2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/kernel.h>
26 #include <linux/uaccess.h>
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
35 #define MGMT_VERSION 0
36 #define MGMT_REVISION 1
39 * These LE scan and inquiry parameters were chosen according to LE General
40 * Discovery Procedure specification.
42 #define LE_SCAN_TYPE 0x01
43 #define LE_SCAN_WIN 0x12
44 #define LE_SCAN_INT 0x12
45 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
47 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
49 #define SERVICE_CACHE_TIMEOUT (5 * 1000)
52 struct list_head list;
60 /* HCI to MGMT error code conversion table */
61 static u8 mgmt_status_table[] = {
63 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
64 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
65 MGMT_STATUS_FAILED, /* Hardware Failure */
66 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
67 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
68 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
69 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
70 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
71 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
72 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
73 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
74 MGMT_STATUS_BUSY, /* Command Disallowed */
75 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
76 MGMT_STATUS_REJECTED, /* Rejected Security */
77 MGMT_STATUS_REJECTED, /* Rejected Personal */
78 MGMT_STATUS_TIMEOUT, /* Host Timeout */
79 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
80 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
81 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
82 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
83 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
84 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
85 MGMT_STATUS_BUSY, /* Repeated Attempts */
86 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
87 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
88 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
89 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
90 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
91 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
92 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
93 MGMT_STATUS_FAILED, /* Unspecified Error */
94 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
95 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
96 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
97 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
98 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
99 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
100 MGMT_STATUS_FAILED, /* Unit Link Key Used */
101 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
102 MGMT_STATUS_TIMEOUT, /* Instant Passed */
103 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
104 MGMT_STATUS_FAILED, /* Transaction Collision */
105 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
106 MGMT_STATUS_REJECTED, /* QoS Rejected */
107 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
108 MGMT_STATUS_REJECTED, /* Insufficient Security */
109 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
110 MGMT_STATUS_BUSY, /* Role Switch Pending */
111 MGMT_STATUS_FAILED, /* Slot Violation */
112 MGMT_STATUS_FAILED, /* Role Switch Failed */
113 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
114 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
115 MGMT_STATUS_BUSY, /* Host Busy Pairing */
116 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
117 MGMT_STATUS_BUSY, /* Controller Busy */
118 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
119 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
120 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
121 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
122 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
125 static u8 mgmt_status(u8 hci_status)
127 if (hci_status < ARRAY_SIZE(mgmt_status_table))
128 return mgmt_status_table[hci_status];
130 return MGMT_STATUS_FAILED;
133 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
136 struct mgmt_hdr *hdr;
137 struct mgmt_ev_cmd_status *ev;
140 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
142 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
146 hdr = (void *) skb_put(skb, sizeof(*hdr));
148 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
149 hdr->index = cpu_to_le16(index);
150 hdr->len = cpu_to_le16(sizeof(*ev));
152 ev = (void *) skb_put(skb, sizeof(*ev));
154 put_unaligned_le16(cmd, &ev->opcode);
156 err = sock_queue_rcv_skb(sk, skb);
163 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
167 struct mgmt_hdr *hdr;
168 struct mgmt_ev_cmd_complete *ev;
171 BT_DBG("sock %p", sk);
173 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
177 hdr = (void *) skb_put(skb, sizeof(*hdr));
179 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
180 hdr->index = cpu_to_le16(index);
181 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
183 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
184 put_unaligned_le16(cmd, &ev->opcode);
187 memcpy(ev->data, rp, rp_len);
189 err = sock_queue_rcv_skb(sk, skb);
196 static int read_version(struct sock *sk)
198 struct mgmt_rp_read_version rp;
200 BT_DBG("sock %p", sk);
202 rp.version = MGMT_VERSION;
203 put_unaligned_le16(MGMT_REVISION, &rp.revision);
205 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
209 static int read_index_list(struct sock *sk)
211 struct mgmt_rp_read_index_list *rp;
218 BT_DBG("sock %p", sk);
220 read_lock(&hci_dev_list_lock);
223 list_for_each(p, &hci_dev_list) {
227 rp_len = sizeof(*rp) + (2 * count);
228 rp = kmalloc(rp_len, GFP_ATOMIC);
230 read_unlock(&hci_dev_list_lock);
234 put_unaligned_le16(count, &rp->num_controllers);
237 list_for_each_entry(d, &hci_dev_list, list) {
238 if (test_and_clear_bit(HCI_AUTO_OFF, &d->dev_flags))
239 cancel_delayed_work(&d->power_off);
241 if (test_bit(HCI_SETUP, &d->dev_flags))
244 put_unaligned_le16(d->id, &rp->index[i++]);
245 BT_DBG("Added hci%u", d->id);
248 read_unlock(&hci_dev_list_lock);
250 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
258 static u32 get_supported_settings(struct hci_dev *hdev)
262 settings |= MGMT_SETTING_POWERED;
263 settings |= MGMT_SETTING_CONNECTABLE;
264 settings |= MGMT_SETTING_FAST_CONNECTABLE;
265 settings |= MGMT_SETTING_DISCOVERABLE;
266 settings |= MGMT_SETTING_PAIRABLE;
268 if (hdev->features[6] & LMP_SIMPLE_PAIR)
269 settings |= MGMT_SETTING_SSP;
271 if (!(hdev->features[4] & LMP_NO_BREDR)) {
272 settings |= MGMT_SETTING_BREDR;
273 settings |= MGMT_SETTING_LINK_SECURITY;
276 if (hdev->features[4] & LMP_LE)
277 settings |= MGMT_SETTING_LE;
282 static u32 get_current_settings(struct hci_dev *hdev)
286 if (test_bit(HCI_UP, &hdev->flags))
287 settings |= MGMT_SETTING_POWERED;
291 if (test_bit(HCI_PSCAN, &hdev->flags))
292 settings |= MGMT_SETTING_CONNECTABLE;
294 if (test_bit(HCI_ISCAN, &hdev->flags))
295 settings |= MGMT_SETTING_DISCOVERABLE;
297 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
298 settings |= MGMT_SETTING_PAIRABLE;
300 if (!(hdev->features[4] & LMP_NO_BREDR))
301 settings |= MGMT_SETTING_BREDR;
303 if (hdev->host_features[0] & LMP_HOST_LE)
304 settings |= MGMT_SETTING_LE;
306 if (test_bit(HCI_AUTH, &hdev->flags))
307 settings |= MGMT_SETTING_LINK_SECURITY;
309 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
310 settings |= MGMT_SETTING_SSP;
315 #define PNP_INFO_SVCLASS_ID 0x1200
317 static u8 bluetooth_base_uuid[] = {
318 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
319 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
322 static u16 get_uuid16(u8 *uuid128)
327 for (i = 0; i < 12; i++) {
328 if (bluetooth_base_uuid[i] != uuid128[i])
332 memcpy(&val, &uuid128[12], 4);
334 val = le32_to_cpu(val);
341 static void create_eir(struct hci_dev *hdev, u8 *data)
345 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
