2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 2
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
81 static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102 MGMT_EV_PASSKEY_NOTIFY,
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
109 #define LE_SCAN_TYPE 0x01
110 #define LE_SCAN_WIN 0x12
111 #define LE_SCAN_INT 0x12
112 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
113 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
115 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
118 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
120 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124 struct list_head list;
132 /* HCI to MGMT error code conversion table */
133 static u8 mgmt_status_table[] = {
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
197 bool mgmt_valid_hdev(struct hci_dev *hdev)
199 return hdev->dev_type == HCI_BREDR;
202 static u8 mgmt_status(u8 hci_status)
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
207 return MGMT_STATUS_FAILED;
210 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
226 hdr->index = cpu_to_le16(index);
227 hdr->len = cpu_to_le16(sizeof(*ev));
229 ev = (void *) skb_put(skb, sizeof(*ev));
231 ev->opcode = cpu_to_le16(cmd);
233 err = sock_queue_rcv_skb(sk, skb);
240 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 void *rp, size_t rp_len)
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
248 BT_DBG("sock %p", sk);
250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
257 hdr->index = cpu_to_le16(index);
258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
261 ev->opcode = cpu_to_le16(cmd);
265 memcpy(ev->data, rp, rp_len);
267 err = sock_queue_rcv_skb(sk, skb);
274 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
277 struct mgmt_rp_read_version rp;
279 BT_DBG("sock %p", sk);
281 rp.version = MGMT_VERSION;
282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
288 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
291 struct mgmt_rp_read_commands *rp;
292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
298 BT_DBG("sock %p", sk);
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
302 rp = kmalloc(rp_size, GFP_KERNEL);
306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
322 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
325 struct mgmt_rp_read_index_list *rp;
331 BT_DBG("sock %p", sk);
333 read_lock(&hci_dev_list_lock);
336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
346 read_unlock(&hci_dev_list_lock);
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (test_bit(HCI_SETUP, &d->dev_flags))
355 if (!mgmt_valid_hdev(d))
358 rp->index[count++] = cpu_to_le16(d->id);
359 BT_DBG("Added hci%u", d->id);
362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
365 read_unlock(&hci_dev_list_lock);
367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
375 static u32 get_supported_settings(struct hci_dev *hdev)
379 settings |= MGMT_SETTING_POWERED;
380 settings |= MGMT_SETTING_PAIRABLE;
382 if (lmp_ssp_capable(hdev))
383 settings |= MGMT_SETTING_SSP;
385 if (lmp_bredr_capable(hdev)) {
386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
394 settings |= MGMT_SETTING_HS;
396 if (lmp_le_capable(hdev))
397 settings |= MGMT_SETTING_LE;
402 static u32 get_current_settings(struct hci_dev *hdev)
406 if (hdev_is_powered(hdev))
407 settings |= MGMT_SETTING_POWERED;
409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
410 settings |= MGMT_SETTING_CONNECTABLE;
412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_DISCOVERABLE;
415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
416 settings |= MGMT_SETTING_PAIRABLE;
418 if (lmp_bredr_capable(hdev))
419 settings |= MGMT_SETTING_BREDR;
421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
422 settings |= MGMT_SETTING_LE;
424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
425 settings |= MGMT_SETTING_LINK_SECURITY;
427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
428 settings |= MGMT_SETTING_SSP;
430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
436 #define PNP_INFO_SVCLASS_ID 0x1200
438 static u8 bluetooth_base_uuid[] = {
439 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
440 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
443 static u16 get_uuid16(u8 *uuid128)
448 for (i = 0; i < 12; i++) {
449 if (bluetooth_base_uuid[i] != uuid128[i])
453 val = get_unaligned_le32(&uuid128[12]);
460 static void create_eir(struct hci_dev *hdev, u8 *data)
464 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
465 int i, truncated = 0;
466 struct bt_uuid *uuid;
469 name_len = strlen(hdev->dev_name);
475 ptr[1] = EIR_NAME_SHORT;
477 ptr[1] = EIR_NAME_COMPLETE;
479 /* EIR Data length */
480 ptr[0] = name_len + 1;
482 memcpy(ptr + 2, hdev->dev_name, name_len);
484 eir_len += (name_len + 2);
485 ptr += (name_len + 2);
488 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
490 ptr[1] = EIR_TX_POWER;
491 ptr[2] = (u8) hdev->inq_tx_power;
497 if (hdev->devid_source > 0) {
499 ptr[1] = EIR_DEVICE_ID;
501 put_unaligned_le16(hdev->devid_source, ptr + 2);
502 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
503 put_unaligned_le16(hdev->devid_product, ptr + 6);
504 put_unaligned_le16(hdev->devid_version, ptr + 8);
510 memset(uuid16_list, 0, sizeof(uuid16_list));
512 /* Group all UUID16 types */
513 list_for_each_entry(uuid, &hdev->uuids, list) {
516 uuid16 = get_uuid16(uuid->uuid);
523 if (uuid16 == PNP_INFO_SVCLASS_ID)
526 /* Stop if not enough space to put next UUID */
527 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
532 /* Check for duplicates */
533 for (i = 0; uuid16_list[i] != 0; i++)
534 if (uuid16_list[i] == uuid16)
537 if (uuid16_list[i] == 0) {
538 uuid16_list[i] = uuid16;
539 eir_len += sizeof(u16);
543 if (uuid16_list[0] != 0) {
547 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
