);
2552 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2556 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr)
2558 struct mgmt_ev_user_passkey_request ev;
2560 BT_DBG("%s", hdev->name);
2562 bacpy(&ev.bdaddr, bdaddr);
2564 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
2568 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2569 u8 status, u8 opcode)
2571 struct pending_cmd *cmd;
2572 struct mgmt_rp_user_confirm_reply rp;
2575 cmd = mgmt_pending_find(opcode, hdev);
2579 bacpy(&rp.bdaddr, bdaddr);
2580 rp.status = mgmt_status(status);
2581 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2583 mgmt_pending_remove(cmd);
2588 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2591 return user_pairing_resp_complete(hdev, bdaddr, status,
2592 MGMT_OP_USER_CONFIRM_REPLY);
2595 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2596 bdaddr_t *bdaddr, u8 status)
2598 return user_pairing_resp_complete(hdev, bdaddr, status,
2599 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2602 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2605 return user_pairing_resp_complete(hdev, bdaddr, status,
2606 MGMT_OP_USER_PASSKEY_REPLY);
2609 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev,
2610 bdaddr_t *bdaddr, u8 status)
2612 return user_pairing_resp_complete(hdev, bdaddr, status,
2613 MGMT_OP_USER_PASSKEY_NEG_REPLY);
2616 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2618 struct mgmt_ev_auth_failed ev;
2620 bacpy(&ev.bdaddr, bdaddr);
2621 ev.status = mgmt_status(status);
2623 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2626 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2628 struct pending_cmd *cmd;
2629 struct mgmt_cp_set_local_name ev;
2632 memset(&ev, 0, sizeof(ev));
2633 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2635 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2640 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2641 mgmt_status(status));
2647 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2653 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2654 cmd ? cmd->sk : NULL);
2658 mgmt_pending_remove(cmd);
2662 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2663 u8 *randomizer, u8 status)
2665 struct pending_cmd *cmd;
2668 BT_DBG("%s status %u", hdev->name, status);
2670 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2675 err = cmd_status(cmd->sk, hdev->id,
2676 MGMT_OP_READ_LOCAL_OOB_DATA,
2677 mgmt_status(status));
2679 struct mgmt_rp_read_local_oob_data rp;
2681 memcpy(rp.hash, hash, sizeof(rp.hash));
2682 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2684 err = cmd_complete(cmd->sk, hdev->id,
2685 MGMT_OP_READ_LOCAL_OOB_DATA,
2689 mgmt_pending_remove(cmd);
2694 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2695 u8 addr_type, u8 *dev_class, s8 rssi, u8 *eir)
2697 struct mgmt_ev_device_found ev;
2699 memset(&ev, 0, sizeof(ev));
2701 bacpy(&ev.addr.bdaddr, bdaddr);
2702 ev.addr.type = link_to_mgmt(link_type, addr_type);
2706 memcpy(ev.eir, eir, sizeof(ev.eir));
2709 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2711 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
2714 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
2716 struct mgmt_ev_remote_name ev;
2718 memset(&ev, 0, sizeof(ev));
2720 bacpy(&ev.bdaddr, bdaddr);
2721 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2723 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
2726 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2728 struct pending_cmd *cmd;
2731 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2735 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
2736 mgmt_pending_remove(cmd);
2741 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2743 struct pending_cmd *cmd;
2746 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2750 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status);
2751 mgmt_pending_remove(cmd);
2756 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2758 struct pending_cmd *cmd;
2761 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2763 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2766 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
2767 mgmt_pending_remove(cmd);
2770 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
2771 sizeof(discovering), NULL);
2774 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2776 struct pending_cmd *cmd;
2777 struct mgmt_ev_device_blocked ev;
2779 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
2781 bacpy(&ev.bdaddr, bdaddr);
2783 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2784 cmd ? cmd->sk : NULL);
2787 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2789 struct pending_cmd *cmd;
2790 struct mgmt_ev_device_unblocked ev;
2792 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
2794 bacpy(&ev.bdaddr, bdaddr);
2796 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2797 cmd ? cmd->sk : NULL);