346 int i, truncated = 0;
347 struct bt_uuid *uuid;
350 name_len = strlen(hdev->dev_name);
356 ptr[1] = EIR_NAME_SHORT;
358 ptr[1] = EIR_NAME_COMPLETE;
360 /* EIR Data length */
361 ptr[0] = name_len + 1;
363 memcpy(ptr + 2, hdev->dev_name, name_len);
365 eir_len += (name_len + 2);
366 ptr += (name_len + 2);
369 memset(uuid16_list, 0, sizeof(uuid16_list));
371 /* Group all UUID16 types */
372 list_for_each_entry(uuid, &hdev->uuids, list) {
375 uuid16 = get_uuid16(uuid->uuid);
382 if (uuid16 == PNP_INFO_SVCLASS_ID)
385 /* Stop if not enough space to put next UUID */
386 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
391 /* Check for duplicates */
392 for (i = 0; uuid16_list[i] != 0; i++)
393 if (uuid16_list[i] == uuid16)
396 if (uuid16_list[i] == 0) {
397 uuid16_list[i] = uuid16;
398 eir_len += sizeof(u16);
402 if (uuid16_list[0] != 0) {
406 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
411 for (i = 0; uuid16_list[i] != 0; i++) {
412 *ptr++ = (uuid16_list[i] & 0x00ff);
413 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
416 /* EIR Data length */
417 *length = (i * sizeof(u16)) + 1;
421 static int update_eir(struct hci_dev *hdev)
423 struct hci_cp_write_eir cp;
425 if (!(hdev->features[6] & LMP_EXT_INQ))
428 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
431 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
434 memset(&cp, 0, sizeof(cp));
436 create_eir(hdev, cp.data);
438 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
441 memcpy(hdev->eir, cp.data, sizeof(cp.data));
443 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
446 static u8 get_service_classes(struct hci_dev *hdev)
448 struct bt_uuid *uuid;
451 list_for_each_entry(uuid, &hdev->uuids, list)
452 val |= uuid->svc_hint;
457 static int update_class(struct hci_dev *hdev)
461 BT_DBG("%s", hdev->name);
463 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
466 cod[0] = hdev->minor_class;
467 cod[1] = hdev->major_class;
468 cod[2] = get_service_classes(hdev);
470 if (memcmp(cod, hdev->dev_class, 3) == 0)
473 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
476 static void service_cache_off(struct work_struct *work)
478 struct hci_dev *hdev = container_of(work, struct hci_dev,
481 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
489 hci_dev_unlock(hdev);
492 static void mgmt_init_hdev(struct hci_dev *hdev)
494 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
495 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
497 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
498 schedule_delayed_work(&hdev->service_cache,
499 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
502 static int read_controller_info(struct sock *sk, u16 index)
504 struct mgmt_rp_read_info rp;
505 struct hci_dev *hdev;
507 BT_DBG("sock %p hci%u", sk, index);
509 hdev = hci_dev_get(index);
511 return cmd_status(sk, index, MGMT_OP_READ_INFO,
512 MGMT_STATUS_INVALID_PARAMS);
514 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
515 cancel_delayed_work_sync(&hdev->power_off);
519 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
520 mgmt_init_hdev(hdev);
522 memset(&rp, 0, sizeof(rp));
524 bacpy(&rp.bdaddr, &hdev->bdaddr);
526 rp.version = hdev->hci_ver;
528 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
530 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
531 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
533 memcpy(rp.dev_class, hdev->dev_class, 3);
535 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
537 hci_dev_unlock(hdev);
540 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
543 static void mgmt_pending_free(struct pending_cmd *cmd)
550 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
551 struct hci_dev *hdev,
554 struct pending_cmd *cmd;
556 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
560 cmd->opcode = opcode;
561 cmd->index = hdev->id;
563 cmd->param = kmalloc(len, GFP_ATOMIC);
570 memcpy(cmd->param, data, len);
575 list_add(&cmd->list, &hdev->mgmt_pending);
580 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
581 void (*cb)(struct pending_cmd *cmd, void *data),
584 struct list_head *p, *n;
586 list_for_each_safe(p, n, &hdev->mgmt_pending) {
587 struct pending_cmd *cmd;
589 cmd = list_entry(p, struct pending_cmd, list);
591 if (opcode > 0 && cmd->opcode != opcode)
598 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
600 struct pending_cmd *cmd;
602 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
603 if (cmd->opcode == opcode)
610 static void mgmt_pending_remove(struct pending_cmd *cmd)
612 list_del(&cmd->list);
613 mgmt_pending_free(cmd);
616 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
618 __le32 settings = cpu_to_le32(get_current_settings(hdev));
620 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings));
623 static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
625 struct mgmt_mode *cp = data;
626 struct hci_dev *hdev;
627 struct pending_cmd *cmd;
630 BT_DBG("request for hci%u", index);
632 if (len != sizeof(*cp))
633 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
634 MGMT_STATUS_INVALID_PARAMS);
636 hdev = hci_dev_get(index);
638 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
639 MGMT_STATUS_INVALID_PARAMS);
643 up = test_bit(HCI_UP, &hdev->flags);
644 if ((cp->val && up) || (!cp->val && !up)) {
645 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
649 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
650 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
655 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
662 schedule_work(&hdev->power_on);
664 schedule_work(&hdev->power_off.work);
669 hci_dev_unlock(hdev);
674 static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
676 struct mgmt_cp_set_discoverable *cp = data;
677 struct hci_dev *hdev;
678 struct pending_cmd *cmd;
682 BT_DBG("request for hci%u", index);
684 if (len != sizeof(*cp))
685 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
686 MGMT_STATUS_INVALID_PARAMS);
688 hdev = hci_dev_get(index);
690 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
691 MGMT_STATUS_INVALID_PARAMS);
695 if (!test_bit(HCI_UP, &hdev->flags)) {
696 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
697 MGMT_STATUS_NOT_POWERED);
701 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
702 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
703 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
708 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
709 test_bit(HCI_PSCAN, &hdev->flags)) {
710 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
714 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
723 scan |= SCAN_INQUIRY;
725 cancel_delayed_work(&hdev->discov_off);
727 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
729 mgmt_pending_remove(cmd);
732 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
735 hci_dev_unlock(hdev);
741 static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
743 struct mgmt_mode *cp = data;
744 struct hci_dev *hdev;
745 struct pending_cmd *cmd;
749 BT_DBG("request for hci%u", index);
751 if (len != sizeof(*cp))
752 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
753 MGMT_STATUS_INVALID_PARAMS);
755 hdev = hci_dev_get(index);
757 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
758 MGMT_STATUS_INVALID_PARAMS);
762 if (!test_bit(HCI_UP, &hdev->flags)) {
763 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
764 MGMT_STATUS_NOT_POWERED);
768 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
769 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
770 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
775 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
776 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
791 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
793 mgmt_pending_remove(cmd);
796 hci_dev_unlock(hdev);
802 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
803 u16 data_len, struct sock *skip_sk)
806 struct mgmt_hdr *hdr;