552 for (i = 0; uuid16_list[i] != 0; i++) {
553 *ptr++ = (uuid16_list[i] & 0x00ff);
554 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
557 /* EIR Data length */
558 *length = (i * sizeof(u16)) + 1;
562 static int update_eir(struct hci_dev *hdev)
564 struct hci_cp_write_eir cp;
566 if (!hdev_is_powered(hdev))
569 if (!lmp_ext_inq_capable(hdev))
572 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
575 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
578 memset(&cp, 0, sizeof(cp));
580 create_eir(hdev, cp.data);
582 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
585 memcpy(hdev->eir, cp.data, sizeof(cp.data));
587 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
590 static u8 get_service_classes(struct hci_dev *hdev)
592 struct bt_uuid *uuid;
595 list_for_each_entry(uuid, &hdev->uuids, list)
596 val |= uuid->svc_hint;
601 static int update_class(struct hci_dev *hdev)
606 BT_DBG("%s", hdev->name);
608 if (!hdev_is_powered(hdev))
611 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
614 cod[0] = hdev->minor_class;
615 cod[1] = hdev->major_class;
616 cod[2] = get_service_classes(hdev);
618 if (memcmp(cod, hdev->dev_class, 3) == 0)
621 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
623 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
628 static void service_cache_off(struct work_struct *work)
630 struct hci_dev *hdev = container_of(work, struct hci_dev,
633 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
641 hci_dev_unlock(hdev);
644 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
646 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
649 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
651 /* Non-mgmt controlled devices get this bit set
652 * implicitly so that pairing works for them, however
653 * for mgmt we require user-space to explicitly enable
656 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
659 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
660 void *data, u16 data_len)
662 struct mgmt_rp_read_info rp;
664 BT_DBG("sock %p %s", sk, hdev->name);
668 memset(&rp, 0, sizeof(rp));
670 bacpy(&rp.bdaddr, &hdev->bdaddr);
672 rp.version = hdev->hci_ver;
673 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
675 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
676 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
678 memcpy(rp.dev_class, hdev->dev_class, 3);
680 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
681 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
683 hci_dev_unlock(hdev);
685 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
689 static void mgmt_pending_free(struct pending_cmd *cmd)
696 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
697 struct hci_dev *hdev, void *data,
700 struct pending_cmd *cmd;
702 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
706 cmd->opcode = opcode;
707 cmd->index = hdev->id;
709 cmd->param = kmalloc(len, GFP_KERNEL);
716 memcpy(cmd->param, data, len);
721 list_add(&cmd->list, &hdev->mgmt_pending);
726 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
727 void (*cb)(struct pending_cmd *cmd,
731 struct list_head *p, *n;
733 list_for_each_safe(p, n, &hdev->mgmt_pending) {
734 struct pending_cmd *cmd;
736 cmd = list_entry(p, struct pending_cmd, list);
738 if (opcode > 0 && cmd->opcode != opcode)
745 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
747 struct pending_cmd *cmd;
749 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
750 if (cmd->opcode == opcode)
757 static void mgmt_pending_remove(struct pending_cmd *cmd)
759 list_del(&cmd->list);
760 mgmt_pending_free(cmd);
763 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
765 __le32 settings = cpu_to_le32(get_current_settings(hdev));
767 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
771 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
774 struct mgmt_mode *cp = data;
775 struct pending_cmd *cmd;
778 BT_DBG("request for %s", hdev->name);
782 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
783 cancel_delayed_work(&hdev->power_off);
786 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
787 mgmt_powered(hdev, 1);
792 if (!!cp->val == hdev_is_powered(hdev)) {
793 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
797 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
798 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
803 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
810 schedule_work(&hdev->power_on);
812 schedule_work(&hdev->power_off.work);
817 hci_dev_unlock(hdev);
821 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
822 struct sock *skip_sk)
825 struct mgmt_hdr *hdr;
827 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
831 hdr = (void *) skb_put(skb, sizeof(*hdr));
832 hdr->opcode = cpu_to_le16(event);
834 hdr->index = cpu_to_le16(hdev->id);
836 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
837 hdr->len = cpu_to_le16(data_len);
840 memcpy(skb_put(skb, data_len), data, data_len);
843 __net_timestamp(skb);
845 hci_send_to_control(skb, skip_sk);
851 static int new_settings(struct hci_dev *hdev, struct sock *skip)
855 ev = cpu_to_le32(get_current_settings(hdev));
857 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
860 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
863 struct mgmt_cp_set_discoverable *cp = data;
864 struct pending_cmd *cmd;
869 BT_DBG("request for %s", hdev->name);
871 if (!lmp_bredr_capable(hdev))
872 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
873 MGMT_STATUS_NOT_SUPPORTED);
875 timeout = __le16_to_cpu(cp->timeout);
876 if (!cp->val && timeout > 0)
877 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
878 MGMT_STATUS_INVALID_PARAMS);
882 if (!hdev_is_powered(hdev) && timeout > 0) {
883 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
884 MGMT_STATUS_NOT_POWERED);
888 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
