2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/kernel.h>
28 #include <linux/uaccess.h>
29 #include <linux/module.h>
30 #include <asm/unaligned.h>
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/mgmt.h>
35 #include <net/bluetooth/smp.h>
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 0
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
83 static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
110 #define LE_SCAN_TYPE 0x01
111 #define LE_SCAN_WIN 0x12
112 #define LE_SCAN_INT 0x12
113 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
114 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
116 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
117 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
119 #define SERVICE_CACHE_TIMEOUT (5 * 1000)
121 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
125 struct list_head list;
133 /* HCI to MGMT error code conversion table */
134 static u8 mgmt_status_table[] = {
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
198 static u8 mgmt_status(u8 hci_status)
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
203 return MGMT_STATUS_FAILED;
206 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
222 hdr->index = cpu_to_le16(index);
223 hdr->len = cpu_to_le16(sizeof(*ev));
225 ev = (void *) skb_put(skb, sizeof(*ev));
227 put_unaligned_le16(cmd, &ev->opcode);
229 err = sock_queue_rcv_skb(sk, skb);
236 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237 void *rp, size_t rp_len)
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
244 BT_DBG("sock %p", sk);
246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
253 hdr->index = cpu_to_le16(index);
254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
261 memcpy(ev->data, rp, rp_len);
263 err = sock_queue_rcv_skb(sk, skb);
270 static int read_version(struct sock *sk)
272 struct mgmt_rp_read_version rp;
274 BT_DBG("sock %p", sk);
276 rp.version = MGMT_VERSION;
277 put_unaligned_le16(MGMT_REVISION, &rp.revision);
279 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
283 static int read_commands(struct sock *sk)
285 struct mgmt_rp_read_commands *rp;
286 u16 num_commands = ARRAY_SIZE(mgmt_commands);
287 u16 num_events = ARRAY_SIZE(mgmt_events);
292 BT_DBG("sock %p", sk);
294 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
296 rp = kmalloc(rp_size, GFP_KERNEL);
300 put_unaligned_le16(num_commands, &rp->num_commands);
301 put_unaligned_le16(num_events, &rp->num_events);
303 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
304 put_unaligned_le16(mgmt_commands[i], opcode);
306 for (i = 0; i < num_events; i++, opcode++)
307 put_unaligned_le16(mgmt_events[i], opcode);
309 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
316 static int read_index_list(struct sock *sk)
318 struct mgmt_rp_read_index_list *rp;
325 BT_DBG("sock %p", sk);
327 read_lock(&hci_dev_list_lock);
330 list_for_each(p, &hci_dev_list) {
334 rp_len = sizeof(*rp) + (2 * count);
335 rp = kmalloc(rp_len, GFP_ATOMIC);
337 read_unlock(&hci_dev_list_lock);
341 put_unaligned_le16(count, &rp->num_controllers);
344 list_for_each_entry(d, &hci_dev_list, list) {
345 if (test_bit(HCI_SETUP, &d->dev_flags))
348 put_unaligned_le16(d->id, &rp->index[i++]);
349 BT_DBG("Added hci%u", d->id);
352 read_unlock(&hci_dev_list_lock);
354 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
362 static u32 get_supported_settings(struct hci_dev *hdev)
366 settings |= MGMT_SETTING_POWERED;
367 settings |= MGMT_SETTING_CONNECTABLE;
368 settings |= MGMT_SETTING_FAST_CONNECTABLE;
369 settings |= MGMT_SETTING_DISCOVERABLE;
370 settings |= MGMT_SETTING_PAIRABLE;
372 if (hdev->features[6] & LMP_SIMPLE_PAIR)
373 settings |= MGMT_SETTING_SSP;
375 if (!(hdev->features[4] & LMP_NO_BREDR)) {
376 settings |= MGMT_SETTING_BREDR;
377 settings |= MGMT_SETTING_LINK_SECURITY;
381 settings |= MGMT_SETTING_HS;
384 if (hdev->features[4] & LMP_LE)
385 settings |= MGMT_SETTING_LE;
391 static u32 get_current_settings(struct hci_dev *hdev)
395 if (hdev_is_powered(hdev))
396 settings |= MGMT_SETTING_POWERED;
398 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
399 settings |= MGMT_SETTING_CONNECTABLE;
401 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
402 settings |= MGMT_SETTING_DISCOVERABLE;
404 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_PAIRABLE;
407 if (!(hdev->features[4] & LMP_NO_BREDR))
408 settings |= MGMT_SETTING_BREDR;
410 if (hdev->host_features[0] & LMP_HOST_LE)
411 settings |= MGMT_SETTING_LE;
413 if (test_bit(HCI_AUTH, &hdev->flags))
414 settings |= MGMT_SETTING_LINK_SECURITY;
416 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
417 settings |= MGMT_SETTING_SSP;
419 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
420 settings |= MGMT_SETTING_HS;
425 #define PNP_INFO_SVCLASS_ID 0x1200
427 static u8 bluetooth_base_uuid[] = {
428 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
429 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
432 static u16 get_uuid16(u8 *uuid128)
437 for (i = 0; i < 12; i++) {
438 if (bluetooth_base_uuid[i] != uuid128[i])
442 memcpy(&val, &uuid128[12], 4);
444 val = le32_to_cpu(val);
451 static void create_eir(struct hci_dev *hdev, u8 *data)
455 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
456 int i, truncated = 0;
457 struct bt_uuid *uuid;
460 name_len = strlen(hdev->dev_name);
466 ptr[1] = EIR_NAME_SHORT;
468 ptr[1] = EIR_NAME_COMPLETE;
470 /* EIR Data length */
471 ptr[0] = name_len + 1;
473 memcpy(ptr + 2, hdev->dev_name, name_len);
475 eir_len += (name_len + 2);
476 ptr += (name_len + 2);
479 memset(uuid16_list, 0, sizeof(uuid16_list));
481 /* Group all UUID16 types */
482 list_for_each_entry(uuid, &hdev->uuids, list) {
485 uuid16 = get_uuid16(uuid->uuid);
492 if (uuid16 == PNP_INFO_SVCLASS_ID)
495 /* Stop if not enough space to put next UUID */
496 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
501 /* Check for duplicates */
502 for (i = 0; uuid16_list[i] != 0; i++)
503 if (uuid16_list[i] == uuid16)
506 if (uuid16_list[i] == 0) {
507 uuid16_list[i] = uuid16;
508 eir_len += sizeof(u16);
512 if (uuid16_list[0] != 0) {
516 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
521 for (i = 0; uuid16_list[i] != 0; i++) {
522 *ptr++ = (uuid16_list[i] & 0x00ff);
523 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
526 /* EIR Data length */
527 *length = (i * sizeof(u16)) + 1;
531 static int update_eir(struct hci_dev *hdev)
533 struct hci_cp_write_eir cp;
535 if (!(hdev->features[6] & LMP_EXT_INQ))
538 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
541 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
544 memset(&cp, 0, sizeof(cp));
546 create_eir(hdev, cp.data);
548 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
551 memcpy(hdev->eir, cp.data, sizeof(cp.data));
553 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
556 static u8 get_service_classes(struct hci_dev *hdev)
558 struct bt_uuid *uuid;
561 list_for_each_entry(uuid, &hdev->uuids, list)
562 val |= uuid->svc_hint;
567 static int update_class(struct hci_dev *hdev)
571 BT_DBG("%s", hdev->name);
573 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
576 cod[0] = hdev->minor_class;
577 cod[1] = hdev->major_class;
578 cod[2] = get_service_classes(hdev);
580 if (memcmp(cod, hdev->dev_class, 3) == 0)
583 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
586 static void service_cache_off(struct work_struct *work)
588 struct hci_dev *hdev = container_of(work, struct hci_dev,
591 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
599 hci_dev_unlock(hdev);
602 static void mgmt_init_hdev(struct hci_dev *hdev)
604 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) {
605 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
607 /* Non-mgmt controlled devices get this bit set
608 * implicitly so that pairing works for them, however
609 * for mgmt we require user-space to explicitly enable
612 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
615 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
616 schedule_delayed_work(&hdev->service_cache,
617 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
620 static int read_controller_info(struct sock *sk, u16 index)
622 struct mgmt_rp_read_info rp;
623 struct hci_dev *hdev;
625 BT_DBG("sock %p hci%u", sk, index);
627 hdev = hci_dev_get(index);