808 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
812 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
814 hdr = (void *) skb_put(skb, sizeof(*hdr));
815 hdr->opcode = cpu_to_le16(event);
817 hdr->index = cpu_to_le16(hdev->id);
819 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
820 hdr->len = cpu_to_le16(data_len);
823 memcpy(skb_put(skb, data_len), data, data_len);
825 hci_send_to_sock(NULL, skb, skip_sk);
831 static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
833 struct mgmt_mode *cp = data;
834 struct hci_dev *hdev;
838 BT_DBG("request for hci%u", index);
840 if (len != sizeof(*cp))
841 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
842 MGMT_STATUS_INVALID_PARAMS);
844 hdev = hci_dev_get(index);
846 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
847 MGMT_STATUS_INVALID_PARAMS);
852 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
854 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
856 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
860 ev = cpu_to_le32(get_current_settings(hdev));
862 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
865 hci_dev_unlock(hdev);
871 static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
873 struct mgmt_cp_add_uuid *cp = data;
874 struct hci_dev *hdev;
875 struct bt_uuid *uuid;
878 BT_DBG("request for hci%u", index);
880 if (len != sizeof(*cp))
881 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
882 MGMT_STATUS_INVALID_PARAMS);
884 hdev = hci_dev_get(index);
886 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
887 MGMT_STATUS_INVALID_PARAMS);
891 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
897 memcpy(uuid->uuid, cp->uuid, 16);
898 uuid->svc_hint = cp->svc_hint;
900 list_add(&uuid->list, &hdev->uuids);
902 err = update_class(hdev);
906 err = update_eir(hdev);
910 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
913 hci_dev_unlock(hdev);
919 static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
921 struct mgmt_cp_remove_uuid *cp = data;
922 struct list_head *p, *n;
923 struct hci_dev *hdev;
924 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
927 BT_DBG("request for hci%u", index);
929 if (len != sizeof(*cp))
930 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
931 MGMT_STATUS_INVALID_PARAMS);
933 hdev = hci_dev_get(index);
935 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
936 MGMT_STATUS_INVALID_PARAMS);
940 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
941 err = hci_uuids_clear(hdev);
947 list_for_each_safe(p, n, &hdev->uuids) {
948 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
950 if (memcmp(match->uuid, cp->uuid, 16) != 0)
953 list_del(&match->list);
958 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
959 MGMT_STATUS_INVALID_PARAMS);
963 err = update_class(hdev);
967 err = update_eir(hdev);
971 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
974 hci_dev_unlock(hdev);
980 static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
982 struct hci_dev *hdev;
983 struct mgmt_cp_set_dev_class *cp = data;
986 BT_DBG("request for hci%u", index);
988 if (len != sizeof(*cp))
989 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
990 MGMT_STATUS_INVALID_PARAMS);
992 hdev = hci_dev_get(index);
994 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
995 MGMT_STATUS_INVALID_PARAMS);
999 hdev->major_class = cp->major;
1000 hdev->minor_class = cp->minor;
1002 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1003 hci_dev_unlock(hdev);
1004 cancel_delayed_work_sync(&hdev->service_cache);
1009 err = update_class(hdev);
1012 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1014 hci_dev_unlock(hdev);
1020 static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
1022 struct hci_dev *hdev;
1023 struct mgmt_cp_load_link_keys *cp = data;
1024 u16 key_count, expected_len;
1027 if (len < sizeof(*cp))
1028 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1029 MGMT_STATUS_INVALID_PARAMS);
1031 key_count = get_unaligned_le16(&cp->key_count);
1033 expected_len = sizeof(*cp) + key_count *
1034 sizeof(struct mgmt_link_key_info);
1035 if (expected_len != len) {
1036 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1038 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1039 MGMT_STATUS_INVALID_PARAMS);
1042 hdev = hci_dev_get(index);
1044 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1045 MGMT_STATUS_INVALID_PARAMS);
1047 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1052 hci_link_keys_clear(hdev);
1054 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1057 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1059 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1061 for (i = 0; i < key_count; i++) {
1062 struct mgmt_link_key_info *key = &cp->keys[i];
1064 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
1068 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0);
1070 hci_dev_unlock(hdev);
1076 static int remove_keys(struct sock *sk, u16 index, void *data, u16 len)
1078 struct hci_dev *hdev;
1079 struct mgmt_cp_remove_keys *cp = data;
1080 struct mgmt_rp_remove_keys rp;
1081 struct hci_cp_disconnect dc;
1082 struct pending_cmd *cmd;
1083 struct hci_conn *conn;
1086 if (len != sizeof(*cp))
1087 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1088 MGMT_STATUS_INVALID_PARAMS);
1090 hdev = hci_dev_get(index);
1092 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1093 MGMT_STATUS_INVALID_PARAMS);
1097 memset(&rp, 0, sizeof(rp));
1098 bacpy(&rp.bdaddr, &cp->bdaddr);
1099 rp.status = MGMT_STATUS_FAILED;
1101 err = hci_remove_ltk(hdev, &cp->bdaddr);
1103 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, -err);
1107 err = hci_remove_link_key(hdev, &cp->bdaddr);
1109 rp.status = MGMT_STATUS_NOT_PAIRED;
1113 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1114 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1119 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1121 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1126 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp));
1132 put_unaligned_le16(conn->handle, &dc.handle);
1133 dc.reason = 0x13; /* Remote User Terminated Connection */
1134 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1136 mgmt_pending_remove(cmd);
1140 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1142 hci_dev_unlock(hdev);
1148 static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
1150 struct hci_dev *hdev;
1151 struct mgmt_cp_disconnect *cp = data;
1152 struct hci_cp_disconnect dc;
1153 struct pending_cmd *cmd;
1154 struct hci_conn *conn;
1159 if (len != sizeof(*cp))
1160 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1161 MGMT_STATUS_INVALID_PARAMS);
1163 hdev = hci_dev_get(index);
1165 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1166 MGMT_STATUS_INVALID_PARAMS);
1170 if (!test_bit(HCI_UP, &hdev->flags)) {
1171 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1172 MGMT_STATUS_NOT_POWERED);
1176 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1177 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1182 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1184 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1187 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1188 MGMT_STATUS_NOT_CONNECTED);
1192 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1198 put_unaligned_le16(conn->handle, &dc.handle);
1199 dc.reason = 0x13; /* Remote User Terminated Connection */
1201 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1203 mgmt_pending_remove(cmd);
1206 hci_dev_unlock(hdev);
1212 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1214 switch (link_type) {
1216 switch (addr_type) {
1217 case ADDR_LE_DEV_PUBLIC:
1218 return MGMT_ADDR_LE_PUBLIC;
1219 case ADDR_LE_DEV_RANDOM:
1220 return MGMT_ADDR_LE_RANDOM;
1222 return MGMT_ADDR_INVALID;
1225 return MGMT_ADDR_BREDR;
1227 return MGMT_ADDR_INVALID;
1231 static int get_connections(struct sock *sk, u16 index)
1233 struct mgmt_rp_get_connections *rp;
1234 struct hci_dev *hdev;
1242 hdev = hci_dev_get(index);