889 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
890 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
895 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
896 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
897 MGMT_STATUS_REJECTED);
901 if (!hdev_is_powered(hdev)) {
902 bool changed = false;
904 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
905 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
909 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
914 err = new_settings(hdev, sk);
919 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
920 if (hdev->discov_timeout > 0) {
921 cancel_delayed_work(&hdev->discov_off);
922 hdev->discov_timeout = 0;
925 if (cp->val && timeout > 0) {
926 hdev->discov_timeout = timeout;
927 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
928 msecs_to_jiffies(hdev->discov_timeout * 1000));
931 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
935 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
944 scan |= SCAN_INQUIRY;
946 cancel_delayed_work(&hdev->discov_off);
948 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
950 mgmt_pending_remove(cmd);
953 hdev->discov_timeout = timeout;
956 hci_dev_unlock(hdev);
960 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
963 struct mgmt_mode *cp = data;
964 struct pending_cmd *cmd;
968 BT_DBG("request for %s", hdev->name);
970 if (!lmp_bredr_capable(hdev))
971 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
972 MGMT_STATUS_NOT_SUPPORTED);
976 if (!hdev_is_powered(hdev)) {
977 bool changed = false;
979 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
983 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
985 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
986 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
989 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
994 err = new_settings(hdev, sk);
999 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1000 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1001 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1006 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1007 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1011 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1022 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1023 hdev->discov_timeout > 0)
1024 cancel_delayed_work(&hdev->discov_off);
1027 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1029 mgmt_pending_remove(cmd);
1032 hci_dev_unlock(hdev);
1036 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1039 struct mgmt_mode *cp = data;
1042 BT_DBG("request for %s", hdev->name);
1047 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1049 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1051 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1055 err = new_settings(hdev, sk);
1058 hci_dev_unlock(hdev);
1062 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1065 struct mgmt_mode *cp = data;
1066 struct pending_cmd *cmd;
1070 BT_DBG("request for %s", hdev->name);
1072 if (!lmp_bredr_capable(hdev))
1073 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1074 MGMT_STATUS_NOT_SUPPORTED);
1078 if (!hdev_is_powered(hdev)) {
1079 bool changed = false;
1081 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1082 &hdev->dev_flags)) {
1083 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1087 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1092 err = new_settings(hdev, sk);
1097 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1098 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1105 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1106 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1110 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1116 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1118 mgmt_pending_remove(cmd);
1123 hci_dev_unlock(hdev);
1127 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1129 struct mgmt_mode *cp = data;
1130 struct pending_cmd *cmd;
1134 BT_DBG("request for %s", hdev->name);
1138 if (!lmp_ssp_capable(hdev)) {
1139 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1140 MGMT_STATUS_NOT_SUPPORTED);
1146 if (!hdev_is_powered(hdev)) {
1147 bool changed = false;
1149 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1150 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1154 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1159 err = new_settings(hdev, sk);
1164 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1165 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1170 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1171 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1175 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1181 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1183 mgmt_pending_remove(cmd);
1188 hci_dev_unlock(hdev);
1192 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1194 struct mgmt_mode *cp = data;
1196 BT_DBG("request for %s", hdev->name);
1199 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1200 MGMT_STATUS_NOT_SUPPORTED);
1203 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1205 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1207 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1210 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1212 struct mgmt_mode *cp = data;
1213 struct hci_cp_write_le_host_supported hci_cp;
1214 struct pending_cmd *cmd;
1218 BT_DBG("request for %s", hdev->name);
1222 if (!lmp_le_capable(hdev)) {
1223 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1224 MGMT_STATUS_NOT_SUPPORTED);
1229 enabled = lmp_host_le_capable(hdev);
1231 if (!hdev_is_powered(hdev) || val == enabled) {
1232 bool changed = false;
1234 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1235 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1239 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1244 err = new_settings(hdev, sk);