629 return cmd_status(sk, index, MGMT_OP_READ_INFO,
630 MGMT_STATUS_INVALID_PARAMS);
634 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
635 mgmt_init_hdev(hdev);
637 memset(&rp, 0, sizeof(rp));
639 bacpy(&rp.bdaddr, &hdev->bdaddr);
641 rp.version = hdev->hci_ver;
643 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
645 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
646 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
648 memcpy(rp.dev_class, hdev->dev_class, 3);
650 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
652 hci_dev_unlock(hdev);
655 return cmd_complete(sk, index, MGMT_OP_READ_INFO, 0, &rp, sizeof(rp));
658 static void mgmt_pending_free(struct pending_cmd *cmd)
665 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
666 struct hci_dev *hdev,
669 struct pending_cmd *cmd;
671 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
675 cmd->opcode = opcode;
676 cmd->index = hdev->id;
678 cmd->param = kmalloc(len, GFP_ATOMIC);
685 memcpy(cmd->param, data, len);
690 list_add(&cmd->list, &hdev->mgmt_pending);
695 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
696 void (*cb)(struct pending_cmd *cmd, void *data),
699 struct list_head *p, *n;
701 list_for_each_safe(p, n, &hdev->mgmt_pending) {
702 struct pending_cmd *cmd;
704 cmd = list_entry(p, struct pending_cmd, list);
706 if (opcode > 0 && cmd->opcode != opcode)
713 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
715 struct pending_cmd *cmd;
717 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
718 if (cmd->opcode == opcode)
725 static void mgmt_pending_remove(struct pending_cmd *cmd)
727 list_del(&cmd->list);
728 mgmt_pending_free(cmd);
731 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
733 __le32 settings = cpu_to_le32(get_current_settings(hdev));
735 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
739 static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
741 struct mgmt_mode *cp = data;
742 struct hci_dev *hdev;
743 struct pending_cmd *cmd;
746 BT_DBG("request for hci%u", index);
748 if (len != sizeof(*cp))
749 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
750 MGMT_STATUS_INVALID_PARAMS);
752 hdev = hci_dev_get(index);
754 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
755 MGMT_STATUS_INVALID_PARAMS);
759 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
760 cancel_delayed_work(&hdev->power_off);
763 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
764 mgmt_powered(hdev, 1);
769 if (!!cp->val == hdev_is_powered(hdev)) {
770 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
774 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
775 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
787 schedule_work(&hdev->power_on);
789 schedule_work(&hdev->power_off.work);
794 hci_dev_unlock(hdev);
799 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
800 u16 data_len, struct sock *skip_sk)
803 struct mgmt_hdr *hdr;
805 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
809 hdr = (void *) skb_put(skb, sizeof(*hdr));
810 hdr->opcode = cpu_to_le16(event);
812 hdr->index = cpu_to_le16(hdev->id);
814 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
815 hdr->len = cpu_to_le16(data_len);
818 memcpy(skb_put(skb, data_len), data, data_len);
820 hci_send_to_control(skb, skip_sk);
826 static int new_settings(struct hci_dev *hdev, struct sock *skip)
830 ev = cpu_to_le32(get_current_settings(hdev));
832 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
835 static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
837 struct mgmt_cp_set_discoverable *cp = data;
838 struct hci_dev *hdev;
839 struct pending_cmd *cmd;
844 BT_DBG("request for hci%u", index);
846 if (len != sizeof(*cp))
847 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
848 MGMT_STATUS_INVALID_PARAMS);
850 hdev = hci_dev_get(index);
852 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
853 MGMT_STATUS_INVALID_PARAMS);
855 timeout = get_unaligned_le16(&cp->timeout);
859 if (!hdev_is_powered(hdev) && timeout > 0) {
860 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
861 MGMT_STATUS_NOT_POWERED);
865 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
866 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
867 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
872 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
873 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
874 MGMT_STATUS_REJECTED);
878 if (!hdev_is_powered(hdev)) {
879 bool changed = false;
881 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
882 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
886 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
891 err = new_settings(hdev, sk);
896 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
897 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
901 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
910 scan |= SCAN_INQUIRY;
912 cancel_delayed_work(&hdev->discov_off);
914 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
916 mgmt_pending_remove(cmd);
919 hdev->discov_timeout = timeout;
922 hci_dev_unlock(hdev);
928 static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
930 struct mgmt_mode *cp = data;
931 struct hci_dev *hdev;
932 struct pending_cmd *cmd;
936 BT_DBG("request for hci%u", index);
938 if (len != sizeof(*cp))
939 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
940 MGMT_STATUS_INVALID_PARAMS);
942 hdev = hci_dev_get(index);
944 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
945 MGMT_STATUS_INVALID_PARAMS);
949 if (!hdev_is_powered(hdev)) {
950 bool changed = false;
952 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
956 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
958 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
959 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
962 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
967 err = new_settings(hdev, sk);
972 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
973 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
974 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
979 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
980 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
984 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
995 if (test_bit(HCI_ISCAN, &hdev->flags) &&
996 hdev->discov_timeout > 0)
997 cancel_delayed_work(&hdev->discov_off);
1000 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1002 mgmt_pending_remove(cmd);
1005 hci_dev_unlock(hdev);
1011 static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
1013 struct mgmt_mode *cp = data;
1014 struct hci_dev *hdev;
1017 BT_DBG("request for hci%u", index);
1019 if (len != sizeof(*cp))
1020 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1021 MGMT_STATUS_INVALID_PARAMS);
1023 hdev = hci_dev_get(index);
1025 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1026 MGMT_STATUS_INVALID_PARAMS);
1031 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1033 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1035 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1039 err = new_settings(hdev, sk);
1042 hci_dev_unlock(hdev);
1048 static int set_link_security(struct sock *sk, u16 index, void *data, u16 len)
1050 struct mgmt_mode *cp = data;
1051 struct pending_cmd *cmd;
1052 struct hci_dev *hdev;
1056 BT_DBG("request for hci%u", index);
1058 if (len != sizeof(*cp))
1059 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1060 MGMT_STATUS_INVALID_PARAMS);
1062 hdev = hci_dev_get(index);
1064 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1065 MGMT_STATUS_INVALID_PARAMS);
1069 if (!hdev_is_powered(hdev)) {
1070 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1071 MGMT_STATUS_NOT_POWERED);
1075 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1076 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1083 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1084 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1088 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1094 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1096 mgmt_pending_remove(cmd);
1101 hci_dev_unlock(hdev);
1107 static int set_ssp(struct sock *sk, u16 index, void *data, u16 len)
1109 struct mgmt_mode *cp = data;
1110 struct pending_cmd *cmd;
1111 struct hci_dev *hdev;