1244 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1245 MGMT_STATUS_INVALID_PARAMS);
1250 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1251 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1255 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1256 rp = kmalloc(rp_len, GFP_ATOMIC);
1262 put_unaligned_le16(count, &rp->conn_count);
1265 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1266 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1268 bacpy(&rp->addr[i].bdaddr, &c->dst);
1269 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1270 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1275 /* Recalculate length in case of filtered SCO connections, etc */
1276 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1278 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1282 hci_dev_unlock(hdev);
1287 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1288 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1290 struct pending_cmd *cmd;
1293 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1298 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1301 mgmt_pending_remove(cmd);
1306 static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
1308 struct hci_dev *hdev;
1309 struct hci_conn *conn;
1310 struct mgmt_cp_pin_code_reply *cp = data;
1311 struct mgmt_cp_pin_code_neg_reply ncp;
1312 struct hci_cp_pin_code_reply reply;
1313 struct pending_cmd *cmd;
1318 if (len != sizeof(*cp))
1319 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1320 MGMT_STATUS_INVALID_PARAMS);
1322 hdev = hci_dev_get(index);
1324 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1325 MGMT_STATUS_INVALID_PARAMS);
1329 if (!test_bit(HCI_UP, &hdev->flags)) {
1330 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1331 MGMT_STATUS_NOT_POWERED);
1335 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1337 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1338 MGMT_STATUS_NOT_CONNECTED);
1342 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1343 bacpy(&ncp.bdaddr, &cp->bdaddr);
1345 BT_ERR("PIN code is not 16 bytes long");
1347 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1349 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1350 MGMT_STATUS_INVALID_PARAMS);
1355 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1362 bacpy(&reply.bdaddr, &cp->bdaddr);
1363 reply.pin_len = cp->pin_len;
1364 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1366 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1368 mgmt_pending_remove(cmd);
1371 hci_dev_unlock(hdev);
1377 static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
1379 struct hci_dev *hdev;
1380 struct mgmt_cp_pin_code_neg_reply *cp = data;
1385 if (len != sizeof(*cp))
1386 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1387 MGMT_STATUS_INVALID_PARAMS);
1389 hdev = hci_dev_get(index);
1391 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1392 MGMT_STATUS_INVALID_PARAMS);
1396 if (!test_bit(HCI_UP, &hdev->flags)) {
1397 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1398 MGMT_STATUS_NOT_POWERED);
1402 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1405 hci_dev_unlock(hdev);
1411 static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
1413 struct hci_dev *hdev;
1414 struct mgmt_cp_set_io_capability *cp = data;
1418 if (len != sizeof(*cp))
1419 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1420 MGMT_STATUS_INVALID_PARAMS);
1422 hdev = hci_dev_get(index);
1424 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1425 MGMT_STATUS_INVALID_PARAMS);
1429 hdev->io_capability = cp->io_capability;
1431 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1432 hdev->io_capability);
1434 hci_dev_unlock(hdev);
1437 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1440 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1442 struct hci_dev *hdev = conn->hdev;
1443 struct pending_cmd *cmd;
1445 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1446 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1449 if (cmd->user_data != conn)
1458 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1460 struct mgmt_rp_pair_device rp;
1461 struct hci_conn *conn = cmd->user_data;
1463 bacpy(&rp.addr.bdaddr, &conn->dst);
1464 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1467 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1469 /* So we don't get further callbacks for this connection */
1470 conn->connect_cfm_cb = NULL;
1471 conn->security_cfm_cb = NULL;
1472 conn->disconn_cfm_cb = NULL;
1476 mgmt_pending_remove(cmd);
1479 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1481 struct pending_cmd *cmd;
1483 BT_DBG("status %u", status);
1485 cmd = find_pairing(conn);
1487 BT_DBG("Unable to find a pending command");
1489 pairing_complete(cmd, status);
1492 static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
1494 struct hci_dev *hdev;
1495 struct mgmt_cp_pair_device *cp = data;
1496 struct mgmt_rp_pair_device rp;
1497 struct pending_cmd *cmd;
1498 u8 sec_level, auth_type;
1499 struct hci_conn *conn;
1504 if (len != sizeof(*cp))
1505 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1506 MGMT_STATUS_INVALID_PARAMS);
1508 hdev = hci_dev_get(index);
1510 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1511 MGMT_STATUS_INVALID_PARAMS);
1515 sec_level = BT_SECURITY_MEDIUM;
1516 if (cp->io_cap == 0x03)
1517 auth_type = HCI_AT_DEDICATED_BONDING;
1519 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1521 if (cp->addr.type == MGMT_ADDR_BREDR)
1522 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1525 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1528 memset(&rp, 0, sizeof(rp));
1529 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1530 rp.addr.type = cp->addr.type;
1533 rp.status = -PTR_ERR(conn);
1534 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1539 if (conn->connect_cfm_cb) {
1542 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1547 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1554 /* For LE, just connecting isn't a proof that the pairing finished */
1555 if (cp->addr.type == MGMT_ADDR_BREDR)
1556 conn->connect_cfm_cb = pairing_complete_cb;
1558 conn->security_cfm_cb = pairing_complete_cb;
1559 conn->disconn_cfm_cb = pairing_complete_cb;
1560 conn->io_capability = cp->io_cap;
1561 cmd->user_data = conn;
1563 if (conn->state == BT_CONNECTED &&
1564 hci_conn_security(conn, sec_level, auth_type))
1565 pairing_complete(cmd, 0);
1570 hci_dev_unlock(hdev);
1576 static int cancel_pair_device(struct sock *sk, u16 index,
1577 unsigned char *data, u16 len)
1579 struct mgmt_addr_info *addr = (void *) data;
1580 struct hci_dev *hdev;
1581 struct pending_cmd *cmd;
1582 struct hci_conn *conn;
1587 if (len != sizeof(*addr))
1588 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1589 MGMT_STATUS_INVALID_PARAMS);
1591 hdev = hci_dev_get(index);
1593 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1594 MGMT_STATUS_INVALID_PARAMS);
1598 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1600 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1601 MGMT_STATUS_INVALID_PARAMS);
1605 conn = cmd->user_data;
1607 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1608 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1609 MGMT_STATUS_INVALID_PARAMS);
1613 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1615 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, addr,
1618 hci_dev_unlock(hdev);
1624 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1625 u16 mgmt_op, u16 hci_op, __le32 passkey)
1627 struct pending_cmd *cmd;
1628 struct hci_dev *hdev;
1629 struct hci_conn *conn;
1632 hdev = hci_dev_get(index);
1634 return cmd_status(sk, index, mgmt_op,
1635 MGMT_STATUS_INVALID_PARAMS);
1639 if (!test_bit(HCI_UP, &hdev->flags)) {
1640 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1645 * Check for an existing ACL link, if present pair via
1648 * If no ACL link is present, check for an LE link and if
1649 * present, pair via the SMP engine.