1249 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1250 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1255 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1261 memset(&hci_cp, 0, sizeof(hci_cp));
1265 hci_cp.simul = lmp_le_br_capable(hdev);
1268 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1271 mgmt_pending_remove(cmd);
1274 hci_dev_unlock(hdev);
1278 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1280 struct mgmt_cp_add_uuid *cp = data;
1281 struct pending_cmd *cmd;
1282 struct bt_uuid *uuid;
1285 BT_DBG("request for %s", hdev->name);
1289 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1290 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1295 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1301 memcpy(uuid->uuid, cp->uuid, 16);
1302 uuid->svc_hint = cp->svc_hint;
1304 list_add(&uuid->list, &hdev->uuids);
1306 err = update_class(hdev);
1310 err = update_eir(hdev);
1314 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1315 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1316 hdev->dev_class, 3);
1320 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1325 hci_dev_unlock(hdev);
1329 static bool enable_service_cache(struct hci_dev *hdev)
1331 if (!hdev_is_powered(hdev))
1334 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1335 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1342 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1345 struct mgmt_cp_remove_uuid *cp = data;
1346 struct pending_cmd *cmd;
1347 struct list_head *p, *n;
1348 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1351 BT_DBG("request for %s", hdev->name);
1355 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1356 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1361 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1362 err = hci_uuids_clear(hdev);
1364 if (enable_service_cache(hdev)) {
1365 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1366 0, hdev->dev_class, 3);
1375 list_for_each_safe(p, n, &hdev->uuids) {
1376 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1378 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1381 list_del(&match->list);
1387 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1388 MGMT_STATUS_INVALID_PARAMS);
1393 err = update_class(hdev);
1397 err = update_eir(hdev);
1401 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1402 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1403 hdev->dev_class, 3);
1407 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1412 hci_dev_unlock(hdev);
1416 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1419 struct mgmt_cp_set_dev_class *cp = data;
1420 struct pending_cmd *cmd;
1423 BT_DBG("request for %s", hdev->name);
1427 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1428 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1433 hdev->major_class = cp->major;
1434 hdev->minor_class = cp->minor;
1436 if (!hdev_is_powered(hdev)) {
1437 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1438 hdev->dev_class, 3);
1442 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1443 hci_dev_unlock(hdev);
1444 cancel_delayed_work_sync(&hdev->service_cache);
1449 err = update_class(hdev);
1453 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1454 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1455 hdev->dev_class, 3);
1459 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1464 hci_dev_unlock(hdev);
1468 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1471 struct mgmt_cp_load_link_keys *cp = data;
1472 u16 key_count, expected_len;
1475 key_count = __le16_to_cpu(cp->key_count);
1477 expected_len = sizeof(*cp) + key_count *
1478 sizeof(struct mgmt_link_key_info);
1479 if (expected_len != len) {
1480 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1482 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1483 MGMT_STATUS_INVALID_PARAMS);
1486 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1491 hci_link_keys_clear(hdev);
1493 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1496 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1498 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1500 for (i = 0; i < key_count; i++) {
1501 struct mgmt_link_key_info *key = &cp->keys[i];
1503 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1504 key->type, key->pin_len);
1507 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1509 hci_dev_unlock(hdev);
1514 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1515 u8 addr_type, struct sock *skip_sk)
1517 struct mgmt_ev_device_unpaired ev;
1519 bacpy(&ev.addr.bdaddr, bdaddr);
1520 ev.addr.type = addr_type;
1522 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1526 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1529 struct mgmt_cp_unpair_device *cp = data;
1530 struct mgmt_rp_unpair_device rp;
1531 struct hci_cp_disconnect dc;
1532 struct pending_cmd *cmd;
1533 struct hci_conn *conn;
1538 memset(&rp, 0, sizeof(rp));
1539 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1540 rp.addr.type = cp->addr.type;
1542 if (!hdev_is_powered(hdev)) {
1543 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1544 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1548 if (cp->addr.type == BDADDR_BREDR)
1549 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1551 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1554 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1555 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1559 if (cp->disconnect) {
1560 if (cp->addr.type == BDADDR_BREDR)
1561 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1564 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1571 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1573 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1577 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1584 dc.handle = cpu_to_le16(conn->handle);