1115 BT_DBG("request for hci%u", index);
1117 if (len != sizeof(*cp))
1118 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1119 MGMT_STATUS_INVALID_PARAMS);
1121 hdev = hci_dev_get(index);
1123 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1124 MGMT_STATUS_INVALID_PARAMS);
1128 if (!hdev_is_powered(hdev)) {
1129 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1130 MGMT_STATUS_NOT_POWERED);
1134 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1135 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1136 MGMT_STATUS_NOT_SUPPORTED);
1140 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1141 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY);
1147 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1148 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1152 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1158 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1160 mgmt_pending_remove(cmd);
1165 hci_dev_unlock(hdev);
1171 static int set_hs(struct sock *sk, u16 index, void *data, u16 len)
1173 struct mgmt_mode *cp = data;
1174 struct hci_dev *hdev;
1177 BT_DBG("request for hci%u", index);
1179 if (len != sizeof(*cp))
1180 return cmd_status(sk, index, MGMT_OP_SET_HS,
1181 MGMT_STATUS_INVALID_PARAMS);
1183 hdev = hci_dev_get(index);
1185 return cmd_status(sk, index, MGMT_OP_SET_HS,
1186 MGMT_STATUS_INVALID_PARAMS);
1189 err = cmd_status(sk, index, MGMT_OP_SET_HS,
1190 MGMT_STATUS_NOT_SUPPORTED);
1195 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1197 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1199 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1206 static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
1208 struct mgmt_cp_add_uuid *cp = data;
1209 struct hci_dev *hdev;
1210 struct bt_uuid *uuid;
1213 BT_DBG("request for hci%u", index);
1215 if (len != sizeof(*cp))
1216 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1217 MGMT_STATUS_INVALID_PARAMS);
1219 hdev = hci_dev_get(index);
1221 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1222 MGMT_STATUS_INVALID_PARAMS);
1226 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1232 memcpy(uuid->uuid, cp->uuid, 16);
1233 uuid->svc_hint = cp->svc_hint;
1235 list_add(&uuid->list, &hdev->uuids);
1237 err = update_class(hdev);
1241 err = update_eir(hdev);
1245 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, 0, NULL, 0);
1248 hci_dev_unlock(hdev);
1254 static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
1256 struct mgmt_cp_remove_uuid *cp = data;
1257 struct list_head *p, *n;
1258 struct hci_dev *hdev;
1259 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1262 BT_DBG("request for hci%u", index);
1264 if (len != sizeof(*cp))
1265 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1266 MGMT_STATUS_INVALID_PARAMS);
1268 hdev = hci_dev_get(index);
1270 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1271 MGMT_STATUS_INVALID_PARAMS);
1275 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1276 err = hci_uuids_clear(hdev);
1282 list_for_each_safe(p, n, &hdev->uuids) {
1283 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1285 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1288 list_del(&match->list);
1293 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1294 MGMT_STATUS_INVALID_PARAMS);
1298 err = update_class(hdev);
1302 err = update_eir(hdev);
1306 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0, NULL, 0);
1309 hci_dev_unlock(hdev);
1315 static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1317 struct hci_dev *hdev;
1318 struct mgmt_cp_set_dev_class *cp = data;
1321 BT_DBG("request for hci%u", index);
1323 if (len != sizeof(*cp))
1324 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1325 MGMT_STATUS_INVALID_PARAMS);
1327 hdev = hci_dev_get(index);
1329 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1330 MGMT_STATUS_INVALID_PARAMS);
1334 if (!hdev_is_powered(hdev)) {
1335 err = cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1336 MGMT_STATUS_NOT_POWERED);
1340 hdev->major_class = cp->major;
1341 hdev->minor_class = cp->minor;
1343 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1344 hci_dev_unlock(hdev);
1345 cancel_delayed_work_sync(&hdev->service_cache);
1350 err = update_class(hdev);
1353 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
1357 hci_dev_unlock(hdev);
1363 static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
1365 struct hci_dev *hdev;
1366 struct mgmt_cp_load_link_keys *cp = data;
1367 u16 key_count, expected_len;
1370 if (len < sizeof(*cp))
1371 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1372 MGMT_STATUS_INVALID_PARAMS);
1374 key_count = get_unaligned_le16(&cp->key_count);
1376 expected_len = sizeof(*cp) + key_count *
1377 sizeof(struct mgmt_link_key_info);
1378 if (expected_len != len) {
1379 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1381 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1382 MGMT_STATUS_INVALID_PARAMS);
1385 hdev = hci_dev_get(index);
1387 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1388 MGMT_STATUS_INVALID_PARAMS);
1390 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1395 hci_link_keys_clear(hdev);
1397 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1400 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1402 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1404 for (i = 0; i < key_count; i++) {
1405 struct mgmt_link_key_info *key = &cp->keys[i];
1407 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1408 key->type, key->pin_len);
1411 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1413 hci_dev_unlock(hdev);
1419 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1420 u8 addr_type, struct sock *skip_sk)
1422 struct mgmt_ev_device_unpaired ev;
1424 bacpy(&ev.addr.bdaddr, bdaddr);
1425 ev.addr.type = addr_type;
1427 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1431 static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
1433 struct hci_dev *hdev;
1434 struct mgmt_cp_unpair_device *cp = data;
1435 struct mgmt_rp_unpair_device rp;
1436 struct hci_cp_disconnect dc;
1437 struct pending_cmd *cmd;
1438 struct hci_conn *conn;
1442 if (len != sizeof(*cp))
1443 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1444 MGMT_STATUS_INVALID_PARAMS);
1446 hdev = hci_dev_get(index);
1448 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1449 MGMT_STATUS_INVALID_PARAMS);
1453 memset(&rp, 0, sizeof(rp));
1454 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1455 rp.addr.type = cp->addr.type;
1457 if (cp->addr.type == MGMT_ADDR_BREDR)
1458 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1460 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1463 status = MGMT_STATUS_NOT_PAIRED;
1467 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1468 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1470 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1474 if (cp->addr.type == MGMT_ADDR_BREDR)
1475 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1478 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1482 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1484 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1488 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1495 put_unaligned_le16(conn->handle, &dc.handle);
1496 dc.reason = 0x13; /* Remote User Terminated Connection */
1497 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1499 mgmt_pending_remove(cmd);
1503 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1505 hci_dev_unlock(hdev);
1511 static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
1513 struct hci_dev *hdev;
1514 struct mgmt_cp_disconnect *cp = data;
1515 struct hci_cp_disconnect dc;
1516 struct pending_cmd *cmd;
1517 struct hci_conn *conn;
1522 if (len != sizeof(*cp))
1523 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1524 MGMT_STATUS_INVALID_PARAMS);
1526 hdev = hci_dev_get(index);
1528 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1529 MGMT_STATUS_INVALID_PARAMS);
1533 if (!test_bit(HCI_UP, &hdev->flags)) {
1534 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1535 MGMT_STATUS_NOT_POWERED);
1539 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1540 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1545 if (cp->addr.type == MGMT_ADDR_BREDR)