1651 * If neither ACL nor LE links are present, fail with error.
1653 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1655 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1657 err = cmd_status(sk, index, mgmt_op,
1658 MGMT_STATUS_NOT_CONNECTED);
1662 /* Continue with pairing via SMP */
1663 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1666 err = cmd_status(sk, index, mgmt_op,
1667 MGMT_STATUS_SUCCESS);
1669 err = cmd_status(sk, index, mgmt_op,
1670 MGMT_STATUS_FAILED);
1675 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
1681 /* Continue with pairing via HCI */
1682 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1683 struct hci_cp_user_passkey_reply cp;
1685 bacpy(&cp.bdaddr, bdaddr);
1686 cp.passkey = passkey;
1687 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1689 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1692 mgmt_pending_remove(cmd);
1695 hci_dev_unlock(hdev);
1701 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1703 struct mgmt_cp_user_confirm_reply *cp = data;
1707 if (len != sizeof(*cp))
1708 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1709 MGMT_STATUS_INVALID_PARAMS);
1711 return user_pairing_resp(sk, index, &cp->bdaddr,
1712 MGMT_OP_USER_CONFIRM_REPLY,
1713 HCI_OP_USER_CONFIRM_REPLY, 0);
1716 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1719 struct mgmt_cp_user_confirm_neg_reply *cp = data;
1723 if (len != sizeof(*cp))
1724 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1725 MGMT_STATUS_INVALID_PARAMS);
1727 return user_pairing_resp(sk, index, &cp->bdaddr,
1728 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1729 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1732 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1734 struct mgmt_cp_user_passkey_reply *cp = data;
1738 if (len != sizeof(*cp))
1739 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1742 return user_pairing_resp(sk, index, &cp->bdaddr,
1743 MGMT_OP_USER_PASSKEY_REPLY,
1744 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
1747 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1750 struct mgmt_cp_user_passkey_neg_reply *cp = data;
1754 if (len != sizeof(*cp))
1755 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1758 return user_pairing_resp(sk, index, &cp->bdaddr,
1759 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1760 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
1763 static int set_local_name(struct sock *sk, u16 index, void *data,
1766 struct mgmt_cp_set_local_name *mgmt_cp = data;
1767 struct hci_cp_write_local_name hci_cp;
1768 struct hci_dev *hdev;
1769 struct pending_cmd *cmd;
1774 if (len != sizeof(*mgmt_cp))
1775 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1776 MGMT_STATUS_INVALID_PARAMS);
1778 hdev = hci_dev_get(index);
1780 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1781 MGMT_STATUS_INVALID_PARAMS);
1785 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
1792 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1793 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1796 mgmt_pending_remove(cmd);
1799 hci_dev_unlock(hdev);
1805 static int read_local_oob_data(struct sock *sk, u16 index)
1807 struct hci_dev *hdev;
1808 struct pending_cmd *cmd;
1811 BT_DBG("hci%u", index);
1813 hdev = hci_dev_get(index);
1815 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1816 MGMT_STATUS_INVALID_PARAMS);
1820 if (!test_bit(HCI_UP, &hdev->flags)) {
1821 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1822 MGMT_STATUS_NOT_POWERED);
1826 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1827 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1828 MGMT_STATUS_NOT_SUPPORTED);
1832 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1833 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1838 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1844 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1846 mgmt_pending_remove(cmd);
1849 hci_dev_unlock(hdev);
1855 static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
1858 struct hci_dev *hdev;
1859 struct mgmt_cp_add_remote_oob_data *cp = data;
1862 BT_DBG("hci%u ", index);
1864 if (len != sizeof(*cp))
1865 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1866 MGMT_STATUS_INVALID_PARAMS);
1868 hdev = hci_dev_get(index);
1870 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1871 MGMT_STATUS_INVALID_PARAMS);
1875 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1878 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1879 MGMT_STATUS_FAILED);
1881 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1884 hci_dev_unlock(hdev);
1890 static int remove_remote_oob_data(struct sock *sk, u16 index,
1891 void *data, u16 len)
1893 struct hci_dev *hdev;
1894 struct mgmt_cp_remove_remote_oob_data *cp = data;
1897 BT_DBG("hci%u ", index);
1899 if (len != sizeof(*cp))
1900 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1901 MGMT_STATUS_INVALID_PARAMS);
1903 hdev = hci_dev_get(index);
1905 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1906 MGMT_STATUS_INVALID_PARAMS);
1910 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1912 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1913 MGMT_STATUS_INVALID_PARAMS);
1915 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1918 hci_dev_unlock(hdev);
1924 static int start_discovery(struct sock *sk, u16 index,
1925 void *data, u16 len)
1927 struct mgmt_cp_start_discovery *cp = data;
1928 unsigned long discov_type = cp->type;
1929 struct pending_cmd *cmd;
1930 struct hci_dev *hdev;
1933 BT_DBG("hci%u", index);
1935 if (len != sizeof(*cp))
1936 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1937 MGMT_STATUS_INVALID_PARAMS);
1939 hdev = hci_dev_get(index);
1941 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1942 MGMT_STATUS_INVALID_PARAMS);
1946 if (!test_bit(HCI_UP, &hdev->flags)) {
1947 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1948 MGMT_STATUS_NOT_POWERED);
1952 if (hdev->discovery.state != DISCOVERY_STOPPED) {
1953 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1958 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1964 if (test_bit(MGMT_ADDR_BREDR, &discov_type))
1965 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1966 else if (test_bit(MGMT_ADDR_LE_PUBLIC, &discov_type) &&
1967 test_bit(MGMT_ADDR_LE_RANDOM, &discov_type))
1968 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
1969 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
1974 mgmt_pending_remove(cmd);
1976 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
1979 hci_dev_unlock(hdev);
1985 static int stop_discovery(struct sock *sk, u16 index)
1987 struct hci_dev *hdev;
1988 struct pending_cmd *cmd;
1989 struct hci_cp_remote_name_req_cancel cp;
1990 struct inquiry_entry *e;
1993 BT_DBG("hci%u", index);
1995 hdev = hci_dev_get(index);
1997 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
1998 MGMT_STATUS_INVALID_PARAMS);
2002 if (!hci_discovery_active(hdev)) {
