2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 2
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
81 static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102 MGMT_EV_PASSKEY_NOTIFY,
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
109 #define LE_SCAN_TYPE 0x01
110 #define LE_SCAN_WIN 0x12
111 #define LE_SCAN_INT 0x12
112 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
113 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
115 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
118 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
120 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124 struct list_head list;
132 /* HCI to MGMT error code conversion table */
133 static u8 mgmt_status_table[] = {
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
197 bool mgmt_valid_hdev(struct hci_dev *hdev)
199 return hdev->dev_type == HCI_BREDR;
202 static u8 mgmt_status(u8 hci_status)
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
207 return MGMT_STATUS_FAILED;
210 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
226 hdr->index = cpu_to_le16(index);
227 hdr->len = cpu_to_le16(sizeof(*ev));
229 ev = (void *) skb_put(skb, sizeof(*ev));
231 ev->opcode = cpu_to_le16(cmd);
233 err = sock_queue_rcv_skb(sk, skb);
240 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 void *rp, size_t rp_len)
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
248 BT_DBG("sock %p", sk);
250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
257 hdr->index = cpu_to_le16(index);
258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
261 ev->opcode = cpu_to_le16(cmd);
265 memcpy(ev->data, rp, rp_len);
267 err = sock_queue_rcv_skb(sk, skb);
274 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
277 struct mgmt_rp_read_version rp;
279 BT_DBG("sock %p", sk);
281 rp.version = MGMT_VERSION;
282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
288 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
291 struct mgmt_rp_read_commands *rp;
292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
298 BT_DBG("sock %p", sk);
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
302 rp = kmalloc(rp_size, GFP_KERNEL);
306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
322 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
325 struct mgmt_rp_read_index_list *rp;
331 BT_DBG("sock %p", sk);
333 read_lock(&hci_dev_list_lock);
336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
346 read_unlock(&hci_dev_list_lock);
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (test_bit(HCI_SETUP, &d->dev_flags))
355 if (!mgmt_valid_hdev(d))
358 rp->index[count++] = cpu_to_le16(d->id);
359 BT_DBG("Added hci%u", d->id);
362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
365 read_unlock(&hci_dev_list_lock);
367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
375 static u32 get_supported_settings(struct hci_dev *hdev)
379 settings |= MGMT_SETTING_POWERED;
380 settings |= MGMT_SETTING_PAIRABLE;
382 if (lmp_ssp_capable(hdev))
383 settings |= MGMT_SETTING_SSP;
385 if (lmp_bredr_capable(hdev)) {
386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
394 settings |= MGMT_SETTING_HS;
396 if (lmp_le_capable(hdev))
397 settings |= MGMT_SETTING_LE;
402 static u32 get_current_settings(struct hci_dev *hdev)
406 if (hdev_is_powered(hdev))
407 settings |= MGMT_SETTING_POWERED;
409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
410 settings |= MGMT_SETTING_CONNECTABLE;
412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_DISCOVERABLE;
415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
416 settings |= MGMT_SETTING_PAIRABLE;
418 if (lmp_bredr_capable(hdev))
419 settings |= MGMT_SETTING_BREDR;
421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
422 settings |= MGMT_SETTING_LE;
424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
425 settings |= MGMT_SETTING_LINK_SECURITY;
427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
428 settings |= MGMT_SETTING_SSP;
430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
436 #define PNP_INFO_SVCLASS_ID 0x1200
438 static u8 bluetooth_base_uuid[] = {
439 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
440 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
443 static u16 get_uuid16(u8 *uuid128)
448 for (i = 0; i < 12; i++) {
449 if (bluetooth_base_uuid[i] != uuid128[i])
453 val = get_unaligned_le32(&uuid128[12]);
460 static void create_eir(struct hci_dev *hdev, u8 *data)
464 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
465 int i, truncated = 0;
466 struct bt_uuid *uuid;
469 name_len = strlen(hdev->dev_name);
475 ptr[1] = EIR_NAME_SHORT;
477 ptr[1] = EIR_NAME_COMPLETE;
479 /* EIR Data length */
480 ptr[0] = name_len + 1;
482 memcpy(ptr + 2, hdev->dev_name, name_len);
484 eir_len += (name_len + 2);
485 ptr += (name_len + 2);
488 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
490 ptr[1] = EIR_TX_POWER;
491 ptr[2] = (u8) hdev->inq_tx_power;
497 if (hdev->devid_source > 0) {
499 ptr[1] = EIR_DEVICE_ID;
501 put_unaligned_le16(hdev->devid_source, ptr + 2);
502 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
503 put_unaligned_le16(hdev->devid_product, ptr + 6);
504 put_unaligned_le16(hdev->devid_version, ptr + 8);
510 memset(uuid16_list, 0, sizeof(uuid16_list));
512 /* Group all UUID16 types */
513 list_for_each_entry(uuid, &hdev->uuids, list) {
516 uuid16 = get_uuid16(uuid->uuid);
523 if (uuid16 == PNP_INFO_SVCLASS_ID)
526 /* Stop if not enough space to put next UUID */
527 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
532 /* Check for duplicates */
533 for (i = 0; uuid16_list[i] != 0; i++)
534 if (uuid16_list[i] == uuid16)
537 if (uuid16_list[i] == 0) {
538 uuid16_list[i] = uuid16;
539 eir_len += sizeof(u16);
543 if (uuid16_list[0] != 0) {
547 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
552 for (i = 0; uuid16_list[i] != 0; i++) {
553 *ptr++ = (uuid16_list[i] & 0x00ff);
554 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
557 /* EIR Data length */
558 *length = (i * sizeof(u16)) + 1;
562 static int update_eir(struct hci_dev *hdev)
564 struct hci_cp_write_eir cp;
566 if (!hdev_is_powered(hdev))
569 if (!lmp_ext_inq_capable(hdev))
572 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
575 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
578 memset(&cp, 0, sizeof(cp));
580 create_eir(hdev, cp.data);
582 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
585 memcpy(hdev->eir, cp.data, sizeof(cp.data));
587 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
590 static u8 get_service_classes(struct hci_dev *hdev)
592 struct bt_uuid *uuid;
595 list_for_each_entry(uuid, &hdev->uuids, list)
596 val |= uuid->svc_hint;
601 static int update_class(struct hci_dev *hdev)
606 BT_DBG("%s", hdev->name);
608 if (!hdev_is_powered(hdev))
611 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
614 cod[0] = hdev->minor_class;
615 cod[1] = hdev->major_class;
616 cod[2] = get_service_classes(hdev);
618 if (memcmp(cod, hdev->dev_class, 3) == 0)
621 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
623 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
628 static void service_cache_off(struct work_struct *work)
630 struct hci_dev *hdev = container_of(work, struct hci_dev,
633 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
641 hci_dev_unlock(hdev);
644 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
646 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
649 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
651 /* Non-mgmt controlled devices get this bit set
652 * implicitly so that pairing works for them, however
653 * for mgmt we require user-space to explicitly enable
656 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
659 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
660 void *data, u16 data_len)
662 struct mgmt_rp_read_info rp;
664 BT_DBG("sock %p %s", sk, hdev->name);
668 memset(&rp, 0, sizeof(rp));
670 bacpy(&rp.bdaddr, &hdev->bdaddr);
672 rp.version = hdev->hci_ver;
673 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
675 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
676 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
678 memcpy(rp.dev_class, hdev->dev_class, 3);
680 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
681 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
683 hci_dev_unlock(hdev);
685 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
689 static void mgmt_pending_free(struct pending_cmd *cmd)
696 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
697 struct hci_dev *hdev, void *data,
700 struct pending_cmd *cmd;
702 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
706 cmd->opcode = opcode;
707 cmd->index = hdev->id;
709 cmd->param = kmalloc(len, GFP_KERNEL);
716 memcpy(cmd->param, data, len);
