2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 2
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
81 static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102 MGMT_EV_PASSKEY_NOTIFY,
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
109 #define LE_SCAN_TYPE 0x01
110 #define LE_SCAN_WIN 0x12
111 #define LE_SCAN_INT 0x12
112 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
113 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
115 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
118 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
120 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124 struct list_head list;
132 /* HCI to MGMT error code conversion table */
133 static u8 mgmt_status_table[] = {
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
197 bool mgmt_valid_hdev(struct hci_dev *hdev)
199 return hdev->dev_type == HCI_BREDR;
202 static u8 mgmt_status(u8 hci_status)
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
207 return MGMT_STATUS_FAILED;
210 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
226 hdr->index = cpu_to_le16(index);
227 hdr->len = cpu_to_le16(sizeof(*ev));
229 ev = (void *) skb_put(skb, sizeof(*ev));
231 ev->opcode = cpu_to_le16(cmd);
233 err = sock_queue_rcv_skb(sk, skb);
240 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 void *rp, size_t rp_len)
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
248 BT_DBG("sock %p", sk);
250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
257 hdr->index = cpu_to_le16(index);
258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
261 ev->opcode = cpu_to_le16(cmd);
265 memcpy(ev->data, rp, rp_len);
267 err = sock_queue_rcv_skb(sk, skb);
274 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
277 struct mgmt_rp_read_version rp;
279 BT_DBG("sock %p", sk);
281 rp.version = MGMT_VERSION;
282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
288 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
291 struct mgmt_rp_read_commands *rp;
292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
298 BT_DBG("sock %p", sk);
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
302 rp = kmalloc(rp_size, GFP_KERNEL);
306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
322 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
325 struct mgmt_rp_read_index_list *rp;
331 BT_DBG("sock %p", sk);
333 read_lock(&hci_dev_list_lock);
336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
346 read_unlock(&hci_dev_list_lock);
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (test_bit(HCI_SETUP, &d->dev_flags))
355 if (!mgmt_valid_hdev(d))
358 rp->index[count++] = cpu_to_le16(d->id);
359 BT_DBG("Added hci%u", d->id);
362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
365 read_unlock(&hci_dev_list_lock);
367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
375 static u32 get_supported_settings(struct hci_dev *hdev)
379 settings |= MGMT_SETTING_POWERED;
380 settings |= MGMT_SETTING_PAIRABLE;
382 if (lmp_ssp_capable(hdev))
383 settings |= MGMT_SETTING_SSP;
385 if (lmp_bredr_capable(hdev)) {
386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
394 settings |= MGMT_SETTING_HS;
396 if (lmp_le_capable(hdev))
397 settings |= MGMT_SETTING_LE;
402 static u32 get_current_settings(struct hci_dev *hdev)
406 if (hdev_is_powered(hdev))
407 settings |= MGMT_SETTING_POWERED;
409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
410 settings |= MGMT_SETTING_CONNECTABLE;
412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_DISCOVERABLE;
415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
416 settings |= MGMT_SETTING_PAIRABLE;
418 if (lmp_bredr_capable(hdev))
419 settings |= MGMT_SETTING_BREDR;
421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
422 settings |= MGMT_SETTING_LE;
424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
425 settings |= MGMT_SETTING_LINK_SECURITY;
427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
428 settings |= MGMT_SETTING_SSP;
430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
436 #define PNP_INFO_SVCLASS_ID 0x1200
438 static u8 bluetooth_base_uuid[] = {
439 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
440 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
443 static u16 get_uuid16(u8 *uuid128)
448 for (i = 0; i < 12; i++) {
449 if (bluetooth_base_uuid[i] != uuid128[i])
453 val = get_unaligned_le32(&uuid128[12]);
460 static void create_eir(struct hci_dev *hdev, u8 *data)
464 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
465 int i, truncated = 0;
466 struct bt_uuid *uuid;
469 name_len = strlen(hdev->dev_name);
475 ptr[1] = EIR_NAME_SHORT;
477 ptr[1] = EIR_NAME_COMPLETE;
479 /* EIR Data length */
480 ptr[0] = name_len + 1;
482 memcpy(ptr + 2, hdev->dev_name, name_len);
484 eir_len += (name_len + 2);
485 ptr += (name_len + 2);
488 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
490 ptr[1] = EIR_TX_POWER;
491 ptr[2] = (u8) hdev->inq_tx_power;
497 if (hdev->devid_source > 0) {
499 ptr[1] = EIR_DEVICE_ID;
501 put_unaligned_le16(hdev->devid_source, ptr + 2);
502 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
503 put_unaligned_le16(hdev->devid_product, ptr + 6);
504 put_unaligned_le16(hdev->devid_version, ptr + 8);
510 memset(uuid16_list, 0, sizeof(uuid16_list));
512 /* Group all UUID16 types */
513 list_for_each_entry(uuid, &hdev->uuids, list) {
516 uuid16 = get_uuid16(uuid->uuid);
523 if (uuid16 == PNP_INFO_SVCLASS_ID)
526 /* Stop if not enough space to put next UUID */
527 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
532 /* Check for duplicates */
533 for (i = 0; uuid16_list[i] != 0; i++)
534 if (uuid16_list[i] == uuid16)
537 if (uuid16_list[i] == 0) {
538 uuid16_list[i] = uuid16;
539 eir_len += sizeof(u16);
543 if (uuid16_list[0] != 0) {
547 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
552 for (i = 0; uuid16_list[i] != 0; i++) {
553 *ptr++ = (uuid16_list[i] & 0x00ff);
554 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
557 /* EIR Data length */
558 *length = (i * sizeof(u16)) + 1;
562 static int update_eir(struct hci_dev *hdev)
564 struct hci_cp_write_eir cp;
566 if (!hdev_is_powered(hdev))
569 if (!lmp_ext_inq_capable(hdev))
572 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
575 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
578 memset(&cp, 0, sizeof(cp));
580 create_eir(hdev, cp.data);
582 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
585 memcpy(hdev->eir, cp.data, sizeof(cp.data));
587 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
590 static u8 get_service_classes(struct hci_dev *hdev)
592 struct bt_uuid *uuid;
595 list_for_each_entry(uuid, &hdev->uuids, list)
596 val |= uuid->svc_hint;
601 static int update_class(struct hci_dev *hdev)
606 BT_DBG("%s", hdev->name);
608 if (!hdev_is_powered(hdev))
611 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
614 cod[0] = hdev->minor_class;
615 cod[1] = hdev->major_class;
616 cod[2] = get_service_classes(hdev);
618 if (memcmp(cod, hdev->dev_class, 3) == 0)
621 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
623 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
628 static void service_cache_off(struct work_struct *work)
630 struct hci_dev *hdev = container_of(work, struct hci_dev,
633 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
641 hci_dev_unlock(hdev);
644 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
646 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
649 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
651 /* Non-mgmt controlled devices get this bit set
652 * implicitly so that pairing works for them, however
653 * for mgmt we require user-space to explicitly enable
656 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
659 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
660 void *data, u16 data_len)
662 struct mgmt_rp_read_info rp;
664 BT_DBG("sock %p %s", sk, hdev->name);
668 memset(&rp, 0, sizeof(rp));
670 bacpy(&rp.bdaddr, &hdev->bdaddr);
672 rp.version = hdev->hci_ver;
673 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
675 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
676 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
678 memcpy(rp.dev_class, hdev->dev_class, 3);
680 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