2003 err = cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2004 MGMT_STATUS_REJECTED);
2008 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2014 if (hdev->discovery.state == DISCOVERY_INQUIRY) {
2015 err = hci_cancel_inquiry(hdev);
2017 mgmt_pending_remove(cmd);
2019 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2023 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2025 mgmt_pending_remove(cmd);
2026 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, NULL, 0);
2027 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2031 bacpy(&cp.bdaddr, &e->data.bdaddr);
2032 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2035 mgmt_pending_remove(cmd);
2037 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2040 hci_dev_unlock(hdev);
2046 static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
2048 struct mgmt_cp_confirm_name *cp = data;
2049 struct inquiry_entry *e;
2050 struct hci_dev *hdev;
2053 BT_DBG("hci%u", index);
2055 if (len != sizeof(*cp))
2056 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2057 MGMT_STATUS_INVALID_PARAMS);
2059 hdev = hci_dev_get(index);
2061 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2062 MGMT_STATUS_INVALID_PARAMS);
2066 if (!hci_discovery_active(hdev)) {
2067 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2068 MGMT_STATUS_FAILED);
2072 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->bdaddr);
2074 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2075 MGMT_STATUS_INVALID_PARAMS);
2079 if (cp->name_known) {
2080 e->name_state = NAME_KNOWN;
2083 e->name_state = NAME_NEEDED;
2084 hci_inquiry_cache_update_resolve(hdev, e);
2090 hci_dev_unlock(hdev);
2095 static int block_device(struct sock *sk, u16 index, void *data, u16 len)
2097 struct hci_dev *hdev;
2098 struct mgmt_cp_block_device *cp = data;
2101 BT_DBG("hci%u", index);
2103 if (len != sizeof(*cp))
2104 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2105 MGMT_STATUS_INVALID_PARAMS);
2107 hdev = hci_dev_get(index);
2109 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2110 MGMT_STATUS_INVALID_PARAMS);
2114 err = hci_blacklist_add(hdev, &cp->bdaddr);
2116 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2117 MGMT_STATUS_FAILED);
2119 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2122 hci_dev_unlock(hdev);
2128 static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
2130 struct hci_dev *hdev;
2131 struct mgmt_cp_unblock_device *cp = data;
2134 BT_DBG("hci%u", index);
2136 if (len != sizeof(*cp))
2137 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2138 MGMT_STATUS_INVALID_PARAMS);
2140 hdev = hci_dev_get(index);
2142 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2143 MGMT_STATUS_INVALID_PARAMS);
2147 err = hci_blacklist_del(hdev, &cp->bdaddr);
2150 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2151 MGMT_STATUS_INVALID_PARAMS);
2153 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2156 hci_dev_unlock(hdev);
2162 static int set_fast_connectable(struct sock *sk, u16 index,
2163 void *data, u16 len)
2165 struct hci_dev *hdev;
2166 struct mgmt_mode *cp = data;
2167 struct hci_cp_write_page_scan_activity acp;
2171 BT_DBG("hci%u", index);
2173 if (len != sizeof(*cp))
2174 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2175 MGMT_STATUS_INVALID_PARAMS);
2177 hdev = hci_dev_get(index);
2179 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2180 MGMT_STATUS_INVALID_PARAMS);
2185 type = PAGE_SCAN_TYPE_INTERLACED;
2186 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2188 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2189 acp.interval = 0x0800; /* default 1.28 sec page scan */
2192 acp.window = 0x0012; /* default 11.25 msec page scan window */
2194 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2197 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2198 MGMT_STATUS_FAILED);
2202 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2204 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2205 MGMT_STATUS_FAILED);
2209 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2212 hci_dev_unlock(hdev);
2218 static int load_long_term_keys(struct sock *sk, u16 index,
2219 void *cp_data, u16 len)
2221 struct hci_dev *hdev;
2222 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2223 u16 key_count, expected_len;
2226 if (len < sizeof(*cp))
2227 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2230 key_count = get_unaligned_le16(&cp->key_count);
2232 expected_len = sizeof(*cp) + key_count *
2233 sizeof(struct mgmt_ltk_info);
2234 if (expected_len != len) {
2235 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2237 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2241 hdev = hci_dev_get(index);
2243 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2246 BT_DBG("hci%u key_count %u", index, key_count);
2250 hci_smp_ltks_clear(hdev);
2252 for (i = 0; i < key_count; i++) {
2253 struct mgmt_ltk_info *key = &cp->keys[i];
2259 type = HCI_SMP_LTK_SLAVE;
2261 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2262 type, 0, key->authenticated, key->val,
2263 key->enc_size, key->ediv, key->rand);
2266 hci_dev_unlock(hdev);
2272 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2276 struct mgmt_hdr *hdr;
2277 u16 opcode, index, len;
2280 BT_DBG("got %zu bytes", msglen);
2282 if (msglen < sizeof(*hdr))
2285 buf = kmalloc(msglen, GFP_KERNEL);
2289 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2295 opcode = get_unaligned_le16(&hdr->opcode);
2296 index = get_unaligned_le16(&hdr->index);
2297 len = get_unaligned_le16(&hdr->len);
2299 if (len != msglen - sizeof(*hdr)) {
2304 cp = buf + sizeof(*hdr);
2307 case MGMT_OP_READ_VERSION:
2308 err = read_version(sk);
2310 case MGMT_OP_READ_INDEX_LIST:
2311 err = read_index_list(sk);
2313 case MGMT_OP_READ_INFO:
2314 err = read_controller_info(sk, index);
2316 case MGMT_OP_SET_POWERED:
2317 err = set_powered(sk, index, cp, len);
2319 case MGMT_OP_SET_DISCOVERABLE:
2320 err = set_discoverable(sk, index, cp, len);
2322 case MGMT_OP_SET_CONNECTABLE:
2323 err = set_connectable(sk, index, cp, len);
2325 case MGMT_OP_SET_FAST_CONNECTABLE:
2326 err = set_fast_connectable(sk, index, cp, len);
2328 case MGMT_OP_SET_PAIRABLE:
2329 err = set_pairable(sk, index, cp, len);
2331 case MGMT_OP_ADD_UUID:
2332 err = add_uuid(sk, index, cp, len);
2334 case MGMT_OP_REMOVE_UUID:
2335 err = remove_uuid(sk, index, cp, len);
2337 case MGMT_OP_SET_DEV_CLASS:
2338 err = set_dev_class(sk, index, cp, len);
2340 case MGMT_OP_LOAD_LINK_KEYS:
2341 err = load_link_keys(sk, index, cp, len);
2343 case MGMT_OP_REMOVE_KEYS:
2344 err = remove_keys(sk, index, cp, len);
2346 case MGMT_OP_DISCONNECT:
2347 err = disconnect(sk, index, cp, len);
2349 case MGMT_OP_GET_CONNECTIONS:
2350 err = get_connections(sk, index);
2352 case MGMT_OP_PIN_CODE_REPLY:
2353 err = pin_code_reply(sk, index, cp, len);
2355 case MGMT_OP_PIN_CODE_NEG_REPLY:
2356 err = pin_code_neg_reply(sk, index, cp, len);