1546 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1548 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1551 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1552 MGMT_STATUS_NOT_CONNECTED);
1556 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1562 put_unaligned_le16(conn->handle, &dc.handle);
1563 dc.reason = 0x13; /* Remote User Terminated Connection */
1565 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1567 mgmt_pending_remove(cmd);
1570 hci_dev_unlock(hdev);
1576 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1578 switch (link_type) {
1580 switch (addr_type) {
1581 case ADDR_LE_DEV_PUBLIC:
1582 return MGMT_ADDR_LE_PUBLIC;
1583 case ADDR_LE_DEV_RANDOM:
1584 return MGMT_ADDR_LE_RANDOM;
1586 return MGMT_ADDR_INVALID;
1589 return MGMT_ADDR_BREDR;
1591 return MGMT_ADDR_INVALID;
1595 static int get_connections(struct sock *sk, u16 index)
1597 struct mgmt_rp_get_connections *rp;
1598 struct hci_dev *hdev;
1606 hdev = hci_dev_get(index);
1608 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1609 MGMT_STATUS_INVALID_PARAMS);
1614 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1615 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1619 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1620 rp = kmalloc(rp_len, GFP_ATOMIC);
1626 put_unaligned_le16(count, &rp->conn_count);
1629 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1630 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1632 bacpy(&rp->addr[i].bdaddr, &c->dst);
1633 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1634 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1639 /* Recalculate length in case of filtered SCO connections, etc */
1640 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1642 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, 0, rp, rp_len);
1646 hci_dev_unlock(hdev);
1651 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1652 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1654 struct pending_cmd *cmd;
1657 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1662 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1663 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1665 mgmt_pending_remove(cmd);
1670 static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
1672 struct hci_dev *hdev;
1673 struct hci_conn *conn;
1674 struct mgmt_cp_pin_code_reply *cp = data;
1675 struct hci_cp_pin_code_reply reply;
1676 struct pending_cmd *cmd;
1681 if (len != sizeof(*cp))
1682 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1683 MGMT_STATUS_INVALID_PARAMS);
1685 hdev = hci_dev_get(index);
1687 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1688 MGMT_STATUS_INVALID_PARAMS);
1692 if (!hdev_is_powered(hdev)) {
1693 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1694 MGMT_STATUS_NOT_POWERED);
1698 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1700 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1701 MGMT_STATUS_NOT_CONNECTED);
1705 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1706 struct mgmt_cp_pin_code_neg_reply ncp;
1708 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1710 BT_ERR("PIN code is not 16 bytes long");
1712 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1714 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1715 MGMT_STATUS_INVALID_PARAMS);
1720 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1727 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1728 reply.pin_len = cp->pin_len;
1729 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1731 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1733 mgmt_pending_remove(cmd);
1736 hci_dev_unlock(hdev);
1742 static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
1744 struct hci_dev *hdev;
1745 struct mgmt_cp_pin_code_neg_reply *cp = data;
1750 if (len != sizeof(*cp))
1751 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1752 MGMT_STATUS_INVALID_PARAMS);
1754 hdev = hci_dev_get(index);
1756 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1757 MGMT_STATUS_INVALID_PARAMS);
1761 if (!hdev_is_powered(hdev)) {
1762 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1763 MGMT_STATUS_NOT_POWERED);
1767 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1770 hci_dev_unlock(hdev);
1776 static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
1778 struct hci_dev *hdev;
1779 struct mgmt_cp_set_io_capability *cp = data;
1783 if (len != sizeof(*cp))
1784 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1785 MGMT_STATUS_INVALID_PARAMS);
1787 hdev = hci_dev_get(index);
1789 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1790 MGMT_STATUS_INVALID_PARAMS);
1794 hdev->io_capability = cp->io_capability;
1796 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1797 hdev->io_capability);
1799 hci_dev_unlock(hdev);
1802 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 0);
1805 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1807 struct hci_dev *hdev = conn->hdev;
1808 struct pending_cmd *cmd;
1810 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1811 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1814 if (cmd->user_data != conn)
1823 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1825 struct mgmt_rp_pair_device rp;
1826 struct hci_conn *conn = cmd->user_data;
1828 bacpy(&rp.addr.bdaddr, &conn->dst);
1829 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1831 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1834 /* So we don't get further callbacks for this connection */
1835 conn->connect_cfm_cb = NULL;
1836 conn->security_cfm_cb = NULL;
1837 conn->disconn_cfm_cb = NULL;
1841 mgmt_pending_remove(cmd);
1844 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1846 struct pending_cmd *cmd;
1848 BT_DBG("status %u", status);
1850 cmd = find_pairing(conn);
1852 BT_DBG("Unable to find a pending command");
1854 pairing_complete(cmd, mgmt_status(status));
1857 static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
1859 struct hci_dev *hdev;
1860 struct mgmt_cp_pair_device *cp = data;
1861 struct mgmt_rp_pair_device rp;
1862 struct pending_cmd *cmd;
1863 u8 sec_level, auth_type;
1864 struct hci_conn *conn;
1869 if (len != sizeof(*cp))
1870 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1871 MGMT_STATUS_INVALID_PARAMS);
1873 hdev = hci_dev_get(index);
1875 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1876 MGMT_STATUS_INVALID_PARAMS);
1880 sec_level = BT_SECURITY_MEDIUM;
1881 if (cp->io_cap == 0x03)
1882 auth_type = HCI_AT_DEDICATED_BONDING;
1884 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1886 if (cp->addr.type == MGMT_ADDR_BREDR)
1887 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1890 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1893 memset(&rp, 0, sizeof(rp));
1894 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1895 rp.addr.type = cp->addr.type;
1898 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1899 MGMT_STATUS_CONNECT_FAILED,
1904 if (conn->connect_cfm_cb) {
1906 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1907 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1911 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1918 /* For LE, just connecting isn't a proof that the pairing finished */
1919 if (cp->addr.type == MGMT_ADDR_BREDR)
1920 conn->connect_cfm_cb = pairing_complete_cb;
1922 conn->security_cfm_cb = pairing_complete_cb;
1923 conn->disconn_cfm_cb = pairing_complete_cb;
1924 conn->io_capability = cp->io_cap;
1925 cmd->user_data = conn;
1927 if (conn->state == BT_CONNECTED &&
1928 hci_conn_security(conn, sec_level, auth_type))
1929 pairing_complete(cmd, 0);
1934 hci_dev_unlock(hdev);
1940 static int cancel_pair_device(struct sock *sk, u16 index,
1941 unsigned char *data, u16 len)
1943 struct mgmt_addr_info *addr = (void *) data;
1944 struct hci_dev *hdev;
1945 struct pending_cmd *cmd;
1946 struct hci_conn *conn;
1951 if (len != sizeof(*addr))
1952 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1953 MGMT_STATUS_INVALID_PARAMS);
1955 hdev = hci_dev_get(index);
1957 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1958 MGMT_STATUS_INVALID_PARAMS);
1962 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1964 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1965 MGMT_STATUS_INVALID_PARAMS);
1969 conn = cmd->user_data;