681 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
683 hci_dev_unlock(hdev);
685 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
689 static void mgmt_pending_free(struct pending_cmd *cmd)
696 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
697 struct hci_dev *hdev, void *data,
700 struct pending_cmd *cmd;
702 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
706 cmd->opcode = opcode;
707 cmd->index = hdev->id;
709 cmd->param = kmalloc(len, GFP_KERNEL);
716 memcpy(cmd->param, data, len);
721 list_add(&cmd->list, &hdev->mgmt_pending);
726 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
727 void (*cb)(struct pending_cmd *cmd,
731 struct list_head *p, *n;
733 list_for_each_safe(p, n, &hdev->mgmt_pending) {
734 struct pending_cmd *cmd;
736 cmd = list_entry(p, struct pending_cmd, list);
738 if (opcode > 0 && cmd->opcode != opcode)
745 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
747 struct pending_cmd *cmd;
749 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
750 if (cmd->opcode == opcode)
757 static void mgmt_pending_remove(struct pending_cmd *cmd)
759 list_del(&cmd->list);
760 mgmt_pending_free(cmd);
763 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
765 __le32 settings = cpu_to_le32(get_current_settings(hdev));
767 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
771 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
774 struct mgmt_mode *cp = data;
775 struct pending_cmd *cmd;
778 BT_DBG("request for %s", hdev->name);
782 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
783 cancel_delayed_work(&hdev->power_off);
786 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
787 mgmt_powered(hdev, 1);
792 if (!!cp->val == hdev_is_powered(hdev)) {
793 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
797 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
798 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
803 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
810 schedule_work(&hdev->power_on);
812 schedule_work(&hdev->power_off.work);
817 hci_dev_unlock(hdev);
821 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
822 struct sock *skip_sk)
825 struct mgmt_hdr *hdr;
827 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
831 hdr = (void *) skb_put(skb, sizeof(*hdr));
832 hdr->opcode = cpu_to_le16(event);
834 hdr->index = cpu_to_le16(hdev->id);
836 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
837 hdr->len = cpu_to_le16(data_len);
840 memcpy(skb_put(skb, data_len), data, data_len);
843 __net_timestamp(skb);
845 hci_send_to_control(skb, skip_sk);
851 static int new_settings(struct hci_dev *hdev, struct sock *skip)
855 ev = cpu_to_le32(get_current_settings(hdev));
857 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
860 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
863 struct mgmt_cp_set_discoverable *cp = data;
864 struct pending_cmd *cmd;
869 BT_DBG("request for %s", hdev->name);
871 if (!lmp_bredr_capable(hdev))
872 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
873 MGMT_STATUS_NOT_SUPPORTED);
875 timeout = __le16_to_cpu(cp->timeout);
876 if (!cp->val && timeout > 0)
877 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
878 MGMT_STATUS_INVALID_PARAMS);
882 if (!hdev_is_powered(hdev) && timeout > 0) {
883 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
884 MGMT_STATUS_NOT_POWERED);
888 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
889 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
890 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
895 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
896 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
897 MGMT_STATUS_REJECTED);
901 if (!hdev_is_powered(hdev)) {
902 bool changed = false;
904 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
905 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
909 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
914 err = new_settings(hdev, sk);
919 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
920 if (hdev->discov_timeout > 0) {
921 cancel_delayed_work(&hdev->discov_off);
922 hdev->discov_timeout = 0;
925 if (cp->val && timeout > 0) {
926 hdev->discov_timeout = timeout;
927 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
928 msecs_to_jiffies(hdev->discov_timeout * 1000));
931 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
935 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
944 scan |= SCAN_INQUIRY;
946 cancel_delayed_work(&hdev->discov_off);
948 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
950 mgmt_pending_remove(cmd);
953 hdev->discov_timeout = timeout;
956 hci_dev_unlock(hdev);
960 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
963 struct mgmt_mode *cp = data;
964 struct pending_cmd *cmd;
968 BT_DBG("request for %s", hdev->name);
970 if (!lmp_bredr_capable(hdev))
971 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
972 MGMT_STATUS_NOT_SUPPORTED);
976 if (!hdev_is_powered(hdev)) {
977 bool changed = false;
979 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
983 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
985 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
986 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
989 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
994 err = new_settings(hdev, sk);
999 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1000 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1001 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1006 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1007 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1011 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1022 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1023 hdev->discov_timeout > 0)
1024 cancel_delayed_work(&hdev->discov_off);
1027 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1029 mgmt_pending_remove(cmd);
1032 hci_dev_unlock(hdev);
1036 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1039 struct mgmt_mode *cp = data;
1042 BT_DBG("request for %s", hdev->name);
1047 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1049 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1051 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1055 err = new_settings(hdev, sk);
1058 hci_dev_unlock(hdev);
1062 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1065 struct mgmt_mode *cp = data;
1066 struct pending_cmd *cmd;
1070 BT_DBG("request for %s", hdev->name);
1072 if (!lmp_bredr_capable(hdev))
1073 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1074 MGMT_STATUS_NOT_SUPPORTED);
1078 if (!hdev_is_powered(hdev)) {
1079 bool changed = false;
1081 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1082 &hdev->dev_flags)) {
1083 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1087 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1092 err = new_settings(hdev, sk);
1097 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1098 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1105 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1106 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1110 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1116 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1118 mgmt_pending_remove(cmd);
1123 hci_dev_unlock(hdev);
1127 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1129 struct mgmt_mode *cp = data;
1130 struct pending_cmd *cmd;
1134 BT_DBG("request for %s", hdev->name);
1138 if (!lmp_ssp_capable(hdev)) {
1139 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1140 MGMT_STATUS_NOT_SUPPORTED);
1146 if (!hdev_is_powered(hdev)) {
1147 bool changed = false;
1149 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1150 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1154 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1159 err = new_settings(hdev, sk);
1164 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1165 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1170 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1171 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1175 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1181 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1183 mgmt_pending_remove(cmd);
1188 hci_dev_unlock(hdev);