721 list_add(&cmd->list, &hdev->mgmt_pending);
726 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
727 void (*cb)(struct pending_cmd *cmd,
731 struct list_head *p, *n;
733 list_for_each_safe(p, n, &hdev->mgmt_pending) {
734 struct pending_cmd *cmd;
736 cmd = list_entry(p, struct pending_cmd, list);
738 if (opcode > 0 && cmd->opcode != opcode)
745 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
747 struct pending_cmd *cmd;
749 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
750 if (cmd->opcode == opcode)
757 static void mgmt_pending_remove(struct pending_cmd *cmd)
759 list_del(&cmd->list);
760 mgmt_pending_free(cmd);
763 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
765 __le32 settings = cpu_to_le32(get_current_settings(hdev));
767 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
771 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
774 struct mgmt_mode *cp = data;
775 struct pending_cmd *cmd;
778 BT_DBG("request for %s", hdev->name);
780 if (cp->val != 0x00 && cp->val != 0x01)
781 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
782 MGMT_STATUS_INVALID_PARAMS);
786 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
787 cancel_delayed_work(&hdev->power_off);
790 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
792 err = mgmt_powered(hdev, 1);
797 if (!!cp->val == hdev_is_powered(hdev)) {
798 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
802 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
803 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
808 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
815 queue_work(hdev->req_workqueue, &hdev->power_on);
817 queue_work(hdev->req_workqueue, &hdev->power_off.work);
822 hci_dev_unlock(hdev);
826 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
827 struct sock *skip_sk)
830 struct mgmt_hdr *hdr;
832 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
836 hdr = (void *) skb_put(skb, sizeof(*hdr));
837 hdr->opcode = cpu_to_le16(event);
839 hdr->index = cpu_to_le16(hdev->id);
841 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
842 hdr->len = cpu_to_le16(data_len);
845 memcpy(skb_put(skb, data_len), data, data_len);
848 __net_timestamp(skb);
850 hci_send_to_control(skb, skip_sk);
856 static int new_settings(struct hci_dev *hdev, struct sock *skip)
860 ev = cpu_to_le32(get_current_settings(hdev));
862 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
865 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
868 struct mgmt_cp_set_discoverable *cp = data;
869 struct pending_cmd *cmd;
874 BT_DBG("request for %s", hdev->name);
876 if (!lmp_bredr_capable(hdev))
877 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
878 MGMT_STATUS_NOT_SUPPORTED);
880 if (cp->val != 0x00 && cp->val != 0x01)
881 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
882 MGMT_STATUS_INVALID_PARAMS);
884 timeout = __le16_to_cpu(cp->timeout);
885 if (!cp->val && timeout > 0)
886 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
887 MGMT_STATUS_INVALID_PARAMS);
891 if (!hdev_is_powered(hdev) && timeout > 0) {
892 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
893 MGMT_STATUS_NOT_POWERED);
897 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
898 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
899 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
904 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
905 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
906 MGMT_STATUS_REJECTED);
910 if (!hdev_is_powered(hdev)) {
911 bool changed = false;
913 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
914 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
918 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
923 err = new_settings(hdev, sk);
928 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
929 if (hdev->discov_timeout > 0) {
930 cancel_delayed_work(&hdev->discov_off);
931 hdev->discov_timeout = 0;
934 if (cp->val && timeout > 0) {
935 hdev->discov_timeout = timeout;
936 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
937 msecs_to_jiffies(hdev->discov_timeout * 1000));
940 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
944 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
953 scan |= SCAN_INQUIRY;
955 cancel_delayed_work(&hdev->discov_off);
957 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
959 mgmt_pending_remove(cmd);
962 hdev->discov_timeout = timeout;
965 hci_dev_unlock(hdev);
969 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
972 struct mgmt_mode *cp = data;
973 struct pending_cmd *cmd;
977 BT_DBG("request for %s", hdev->name);
979 if (!lmp_bredr_capable(hdev))
980 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
981 MGMT_STATUS_NOT_SUPPORTED);
983 if (cp->val != 0x00 && cp->val != 0x01)
984 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
985 MGMT_STATUS_INVALID_PARAMS);
989 if (!hdev_is_powered(hdev)) {
990 bool changed = false;
992 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
996 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
998 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
999 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1002 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1007 err = new_settings(hdev, sk);
1012 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1013 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1014 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1019 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1020 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1024 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1035 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1036 hdev->discov_timeout > 0)
1037 cancel_delayed_work(&hdev->discov_off);
1040 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1042 mgmt_pending_remove(cmd);
1045 hci_dev_unlock(hdev);
1049 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1052 struct mgmt_mode *cp = data;
1055 BT_DBG("request for %s", hdev->name);
1057 if (cp->val != 0x00 && cp->val != 0x01)
1058 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1059 MGMT_STATUS_INVALID_PARAMS);
1064 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1066 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1068 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1072 err = new_settings(hdev, sk);
1075 hci_dev_unlock(hdev);
1079 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1082 struct mgmt_mode *cp = data;
1083 struct pending_cmd *cmd;
1087 BT_DBG("request for %s", hdev->name);
1089 if (!lmp_bredr_capable(hdev))
1090 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1091 MGMT_STATUS_NOT_SUPPORTED);
1093 if (cp->val != 0x00 && cp->val != 0x01)
1094 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1095 MGMT_STATUS_INVALID_PARAMS);
1099 if (!hdev_is_powered(hdev)) {
1100 bool changed = false;
1102 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1103 &hdev->dev_flags)) {
1104 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1108 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1113 err = new_settings(hdev, sk);
1118 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1119 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1126 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1127 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1131 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1137 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1139 mgmt_pending_remove(cmd);
1144 hci_dev_unlock(hdev);
1148 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1150 struct mgmt_mode *cp = data;
1151 struct pending_cmd *cmd;
1155 BT_DBG("request for %s", hdev->name);
1157 if (!lmp_ssp_capable(hdev))
1158 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1159 MGMT_STATUS_NOT_SUPPORTED);
1161 if (cp->val != 0x00 && cp->val != 0x01)
1162 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1163 MGMT_STATUS_INVALID_PARAMS);
1169 if (!hdev_is_powered(hdev)) {
1170 bool changed = false;
1172 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1173 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1177 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1182 err = new_settings(hdev, sk);
1187 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1188 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1193 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1194 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1198 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1204 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1206 mgmt_pending_remove(cmd);
1211 hci_dev_unlock(hdev);
1215 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1217 struct mgmt_mode *cp = data;
1219 BT_DBG("request for %s", hdev->name);
1222 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1223 MGMT_STATUS_NOT_SUPPORTED);