1971 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1972 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1973 MGMT_STATUS_INVALID_PARAMS);
1977 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1979 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 0, addr,
1982 hci_dev_unlock(hdev);
1988 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1989 u8 type, u16 mgmt_op, u16 hci_op,
1992 struct pending_cmd *cmd;
1993 struct hci_dev *hdev;
1994 struct hci_conn *conn;
1997 hdev = hci_dev_get(index);
1999 return cmd_status(sk, index, mgmt_op,
2000 MGMT_STATUS_INVALID_PARAMS);
2004 if (!hdev_is_powered(hdev)) {
2005 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
2009 if (type == MGMT_ADDR_BREDR)
2010 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2012 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2015 err = cmd_status(sk, index, mgmt_op,
2016 MGMT_STATUS_NOT_CONNECTED);
2020 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
2021 /* Continue with pairing via SMP */
2022 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2025 err = cmd_status(sk, index, mgmt_op,
2026 MGMT_STATUS_SUCCESS);
2028 err = cmd_status(sk, index, mgmt_op,
2029 MGMT_STATUS_FAILED);
2034 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2040 /* Continue with pairing via HCI */
2041 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2042 struct hci_cp_user_passkey_reply cp;
2044 bacpy(&cp.bdaddr, bdaddr);
2045 cp.passkey = passkey;
2046 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2048 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2051 mgmt_pending_remove(cmd);
2054 hci_dev_unlock(hdev);
2060 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
2062 struct mgmt_cp_user_confirm_reply *cp = data;
2066 if (len != sizeof(*cp))
2067 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
2068 MGMT_STATUS_INVALID_PARAMS);
2070 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2071 MGMT_OP_USER_CONFIRM_REPLY,
2072 HCI_OP_USER_CONFIRM_REPLY, 0);
2075 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
2078 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2082 if (len != sizeof(*cp))
2083 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
2084 MGMT_STATUS_INVALID_PARAMS);
2086 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2087 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2088 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2091 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
2093 struct mgmt_cp_user_passkey_reply *cp = data;
2097 if (len != sizeof(*cp))
2098 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
2101 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2102 MGMT_OP_USER_PASSKEY_REPLY,
2103 HCI_OP_USER_PASSKEY_REPLY,
2107 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
2110 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2114 if (len != sizeof(*cp))
2115 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
2118 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2119 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2120 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2123 static int set_local_name(struct sock *sk, u16 index, void *data,
2126 struct mgmt_cp_set_local_name *mgmt_cp = data;
2127 struct hci_cp_write_local_name hci_cp;
2128 struct hci_dev *hdev;
2129 struct pending_cmd *cmd;
2134 if (len != sizeof(*mgmt_cp))
2135 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2136 MGMT_STATUS_INVALID_PARAMS);
2138 hdev = hci_dev_get(index);
2140 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2141 MGMT_STATUS_INVALID_PARAMS);
2145 if (!hdev_is_powered(hdev)) {
2146 err = cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2147 MGMT_STATUS_NOT_POWERED);
2151 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
2158 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2159 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2162 mgmt_pending_remove(cmd);
2165 hci_dev_unlock(hdev);
2171 static int read_local_oob_data(struct sock *sk, u16 index)
2173 struct hci_dev *hdev;
2174 struct pending_cmd *cmd;
2177 BT_DBG("hci%u", index);
2179 hdev = hci_dev_get(index);
2181 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2182 MGMT_STATUS_INVALID_PARAMS);
2186 if (!hdev_is_powered(hdev)) {
2187 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2188 MGMT_STATUS_NOT_POWERED);
2192 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2193 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2194 MGMT_STATUS_NOT_SUPPORTED);
2198 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2199 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2204 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2210 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2212 mgmt_pending_remove(cmd);
2215 hci_dev_unlock(hdev);
2221 static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
2224 struct hci_dev *hdev;
2225 struct mgmt_cp_add_remote_oob_data *cp = data;
2229 BT_DBG("hci%u ", index);
2231 if (len != sizeof(*cp))
2232 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2233 MGMT_STATUS_INVALID_PARAMS);
2235 hdev = hci_dev_get(index);
2237 return cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2238 MGMT_STATUS_INVALID_PARAMS,
2239 &cp->addr, sizeof(cp->addr));
2243 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2246 status = MGMT_STATUS_FAILED;
2250 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2251 &cp->addr, sizeof(cp->addr));
2253 hci_dev_unlock(hdev);
2259 static int remove_remote_oob_data(struct sock *sk, u16 index,
2260 void *data, u16 len)
2262 struct hci_dev *hdev;
2263 struct mgmt_cp_remove_remote_oob_data *cp = data;
2267 BT_DBG("hci%u ", index);
2269 if (len != sizeof(*cp))
2270 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2271 MGMT_STATUS_INVALID_PARAMS);
2273 hdev = hci_dev_get(index);
2275 return cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2276 MGMT_STATUS_INVALID_PARAMS,
2277 &cp->addr, sizeof(cp->addr));
2281 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2283 status = MGMT_STATUS_INVALID_PARAMS;
2287 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, status,
2288 &cp->addr, sizeof(cp->addr));
2290 hci_dev_unlock(hdev);
2296 static int discovery(struct hci_dev *hdev)
2300 if (lmp_host_le_capable(hdev)) {
2301 if (lmp_bredr_capable(hdev)) {
2302 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2303 LE_SCAN_INT, LE_SCAN_WIN,
2304 LE_SCAN_TIMEOUT_BREDR_LE);
2306 hdev->discovery.type = DISCOV_TYPE_LE;
2307 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2308 LE_SCAN_INT, LE_SCAN_WIN,
2309 LE_SCAN_TIMEOUT_LE_ONLY);
2312 hdev->discovery.type = DISCOV_TYPE_BREDR;
2313 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2319 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2323 BT_DBG("%s", hdev->name);
2327 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2329 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2331 hci_dev_unlock(hdev);
2336 static int start_discovery(struct sock *sk, u16 index,
2337 void *data, u16 len)
2339 struct mgmt_cp_start_discovery *cp = data;
2340 struct pending_cmd *cmd;
2341 struct hci_dev *hdev;
2344 BT_DBG("hci%u", index);
2346 if (len != sizeof(*cp))
2347 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2348 MGMT_STATUS_INVALID_PARAMS);
2350 hdev = hci_dev_get(index);
2352 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2353 MGMT_STATUS_INVALID_PARAMS);
2357 if (!hdev_is_powered(hdev)) {
2358 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2359 MGMT_STATUS_NOT_POWERED);
2363 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2364 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2369 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2375 hdev->discovery.type = cp->type;
2377 switch (hdev->discovery.type) {
2378 case DISCOV_TYPE_BREDR:
2379 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2382 case DISCOV_TYPE_LE:
2383 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2384 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2387 case DISCOV_TYPE_INTERLEAVED:
2388 err = discovery(hdev);
2396 mgmt_pending_remove(cmd);
2398 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2401 hci_dev_unlock(hdev);
2407 static int stop_discovery(struct sock *sk, u16 index, void *data, u16 len)
2409 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2410 struct hci_dev *hdev;