1192 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1194 struct mgmt_mode *cp = data;
1196 BT_DBG("request for %s", hdev->name);
1199 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1200 MGMT_STATUS_NOT_SUPPORTED);
1203 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1205 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1207 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1210 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1212 struct mgmt_mode *cp = data;
1213 struct hci_cp_write_le_host_supported hci_cp;
1214 struct pending_cmd *cmd;
1218 BT_DBG("request for %s", hdev->name);
1222 if (!lmp_le_capable(hdev)) {
1223 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1224 MGMT_STATUS_NOT_SUPPORTED);
1229 enabled = lmp_host_le_capable(hdev);
1231 if (!hdev_is_powered(hdev) || val == enabled) {
1232 bool changed = false;
1234 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1235 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1239 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1244 err = new_settings(hdev, sk);
1249 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1250 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1255 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1261 memset(&hci_cp, 0, sizeof(hci_cp));
1265 hci_cp.simul = lmp_le_br_capable(hdev);
1268 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1271 mgmt_pending_remove(cmd);
1274 hci_dev_unlock(hdev);
1278 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1280 struct mgmt_cp_add_uuid *cp = data;
1281 struct pending_cmd *cmd;
1282 struct bt_uuid *uuid;
1285 BT_DBG("request for %s", hdev->name);
1289 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1290 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1295 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1301 memcpy(uuid->uuid, cp->uuid, 16);
1302 uuid->svc_hint = cp->svc_hint;
1304 list_add(&uuid->list, &hdev->uuids);
1306 err = update_class(hdev);
1310 err = update_eir(hdev);
1314 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1315 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1316 hdev->dev_class, 3);
1320 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1325 hci_dev_unlock(hdev);
1329 static bool enable_service_cache(struct hci_dev *hdev)
1331 if (!hdev_is_powered(hdev))
1334 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1335 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1342 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1345 struct mgmt_cp_remove_uuid *cp = data;
1346 struct pending_cmd *cmd;
1347 struct list_head *p, *n;
1348 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1351 BT_DBG("request for %s", hdev->name);
1355 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1356 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1361 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1362 err = hci_uuids_clear(hdev);
1364 if (enable_service_cache(hdev)) {
1365 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1366 0, hdev->dev_class, 3);
1375 list_for_each_safe(p, n, &hdev->uuids) {
1376 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1378 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1381 list_del(&match->list);
1387 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1388 MGMT_STATUS_INVALID_PARAMS);
1393 err = update_class(hdev);
1397 err = update_eir(hdev);
1401 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1402 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1403 hdev->dev_class, 3);
1407 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1412 hci_dev_unlock(hdev);
1416 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1419 struct mgmt_cp_set_dev_class *cp = data;
1420 struct pending_cmd *cmd;
1423 BT_DBG("request for %s", hdev->name);
1427 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1428 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1433 hdev->major_class = cp->major;
1434 hdev->minor_class = cp->minor;
1436 if (!hdev_is_powered(hdev)) {
1437 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1438 hdev->dev_class, 3);
1442 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1443 hci_dev_unlock(hdev);
1444 cancel_delayed_work_sync(&hdev->service_cache);
1449 err = update_class(hdev);
1453 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1454 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1455 hdev->dev_class, 3);
1459 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1464 hci_dev_unlock(hdev);
1468 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1471 struct mgmt_cp_load_link_keys *cp = data;
1472 u16 key_count, expected_len;
1475 key_count = __le16_to_cpu(cp->key_count);
1477 expected_len = sizeof(*cp) + key_count *
1478 sizeof(struct mgmt_link_key_info);
1479 if (expected_len != len) {
1480 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1482 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1483 MGMT_STATUS_INVALID_PARAMS);
1486 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1491 hci_link_keys_clear(hdev);
1493 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1496 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1498 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1500 for (i = 0; i < key_count; i++) {
1501 struct mgmt_link_key_info *key = &cp->keys[i];
1503 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1504 key->type, key->pin_len);
1507 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1509 hci_dev_unlock(hdev);
1514 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1515 u8 addr_type, struct sock *skip_sk)
1517 struct mgmt_ev_device_unpaired ev;
1519 bacpy(&ev.addr.bdaddr, bdaddr);
1520 ev.addr.type = addr_type;
1522 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1526 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1529 struct mgmt_cp_unpair_device *cp = data;
1530 struct mgmt_rp_unpair_device rp;
1531 struct hci_cp_disconnect dc;
1532 struct pending_cmd *cmd;
1533 struct hci_conn *conn;
1538 memset(&rp, 0, sizeof(rp));
1539 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1540 rp.addr.type = cp->addr.type;
1542 if (!hdev_is_powered(hdev)) {
1543 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1544 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1548 if (cp->addr.type == BDADDR_BREDR)
1549 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1551 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1554 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1555 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1559 if (cp->disconnect) {
1560 if (cp->addr.type == BDADDR_BREDR)
1561 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1564 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1571 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1573 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1577 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1584 dc.handle = cpu_to_le16(conn->handle);
1585 dc.reason = 0x13; /* Remote User Terminated Connection */
1586 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1588 mgmt_pending_remove(cmd);
1591 hci_dev_unlock(hdev);
1595 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1598 struct mgmt_cp_disconnect *cp = data;
1599 struct hci_cp_disconnect dc;
1600 struct pending_cmd *cmd;
1601 struct hci_conn *conn;
1608 if (!test_bit(HCI_UP, &hdev->flags)) {
1609 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1610 MGMT_STATUS_NOT_POWERED);
1614 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1615 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1620 if (cp->addr.type == BDADDR_BREDR)
1621 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1624 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1626 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1627 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1628 MGMT_STATUS_NOT_CONNECTED);
1632 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1638 dc.handle = cpu_to_le16(conn->handle);
1639 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1641 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1643 mgmt_pending_remove(cmd);
1646 hci_dev_unlock(hdev);
1650 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1652 switch (link_type) {
1654 switch (addr_type) {
1655 case ADDR_LE_DEV_PUBLIC:
1656 return BDADDR_LE_PUBLIC;
1659 /* Fallback to LE Random address type */
1660 return BDADDR_LE_RANDOM;
1664 /* Fallback to BR/EDR type */
1665 return BDADDR_BREDR;
1669 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1672 struct mgmt_rp_get_connections *rp;
1682 if (!hdev_is_powered(hdev)) {
1683 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1684 MGMT_STATUS_NOT_POWERED);
1689 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1690 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1694 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1695 rp = kmalloc(rp_len, GFP_KERNEL);
1702 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1703 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1705 bacpy(&rp->addr[i].bdaddr, &c->dst);
1706 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1707 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1712 rp->conn_count = cpu_to_le16(i);
1714 /* Recalculate length in case of filtered SCO connections, etc */
1715 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1717 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1723 hci_dev_unlock(hdev);
1727 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1728 struct mgmt_cp_pin_code_neg_reply *cp)
1730 struct pending_cmd *cmd;
1733 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1738 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1739 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1741 mgmt_pending_remove(cmd);
1746 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1749 struct hci_conn *conn;
1750 struct mgmt_cp_pin_code_reply *cp = data;
1751 struct hci_cp_pin_code_reply reply;
1752 struct pending_cmd *cmd;
1759 if (!hdev_is_powered(hdev)) {
1760 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1761 MGMT_STATUS_NOT_POWERED);
1765 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1767 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1768 MGMT_STATUS_NOT_CONNECTED);
1772 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1773 struct mgmt_cp_pin_code_neg_reply ncp;
1775 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1777 BT_ERR("PIN code is not 16 bytes long");
1779 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1781 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1782 MGMT_STATUS_INVALID_PARAMS);
1787 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1793 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1794 reply.pin_len = cp->pin_len;
1795 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1797 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1799 mgmt_pending_remove(cmd);
1802 hci_dev_unlock(hdev);
1806 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1809 struct mgmt_cp_set_io_capability *cp = data;
1815 hdev->io_capability = cp->io_capability;
1817 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1818 hdev->io_capability);
1820 hci_dev_unlock(hdev);
1822 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1826 static struct pending_cmd *find_pairing(struct hci_conn *conn)
1828 struct hci_dev *hdev = conn->hdev;
1829 struct pending_cmd *cmd;
1831 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1832 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1835 if (cmd->user_data != conn)
1844 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1846 struct mgmt_rp_pair_device rp;
1847 struct hci_conn *conn = cmd->user_data;
1849 bacpy(&rp.addr.bdaddr, &conn->dst);
1850 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1852 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1855 /* So we don't get further callbacks for this connection */
1856 conn->connect_cfm_cb = NULL;
1857 conn->security_cfm_cb = NULL;
1858 conn->disconn_cfm_cb = NULL;
1862 mgmt_pending_remove(cmd);
1865 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1867 struct pending_cmd *cmd;
1869 BT_DBG("status %u", status);
1871 cmd = find_pairing(conn);
1873 BT_DBG("Unable to find a pending command");
1875 pairing_complete(cmd, mgmt_status(status));
1878 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1880 struct pending_cmd *cmd;
1882 BT_DBG("status %u", status);
1887 cmd = find_pairing(conn);
1889 BT_DBG("Unable to find a pending command");
1891 pairing_complete(cmd, mgmt_status(status));
1894 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1897 struct mgmt_cp_pair_device *cp = data;
1898 struct mgmt_rp_pair_device rp;
1899 struct pending_cmd *cmd;
1900 u8 sec_level, auth_type;
1901 struct hci_conn *conn;
1908 if (!hdev_is_powered(hdev)) {
1909 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1910 MGMT_STATUS_NOT_POWERED);
1914 sec_level = BT_SECURITY_MEDIUM;
1915 if (cp->io_cap == 0x03)
1916 auth_type = HCI_AT_DEDICATED_BONDING;
1918 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1920 if (cp->addr.type == BDADDR_BREDR)
1921 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1922 cp->addr.type, sec_level, auth_type);
1924 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1925 cp->addr.type, sec_level, auth_type);
1927 memset(&rp, 0, sizeof(rp));
1928 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1929 rp.addr.type = cp->addr.type;
1934 if (PTR_ERR(conn) == -EBUSY)
1935 status = MGMT_STATUS_BUSY;
1937 status = MGMT_STATUS_CONNECT_FAILED;
1939 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1945 if (conn->connect_cfm_cb) {
1947 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1948 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1952 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1959 /* For LE, just connecting isn't a proof that the pairing finished */
1960 if (cp->addr.type == BDADDR_BREDR)
1961 conn->connect_cfm_cb = pairing_complete_cb;
1963 conn->connect_cfm_cb = le_connect_complete_cb;
1965 conn->security_cfm_cb = pairing_complete_cb;
1966 conn->disconn_cfm_cb = pairing_complete_cb;
1967 conn->io_capability = cp->io_cap;
1968 cmd->user_data = conn;
1970 if (conn->state == BT_CONNECTED &&
1971 hci_conn_security(conn, sec_level, auth_type))
1972 pairing_complete(cmd, 0);
1977 hci_dev_unlock(hdev);
1981 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1984 struct mgmt_addr_info *addr = data;
1985 struct pending_cmd *cmd;
1986 struct hci_conn *conn;
1993 if (!hdev_is_powered(hdev)) {
1994 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1995 MGMT_STATUS_NOT_POWERED);
1999 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2001 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2002 MGMT_STATUS_INVALID_PARAMS);
2006 conn = cmd->user_data;
2008 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2009 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2010 MGMT_STATUS_INVALID_PARAMS);
2014 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2016 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2017 addr, sizeof(*addr));
2019 hci_dev_unlock(hdev);
2023 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2024 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2025 u16 hci_op, __le32 passkey)
2027 struct pending_cmd *cmd;
2028 struct hci_conn *conn;
2033 if (!hdev_is_powered(hdev)) {
2034 err = cmd_status(sk, hdev->id, mgmt_op,
2035 MGMT_STATUS_NOT_POWERED);
2039 if (type == BDADDR_BREDR)
2040 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2042 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2045 err = cmd_status(sk, hdev->id, mgmt_op,
2046 MGMT_STATUS_NOT_CONNECTED);
2050 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2051 /* Continue with pairing via SMP */
2052 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2055 err = cmd_status(sk, hdev->id, mgmt_op,
2056 MGMT_STATUS_SUCCESS);
2058 err = cmd_status(sk, hdev->id, mgmt_op,
2059 MGMT_STATUS_FAILED);
2064 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2070 /* Continue with pairing via HCI */
2071 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2072 struct hci_cp_user_passkey_reply cp;
2074 bacpy(&cp.bdaddr, bdaddr);
2075 cp.passkey = passkey;
2076 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2078 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2081 mgmt_pending_remove(cmd);
2084 hci_dev_unlock(hdev);
2088 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2089 void *data, u16 len)
2091 struct mgmt_cp_pin_code_neg_reply *cp = data;
2095 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2096 MGMT_OP_PIN_CODE_NEG_REPLY,