1225 if (cp->val != 0x00 && cp->val != 0x01)
1226 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1227 MGMT_STATUS_INVALID_PARAMS);
1230 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1232 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1234 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1237 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1239 struct mgmt_mode *cp = data;
1240 struct hci_cp_write_le_host_supported hci_cp;
1241 struct pending_cmd *cmd;
1245 BT_DBG("request for %s", hdev->name);
1247 if (!lmp_le_capable(hdev))
1248 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1249 MGMT_STATUS_NOT_SUPPORTED);
1251 if (cp->val != 0x00 && cp->val != 0x01)
1252 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1253 MGMT_STATUS_INVALID_PARAMS);
1258 enabled = lmp_host_le_capable(hdev);
1260 if (!hdev_is_powered(hdev) || val == enabled) {
1261 bool changed = false;
1263 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1264 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1268 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1273 err = new_settings(hdev, sk);
1278 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1279 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1284 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1290 memset(&hci_cp, 0, sizeof(hci_cp));
1294 hci_cp.simul = lmp_le_br_capable(hdev);
1297 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1300 mgmt_pending_remove(cmd);
1303 hci_dev_unlock(hdev);
1307 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1309 struct mgmt_cp_add_uuid *cp = data;
1310 struct pending_cmd *cmd;
1311 struct bt_uuid *uuid;
1314 BT_DBG("request for %s", hdev->name);
1318 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1319 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1324 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1330 memcpy(uuid->uuid, cp->uuid, 16);
1331 uuid->svc_hint = cp->svc_hint;
1333 list_add(&uuid->list, &hdev->uuids);
1335 err = update_class(hdev);
1339 err = update_eir(hdev);
1343 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1344 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1345 hdev->dev_class, 3);
1349 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1354 hci_dev_unlock(hdev);
1358 static bool enable_service_cache(struct hci_dev *hdev)
1360 if (!hdev_is_powered(hdev))
1363 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1364 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1372 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1375 struct mgmt_cp_remove_uuid *cp = data;
1376 struct pending_cmd *cmd;
1377 struct list_head *p, *n;
1378 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1381 BT_DBG("request for %s", hdev->name);
1385 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1386 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1391 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1392 err = hci_uuids_clear(hdev);
1394 if (enable_service_cache(hdev)) {
1395 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1396 0, hdev->dev_class, 3);
1405 list_for_each_safe(p, n, &hdev->uuids) {
1406 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1408 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1411 list_del(&match->list);
1417 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1418 MGMT_STATUS_INVALID_PARAMS);
1423 err = update_class(hdev);
1427 err = update_eir(hdev);
1431 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1432 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1433 hdev->dev_class, 3);
1437 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1442 hci_dev_unlock(hdev);
1446 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1449 struct mgmt_cp_set_dev_class *cp = data;
1450 struct pending_cmd *cmd;
1453 BT_DBG("request for %s", hdev->name);
1455 if (!lmp_bredr_capable(hdev))
1456 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1457 MGMT_STATUS_NOT_SUPPORTED);
1459 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags))
1460 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1463 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0)
1464 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1465 MGMT_STATUS_INVALID_PARAMS);
1469 hdev->major_class = cp->major;
1470 hdev->minor_class = cp->minor;
1472 if (!hdev_is_powered(hdev)) {
1473 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1474 hdev->dev_class, 3);
1478 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1479 hci_dev_unlock(hdev);
1480 cancel_delayed_work_sync(&hdev->service_cache);
1485 err = update_class(hdev);
1489 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1490 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1491 hdev->dev_class, 3);
1495 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1500 hci_dev_unlock(hdev);
1504 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1507 struct mgmt_cp_load_link_keys *cp = data;
1508 u16 key_count, expected_len;
1511 key_count = __le16_to_cpu(cp->key_count);
1513 expected_len = sizeof(*cp) + key_count *
1514 sizeof(struct mgmt_link_key_info);
1515 if (expected_len != len) {
1516 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1518 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1519 MGMT_STATUS_INVALID_PARAMS);
1522 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1523 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1524 MGMT_STATUS_INVALID_PARAMS);
1526 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1529 for (i = 0; i < key_count; i++) {
1530 struct mgmt_link_key_info *key = &cp->keys[i];
1532 if (key->addr.type != BDADDR_BREDR)
1533 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1534 MGMT_STATUS_INVALID_PARAMS);
1539 hci_link_keys_clear(hdev);
1541 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1544 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1546 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1548 for (i = 0; i < key_count; i++) {
1549 struct mgmt_link_key_info *key = &cp->keys[i];
1551 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1552 key->type, key->pin_len);
1555 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1557 hci_dev_unlock(hdev);
1562 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1563 u8 addr_type, struct sock *skip_sk)
1565 struct mgmt_ev_device_unpaired ev;
1567 bacpy(&ev.addr.bdaddr, bdaddr);
1568 ev.addr.type = addr_type;
1570 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1574 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1577 struct mgmt_cp_unpair_device *cp = data;
1578 struct mgmt_rp_unpair_device rp;
1579 struct hci_cp_disconnect dc;
1580 struct pending_cmd *cmd;
1581 struct hci_conn *conn;
1584 memset(&rp, 0, sizeof(rp));
1585 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1586 rp.addr.type = cp->addr.type;
1588 if (!bdaddr_type_is_valid(cp->addr.type))
1589 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1590 MGMT_STATUS_INVALID_PARAMS,
1593 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1594 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1595 MGMT_STATUS_INVALID_PARAMS,
1600 if (!hdev_is_powered(hdev)) {
1601 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1602 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1606 if (cp->addr.type == BDADDR_BREDR)
1607 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1609 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1612 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1613 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1617 if (cp->disconnect) {
1618 if (cp->addr.type == BDADDR_BREDR)
1619 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1622 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1629 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1631 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1635 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1642 dc.handle = cpu_to_le16(conn->handle);
1643 dc.reason = 0x13; /* Remote User Terminated Connection */
1644 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1646 mgmt_pending_remove(cmd);
1649 hci_dev_unlock(hdev);
1653 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1656 struct mgmt_cp_disconnect *cp = data;
1657 struct mgmt_rp_disconnect rp;
1658 struct hci_cp_disconnect dc;
1659 struct pending_cmd *cmd;
1660 struct hci_conn *conn;
1665 memset(&rp, 0, sizeof(rp));
1666 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1667 rp.addr.type = cp->addr.type;
1669 if (!bdaddr_type_is_valid(cp->addr.type))
1670 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1671 MGMT_STATUS_INVALID_PARAMS,
1676 if (!test_bit(HCI_UP, &hdev->flags)) {