2411 struct pending_cmd *cmd;
2412 struct hci_cp_remote_name_req_cancel cp;
2413 struct inquiry_entry *e;
2416 BT_DBG("hci%u", index);
2418 if (len != sizeof(*mgmt_cp))
2419 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2420 MGMT_STATUS_INVALID_PARAMS);
2422 hdev = hci_dev_get(index);
2424 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2425 MGMT_STATUS_INVALID_PARAMS);
2429 if (!hci_discovery_active(hdev)) {
2430 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2431 MGMT_STATUS_REJECTED,
2432 &mgmt_cp->type, sizeof(mgmt_cp->type));
2436 if (hdev->discovery.type != mgmt_cp->type) {
2437 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2438 MGMT_STATUS_INVALID_PARAMS,
2439 &mgmt_cp->type, sizeof(mgmt_cp->type));
2443 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2449 if (hdev->discovery.state == DISCOVERY_FINDING) {
2450 err = hci_cancel_inquiry(hdev);
2452 mgmt_pending_remove(cmd);
2454 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2458 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2460 mgmt_pending_remove(cmd);
2461 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0,
2462 &mgmt_cp->type, sizeof(mgmt_cp->type));
2463 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2467 bacpy(&cp.bdaddr, &e->data.bdaddr);
2468 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2471 mgmt_pending_remove(cmd);
2473 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2476 hci_dev_unlock(hdev);
2482 static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
2484 struct mgmt_cp_confirm_name *cp = data;
2485 struct inquiry_entry *e;
2486 struct hci_dev *hdev;
2489 BT_DBG("hci%u", index);
2491 if (len != sizeof(*cp))
2492 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2493 MGMT_STATUS_INVALID_PARAMS);
2495 hdev = hci_dev_get(index);
2497 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2498 MGMT_STATUS_INVALID_PARAMS);
2502 if (!hci_discovery_active(hdev)) {
2503 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2504 MGMT_STATUS_FAILED);
2508 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2510 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2511 MGMT_STATUS_INVALID_PARAMS);
2515 if (cp->name_known) {
2516 e->name_state = NAME_KNOWN;
2519 e->name_state = NAME_NEEDED;
2520 hci_inquiry_cache_update_resolve(hdev, e);
2526 hci_dev_unlock(hdev);
2531 static int block_device(struct sock *sk, u16 index, void *data, u16 len)
2533 struct hci_dev *hdev;
2534 struct mgmt_cp_block_device *cp = data;
2538 BT_DBG("hci%u", index);
2540 if (len != sizeof(*cp))
2541 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2542 MGMT_STATUS_INVALID_PARAMS);
2544 hdev = hci_dev_get(index);
2546 return cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2547 MGMT_STATUS_INVALID_PARAMS,
2548 &cp->addr, sizeof(cp->addr));
2552 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2554 status = MGMT_STATUS_FAILED;
2558 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, status,
2559 &cp->addr, sizeof(cp->addr));
2561 hci_dev_unlock(hdev);
2567 static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
2569 struct hci_dev *hdev;
2570 struct mgmt_cp_unblock_device *cp = data;
2574 BT_DBG("hci%u", index);
2576 if (len != sizeof(*cp))
2577 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2578 MGMT_STATUS_INVALID_PARAMS);
2580 hdev = hci_dev_get(index);
2582 return cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2583 MGMT_STATUS_INVALID_PARAMS,
2584 &cp->addr, sizeof(cp->addr));
2588 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2590 status = MGMT_STATUS_INVALID_PARAMS;
2594 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, status,
2595 &cp->addr, sizeof(cp->addr));
2597 hci_dev_unlock(hdev);
2603 static int set_fast_connectable(struct sock *sk, u16 index,
2604 void *data, u16 len)
2606 struct hci_dev *hdev;
2607 struct mgmt_mode *cp = data;
2608 struct hci_cp_write_page_scan_activity acp;
2612 BT_DBG("hci%u", index);
2614 if (len != sizeof(*cp))
2615 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2616 MGMT_STATUS_INVALID_PARAMS);
2618 hdev = hci_dev_get(index);
2620 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2621 MGMT_STATUS_INVALID_PARAMS);
2622 if (!hdev_is_powered(hdev))
2623 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2624 MGMT_STATUS_NOT_POWERED);
2626 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2627 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2628 MGMT_STATUS_REJECTED);
2633 type = PAGE_SCAN_TYPE_INTERLACED;
2634 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2636 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2637 acp.interval = 0x0800; /* default 1.28 sec page scan */
2640 acp.window = 0x0012; /* default 11.25 msec page scan window */
2642 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2645 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2646 MGMT_STATUS_FAILED);
2650 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2652 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2653 MGMT_STATUS_FAILED);
2657 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2660 hci_dev_unlock(hdev);
2666 static int load_long_term_keys(struct sock *sk, u16 index,
2667 void *cp_data, u16 len)
2669 struct hci_dev *hdev;
2670 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2671 u16 key_count, expected_len;
2674 if (len < sizeof(*cp))
2675 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2678 key_count = get_unaligned_le16(&cp->key_count);
2680 expected_len = sizeof(*cp) + key_count *
2681 sizeof(struct mgmt_ltk_info);
2682 if (expected_len != len) {
2683 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2685 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2689 hdev = hci_dev_get(index);
2691 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2694 BT_DBG("hci%u key_count %u", index, key_count);
2698 hci_smp_ltks_clear(hdev);
2700 for (i = 0; i < key_count; i++) {
2701 struct mgmt_ltk_info *key = &cp->keys[i];
2707 type = HCI_SMP_LTK_SLAVE;
2709 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2710 type, 0, key->authenticated, key->val,
2711 key->enc_size, key->ediv, key->rand);
2714 hci_dev_unlock(hdev);
2720 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2724 struct mgmt_hdr *hdr;
2725 u16 opcode, index, len;
2728 BT_DBG("got %zu bytes", msglen);
2730 if (msglen < sizeof(*hdr))
2733 buf = kmalloc(msglen, GFP_KERNEL);
2737 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2743 opcode = get_unaligned_le16(&hdr->opcode);
2744 index = get_unaligned_le16(&hdr->index);
2745 len = get_unaligned_le16(&hdr->len);
2747 if (len != msglen - sizeof(*hdr)) {
2752 cp = buf + sizeof(*hdr);
2755 case MGMT_OP_READ_VERSION:
2756 err = read_version(sk);
2758 case MGMT_OP_READ_COMMANDS:
2759 err = read_commands(sk);
2761 case MGMT_OP_READ_INDEX_LIST:
2762 err = read_index_list(sk);
2764 case MGMT_OP_READ_INFO:
2765 err = read_controller_info(sk, index);
2767 case MGMT_OP_SET_POWERED:
2768 err = set_powered(sk, index, cp, len);
2770 case MGMT_OP_SET_DISCOVERABLE:
2771 err = set_discoverable(sk, index, cp, len);
2773 case MGMT_OP_SET_CONNECTABLE:
2774 err = set_connectable(sk, index, cp, len);
2776 case MGMT_OP_SET_FAST_CONNECTABLE:
2777 err = set_fast_connectable(sk, index, cp, len);
2779 case MGMT_OP_SET_PAIRABLE:
2780 err = set_pairable(sk, index, cp, len);
2782 case MGMT_OP_SET_LINK_SECURITY:
2783 err = set_link_security(sk, index, cp, len);
2785 case MGMT_OP_SET_SSP:
2786 err = set_ssp(sk, index, cp, len);
2788 case MGMT_OP_SET_HS:
2789 err = set_hs(sk, index, cp, len);
2791 case MGMT_OP_ADD_UUID:
2792 err = add_uuid(sk, index, cp, len);
2794 case MGMT_OP_REMOVE_UUID:
2795 err = remove_uuid(sk, index, cp, len);
2797 case MGMT_OP_SET_DEV_CLASS:
2798 err = set_dev_class(sk, index, cp, len);
2800 case MGMT_OP_LOAD_LINK_KEYS:
2801 err = load_link_keys(sk, index, cp, len);
2803 case MGMT_OP_DISCONNECT:
2804 err = disconnect(sk, index, cp, len);
2806 case MGMT_OP_GET_CONNECTIONS:
2807 err = get_connections(sk, index);
2809 case MGMT_OP_PIN_CODE_REPLY:
2810 err = pin_code_reply(sk, index, cp, len);
2812 case MGMT_OP_PIN_CODE_NEG_REPLY:
2813 err = pin_code_neg_reply(sk, index, cp, len);
2815 case MGMT_OP_SET_IO_CAPABILITY:
2816 err = set_io_capability(sk, index, cp, len);
2818 case MGMT_OP_PAIR_DEVICE:
2819 err = pair_device(sk, index, cp, len);
2821 case MGMT_OP_CANCEL_PAIR_DEVICE:
2822 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2824 case MGMT_OP_UNPAIR_DEVICE:
2825 err = unpair_device(sk, index, cp, len);
2827 case MGMT_OP_USER_CONFIRM_REPLY:
2828 err = user_confirm_reply(sk, index, cp, len);
2830 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2831 err = user_confirm_neg_reply(sk, index, cp, len);
2833 case MGMT_OP_USER_PASSKEY_REPLY:
2834 err = user_passkey_reply(sk, index, cp, len);
2836 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2837 err = user_passkey_neg_reply(sk, index, cp, len);
2839 case MGMT_OP_SET_LOCAL_NAME:
2840 err = set_local_name(sk, index, cp, len);
2842 case MGMT_OP_READ_LOCAL_OOB_DATA:
2843 err = read_local_oob_data(sk, index);
2845 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2846 err = add_remote_oob_data(sk, index, cp, len);
2848 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2849 err = remove_remote_oob_data(sk, index, cp, len);
2851 case MGMT_OP_START_DISCOVERY:
2852 err = start_discovery(sk, index, cp, len);
2854 case MGMT_OP_STOP_DISCOVERY:
2855 err = stop_discovery(sk, index, cp, len);
2857 case MGMT_OP_CONFIRM_NAME:
2858 err = confirm_name(sk, index, cp, len);
2860 case MGMT_OP_BLOCK_DEVICE:
2861 err = block_device(sk, index, cp, len);
2863 case MGMT_OP_UNBLOCK_DEVICE:
2864 err = unblock_device(sk, index, cp, len);
2866 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2867 err = load_long_term_keys(sk, index, cp, len);
2870 BT_DBG("Unknown op %u", opcode);
2871 err = cmd_status(sk, index, opcode,
2872 MGMT_STATUS_UNKNOWN_COMMAND);
2886 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2890 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2891 mgmt_pending_remove(cmd);
2894 int mgmt_index_added(struct hci_dev *hdev)
2896 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2899 int mgmt_index_removed(struct hci_dev *hdev)
2903 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2905 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2910 struct hci_dev *hdev;
2913 static void settings_rsp(struct pending_cmd *cmd, void *data)
2915 struct cmd_lookup *match = data;
2917 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2919 list_del(&cmd->list);
2921 if (match->sk == NULL) {
2922 match->sk = cmd->sk;
2923 sock_hold(match->sk);
2926 mgmt_pending_free(cmd);
2929 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2931 struct cmd_lookup match = { NULL, hdev };
2934 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2937 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2942 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2944 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2945 scan |= SCAN_INQUIRY;
2948 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2950 u8 status = ENETDOWN;
2951 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2954 err = new_settings(hdev, match.sk);
2962 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2964 struct cmd_lookup match = { NULL, hdev };
2965 bool changed = false;
2969 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2972 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2976 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2980 err = new_settings(hdev, match.sk);
2988 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2990 struct cmd_lookup match = { NULL, hdev };
2991 bool changed = false;
2995 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2998 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3002 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3006 err = new_settings(hdev, match.sk);
3014 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3016 u8 mgmt_err = mgmt_status(status);
3018 if (scan & SCAN_PAGE)
3019 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3020 cmd_status_rsp, &mgmt_err);
3022 if (scan & SCAN_INQUIRY)
3023 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3024 cmd_status_rsp, &mgmt_err);
3029 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3032 struct mgmt_ev_new_link_key ev;
3034 memset(&ev, 0, sizeof(ev));
3036 ev.store_hint = persistent;
3037 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3038 ev.key.addr.type = MGMT_ADDR_BREDR;
3039 ev.key.type = key->type;
3040 memcpy(ev.key.val, key->val, 16);
3041 ev.key.pin_len = key->pin_len;
3043 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3046 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3048 struct mgmt_ev_new_long_term_key ev;
3050 memset(&ev, 0, sizeof(ev));
3052 ev.store_hint = persistent;
3053 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3054 ev.key.addr.type = key->bdaddr_type;
3055 ev.key.authenticated = key->authenticated;
3056 ev.key.enc_size = key->enc_size;
3057 ev.key.ediv = key->ediv;
3059 if (key->type == HCI_SMP_LTK)
3062 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3063 memcpy(ev.key.val, key->val, sizeof(key->val));
3065 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
3066 &ev, sizeof(ev), NULL);
3069 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3070 u8 addr_type, u8 *name, u8 name_len,
3074 struct mgmt_ev_device_connected *ev = (void *) buf;
3077 bacpy(&ev->addr.bdaddr, bdaddr);
3078 ev->addr.type = link_to_mgmt(link_type, addr_type);
3081 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3084 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3085 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
3086 EIR_CLASS_OF_DEV, dev_class, 3);
3088 put_unaligned_le16(eir_len, &ev->eir_len);
3090 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3091 sizeof(*ev) + eir_len, NULL);
3094 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3096 struct mgmt_cp_disconnect *cp = cmd->param;
3097 struct sock **sk = data;
3098 struct mgmt_rp_disconnect rp;
3100 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3101 rp.addr.type = cp->addr.type;
3103 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3109 mgmt_pending_remove(cmd);
3112 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3114 struct hci_dev *hdev = data;
3115 struct mgmt_cp_unpair_device *cp = cmd->param;
3116 struct mgmt_rp_unpair_device rp;
3118 memset(&rp, 0, sizeof(rp));
3119 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3120 rp.addr.type = cp->addr.type;
3122 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3124 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3126 mgmt_pending_remove(cmd);
3129 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3130 u8 link_type, u8 addr_type)
3132 struct mgmt_addr_info ev;
3133 struct sock *sk = NULL;
3136 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3138 bacpy(&ev.bdaddr, bdaddr);
3139 ev.type = link_to_mgmt(link_type, addr_type);
3141 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3147 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3153 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3154 u8 link_type, u8 addr_type, u8 status)
3156 struct mgmt_rp_disconnect rp;
3157 struct pending_cmd *cmd;
3160 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3164 bacpy(&rp.addr.bdaddr, bdaddr);
3165 rp.addr.type = link_to_mgmt(link_type, addr_type);
3167 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3168 mgmt_status(status), &rp, sizeof(rp));
3170 mgmt_pending_remove(cmd);
3172 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3177 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3178 u8 addr_type, u8 status)
3180 struct mgmt_ev_connect_failed ev;
3182 bacpy(&ev.addr.bdaddr, bdaddr);
3183 ev.addr.type = link_to_mgmt(link_type, addr_type);
3184 ev.status = mgmt_status(status);
3186 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3189 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3191 struct mgmt_ev_pin_code_request ev;
3193 bacpy(&ev.addr.bdaddr, bdaddr);
3194 ev.addr.type = MGMT_ADDR_BREDR;
3197 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3201 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3204 struct pending_cmd *cmd;
3205 struct mgmt_rp_pin_code_reply rp;
3208 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3212 bacpy(&rp.addr.bdaddr, bdaddr);
3213 rp.addr.type = MGMT_ADDR_BREDR;
3215 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3216 mgmt_status(status), &rp, sizeof(rp));
3218 mgmt_pending_remove(cmd);