2097 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2100 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2103 struct mgmt_cp_user_confirm_reply *cp = data;
2107 if (len != sizeof(*cp))
2108 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2109 MGMT_STATUS_INVALID_PARAMS);
2111 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2112 MGMT_OP_USER_CONFIRM_REPLY,
2113 HCI_OP_USER_CONFIRM_REPLY, 0);
2116 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2117 void *data, u16 len)
2119 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2123 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2124 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2125 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2128 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2131 struct mgmt_cp_user_passkey_reply *cp = data;
2135 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2136 MGMT_OP_USER_PASSKEY_REPLY,
2137 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2140 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2141 void *data, u16 len)
2143 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2147 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2148 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2149 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2152 static int update_name(struct hci_dev *hdev, const char *name)
2154 struct hci_cp_write_local_name cp;
2156 memcpy(cp.name, name, sizeof(cp.name));
2158 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2161 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2164 struct mgmt_cp_set_local_name *cp = data;
2165 struct pending_cmd *cmd;
2172 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2174 if (!hdev_is_powered(hdev)) {
2175 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2177 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2182 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2188 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2194 err = update_name(hdev, cp->name);
2196 mgmt_pending_remove(cmd);
2199 hci_dev_unlock(hdev);
2203 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2204 void *data, u16 data_len)
2206 struct pending_cmd *cmd;
2209 BT_DBG("%s", hdev->name);
2213 if (!hdev_is_powered(hdev)) {
2214 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2215 MGMT_STATUS_NOT_POWERED);
2219 if (!lmp_ssp_capable(hdev)) {
2220 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2221 MGMT_STATUS_NOT_SUPPORTED);
2225 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2226 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2231 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2237 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2239 mgmt_pending_remove(cmd);
2242 hci_dev_unlock(hdev);
2246 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2247 void *data, u16 len)
2249 struct mgmt_cp_add_remote_oob_data *cp = data;
2253 BT_DBG("%s ", hdev->name);
2257 if (!hdev_is_powered(hdev)) {
2258 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
2259 MGMT_STATUS_NOT_POWERED, &cp->addr,
2264 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2267 status = MGMT_STATUS_FAILED;
2271 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2272 &cp->addr, sizeof(cp->addr));
2275 hci_dev_unlock(hdev);
2279 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2280 void *data, u16 len)
2282 struct mgmt_cp_remove_remote_oob_data *cp = data;
2286 BT_DBG("%s", hdev->name);
2290 if (!hdev_is_powered(hdev)) {
2291 err = cmd_complete(sk, hdev->id,
2292 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2293 MGMT_STATUS_NOT_POWERED, &cp->addr,
2298 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2300 status = MGMT_STATUS_INVALID_PARAMS;
2304 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2305 status, &cp->addr, sizeof(cp->addr));
2308 hci_dev_unlock(hdev);
2312 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2316 BT_DBG("%s", hdev->name);
2320 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2322 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2324 hci_dev_unlock(hdev);
2329 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2330 void *data, u16 len)
2332 struct mgmt_cp_start_discovery *cp = data;
2333 struct pending_cmd *cmd;
2336 BT_DBG("%s", hdev->name);
2340 if (!hdev_is_powered(hdev)) {
2341 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2342 MGMT_STATUS_NOT_POWERED);
2346 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2347 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2352 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2353 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2358 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2364 hdev->discovery.type = cp->type;
2366 switch (hdev->discovery.type) {
2367 case DISCOV_TYPE_BREDR:
2368 if (lmp_bredr_capable(hdev))
2369 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2374 case DISCOV_TYPE_LE:
2375 if (lmp_host_le_capable(hdev))
2376 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2377 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2382 case DISCOV_TYPE_INTERLEAVED:
2383 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2384 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2386 LE_SCAN_TIMEOUT_BREDR_LE);
2396 mgmt_pending_remove(cmd);
2398 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2401 hci_dev_unlock(hdev);
2405 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2408 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2409 struct pending_cmd *cmd;
2410 struct hci_cp_remote_name_req_cancel cp;
2411 struct inquiry_entry *e;
2414 BT_DBG("%s", hdev->name);
2418 if (!hci_discovery_active(hdev)) {
2419 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2420 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2421 sizeof(mgmt_cp->type));
2425 if (hdev->discovery.type != mgmt_cp->type) {
2426 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2427 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2428 sizeof(mgmt_cp->type));
2432 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2438 switch (hdev->discovery.state) {
2439 case DISCOVERY_FINDING:
2440 if (test_bit(HCI_INQUIRY, &hdev->flags))
2441 err = hci_cancel_inquiry(hdev);
2443 err = hci_cancel_le_scan(hdev);
2447 case DISCOVERY_RESOLVING:
2448 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2451 mgmt_pending_remove(cmd);
2452 err = cmd_complete(sk, hdev->id,
2453 MGMT_OP_STOP_DISCOVERY, 0,
2455 sizeof(mgmt_cp->type));
2456 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2460 bacpy(&cp.bdaddr, &e->data.bdaddr);
2461 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2467 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2472 mgmt_pending_remove(cmd);
2474 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2477 hci_dev_unlock(hdev);
2481 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2484 struct mgmt_cp_confirm_name *cp = data;
2485 struct inquiry_entry *e;
2488 BT_DBG("%s", hdev->name);
2492 if (!hci_discovery_active(hdev)) {
2493 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2494 MGMT_STATUS_FAILED);
2498 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2500 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2501 MGMT_STATUS_INVALID_PARAMS);
2505 if (cp->name_known) {
2506 e->name_state = NAME_KNOWN;
2509 e->name_state = NAME_NEEDED;
2510 hci_inquiry_cache_update_resolve(hdev, e);
2516 hci_dev_unlock(hdev);
2520 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2523 struct mgmt_cp_block_device *cp = data;
2527 BT_DBG("%s", hdev->name);
2531 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2533 status = MGMT_STATUS_FAILED;
2537 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2538 &cp->addr, sizeof(cp->addr));
2540 hci_dev_unlock(hdev);
2545 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2548 struct mgmt_cp_unblock_device *cp = data;
2552 BT_DBG("%s", hdev->name);
2556 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2558 status = MGMT_STATUS_INVALID_PARAMS;
2562 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2563 &cp->addr, sizeof(cp->addr));
2565 hci_dev_unlock(hdev);
2570 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2573 struct mgmt_cp_set_device_id *cp = data;