1677 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1678 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1682 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1683 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1684 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1688 if (cp->addr.type == BDADDR_BREDR)
1689 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1692 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1694 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1695 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1696 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
1700 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1706 dc.handle = cpu_to_le16(conn->handle);
1707 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1709 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1711 mgmt_pending_remove(cmd);
1714 hci_dev_unlock(hdev);
1718 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1720 switch (link_type) {
1722 switch (addr_type) {
1723 case ADDR_LE_DEV_PUBLIC:
1724 return BDADDR_LE_PUBLIC;
1727 /* Fallback to LE Random address type */
1728 return BDADDR_LE_RANDOM;
1732 /* Fallback to BR/EDR type */
1733 return BDADDR_BREDR;
1737 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1740 struct mgmt_rp_get_connections *rp;
1750 if (!hdev_is_powered(hdev)) {
1751 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1752 MGMT_STATUS_NOT_POWERED);
1757 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1758 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1762 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1763 rp = kmalloc(rp_len, GFP_KERNEL);
1770 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1771 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1773 bacpy(&rp->addr[i].bdaddr, &c->dst);
1774 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1775 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1780 rp->conn_count = cpu_to_le16(i);
1782 /* Recalculate length in case of filtered SCO connections, etc */
1783 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1785 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1791 hci_dev_unlock(hdev);
1795 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1796 struct mgmt_cp_pin_code_neg_reply *cp)
1798 struct pending_cmd *cmd;
1801 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1806 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1807 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1809 mgmt_pending_remove(cmd);
1814 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1817 struct hci_conn *conn;
1818 struct mgmt_cp_pin_code_reply *cp = data;
1819 struct hci_cp_pin_code_reply reply;
1820 struct pending_cmd *cmd;
1827 if (!hdev_is_powered(hdev)) {
1828 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1829 MGMT_STATUS_NOT_POWERED);
1833 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1835 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1836 MGMT_STATUS_NOT_CONNECTED);
1840 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1841 struct mgmt_cp_pin_code_neg_reply ncp;
1843 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1845 BT_ERR("PIN code is not 16 bytes long");
1847 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1849 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1850 MGMT_STATUS_INVALID_PARAMS);
1855 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1861 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1862 reply.pin_len = cp->pin_len;
1863 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1865 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1867 mgmt_pending_remove(cmd);
1870 hci_dev_unlock(hdev);
1874 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1877 struct mgmt_cp_set_io_capability *cp = data;
1883 hdev->io_capability = cp->io_capability;
1885 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1886 hdev->io_capability);
1888 hci_dev_unlock(hdev);
1890 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1894 static struct pending_cmd *find_pairing(struct hci_conn *conn)
1896 struct hci_dev *hdev = conn->hdev;
1897 struct pending_cmd *cmd;
1899 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1900 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1903 if (cmd->user_data != conn)
1912 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1914 struct mgmt_rp_pair_device rp;
1915 struct hci_conn *conn = cmd->user_data;
1917 bacpy(&rp.addr.bdaddr, &conn->dst);
1918 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1920 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1923 /* So we don't get further callbacks for this connection */
1924 conn->connect_cfm_cb = NULL;
1925 conn->security_cfm_cb = NULL;
1926 conn->disconn_cfm_cb = NULL;
1930 mgmt_pending_remove(cmd);
1933 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1935 struct pending_cmd *cmd;
1937 BT_DBG("status %u", status);
1939 cmd = find_pairing(conn);
1941 BT_DBG("Unable to find a pending command");
1943 pairing_complete(cmd, mgmt_status(status));
1946 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1948 struct pending_cmd *cmd;
1950 BT_DBG("status %u", status);
1955 cmd = find_pairing(conn);
1957 BT_DBG("Unable to find a pending command");
1959 pairing_complete(cmd, mgmt_status(status));
1962 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1965 struct mgmt_cp_pair_device *cp = data;
1966 struct mgmt_rp_pair_device rp;
1967 struct pending_cmd *cmd;
1968 u8 sec_level, auth_type;
1969 struct hci_conn *conn;
1974 memset(&rp, 0, sizeof(rp));
1975 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1976 rp.addr.type = cp->addr.type;
1978 if (!bdaddr_type_is_valid(cp->addr.type))
1979 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1980 MGMT_STATUS_INVALID_PARAMS,
1985 if (!hdev_is_powered(hdev)) {
1986 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1987 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1991 sec_level = BT_SECURITY_MEDIUM;
1992 if (cp->io_cap == 0x03)
1993 auth_type = HCI_AT_DEDICATED_BONDING;
1995 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1997 if (cp->addr.type == BDADDR_BREDR)
1998 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1999 cp->addr.type, sec_level, auth_type);
2001 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2002 cp->addr.type, sec_level, auth_type);
2007 if (PTR_ERR(conn) == -EBUSY)
2008 status = MGMT_STATUS_BUSY;
2010 status = MGMT_STATUS_CONNECT_FAILED;
2012 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2018 if (conn->connect_cfm_cb) {
2020 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2021 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2025 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2032 /* For LE, just connecting isn't a proof that the pairing finished */
2033 if (cp->addr.type == BDADDR_BREDR)
2034 conn->connect_cfm_cb = pairing_complete_cb;
2036 conn->connect_cfm_cb = le_connect_complete_cb;
2038 conn->security_cfm_cb = pairing_complete_cb;
2039 conn->disconn_cfm_cb = pairing_complete_cb;
2040 conn->io_capability = cp->io_cap;
2041 cmd->user_data = conn;
2043 if (conn->state == BT_CONNECTED &&
2044 hci_conn_security(conn, sec_level, auth_type))
2045 pairing_complete(cmd, 0);
2050 hci_dev_unlock(hdev);
2054 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2057 struct mgmt_addr_info *addr = data;
2058 struct pending_cmd *cmd;
2059 struct hci_conn *conn;
2066 if (!hdev_is_powered(hdev)) {
2067 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2068 MGMT_STATUS_NOT_POWERED);
2072 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2074 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2075 MGMT_STATUS_INVALID_PARAMS);
2079 conn = cmd->user_data;
2081 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2082 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2083 MGMT_STATUS_INVALID_PARAMS);
2087 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2089 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2090 addr, sizeof(*addr));
2092 hci_dev_unlock(hdev);
2096 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2097 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2098 u16 hci_op, __le32 passkey)
2100 struct pending_cmd *cmd;
2101 struct hci_conn *conn;
2106 if (!hdev_is_powered(hdev)) {
2107 err = cmd_status(sk, hdev->id, mgmt_op,
2108 MGMT_STATUS_NOT_POWERED);
2112 if (type == BDADDR_BREDR)
2113 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2115 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2118 err = cmd_status(sk, hdev->id, mgmt_op,
2119 MGMT_STATUS_NOT_CONNECTED);
2123 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2124 /* Continue with pairing via SMP */
2125 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2128 err = cmd_status(sk, hdev->id, mgmt_op,
2129 MGMT_STATUS_SUCCESS);
2131 err = cmd_status(sk, hdev->id, mgmt_op,
2132 MGMT_STATUS_FAILED);
2137 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2143 /* Continue with pairing via HCI */