1585 dc.reason = 0x13; /* Remote User Terminated Connection */
1586 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1588 mgmt_pending_remove(cmd);
1591 hci_dev_unlock(hdev);
1595 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1598 struct mgmt_cp_disconnect *cp = data;
1599 struct hci_cp_disconnect dc;
1600 struct pending_cmd *cmd;
1601 struct hci_conn *conn;
1608 if (!test_bit(HCI_UP, &hdev->flags)) {
1609 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1610 MGMT_STATUS_NOT_POWERED);
1614 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1615 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1620 if (cp->addr.type == BDADDR_BREDR)
1621 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1624 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1626 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1627 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1628 MGMT_STATUS_NOT_CONNECTED);
1632 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1638 dc.handle = cpu_to_le16(conn->handle);
1639 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1641 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1643 mgmt_pending_remove(cmd);
1646 hci_dev_unlock(hdev);
1650 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1652 switch (link_type) {
1654 switch (addr_type) {
1655 case ADDR_LE_DEV_PUBLIC:
1656 return BDADDR_LE_PUBLIC;
1659 /* Fallback to LE Random address type */
1660 return BDADDR_LE_RANDOM;
1664 /* Fallback to BR/EDR type */
1665 return BDADDR_BREDR;
1669 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1672 struct mgmt_rp_get_connections *rp;
1682 if (!hdev_is_powered(hdev)) {
1683 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1684 MGMT_STATUS_NOT_POWERED);
1689 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1690 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1694 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1695 rp = kmalloc(rp_len, GFP_KERNEL);
1702 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1703 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1705 bacpy(&rp->addr[i].bdaddr, &c->dst);
1706 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1707 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1712 rp->conn_count = cpu_to_le16(i);
1714 /* Recalculate length in case of filtered SCO connections, etc */
1715 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1717 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1723 hci_dev_unlock(hdev);
1727 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1728 struct mgmt_cp_pin_code_neg_reply *cp)
1730 struct pending_cmd *cmd;
1733 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1738 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1739 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1741 mgmt_pending_remove(cmd);
1746 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1749 struct hci_conn *conn;
1750 struct mgmt_cp_pin_code_reply *cp = data;
1751 struct hci_cp_pin_code_reply reply;
1752 struct pending_cmd *cmd;
1759 if (!hdev_is_powered(hdev)) {
1760 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1761 MGMT_STATUS_NOT_POWERED);
1765 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1767 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1768 MGMT_STATUS_NOT_CONNECTED);
1772 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1773 struct mgmt_cp_pin_code_neg_reply ncp;
1775 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1777 BT_ERR("PIN code is not 16 bytes long");
1779 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1781 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1782 MGMT_STATUS_INVALID_PARAMS);
1787 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1793 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1794 reply.pin_len = cp->pin_len;
1795 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1797 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1799 mgmt_pending_remove(cmd);
1802 hci_dev_unlock(hdev);
1806 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1809 struct mgmt_cp_set_io_capability *cp = data;
1815 hdev->io_capability = cp->io_capability;
1817 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1818 hdev->io_capability);
1820 hci_dev_unlock(hdev);
1822 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1826 static struct pending_cmd *find_pairing(struct hci_conn *conn)
1828 struct hci_dev *hdev = conn->hdev;
1829 struct pending_cmd *cmd;
1831 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1832 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1835 if (cmd->user_data != conn)
1844 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1846 struct mgmt_rp_pair_device rp;
1847 struct hci_conn *conn = cmd->user_data;
1849 bacpy(&rp.addr.bdaddr, &conn->dst);
1850 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1852 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1855 /* So we don't get further callbacks for this connection */
1856 conn->connect_cfm_cb = NULL;
1857 conn->security_cfm_cb = NULL;
1858 conn->disconn_cfm_cb = NULL;
1862 mgmt_pending_remove(cmd);
1865 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1867 struct pending_cmd *cmd;
1869 BT_DBG("status %u", status);
1871 cmd = find_pairing(conn);
1873 BT_DBG("Unable to find a pending command");
1875 pairing_complete(cmd, mgmt_status(status));
1878 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1880 struct pending_cmd *cmd;
1882 BT_DBG("status %u", status);
1887 cmd = find_pairing(conn);
1889 BT_DBG("Unable to find a pending command");
1891 pairing_complete(cmd, mgmt_status(status));
1894 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1897 struct mgmt_cp_pair_device *cp = data;
1898 struct mgmt_rp_pair_device rp;