2358 case MGMT_OP_SET_IO_CAPABILITY:
2359 err = set_io_capability(sk, index, cp, len);
2361 case MGMT_OP_PAIR_DEVICE:
2362 err = pair_device(sk, index, cp, len);
2364 case MGMT_OP_CANCEL_PAIR_DEVICE:
2365 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2367 case MGMT_OP_USER_CONFIRM_REPLY:
2368 err = user_confirm_reply(sk, index, cp, len);
2370 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2371 err = user_confirm_neg_reply(sk, index, cp, len);
2373 case MGMT_OP_USER_PASSKEY_REPLY:
2374 err = user_passkey_reply(sk, index, cp, len);
2376 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2377 err = user_passkey_neg_reply(sk, index, cp, len);
2379 case MGMT_OP_SET_LOCAL_NAME:
2380 err = set_local_name(sk, index, cp, len);
2382 case MGMT_OP_READ_LOCAL_OOB_DATA:
2383 err = read_local_oob_data(sk, index);
2385 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2386 err = add_remote_oob_data(sk, index, cp, len);
2388 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2389 err = remove_remote_oob_data(sk, index, cp, len);
2391 case MGMT_OP_START_DISCOVERY:
2392 err = start_discovery(sk, index, cp, len);
2394 case MGMT_OP_STOP_DISCOVERY:
2395 err = stop_discovery(sk, index);
2397 case MGMT_OP_CONFIRM_NAME:
2398 err = confirm_name(sk, index, cp, len);
2400 case MGMT_OP_BLOCK_DEVICE:
2401 err = block_device(sk, index, cp, len);
2403 case MGMT_OP_UNBLOCK_DEVICE:
2404 err = unblock_device(sk, index, cp, len);
2406 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2407 err = load_long_term_keys(sk, index, cp, len);
2410 BT_DBG("Unknown op %u", opcode);
2411 err = cmd_status(sk, index, opcode,
2412 MGMT_STATUS_UNKNOWN_COMMAND);
2426 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2430 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2431 mgmt_pending_remove(cmd);
2434 int mgmt_index_added(struct hci_dev *hdev)
2436 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2439 int mgmt_index_removed(struct hci_dev *hdev)
2443 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2445 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2451 struct hci_dev *hdev;
2454 static void settings_rsp(struct pending_cmd *cmd, void *data)
2456 struct cmd_lookup *match = data;
2458 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2460 list_del(&cmd->list);
2462 if (match->sk == NULL) {
2463 match->sk = cmd->sk;
2464 sock_hold(match->sk);
2467 mgmt_pending_free(cmd);
2470 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2472 struct cmd_lookup match = { powered, NULL, hdev };
2476 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2479 u8 status = ENETDOWN;
2480 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2483 ev = cpu_to_le32(get_current_settings(hdev));
2485 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2494 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2496 struct cmd_lookup match = { discoverable, NULL, hdev };
2500 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
2502 ev = cpu_to_le32(get_current_settings(hdev));
2504 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2512 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2515 struct cmd_lookup match = { connectable, NULL, hdev };
2518 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2521 ev = cpu_to_le32(get_current_settings(hdev));
2523 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
2531 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2533 u8 mgmt_err = mgmt_status(status);
2535 if (scan & SCAN_PAGE)
2536 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2537 cmd_status_rsp, &mgmt_err);
2539 if (scan & SCAN_INQUIRY)
2540 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2541 cmd_status_rsp, &mgmt_err);
2546 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2549 struct mgmt_ev_new_link_key ev;
2551 memset(&ev, 0, sizeof(ev));
2553 ev.store_hint = persistent;
2554 bacpy(&ev.key.bdaddr, &key->bdaddr);
2555 ev.key.type = key->type;
2556 memcpy(ev.key.val, key->val, 16);
2557 ev.key.pin_len = key->pin_len;
2559 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2562 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2564 struct mgmt_ev_new_long_term_key ev;
2566 memset(&ev, 0, sizeof(ev));
2568 ev.store_hint = persistent;
2569 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2570 ev.key.addr.type = key->bdaddr_type;
2571 ev.key.authenticated = key->authenticated;
2572 ev.key.enc_size = key->enc_size;
2573 ev.key.ediv = key->ediv;
2575 if (key->type == HCI_SMP_LTK)
2578 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2579 memcpy(ev.key.val, key->val, sizeof(key->val));
2581 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
2582 &ev, sizeof(ev), NULL);
2585 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2586 u8 addr_type, u8 *name, u8 name_len,
2590 struct mgmt_ev_device_connected *ev = (void *) buf;
2593 bacpy(&ev->addr.bdaddr, bdaddr);
2594 ev->addr.type = link_to_mgmt(link_type, addr_type);
2597 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2600 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2601 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
2602 EIR_CLASS_OF_DEV, dev_class, 3);
2604 put_unaligned_le16(eir_len, &ev->eir_len);
2606 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
2607 sizeof(*ev) + eir_len, NULL);
2610 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2612 struct mgmt_cp_disconnect *cp = cmd->param;
2613 struct sock **sk = data;
2614 struct mgmt_rp_disconnect rp;
2616 bacpy(&rp.bdaddr, &cp->bdaddr);
2619 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2624 mgmt_pending_remove(cmd);
2627 static void remove_keys_rsp(struct pending_cmd *cmd, void *data)
2630 struct mgmt_cp_remove_keys *cp = cmd->param;
2631 struct mgmt_rp_remove_keys rp;
2633 memset(&rp, 0, sizeof(rp));
2634 bacpy(&rp.bdaddr, &cp->bdaddr);
2636 rp.status = *status;
2638 cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp,
2641 mgmt_pending_remove(cmd);
2644 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2645 u8 link_type, u8 addr_type)
2647 struct mgmt_addr_info ev;
2648 struct sock *sk = NULL;
2651 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2653 bacpy(&ev.bdaddr, bdaddr);
2654 ev.type = link_to_mgmt(link_type, addr_type);
2656 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
2662 mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL);
2667 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2669 struct pending_cmd *cmd;
2670 u8 mgmt_err = mgmt_status(status);
2673 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2678 struct mgmt_rp_disconnect rp;
2680 bacpy(&rp.bdaddr, bdaddr);
2683 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2686 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT,
2689 mgmt_pending_remove(cmd);
2694 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2695 u8 addr_type, u8 status)
2697 struct mgmt_ev_connect_failed ev;
2699 bacpy(&ev.addr.bdaddr, bdaddr);