2144 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2145 struct hci_cp_user_passkey_reply cp;
2147 bacpy(&cp.bdaddr, bdaddr);
2148 cp.passkey = passkey;
2149 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2151 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2154 mgmt_pending_remove(cmd);
2157 hci_dev_unlock(hdev);
2161 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2162 void *data, u16 len)
2164 struct mgmt_cp_pin_code_neg_reply *cp = data;
2168 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2169 MGMT_OP_PIN_CODE_NEG_REPLY,
2170 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2173 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2176 struct mgmt_cp_user_confirm_reply *cp = data;
2180 if (len != sizeof(*cp))
2181 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2182 MGMT_STATUS_INVALID_PARAMS);
2184 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2185 MGMT_OP_USER_CONFIRM_REPLY,
2186 HCI_OP_USER_CONFIRM_REPLY, 0);
2189 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2190 void *data, u16 len)
2192 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2196 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2197 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2198 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2201 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2204 struct mgmt_cp_user_passkey_reply *cp = data;
2208 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2209 MGMT_OP_USER_PASSKEY_REPLY,
2210 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2213 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2214 void *data, u16 len)
2216 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2220 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2221 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2222 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2225 static int update_name(struct hci_dev *hdev, const char *name)
2227 struct hci_cp_write_local_name cp;
2229 memcpy(cp.name, name, sizeof(cp.name));
2231 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2234 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2237 struct mgmt_cp_set_local_name *cp = data;
2238 struct pending_cmd *cmd;
2245 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2247 if (!hdev_is_powered(hdev)) {
2248 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2250 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2255 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2261 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2267 err = update_name(hdev, cp->name);
2269 mgmt_pending_remove(cmd);
2272 hci_dev_unlock(hdev);
2276 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2277 void *data, u16 data_len)
2279 struct pending_cmd *cmd;
2282 BT_DBG("%s", hdev->name);
2286 if (!hdev_is_powered(hdev)) {
2287 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2288 MGMT_STATUS_NOT_POWERED);
2292 if (!lmp_ssp_capable(hdev)) {
2293 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2294 MGMT_STATUS_NOT_SUPPORTED);
2298 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2299 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2304 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2310 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2312 mgmt_pending_remove(cmd);
2315 hci_dev_unlock(hdev);
2319 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2320 void *data, u16 len)
2322 struct mgmt_cp_add_remote_oob_data *cp = data;
2326 BT_DBG("%s ", hdev->name);
2330 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2333 status = MGMT_STATUS_FAILED;
2335 status = MGMT_STATUS_SUCCESS;
2337 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2338 &cp->addr, sizeof(cp->addr));
2340 hci_dev_unlock(hdev);
2344 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2345 void *data, u16 len)
2347 struct mgmt_cp_remove_remote_oob_data *cp = data;
2351 BT_DBG("%s", hdev->name);
2355 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2357 status = MGMT_STATUS_INVALID_PARAMS;
2359 status = MGMT_STATUS_SUCCESS;
2361 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2362 status, &cp->addr, sizeof(cp->addr));
2364 hci_dev_unlock(hdev);
2368 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2372 BT_DBG("%s", hdev->name);
2376 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2378 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2380 hci_dev_unlock(hdev);
2385 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2386 void *data, u16 len)
2388 struct mgmt_cp_start_discovery *cp = data;
2389 struct pending_cmd *cmd;
2392 BT_DBG("%s", hdev->name);
2396 if (!hdev_is_powered(hdev)) {
2397 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2398 MGMT_STATUS_NOT_POWERED);
2402 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2403 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2408 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2409 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2414 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2420 hdev->discovery.type = cp->type;
2422 switch (hdev->discovery.type) {
2423 case DISCOV_TYPE_BREDR:
2424 if (!lmp_bredr_capable(hdev)) {
2425 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2426 MGMT_STATUS_NOT_SUPPORTED);
2427 mgmt_pending_remove(cmd);
2431 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2434 case DISCOV_TYPE_LE:
2435 if (!lmp_host_le_capable(hdev)) {
2436 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2437 MGMT_STATUS_NOT_SUPPORTED);
2438 mgmt_pending_remove(cmd);
2442 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2443 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2446 case DISCOV_TYPE_INTERLEAVED:
2447 if (!lmp_host_le_capable(hdev) || !lmp_bredr_capable(hdev)) {
2448 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2449 MGMT_STATUS_NOT_SUPPORTED);
2450 mgmt_pending_remove(cmd);
2454 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN,
2455 LE_SCAN_TIMEOUT_BREDR_LE);
2459 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2460 MGMT_STATUS_INVALID_PARAMS);
2461 mgmt_pending_remove(cmd);
2466 mgmt_pending_remove(cmd);
2468 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2471 hci_dev_unlock(hdev);
2475 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2478 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2479 struct pending_cmd *cmd;
2480 struct hci_cp_remote_name_req_cancel cp;
2481 struct inquiry_entry *e;
2484 BT_DBG("%s", hdev->name);
2488 if (!hci_discovery_active(hdev)) {
2489 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2490 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2491 sizeof(mgmt_cp->type));
2495 if (hdev->discovery.type != mgmt_cp->type) {
2496 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2497 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2498 sizeof(mgmt_cp->type));
2502 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2508 switch (hdev->discovery.state) {
2509 case DISCOVERY_FINDING:
2510 if (test_bit(HCI_INQUIRY, &hdev->flags))
2511 err = hci_cancel_inquiry(hdev);
2513 err = hci_cancel_le_scan(hdev);
2517 case DISCOVERY_RESOLVING:
2518 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2521 mgmt_pending_remove(cmd);
2522 err = cmd_complete(sk, hdev->id,
2523 MGMT_OP_STOP_DISCOVERY, 0,
2525 sizeof(mgmt_cp->type));
2526 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2530 bacpy(&cp.bdaddr, &e->data.bdaddr);
2531 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2537 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2542 mgmt_pending_remove(cmd);
2544 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2547 hci_dev_unlock(hdev);
2551 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2554 struct mgmt_cp_confirm_name *cp = data;
2555 struct inquiry_entry *e;
2558 BT_DBG("%s", hdev->name);
2562 if (!hci_discovery_active(hdev)) {
2563 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2564 MGMT_STATUS_FAILED);
2568 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2570 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2571 MGMT_STATUS_INVALID_PARAMS);
2575 if (cp->name_known) {
2576 e->name_state = NAME_KNOWN;
2579 e->name_state = NAME_NEEDED;
2580 hci_inquiry_cache_update_resolve(hdev, e);
2583 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2587 hci_dev_unlock(hdev);
2591 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2594 struct mgmt_cp_block_device *cp = data;
2598 BT_DBG("%s", hdev->name);
2600 if (!bdaddr_type_is_valid(cp->addr.type))
2601 return cmd_status(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
2602 MGMT_STATUS_INVALID_PARAMS);
2606 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2608 status = MGMT_STATUS_FAILED;
2610 status = MGMT_STATUS_SUCCESS;
2612 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2613 &cp->addr, sizeof(cp->addr));