1899 struct pending_cmd *cmd;
1900 u8 sec_level, auth_type;
1901 struct hci_conn *conn;
1908 if (!hdev_is_powered(hdev)) {
1909 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1910 MGMT_STATUS_NOT_POWERED);
1914 sec_level = BT_SECURITY_MEDIUM;
1915 if (cp->io_cap == 0x03)
1916 auth_type = HCI_AT_DEDICATED_BONDING;
1918 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1920 if (cp->addr.type == BDADDR_BREDR)
1921 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1922 cp->addr.type, sec_level, auth_type);
1924 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1925 cp->addr.type, sec_level, auth_type);
1927 memset(&rp, 0, sizeof(rp));
1928 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1929 rp.addr.type = cp->addr.type;
1934 if (PTR_ERR(conn) == -EBUSY)
1935 status = MGMT_STATUS_BUSY;
1937 status = MGMT_STATUS_CONNECT_FAILED;
1939 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1945 if (conn->connect_cfm_cb) {
1947 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1948 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1952 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1959 /* For LE, just connecting isn't a proof that the pairing finished */
1960 if (cp->addr.type == BDADDR_BREDR)
1961 conn->connect_cfm_cb = pairing_complete_cb;
1963 conn->connect_cfm_cb = le_connect_complete_cb;
1965 conn->security_cfm_cb = pairing_complete_cb;
1966 conn->disconn_cfm_cb = pairing_complete_cb;
1967 conn->io_capability = cp->io_cap;
1968 cmd->user_data = conn;
1970 if (conn->state == BT_CONNECTED &&
1971 hci_conn_security(conn, sec_level, auth_type))
1972 pairing_complete(cmd, 0);
1977 hci_dev_unlock(hdev);
1981 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1984 struct mgmt_addr_info *addr = data;
1985 struct pending_cmd *cmd;
1986 struct hci_conn *conn;
1993 if (!hdev_is_powered(hdev)) {
1994 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1995 MGMT_STATUS_NOT_POWERED);
1999 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2001 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2002 MGMT_STATUS_INVALID_PARAMS);
2006 conn = cmd->user_data;
2008 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2009 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2010 MGMT_STATUS_INVALID_PARAMS);
2014 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2016 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2017 addr, sizeof(*addr));
2019 hci_dev_unlock(hdev);
2023 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2024 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2025 u16 hci_op, __le32 passkey)
2027 struct pending_cmd *cmd;
2028 struct hci_conn *conn;
2033 if (!hdev_is_powered(hdev)) {
2034 err = cmd_status(sk, hdev->id, mgmt_op,
2035 MGMT_STATUS_NOT_POWERED);
2039 if (type == BDADDR_BREDR)
2040 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2042 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2045 err = cmd_status(sk, hdev->id, mgmt_op,
2046 MGMT_STATUS_NOT_CONNECTED);
2050 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2051 /* Continue with pairing via SMP */
2052 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2055 err = cmd_status(sk, hdev->id, mgmt_op,
2056 MGMT_STATUS_SUCCESS);
2058 err = cmd_status(sk, hdev->id, mgmt_op,
2059 MGMT_STATUS_FAILED);
2064 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2070 /* Continue with pairing via HCI */
2071 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2072 struct hci_cp_user_passkey_reply cp;
2074 bacpy(&cp.bdaddr, bdaddr);
2075 cp.passkey = passkey;
2076 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2078 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2081 mgmt_pending_remove(cmd);
2084 hci_dev_unlock(hdev);
2088 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2089 void *data, u16 len)
2091 struct mgmt_cp_pin_code_neg_reply *cp = data;
2095 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2096 MGMT_OP_PIN_CODE_NEG_REPLY,
2097 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2100 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2103 struct mgmt_cp_user_confirm_reply *cp = data;
2107 if (len != sizeof(*cp))
2108 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2109 MGMT_STATUS_INVALID_PARAMS);
2111 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2112 MGMT_OP_USER_CONFIRM_REPLY,
2113 HCI_OP_USER_CONFIRM_REPLY, 0);
2116 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2117 void *data, u16 len)
2119 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2123 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2124 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2125 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2128 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2131 struct mgmt_cp_user_passkey_reply *cp = data;
2135 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2136 MGMT_OP_USER_PASSKEY_REPLY,
2137 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2140 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2141 void *data, u16 len)
2143 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2147 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2148 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2149 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2152 static int update_name(struct hci_dev *hdev, const char *name)
2154 struct hci_cp_write_local_name cp;
2156 memcpy(cp.name, name, sizeof(cp.name));
2158 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2161 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2164 struct mgmt_cp_set_local_name *cp = data;
2165 struct pending_cmd *cmd;
2172 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2174 if (!hdev_is_powered(hdev)) {
2175 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2177 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2182 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2188 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2194 err = update_name(hdev, cp->name);