2700 ev.addr.type = link_to_mgmt(link_type, addr_type);
2701 ev.status = mgmt_status(status);
2703 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2706 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2708 struct mgmt_ev_pin_code_request ev;
2710 bacpy(&ev.bdaddr, bdaddr);
2713 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2717 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2720 struct pending_cmd *cmd;
2721 struct mgmt_rp_pin_code_reply rp;
2724 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2728 bacpy(&rp.bdaddr, bdaddr);
2729 rp.status = mgmt_status(status);
2731 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2734 mgmt_pending_remove(cmd);
2739 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2742 struct pending_cmd *cmd;
2743 struct mgmt_rp_pin_code_reply rp;
2746 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2750 bacpy(&rp.bdaddr, bdaddr);
2751 rp.status = mgmt_status(status);
2753 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2756 mgmt_pending_remove(cmd);
2761 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2762 __le32 value, u8 confirm_hint)
2764 struct mgmt_ev_user_confirm_request ev;
2766 BT_DBG("%s", hdev->name);
2768 bacpy(&ev.bdaddr, bdaddr);
2769 ev.confirm_hint = confirm_hint;
2770 put_unaligned_le32(value, &ev.value);
2772 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2776 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr)
2778 struct mgmt_ev_user_passkey_request ev;
2780 BT_DBG("%s", hdev->name);
2782 bacpy(&ev.bdaddr, bdaddr);
2784 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
2788 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2789 u8 status, u8 opcode)
2791 struct pending_cmd *cmd;
2792 struct mgmt_rp_user_confirm_reply rp;
2795 cmd = mgmt_pending_find(opcode, hdev);
2799 bacpy(&rp.bdaddr, bdaddr);
2800 rp.status = mgmt_status(status);
2801 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2803 mgmt_pending_remove(cmd);
2808 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2811 return user_pairing_resp_complete(hdev, bdaddr, status,
2812 MGMT_OP_USER_CONFIRM_REPLY);
2815 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2816 bdaddr_t *bdaddr, u8 status)
2818 return user_pairing_resp_complete(hdev, bdaddr, status,
2819 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2822 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2825 return user_pairing_resp_complete(hdev, bdaddr, status,
2826 MGMT_OP_USER_PASSKEY_REPLY);
2829 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev,
2830 bdaddr_t *bdaddr, u8 status)
2832 return user_pairing_resp_complete(hdev, bdaddr, status,
2833 MGMT_OP_USER_PASSKEY_NEG_REPLY);
2836 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2838 struct mgmt_ev_auth_failed ev;
2840 bacpy(&ev.bdaddr, bdaddr);
2841 ev.status = mgmt_status(status);
2843 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2846 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2848 struct pending_cmd *cmd;
2849 struct mgmt_cp_set_local_name ev;
2852 memset(&ev, 0, sizeof(ev));
2853 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2855 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2860 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2861 mgmt_status(status));
2867 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2873 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2874 cmd ? cmd->sk : NULL);
2878 mgmt_pending_remove(cmd);
2882 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2883 u8 *randomizer, u8 status)
2885 struct pending_cmd *cmd;
2888 BT_DBG("%s status %u", hdev->name, status);
2890 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2895 err = cmd_status(cmd->sk, hdev->id,
2896 MGMT_OP_READ_LOCAL_OOB_DATA,
2897 mgmt_status(status));
2899 struct mgmt_rp_read_local_oob_data rp;
2901 memcpy(rp.hash, hash, sizeof(rp.hash));
2902 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2904 err = cmd_complete(cmd->sk, hdev->id,
2905 MGMT_OP_READ_LOCAL_OOB_DATA,
2909 mgmt_pending_remove(cmd);
2914 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2915 u8 addr_type, u8 *dev_class, s8 rssi,
2916 u8 cfm_name, u8 *eir, u16 eir_len)
2919 struct mgmt_ev_device_found *ev = (void *) buf;
2922 /* Leave 5 bytes for a potential CoD field */
2923 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
2926 memset(buf, 0, sizeof(buf));
2928 bacpy(&ev->addr.bdaddr, bdaddr);
2929 ev->addr.type = link_to_mgmt(link_type, addr_type);
2931 ev->confirm_name = cfm_name;
2934 memcpy(ev->eir, eir, eir_len);
2936 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
2937 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
2940 put_unaligned_le16(eir_len, &ev->eir_len);
2942 ev_size = sizeof(*ev) + eir_len;
2944 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
2947 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2948 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
2950 struct mgmt_ev_device_found *ev;
2951 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
2954 ev = (struct mgmt_ev_device_found *) buf;
2956 memset(buf, 0, sizeof(buf));
2958 bacpy(&ev->addr.bdaddr, bdaddr);
2959 ev->addr.type = link_to_mgmt(link_type, addr_type);
2962 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
2965 put_unaligned_le16(eir_len, &ev->eir_len);
2967 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
2968 sizeof(*ev) + eir_len, NULL);
2971 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2973 struct pending_cmd *cmd;
2976 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2980 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
2981 mgmt_pending_remove(cmd);
2986 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2988 struct pending_cmd *cmd;
2991 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2995 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
2996 mgmt_pending_remove(cmd);
3001 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3003 struct pending_cmd *cmd;
3005 BT_DBG("%s discovering %u", hdev->name, discovering);
3008 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3010 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3013 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
3014 mgmt_pending_remove(cmd);
3017 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
3018 sizeof(discovering), NULL);
3021 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
3023 struct pending_cmd *cmd;
3024 struct mgmt_ev_device_blocked ev;
3026 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3028 bacpy(&ev.bdaddr, bdaddr);
3030 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3031 cmd ? cmd->sk : NULL);
3034 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
3036 struct pending_cmd *cmd;
3037 struct mgmt_ev_device_unblocked ev;
3039 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3041 bacpy(&ev.bdaddr, bdaddr);
3043 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3044 cmd ? cmd->sk : NULL);
projects / mv-sheeva.git / blob