3223 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3226 struct pending_cmd *cmd;
3227 struct mgmt_rp_pin_code_reply rp;
3230 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3234 bacpy(&rp.addr.bdaddr, bdaddr);
3235 rp.addr.type = MGMT_ADDR_BREDR;
3237 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3238 mgmt_status(status), &rp, sizeof(rp));
3240 mgmt_pending_remove(cmd);
3245 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3246 u8 link_type, u8 addr_type, __le32 value,
3249 struct mgmt_ev_user_confirm_request ev;
3251 BT_DBG("%s", hdev->name);
3253 bacpy(&ev.addr.bdaddr, bdaddr);
3254 ev.addr.type = link_to_mgmt(link_type, addr_type);
3255 ev.confirm_hint = confirm_hint;
3256 put_unaligned_le32(value, &ev.value);
3258 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3262 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3263 u8 link_type, u8 addr_type)
3265 struct mgmt_ev_user_passkey_request ev;
3267 BT_DBG("%s", hdev->name);
3269 bacpy(&ev.addr.bdaddr, bdaddr);
3270 ev.addr.type = link_to_mgmt(link_type, addr_type);
3272 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3276 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3277 u8 link_type, u8 addr_type, u8 status,
3280 struct pending_cmd *cmd;
3281 struct mgmt_rp_user_confirm_reply rp;
3284 cmd = mgmt_pending_find(opcode, hdev);
3288 bacpy(&rp.addr.bdaddr, bdaddr);
3289 rp.addr.type = link_to_mgmt(link_type, addr_type);
3290 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3293 mgmt_pending_remove(cmd);
3298 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3299 u8 link_type, u8 addr_type, u8 status)
3301 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3302 status, MGMT_OP_USER_CONFIRM_REPLY);
3305 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3306 u8 link_type, u8 addr_type, u8 status)
3308 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3309 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
3312 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3313 u8 link_type, u8 addr_type, u8 status)
3315 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3316 status, MGMT_OP_USER_PASSKEY_REPLY);
3319 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3320 u8 link_type, u8 addr_type, u8 status)
3322 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3323 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
3326 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3327 u8 addr_type, u8 status)
3329 struct mgmt_ev_auth_failed ev;
3331 bacpy(&ev.addr.bdaddr, bdaddr);
3332 ev.addr.type = link_to_mgmt(link_type, addr_type);
3333 ev.status = mgmt_status(status);
3335 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3338 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3340 struct cmd_lookup match = { NULL, hdev };
3344 u8 mgmt_err = mgmt_status(status);
3345 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3346 cmd_status_rsp, &mgmt_err);
3350 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3353 err = new_settings(hdev, match.sk);
3361 static int clear_eir(struct hci_dev *hdev)
3363 struct hci_cp_write_eir cp;
3365 if (!(hdev->features[6] & LMP_EXT_INQ))
3368 memset(&cp, 0, sizeof(cp));
3370 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3373 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 status)
3375 struct cmd_lookup match = { NULL, hdev };
3379 u8 mgmt_err = mgmt_status(status);
3380 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3381 cmd_status_rsp, &mgmt_err);
3385 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3387 err = new_settings(hdev, match.sk);
3392 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3401 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3403 struct pending_cmd *cmd;
3404 struct mgmt_cp_set_local_name ev;
3407 memset(&ev, 0, sizeof(ev));
3408 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3410 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3415 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3416 mgmt_status(status));
3422 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3428 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
3429 cmd ? cmd->sk : NULL);
3433 mgmt_pending_remove(cmd);
3437 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3438 u8 *randomizer, u8 status)
3440 struct pending_cmd *cmd;
3443 BT_DBG("%s status %u", hdev->name, status);
3445 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3450 err = cmd_status(cmd->sk, hdev->id,
3451 MGMT_OP_READ_LOCAL_OOB_DATA,
3452 mgmt_status(status));
3454 struct mgmt_rp_read_local_oob_data rp;
3456 memcpy(rp.hash, hash, sizeof(rp.hash));
3457 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3459 err = cmd_complete(cmd->sk, hdev->id,
3460 MGMT_OP_READ_LOCAL_OOB_DATA,
3461 0, &rp, sizeof(rp));
3464 mgmt_pending_remove(cmd);
3469 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3470 u8 addr_type, u8 *dev_class, s8 rssi,
3471 u8 cfm_name, u8 *eir, u16 eir_len)
3474 struct mgmt_ev_device_found *ev = (void *) buf;
3477 /* Leave 5 bytes for a potential CoD field */
3478 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3481 memset(buf, 0, sizeof(buf));
3483 bacpy(&ev->addr.bdaddr, bdaddr);
3484 ev->addr.type = link_to_mgmt(link_type, addr_type);
3486 ev->confirm_name = cfm_name;
3489 memcpy(ev->eir, eir, eir_len);
3491 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3492 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3495 put_unaligned_le16(eir_len, &ev->eir_len);
3497 ev_size = sizeof(*ev) + eir_len;
3499 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3502 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3503 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3505 struct mgmt_ev_device_found *ev;
3506 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3509 ev = (struct mgmt_ev_device_found *) buf;
3511 memset(buf, 0, sizeof(buf));
3513 bacpy(&ev->addr.bdaddr, bdaddr);
3514 ev->addr.type = link_to_mgmt(link_type, addr_type);
3517 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3520 put_unaligned_le16(eir_len, &ev->eir_len);
3522 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3523 sizeof(*ev) + eir_len, NULL);
3526 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3528 struct pending_cmd *cmd;
3532 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3534 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3538 type = hdev->discovery.type;
3540 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3541 &type, sizeof(type));
3542 mgmt_pending_remove(cmd);
3547 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3549 struct pending_cmd *cmd;
3552 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3556 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3557 &hdev->discovery.type,
3558 sizeof(hdev->discovery.type));
3559 mgmt_pending_remove(cmd);
3564 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3566 struct mgmt_ev_discovering ev;
3567 struct pending_cmd *cmd;
3569 BT_DBG("%s discovering %u", hdev->name, discovering);
3572 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3574 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3577 u8 type = hdev->discovery.type;
3579 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
3580 &type, sizeof(type));
3581 mgmt_pending_remove(cmd);
3584 memset(&ev, 0, sizeof(ev));
3585 ev.type = hdev->discovery.type;
3586 ev.discovering = discovering;
3588 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3591 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3593 struct pending_cmd *cmd;
3594 struct mgmt_ev_device_blocked ev;
3596 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3598 bacpy(&ev.addr.bdaddr, bdaddr);
3599 ev.addr.type = type;
3601 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3602 cmd ? cmd->sk : NULL);
3605 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3607 struct pending_cmd *cmd;
3608 struct mgmt_ev_device_unblocked ev;
3610 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3612 bacpy(&ev.addr.bdaddr, bdaddr);
3613 ev.addr.type = type;
3615 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3616 cmd ? cmd->sk : NULL);
3619 module_param(enable_hs, bool, 0644);
3620 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3622 module_param(enable_le, bool, 0644);
3623 MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
projects / mv-sheeva.git / blob