2615 hci_dev_unlock(hdev);
2620 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2623 struct mgmt_cp_unblock_device *cp = data;
2627 BT_DBG("%s", hdev->name);
2629 if (!bdaddr_type_is_valid(cp->addr.type))
2630 return cmd_status(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
2631 MGMT_STATUS_INVALID_PARAMS);
2635 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2637 status = MGMT_STATUS_INVALID_PARAMS;
2639 status = MGMT_STATUS_SUCCESS;
2641 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2642 &cp->addr, sizeof(cp->addr));
2644 hci_dev_unlock(hdev);
2649 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2652 struct mgmt_cp_set_device_id *cp = data;
2656 BT_DBG("%s", hdev->name);
2658 source = __le16_to_cpu(cp->source);
2660 if (source > 0x0002)
2661 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2662 MGMT_STATUS_INVALID_PARAMS);
2666 hdev->devid_source = source;
2667 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2668 hdev->devid_product = __le16_to_cpu(cp->product);
2669 hdev->devid_version = __le16_to_cpu(cp->version);
2671 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2675 hci_dev_unlock(hdev);
2680 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2681 void *data, u16 len)
2683 struct mgmt_mode *cp = data;
2684 struct hci_cp_write_page_scan_activity acp;
2688 BT_DBG("%s", hdev->name);
2690 if (!lmp_bredr_capable(hdev))
2691 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2692 MGMT_STATUS_NOT_SUPPORTED);
2694 if (cp->val != 0x00 && cp->val != 0x01)
2695 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2696 MGMT_STATUS_INVALID_PARAMS);
2698 if (!hdev_is_powered(hdev))
2699 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2700 MGMT_STATUS_NOT_POWERED);
2702 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2703 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2704 MGMT_STATUS_REJECTED);
2709 type = PAGE_SCAN_TYPE_INTERLACED;
2711 /* 160 msec page scan interval */
2712 acp.interval = __constant_cpu_to_le16(0x0100);
2714 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2716 /* default 1.28 sec page scan */
2717 acp.interval = __constant_cpu_to_le16(0x0800);
2720 /* default 11.25 msec page scan window */
2721 acp.window = __constant_cpu_to_le16(0x0012);
2723 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2726 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2727 MGMT_STATUS_FAILED);
2731 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2733 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2734 MGMT_STATUS_FAILED);
2738 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2741 hci_dev_unlock(hdev);
2745 static bool ltk_is_valid(struct mgmt_ltk_info *key)
2747 if (key->authenticated != 0x00 && key->authenticated != 0x01)
2749 if (key->master != 0x00 && key->master != 0x01)
2751 if (!bdaddr_type_is_le(key->addr.type))
2756 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2757 void *cp_data, u16 len)
2759 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2760 u16 key_count, expected_len;
2763 key_count = __le16_to_cpu(cp->key_count);
2765 expected_len = sizeof(*cp) + key_count *
2766 sizeof(struct mgmt_ltk_info);
2767 if (expected_len != len) {
2768 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2770 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2771 MGMT_STATUS_INVALID_PARAMS);
2774 BT_DBG("%s key_count %u", hdev->name, key_count);
2776 for (i = 0; i < key_count; i++) {
2777 struct mgmt_ltk_info *key = &cp->keys[i];
2779 if (!ltk_is_valid(key))
2780 return cmd_status(sk, hdev->id,
2781 MGMT_OP_LOAD_LONG_TERM_KEYS,
2782 MGMT_STATUS_INVALID_PARAMS);
2787 hci_smp_ltks_clear(hdev);
2789 for (i = 0; i < key_count; i++) {
2790 struct mgmt_ltk_info *key = &cp->keys[i];
2796 type = HCI_SMP_LTK_SLAVE;
2798 hci_add_ltk(hdev, &key->addr.bdaddr,
2799 bdaddr_to_le(key->addr.type),
2800 type, 0, key->authenticated, key->val,
2801 key->enc_size, key->ediv, key->rand);
2804 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
2807 hci_dev_unlock(hdev);
2812 static const struct mgmt_handler {
2813 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2817 } mgmt_handlers[] = {
2818 { NULL }, /* 0x0000 (no command) */
2819 { read_version, false, MGMT_READ_VERSION_SIZE },
2820 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2821 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2822 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2823 { set_powered, false, MGMT_SETTING_SIZE },
2824 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2825 { set_connectable, false, MGMT_SETTING_SIZE },
2826 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2827 { set_pairable, false, MGMT_SETTING_SIZE },
2828 { set_link_security, false, MGMT_SETTING_SIZE },
2829 { set_ssp, false, MGMT_SETTING_SIZE },
2830 { set_hs, false, MGMT_SETTING_SIZE },
2831 { set_le, false, MGMT_SETTING_SIZE },
2832 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2833 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2834 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2835 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2836 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2837 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2838 { disconnect, false, MGMT_DISCONNECT_SIZE },
2839 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2840 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2841 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2842 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2843 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2844 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2845 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2846 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2847 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2848 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2849 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2850 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2851 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2852 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2853 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2854 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2855 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2856 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2857 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2858 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2862 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2866 struct mgmt_hdr *hdr;
2867 u16 opcode, index, len;
2868 struct hci_dev *hdev = NULL;
2869 const struct mgmt_handler *handler;
2872 BT_DBG("got %zu bytes", msglen);
2874 if (msglen < sizeof(*hdr))
2877 buf = kmalloc(msglen, GFP_KERNEL);
2881 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2887 opcode = __le16_to_cpu(hdr->opcode);
2888 index = __le16_to_cpu(hdr->index);
2889 len = __le16_to_cpu(hdr->len);
2891 if (len != msglen - sizeof(*hdr)) {
2896 if (index != MGMT_INDEX_NONE) {
2897 hdev = hci_dev_get(index);
2899 err = cmd_status(sk, index, opcode,
2900 MGMT_STATUS_INVALID_INDEX);
2905 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2906 mgmt_handlers[opcode].func == NULL) {
2907 BT_DBG("Unknown op %u", opcode);
2908 err = cmd_status(sk, index, opcode,
2909 MGMT_STATUS_UNKNOWN_COMMAND);
2913 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2914 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2915 err = cmd_status(sk, index, opcode,
2916 MGMT_STATUS_INVALID_INDEX);
2920 handler = &mgmt_handlers[opcode];
2922 if ((handler->var_len && len < handler->data_len) ||
2923 (!handler->var_len && len != handler->data_len)) {
2924 err = cmd_status(sk, index, opcode,
2925 MGMT_STATUS_INVALID_PARAMS);
2930 mgmt_init_hdev(sk, hdev);
2932 cp = buf + sizeof(*hdr);
2934 err = handler->func(sk, hdev, cp, len);
2948 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2952 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2953 mgmt_pending_remove(cmd);
2956 int mgmt_index_added(struct hci_dev *hdev)
2958 if (!mgmt_valid_hdev(hdev))
2961 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2964 int mgmt_index_removed(struct hci_dev *hdev)
2966 u8 status = MGMT_STATUS_INVALID_INDEX;
2968 if (!mgmt_valid_hdev(hdev))
2971 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2973 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2978 struct hci_dev *hdev;
2982 static void settings_rsp(struct pending_cmd *cmd, void *data)
2984 struct cmd_lookup *match = data;
2986 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2988 list_del(&cmd->list);
2990 if (match->sk == NULL) {
2991 match->sk = cmd->sk;
2992 sock_hold(match->sk);
2995 mgmt_pending_free(cmd);
2998 static int set_bredr_scan(struct hci_dev *hdev)