2577 BT_DBG("%s", hdev->name);
2579 source = __le16_to_cpu(cp->source);
2581 if (source > 0x0002)
2582 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2583 MGMT_STATUS_INVALID_PARAMS);
2587 hdev->devid_source = source;
2588 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2589 hdev->devid_product = __le16_to_cpu(cp->product);
2590 hdev->devid_version = __le16_to_cpu(cp->version);
2592 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2596 hci_dev_unlock(hdev);
2601 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2602 void *data, u16 len)
2604 struct mgmt_mode *cp = data;
2605 struct hci_cp_write_page_scan_activity acp;
2609 BT_DBG("%s", hdev->name);
2611 if (!lmp_bredr_capable(hdev))
2612 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2613 MGMT_STATUS_NOT_SUPPORTED);
2615 if (!hdev_is_powered(hdev))
2616 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2617 MGMT_STATUS_NOT_POWERED);
2619 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2620 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2621 MGMT_STATUS_REJECTED);
2626 type = PAGE_SCAN_TYPE_INTERLACED;
2628 /* 160 msec page scan interval */
2629 acp.interval = __constant_cpu_to_le16(0x0100);
2631 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2633 /* default 1.28 sec page scan */
2634 acp.interval = __constant_cpu_to_le16(0x0800);
2637 /* default 11.25 msec page scan window */
2638 acp.window = __constant_cpu_to_le16(0x0012);
2640 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2643 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2644 MGMT_STATUS_FAILED);
2648 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2650 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2651 MGMT_STATUS_FAILED);
2655 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2658 hci_dev_unlock(hdev);
2662 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2663 void *cp_data, u16 len)
2665 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2666 u16 key_count, expected_len;
2669 key_count = __le16_to_cpu(cp->key_count);
2671 expected_len = sizeof(*cp) + key_count *
2672 sizeof(struct mgmt_ltk_info);
2673 if (expected_len != len) {
2674 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2676 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2680 BT_DBG("%s key_count %u", hdev->name, key_count);
2684 hci_smp_ltks_clear(hdev);
2686 for (i = 0; i < key_count; i++) {
2687 struct mgmt_ltk_info *key = &cp->keys[i];
2693 type = HCI_SMP_LTK_SLAVE;
2695 hci_add_ltk(hdev, &key->addr.bdaddr,
2696 bdaddr_to_le(key->addr.type),
2697 type, 0, key->authenticated, key->val,
2698 key->enc_size, key->ediv, key->rand);
2701 hci_dev_unlock(hdev);
2706 static const struct mgmt_handler {
2707 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2711 } mgmt_handlers[] = {
2712 { NULL }, /* 0x0000 (no command) */
2713 { read_version, false, MGMT_READ_VERSION_SIZE },
2714 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2715 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2716 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2717 { set_powered, false, MGMT_SETTING_SIZE },
2718 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2719 { set_connectable, false, MGMT_SETTING_SIZE },
2720 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2721 { set_pairable, false, MGMT_SETTING_SIZE },
2722 { set_link_security, false, MGMT_SETTING_SIZE },
2723 { set_ssp, false, MGMT_SETTING_SIZE },
2724 { set_hs, false, MGMT_SETTING_SIZE },
2725 { set_le, false, MGMT_SETTING_SIZE },
2726 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2727 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2728 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2729 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2730 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2731 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2732 { disconnect, false, MGMT_DISCONNECT_SIZE },
2733 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2734 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2735 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2736 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2737 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2738 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2739 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2740 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2741 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2742 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2743 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2744 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2745 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2746 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2747 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2748 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2749 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2750 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2751 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2752 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2756 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2760 struct mgmt_hdr *hdr;
2761 u16 opcode, index, len;
2762 struct hci_dev *hdev = NULL;
2763 const struct mgmt_handler *handler;
2766 BT_DBG("got %zu bytes", msglen);
2768 if (msglen < sizeof(*hdr))
2771 buf = kmalloc(msglen, GFP_KERNEL);
2775 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2781 opcode = __le16_to_cpu(hdr->opcode);
2782 index = __le16_to_cpu(hdr->index);
2783 len = __le16_to_cpu(hdr->len);
2785 if (len != msglen - sizeof(*hdr)) {
2790 if (index != MGMT_INDEX_NONE) {
2791 hdev = hci_dev_get(index);
2793 err = cmd_status(sk, index, opcode,
2794 MGMT_STATUS_INVALID_INDEX);
2799 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2800 mgmt_handlers[opcode].func == NULL) {
2801 BT_DBG("Unknown op %u", opcode);
2802 err = cmd_status(sk, index, opcode,
2803 MGMT_STATUS_UNKNOWN_COMMAND);
2807 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2808 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2809 err = cmd_status(sk, index, opcode,
2810 MGMT_STATUS_INVALID_INDEX);
2814 handler = &mgmt_handlers[opcode];
2816 if ((handler->var_len && len < handler->data_len) ||
2817 (!handler->var_len && len != handler->data_len)) {
2818 err = cmd_status(sk, index, opcode,
2819 MGMT_STATUS_INVALID_PARAMS);
2824 mgmt_init_hdev(sk, hdev);
2826 cp = buf + sizeof(*hdr);
2828 err = handler->func(sk, hdev, cp, len);
2842 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2846 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2847 mgmt_pending_remove(cmd);
2850 int mgmt_index_added(struct hci_dev *hdev)
2852 if (!mgmt_valid_hdev(hdev))
2855 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2858 int mgmt_index_removed(struct hci_dev *hdev)
2860 u8 status = MGMT_STATUS_INVALID_INDEX;
2862 if (!mgmt_valid_hdev(hdev))
2865 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2867 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2872 struct hci_dev *hdev;
2876 static void settings_rsp(struct pending_cmd *cmd, void *data)
2878 struct cmd_lookup *match = data;
2880 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2882 list_del(&cmd->list);
2884 if (match->sk == NULL) {
2885 match->sk = cmd->sk;
2886 sock_hold(match->sk);
2889 mgmt_pending_free(cmd);
2892 static int set_bredr_scan(struct hci_dev *hdev)
2896 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2898 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2899 scan |= SCAN_INQUIRY;
2904 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2907 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2909 struct cmd_lookup match = { NULL, hdev };
2912 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2915 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2918 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
2919 !lmp_host_ssp_capable(hdev)) {
2922 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2925 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2926 struct hci_cp_write_le_host_supported cp;
2929 cp.simul = lmp_le_br_capable(hdev);
2931 /* Check first if we already have the right
2932 * host state (host features set)
2934 if (cp.le != lmp_host_le_capable(hdev) ||
2935 cp.simul != lmp_host_le_br_capable(hdev))