2196 mgmt_pending_remove(cmd);
2199 hci_dev_unlock(hdev);
2203 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2204 void *data, u16 data_len)
2206 struct pending_cmd *cmd;
2209 BT_DBG("%s", hdev->name);
2213 if (!hdev_is_powered(hdev)) {
2214 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2215 MGMT_STATUS_NOT_POWERED);
2219 if (!lmp_ssp_capable(hdev)) {
2220 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2221 MGMT_STATUS_NOT_SUPPORTED);
2225 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2226 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2231 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2237 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2239 mgmt_pending_remove(cmd);
2242 hci_dev_unlock(hdev);
2246 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2247 void *data, u16 len)
2249 struct mgmt_cp_add_remote_oob_data *cp = data;
2253 BT_DBG("%s ", hdev->name);
2257 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2260 status = MGMT_STATUS_FAILED;
2264 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2265 &cp->addr, sizeof(cp->addr));
2267 hci_dev_unlock(hdev);
2271 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2272 void *data, u16 len)
2274 struct mgmt_cp_remove_remote_oob_data *cp = data;
2278 BT_DBG("%s", hdev->name);
2282 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2284 status = MGMT_STATUS_INVALID_PARAMS;
2288 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2289 status, &cp->addr, sizeof(cp->addr));
2291 hci_dev_unlock(hdev);
2295 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2299 BT_DBG("%s", hdev->name);
2303 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2305 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2307 hci_dev_unlock(hdev);
2312 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2313 void *data, u16 len)
2315 struct mgmt_cp_start_discovery *cp = data;
2316 struct pending_cmd *cmd;
2319 BT_DBG("%s", hdev->name);
2323 if (!hdev_is_powered(hdev)) {
2324 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2325 MGMT_STATUS_NOT_POWERED);
2329 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2330 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2335 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2336 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2341 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2347 hdev->discovery.type = cp->type;
2349 switch (hdev->discovery.type) {
2350 case DISCOV_TYPE_BREDR:
2351 if (lmp_bredr_capable(hdev))
2352 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2357 case DISCOV_TYPE_LE:
2358 if (lmp_host_le_capable(hdev))
2359 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2360 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2365 case DISCOV_TYPE_INTERLEAVED:
2366 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2367 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2369 LE_SCAN_TIMEOUT_BREDR_LE);
2379 mgmt_pending_remove(cmd);
2381 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2384 hci_dev_unlock(hdev);
2388 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2391 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2392 struct pending_cmd *cmd;
2393 struct hci_cp_remote_name_req_cancel cp;
2394 struct inquiry_entry *e;
2397 BT_DBG("%s", hdev->name);
2401 if (!hci_discovery_active(hdev)) {
2402 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2403 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2404 sizeof(mgmt_cp->type));
2408 if (hdev->discovery.type != mgmt_cp->type) {
2409 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2410 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2411 sizeof(mgmt_cp->type));
2415 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2421 switch (hdev->discovery.state) {
2422 case DISCOVERY_FINDING:
2423 if (test_bit(HCI_INQUIRY, &hdev->flags))
2424 err = hci_cancel_inquiry(hdev);
2426 err = hci_cancel_le_scan(hdev);
2430 case DISCOVERY_RESOLVING:
2431 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2434 mgmt_pending_remove(cmd);
2435 err = cmd_complete(sk, hdev->id,
2436 MGMT_OP_STOP_DISCOVERY, 0,
2438 sizeof(mgmt_cp->type));
2439 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2443 bacpy(&cp.bdaddr, &e->data.bdaddr);
2444 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2450 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2455 mgmt_pending_remove(cmd);
2457 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2460 hci_dev_unlock(hdev);
2464 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2467 struct mgmt_cp_confirm_name *cp = data;
2468 struct inquiry_entry *e;
2471 BT_DBG("%s", hdev->name);
2475 if (!hci_discovery_active(hdev)) {
2476 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2477 MGMT_STATUS_FAILED);
2481 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2483 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2484 MGMT_STATUS_INVALID_PARAMS);
2488 if (cp->name_known) {
2489 e->name_state = NAME_KNOWN;
2492 e->name_state = NAME_NEEDED;
2493 hci_inquiry_cache_update_resolve(hdev, e);
2499 hci_dev_unlock(hdev);
2503 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2506 struct mgmt_cp_block_device *cp = data;
2510 BT_DBG("%s", hdev->name);
2514 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2516 status = MGMT_STATUS_FAILED;
2520 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2521 &cp->addr, sizeof(cp->addr));
2523 hci_dev_unlock(hdev);
2528 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2531 struct mgmt_cp_unblock_device *cp = data;
2535 BT_DBG("%s", hdev->name);
2539 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2541 status = MGMT_STATUS_INVALID_PARAMS;
2545 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2546 &cp->addr, sizeof(cp->addr));