3002 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3004 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3005 scan |= SCAN_INQUIRY;
3010 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3013 int mgmt_powered(struct hci_dev *hdev, u8 powered)
3015 struct cmd_lookup match = { NULL, hdev };
3018 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3021 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3024 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3025 !lmp_host_ssp_capable(hdev)) {
3028 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
3031 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
3032 struct hci_cp_write_le_host_supported cp;
3035 cp.simul = lmp_le_br_capable(hdev);
3037 /* Check first if we already have the right
3038 * host state (host features set)
3040 if (cp.le != lmp_host_le_capable(hdev) ||
3041 cp.simul != lmp_host_le_br_capable(hdev))
3043 HCI_OP_WRITE_LE_HOST_SUPPORTED,
3047 if (lmp_bredr_capable(hdev)) {
3048 set_bredr_scan(hdev);
3050 update_name(hdev, hdev->dev_name);
3054 u8 status = MGMT_STATUS_NOT_POWERED;
3055 u8 zero_cod[] = { 0, 0, 0 };
3057 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3059 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3060 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3061 zero_cod, sizeof(zero_cod), NULL);
3064 err = new_settings(hdev, match.sk);
3072 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3074 struct cmd_lookup match = { NULL, hdev };
3075 bool changed = false;
3079 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3082 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3086 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3090 err = new_settings(hdev, match.sk);
3098 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3100 struct cmd_lookup match = { NULL, hdev };
3101 bool changed = false;
3105 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3108 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3112 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3116 err = new_settings(hdev, match.sk);
3124 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3126 u8 mgmt_err = mgmt_status(status);
3128 if (scan & SCAN_PAGE)
3129 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3130 cmd_status_rsp, &mgmt_err);
3132 if (scan & SCAN_INQUIRY)
3133 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3134 cmd_status_rsp, &mgmt_err);
3139 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3142 struct mgmt_ev_new_link_key ev;
3144 memset(&ev, 0, sizeof(ev));
3146 ev.store_hint = persistent;
3147 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3148 ev.key.addr.type = BDADDR_BREDR;
3149 ev.key.type = key->type;
3150 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
3151 ev.key.pin_len = key->pin_len;
3153 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3156 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3158 struct mgmt_ev_new_long_term_key ev;
3160 memset(&ev, 0, sizeof(ev));
3162 ev.store_hint = persistent;
3163 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3164 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3165 ev.key.authenticated = key->authenticated;
3166 ev.key.enc_size = key->enc_size;
3167 ev.key.ediv = key->ediv;
3169 if (key->type == HCI_SMP_LTK)
3172 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3173 memcpy(ev.key.val, key->val, sizeof(key->val));
3175 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3179 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3180 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3184 struct mgmt_ev_device_connected *ev = (void *) buf;
3187 bacpy(&ev->addr.bdaddr, bdaddr);
3188 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3190 ev->flags = __cpu_to_le32(flags);
3193 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3196 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3197 eir_len = eir_append_data(ev->eir, eir_len,
3198 EIR_CLASS_OF_DEV, dev_class, 3);
3200 ev->eir_len = cpu_to_le16(eir_len);
3202 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3203 sizeof(*ev) + eir_len, NULL);
3206 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3208 struct mgmt_cp_disconnect *cp = cmd->param;
3209 struct sock **sk = data;
3210 struct mgmt_rp_disconnect rp;
3212 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3213 rp.addr.type = cp->addr.type;
3215 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3221 mgmt_pending_remove(cmd);
3224 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3226 struct hci_dev *hdev = data;
3227 struct mgmt_cp_unpair_device *cp = cmd->param;
3228 struct mgmt_rp_unpair_device rp;
3230 memset(&rp, 0, sizeof(rp));
3231 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3232 rp.addr.type = cp->addr.type;
3234 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3236 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3238 mgmt_pending_remove(cmd);
3241 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3242 u8 link_type, u8 addr_type, u8 reason)
3244 struct mgmt_ev_device_disconnected ev;
3245 struct sock *sk = NULL;
3248 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3250 bacpy(&ev.addr.bdaddr, bdaddr);
3251 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3254 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3260 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3266 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3267 u8 link_type, u8 addr_type, u8 status)
3269 struct mgmt_rp_disconnect rp;
3270 struct pending_cmd *cmd;
3273 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3276 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3280 bacpy(&rp.addr.bdaddr, bdaddr);
3281 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3283 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3284 mgmt_status(status), &rp, sizeof(rp));
3286 mgmt_pending_remove(cmd);
3291 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3292 u8 addr_type, u8 status)
3294 struct mgmt_ev_connect_failed ev;
3296 bacpy(&ev.addr.bdaddr, bdaddr);
3297 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3298 ev.status = mgmt_status(status);
3300 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3303 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3305 struct mgmt_ev_pin_code_request ev;
3307 bacpy(&ev.addr.bdaddr, bdaddr);
3308 ev.addr.type = BDADDR_BREDR;
3311 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3315 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3318 struct pending_cmd *cmd;
3319 struct mgmt_rp_pin_code_reply rp;
3322 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3326 bacpy(&rp.addr.bdaddr, bdaddr);
3327 rp.addr.type = BDADDR_BREDR;
3329 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3330 mgmt_status(status), &rp, sizeof(rp));
3332 mgmt_pending_remove(cmd);
3337 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3340 struct pending_cmd *cmd;
3341 struct mgmt_rp_pin_code_reply rp;
3344 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3348 bacpy(&rp.addr.bdaddr, bdaddr);
3349 rp.addr.type = BDADDR_BREDR;
3351 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3352 mgmt_status(status), &rp, sizeof(rp));
3354 mgmt_pending_remove(cmd);
3359 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3360 u8 link_type, u8 addr_type, __le32 value,
3363 struct mgmt_ev_user_confirm_request ev;
3365 BT_DBG("%s", hdev->name);
3367 bacpy(&ev.addr.bdaddr, bdaddr);
3368 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3369 ev.confirm_hint = confirm_hint;
3372 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3376 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3377 u8 link_type, u8 addr_type)
3379 struct mgmt_ev_user_passkey_request ev;
3381 BT_DBG("%s", hdev->name);
3383 bacpy(&ev.addr.bdaddr, bdaddr);
3384 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3386 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3390 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3391 u8 link_type, u8 addr_type, u8 status,
3394 struct pending_cmd *cmd;
3395 struct mgmt_rp_user_confirm_reply rp;
3398 cmd = mgmt_pending_find(opcode, hdev);
3402 bacpy(&rp.addr.bdaddr, bdaddr);
3403 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3404 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3407 mgmt_pending_remove(cmd);
3412 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3413 u8 link_type, u8 addr_type, u8 status)
3415 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3416 status, MGMT_OP_USER_CONFIRM_REPLY);
3419 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3420 u8 link_type, u8 addr_type, u8 status)
3422 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3424 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3427 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3428 u8 link_type, u8 addr_type, u8 status)