2937 HCI_OP_WRITE_LE_HOST_SUPPORTED,
2941 if (lmp_bredr_capable(hdev)) {
2942 set_bredr_scan(hdev);
2944 update_name(hdev, hdev->dev_name);
2948 u8 status = MGMT_STATUS_NOT_POWERED;
2949 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2952 err = new_settings(hdev, match.sk);
2960 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2962 struct cmd_lookup match = { NULL, hdev };
2963 bool changed = false;
2967 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2970 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2974 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2978 err = new_settings(hdev, match.sk);
2986 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2988 struct cmd_lookup match = { NULL, hdev };
2989 bool changed = false;
2993 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2996 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3000 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3004 err = new_settings(hdev, match.sk);
3012 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3014 u8 mgmt_err = mgmt_status(status);
3016 if (scan & SCAN_PAGE)
3017 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3018 cmd_status_rsp, &mgmt_err);
3020 if (scan & SCAN_INQUIRY)
3021 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3022 cmd_status_rsp, &mgmt_err);
3027 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3030 struct mgmt_ev_new_link_key ev;
3032 memset(&ev, 0, sizeof(ev));
3034 ev.store_hint = persistent;
3035 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3036 ev.key.addr.type = BDADDR_BREDR;
3037 ev.key.type = key->type;
3038 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
3039 ev.key.pin_len = key->pin_len;
3041 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3044 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3046 struct mgmt_ev_new_long_term_key ev;
3048 memset(&ev, 0, sizeof(ev));
3050 ev.store_hint = persistent;
3051 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3052 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3053 ev.key.authenticated = key->authenticated;
3054 ev.key.enc_size = key->enc_size;
3055 ev.key.ediv = key->ediv;
3057 if (key->type == HCI_SMP_LTK)
3060 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3061 memcpy(ev.key.val, key->val, sizeof(key->val));
3063 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3067 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3068 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3072 struct mgmt_ev_device_connected *ev = (void *) buf;
3075 bacpy(&ev->addr.bdaddr, bdaddr);
3076 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3078 ev->flags = __cpu_to_le32(flags);
3081 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3084 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3085 eir_len = eir_append_data(ev->eir, eir_len,
3086 EIR_CLASS_OF_DEV, dev_class, 3);
3088 ev->eir_len = cpu_to_le16(eir_len);
3090 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3091 sizeof(*ev) + eir_len, NULL);
3094 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3096 struct mgmt_cp_disconnect *cp = cmd->param;
3097 struct sock **sk = data;
3098 struct mgmt_rp_disconnect rp;
3100 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3101 rp.addr.type = cp->addr.type;
3103 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3109 mgmt_pending_remove(cmd);
3112 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3114 struct hci_dev *hdev = data;
3115 struct mgmt_cp_unpair_device *cp = cmd->param;
3116 struct mgmt_rp_unpair_device rp;
3118 memset(&rp, 0, sizeof(rp));
3119 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3120 rp.addr.type = cp->addr.type;
3122 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3124 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3126 mgmt_pending_remove(cmd);
3129 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3130 u8 link_type, u8 addr_type, u8 reason)
3132 struct mgmt_ev_device_disconnected ev;
3133 struct sock *sk = NULL;
3136 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3138 bacpy(&ev.addr.bdaddr, bdaddr);
3139 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3142 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3148 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3154 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3155 u8 link_type, u8 addr_type, u8 status)
3157 struct mgmt_rp_disconnect rp;
3158 struct pending_cmd *cmd;
3161 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3164 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3168 bacpy(&rp.addr.bdaddr, bdaddr);
3169 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3171 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3172 mgmt_status(status), &rp, sizeof(rp));
3174 mgmt_pending_remove(cmd);
3179 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3180 u8 addr_type, u8 status)
3182 struct mgmt_ev_connect_failed ev;
3184 bacpy(&ev.addr.bdaddr, bdaddr);
3185 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3186 ev.status = mgmt_status(status);
3188 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3191 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3193 struct mgmt_ev_pin_code_request ev;
3195 bacpy(&ev.addr.bdaddr, bdaddr);
3196 ev.addr.type = BDADDR_BREDR;
3199 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3203 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3206 struct pending_cmd *cmd;
3207 struct mgmt_rp_pin_code_reply rp;
3210 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3214 bacpy(&rp.addr.bdaddr, bdaddr);
3215 rp.addr.type = BDADDR_BREDR;
3217 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3218 mgmt_status(status), &rp, sizeof(rp));
3220 mgmt_pending_remove(cmd);
3225 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3228 struct pending_cmd *cmd;
3229 struct mgmt_rp_pin_code_reply rp;
3232 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3236 bacpy(&rp.addr.bdaddr, bdaddr);
3237 rp.addr.type = BDADDR_BREDR;
3239 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3240 mgmt_status(status), &rp, sizeof(rp));
3242 mgmt_pending_remove(cmd);
3247 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3248 u8 link_type, u8 addr_type, __le32 value,
3251 struct mgmt_ev_user_confirm_request ev;
3253 BT_DBG("%s", hdev->name);
3255 bacpy(&ev.addr.bdaddr, bdaddr);
3256 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3257 ev.confirm_hint = confirm_hint;
3260 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3264 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3265 u8 link_type, u8 addr_type)
3267 struct mgmt_ev_user_passkey_request ev;
3269 BT_DBG("%s", hdev->name);
3271 bacpy(&ev.addr.bdaddr, bdaddr);
3272 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3274 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3278 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3279 u8 link_type, u8 addr_type, u8 status,
3282 struct pending_cmd *cmd;
3283 struct mgmt_rp_user_confirm_reply rp;
3286 cmd = mgmt_pending_find(opcode, hdev);
3290 bacpy(&rp.addr.bdaddr, bdaddr);
3291 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3292 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3295 mgmt_pending_remove(cmd);
3300 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3301 u8 link_type, u8 addr_type, u8 status)
3303 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3304 status, MGMT_OP_USER_CONFIRM_REPLY);
3307 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3308 u8 link_type, u8 addr_type, u8 status)
3310 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3312 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3315 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3316 u8 link_type, u8 addr_type, u8 status)
3318 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3319 status, MGMT_OP_USER_PASSKEY_REPLY);
3322 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3323 u8 link_type, u8 addr_type, u8 status)
3325 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3327 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3330 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3331 u8 link_type, u8 addr_type, u32 passkey,
3334 struct mgmt_ev_passkey_notify ev;
3336 BT_DBG("%s", hdev->name);
3338 bacpy(&ev.addr.bdaddr, bdaddr);
3339 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3340 ev.passkey = __cpu_to_le32(passkey);
3341 ev.entered = entered;
3343 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3346 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3347 u8 addr_type, u8 status)
3349 struct mgmt_ev_auth_failed ev;
3351 bacpy(&ev.addr.bdaddr, bdaddr);
3352 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3353 ev.status = mgmt_status(status);
3355 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3358 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3360 struct cmd_lookup match = { NULL, hdev };
3361 bool changed = false;
3365 u8 mgmt_err = mgmt_status(status);
3366 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3367 cmd_status_rsp, &mgmt_err);
3371 if (test_bit(HCI_AUTH, &hdev->flags)) {
3372 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3375 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3379 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3383 err = new_settings(hdev, match.sk);
3391 static int clear_eir(struct hci_dev *hdev)
3393 struct hci_cp_write_eir cp;
3395 if (!lmp_ext_inq_capable(hdev))
3398 memset(hdev->eir, 0, sizeof(hdev->eir));
3400 memset(&cp, 0, sizeof(cp));
3402 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3405 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3407 struct cmd_lookup match = { NULL, hdev };
3408 bool changed = false;
3412 u8 mgmt_err = mgmt_status(status);
3414 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3416 err = new_settings(hdev, NULL);
3418 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3425 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3428 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3432 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3435 err = new_settings(hdev, match.sk);
3440 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3448 static void class_rsp(struct pending_cmd *cmd, void *data)
3450 struct cmd_lookup *match = data;
3452 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3453 match->hdev->dev_class, 3);
3455 list_del(&cmd->list);
3457 if (match->sk == NULL) {
3458 match->sk = cmd->sk;
3459 sock_hold(match->sk);
3462 mgmt_pending_free(cmd);
3465 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3468 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3471 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3473 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3474 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3475 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3478 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3487 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3489 struct pending_cmd *cmd;
3490 struct mgmt_cp_set_local_name ev;
3491 bool changed = false;
3494 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3495 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3499 memset(&ev, 0, sizeof(ev));
3500 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3501 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3503 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3507 /* Always assume that either the short or the complete name has
3508 * changed if there was a pending mgmt command */
3512 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3513 mgmt_status(status));
3517 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3524 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3525 sizeof(ev), cmd ? cmd->sk : NULL);
3527 /* EIR is taken care of separately when powering on the
3528 * adapter so only update them here if this is a name change
3529 * unrelated to power on.
3531 if (!test_bit(HCI_INIT, &hdev->flags))
3536 mgmt_pending_remove(cmd);
3540 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3541 u8 *randomizer, u8 status)
3543 struct pending_cmd *cmd;
3546 BT_DBG("%s status %u", hdev->name, status);
3548 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3553 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3554 mgmt_status(status));
3556 struct mgmt_rp_read_local_oob_data rp;
3558 memcpy(rp.hash, hash, sizeof(rp.hash));
3559 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3561 err = cmd_complete(cmd->sk, hdev->id,
3562 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3566 mgmt_pending_remove(cmd);
3571 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3573 struct cmd_lookup match = { NULL, hdev };
3574 bool changed = false;
3578 u8 mgmt_err = mgmt_status(status);
3580 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3582 err = new_settings(hdev, NULL);
3584 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3591 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3594 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3598 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3601 err = new_settings(hdev, match.sk);
3609 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3610 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3611 ssp, u8 *eir, u16 eir_len)
3614 struct mgmt_ev_device_found *ev = (void *) buf;
3617 /* Leave 5 bytes for a potential CoD field */
3618 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3621 memset(buf, 0, sizeof(buf));
3623 bacpy(&ev->addr.bdaddr, bdaddr);
3624 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3627 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3629 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3632 memcpy(ev->eir, eir, eir_len);
3634 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3635 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3638 ev->eir_len = cpu_to_le16(eir_len);
3639 ev_size = sizeof(*ev) + eir_len;
3641 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3644 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3645 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3647 struct mgmt_ev_device_found *ev;
3648 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3651 ev = (struct mgmt_ev_device_found *) buf;
3653 memset(buf, 0, sizeof(buf));
3655 bacpy(&ev->addr.bdaddr, bdaddr);
3656 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3659 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3662 ev->eir_len = cpu_to_le16(eir_len);
3664 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3665 sizeof(*ev) + eir_len, NULL);
3668 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3670 struct pending_cmd *cmd;
3674 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3676 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3680 type = hdev->discovery.type;
3682 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3683 &type, sizeof(type));
3684 mgmt_pending_remove(cmd);
3689 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3691 struct pending_cmd *cmd;
3694 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3698 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3699 &hdev->discovery.type, sizeof(hdev->discovery.type));
3700 mgmt_pending_remove(cmd);
3705 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3707 struct mgmt_ev_discovering ev;
3708 struct pending_cmd *cmd;
3710 BT_DBG("%s discovering %u", hdev->name, discovering);
3713 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3715 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3718 u8 type = hdev->discovery.type;
3720 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3722 mgmt_pending_remove(cmd);
3725 memset(&ev, 0, sizeof(ev));
3726 ev.type = hdev->discovery.type;
3727 ev.discovering = discovering;
3729 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3732 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3734 struct pending_cmd *cmd;
3735 struct mgmt_ev_device_blocked ev;
3737 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3739 bacpy(&ev.addr.bdaddr, bdaddr);
3740 ev.addr.type = type;
3742 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3743 cmd ? cmd->sk : NULL);
3746 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3748 struct pending_cmd *cmd;
3749 struct mgmt_ev_device_unblocked ev;
3751 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3753 bacpy(&ev.addr.bdaddr, bdaddr);
3754 ev.addr.type = type;
3756 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3757 cmd ? cmd->sk : NULL);
3760 module_param(enable_hs, bool, 0644);
3761 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");