3430 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3431 status, MGMT_OP_USER_PASSKEY_REPLY);
3434 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3435 u8 link_type, u8 addr_type, u8 status)
3437 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3439 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3442 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3443 u8 link_type, u8 addr_type, u32 passkey,
3446 struct mgmt_ev_passkey_notify ev;
3448 BT_DBG("%s", hdev->name);
3450 bacpy(&ev.addr.bdaddr, bdaddr);
3451 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3452 ev.passkey = __cpu_to_le32(passkey);
3453 ev.entered = entered;
3455 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3458 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3459 u8 addr_type, u8 status)
3461 struct mgmt_ev_auth_failed ev;
3463 bacpy(&ev.addr.bdaddr, bdaddr);
3464 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3465 ev.status = mgmt_status(status);
3467 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3470 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3472 struct cmd_lookup match = { NULL, hdev };
3473 bool changed = false;
3477 u8 mgmt_err = mgmt_status(status);
3478 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3479 cmd_status_rsp, &mgmt_err);
3483 if (test_bit(HCI_AUTH, &hdev->flags)) {
3484 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3487 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3491 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3495 err = new_settings(hdev, match.sk);
3503 static int clear_eir(struct hci_dev *hdev)
3505 struct hci_cp_write_eir cp;
3507 if (!lmp_ext_inq_capable(hdev))
3510 memset(hdev->eir, 0, sizeof(hdev->eir));
3512 memset(&cp, 0, sizeof(cp));
3514 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3517 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3519 struct cmd_lookup match = { NULL, hdev };
3520 bool changed = false;
3524 u8 mgmt_err = mgmt_status(status);
3526 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3528 err = new_settings(hdev, NULL);
3530 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3537 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3540 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3544 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3547 err = new_settings(hdev, match.sk);
3552 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3560 static void class_rsp(struct pending_cmd *cmd, void *data)
3562 struct cmd_lookup *match = data;
3564 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3565 match->hdev->dev_class, 3);
3567 list_del(&cmd->list);
3569 if (match->sk == NULL) {
3570 match->sk = cmd->sk;
3571 sock_hold(match->sk);
3574 mgmt_pending_free(cmd);
3577 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3580 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3583 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3585 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3586 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3587 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3590 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3599 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3601 struct pending_cmd *cmd;
3602 struct mgmt_cp_set_local_name ev;
3603 bool changed = false;
3606 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3607 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3611 memset(&ev, 0, sizeof(ev));
3612 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3613 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3615 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3619 /* Always assume that either the short or the complete name has
3620 * changed if there was a pending mgmt command */
3624 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3625 mgmt_status(status));
3629 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3636 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3637 sizeof(ev), cmd ? cmd->sk : NULL);
3639 /* EIR is taken care of separately when powering on the
3640 * adapter so only update them here if this is a name change
3641 * unrelated to power on.
3643 if (!test_bit(HCI_INIT, &hdev->flags))
3648 mgmt_pending_remove(cmd);
3652 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3653 u8 *randomizer, u8 status)
3655 struct pending_cmd *cmd;
3658 BT_DBG("%s status %u", hdev->name, status);
3660 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3665 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3666 mgmt_status(status));
3668 struct mgmt_rp_read_local_oob_data rp;
3670 memcpy(rp.hash, hash, sizeof(rp.hash));
3671 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3673 err = cmd_complete(cmd->sk, hdev->id,
3674 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3678 mgmt_pending_remove(cmd);
3683 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3685 struct cmd_lookup match = { NULL, hdev };
3686 bool changed = false;
3690 u8 mgmt_err = mgmt_status(status);
3692 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3694 err = new_settings(hdev, NULL);
3696 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3703 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3706 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3710 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3713 err = new_settings(hdev, match.sk);
3721 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3722 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3723 ssp, u8 *eir, u16 eir_len)
3726 struct mgmt_ev_device_found *ev = (void *) buf;
3729 /* Leave 5 bytes for a potential CoD field */
3730 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3733 memset(buf, 0, sizeof(buf));
3735 bacpy(&ev->addr.bdaddr, bdaddr);
3736 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3739 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3741 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3744 memcpy(ev->eir, eir, eir_len);
3746 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3747 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3750 ev->eir_len = cpu_to_le16(eir_len);
3751 ev_size = sizeof(*ev) + eir_len;
3753 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3756 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3757 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3759 struct mgmt_ev_device_found *ev;
3760 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3763 ev = (struct mgmt_ev_device_found *) buf;
3765 memset(buf, 0, sizeof(buf));
3767 bacpy(&ev->addr.bdaddr, bdaddr);
3768 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3771 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3774 ev->eir_len = cpu_to_le16(eir_len);
3776 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3777 sizeof(*ev) + eir_len, NULL);
3780 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3782 struct pending_cmd *cmd;
3786 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3788 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3792 type = hdev->discovery.type;
3794 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3795 &type, sizeof(type));
3796 mgmt_pending_remove(cmd);
3801 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3803 struct pending_cmd *cmd;
3806 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3810 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3811 &hdev->discovery.type, sizeof(hdev->discovery.type));
3812 mgmt_pending_remove(cmd);
3817 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3819 struct mgmt_ev_discovering ev;
3820 struct pending_cmd *cmd;
3822 BT_DBG("%s discovering %u", hdev->name, discovering);
3825 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3827 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3830 u8 type = hdev->discovery.type;
3832 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3834 mgmt_pending_remove(cmd);
3837 memset(&ev, 0, sizeof(ev));
3838 ev.type = hdev->discovery.type;
3839 ev.discovering = discovering;
3841 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3844 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3846 struct pending_cmd *cmd;
3847 struct mgmt_ev_device_blocked ev;
3849 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3851 bacpy(&ev.addr.bdaddr, bdaddr);
3852 ev.addr.type = type;
3854 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3855 cmd ? cmd->sk : NULL);
3858 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3860 struct pending_cmd *cmd;
3861 struct mgmt_ev_device_unblocked ev;
3863 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3865 bacpy(&ev.addr.bdaddr, bdaddr);
3866 ev.addr.type = type;
3868 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3869 cmd ? cmd->sk : NULL);
3872 module_param(enable_hs, bool, 0644);
3873 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
projects / karo-tx-linux.git / blob