2548 hci_dev_unlock(hdev);
2553 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2556 struct mgmt_cp_set_device_id *cp = data;
2560 BT_DBG("%s", hdev->name);
2562 source = __le16_to_cpu(cp->source);
2564 if (source > 0x0002)
2565 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2566 MGMT_STATUS_INVALID_PARAMS);
2570 hdev->devid_source = source;
2571 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2572 hdev->devid_product = __le16_to_cpu(cp->product);
2573 hdev->devid_version = __le16_to_cpu(cp->version);
2575 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2579 hci_dev_unlock(hdev);
2584 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2585 void *data, u16 len)
2587 struct mgmt_mode *cp = data;
2588 struct hci_cp_write_page_scan_activity acp;
2592 BT_DBG("%s", hdev->name);
2594 if (!lmp_bredr_capable(hdev))
2595 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2596 MGMT_STATUS_NOT_SUPPORTED);
2598 if (!hdev_is_powered(hdev))
2599 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2600 MGMT_STATUS_NOT_POWERED);
2602 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2603 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2604 MGMT_STATUS_REJECTED);
2609 type = PAGE_SCAN_TYPE_INTERLACED;
2611 /* 160 msec page scan interval */
2612 acp.interval = __constant_cpu_to_le16(0x0100);
2614 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2616 /* default 1.28 sec page scan */
2617 acp.interval = __constant_cpu_to_le16(0x0800);
2620 /* default 11.25 msec page scan window */
2621 acp.window = __constant_cpu_to_le16(0x0012);
2623 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2626 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2627 MGMT_STATUS_FAILED);
2631 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2633 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2634 MGMT_STATUS_FAILED);
2638 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2641 hci_dev_unlock(hdev);
2645 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2646 void *cp_data, u16 len)
2648 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2649 u16 key_count, expected_len;
2652 key_count = __le16_to_cpu(cp->key_count);
2654 expected_len = sizeof(*cp) + key_count *
2655 sizeof(struct mgmt_ltk_info);
2656 if (expected_len != len) {
2657 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2659 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2663 BT_DBG("%s key_count %u", hdev->name, key_count);
2667 hci_smp_ltks_clear(hdev);
2669 for (i = 0; i < key_count; i++) {
2670 struct mgmt_ltk_info *key = &cp->keys[i];
2676 type = HCI_SMP_LTK_SLAVE;
2678 hci_add_ltk(hdev, &key->addr.bdaddr,
2679 bdaddr_to_le(key->addr.type),
2680 type, 0, key->authenticated, key->val,
2681 key->enc_size, key->ediv, key->rand);
2684 hci_dev_unlock(hdev);
2689 static const struct mgmt_handler {
2690 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2694 } mgmt_handlers[] = {
2695 { NULL }, /* 0x0000 (no command) */
2696 { read_version, false, MGMT_READ_VERSION_SIZE },
2697 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2698 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2699 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2700 { set_powered, false, MGMT_SETTING_SIZE },
2701 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2702 { set_connectable, false, MGMT_SETTING_SIZE },
2703 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2704 { set_pairable, false, MGMT_SETTING_SIZE },
2705 { set_link_security, false, MGMT_SETTING_SIZE },
2706 { set_ssp, false, MGMT_SETTING_SIZE },
2707 { set_hs, false, MGMT_SETTING_SIZE },
2708 { set_le, false, MGMT_SETTING_SIZE },
2709 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2710 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2711 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2712 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2713 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2714 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2715 { disconnect, false, MGMT_DISCONNECT_SIZE },
2716 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2717 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2718 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2719 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2720 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2721 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2722 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2723 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2724 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2725 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2726 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2727 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2728 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2729 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2730 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2731 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2732 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2733 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2734 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2735 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2739 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2743 struct mgmt_hdr *hdr;
2744 u16 opcode, index, len;
2745 struct hci_dev *hdev = NULL;
2746 const struct mgmt_handler *handler;
2749 BT_DBG("got %zu bytes", msglen);
2751 if (msglen < sizeof(*hdr))
2754 buf = kmalloc(msglen, GFP_KERNEL);
2758 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2764 opcode = __le16_to_cpu(hdr->opcode);
2765 index = __le16_to_cpu(hdr->index);
2766 len = __le16_to_cpu(hdr->len);
2768 if (len != msglen - sizeof(*hdr)) {
2773 if (index != MGMT_INDEX_NONE) {
2774 hdev = hci_dev_get(index);
2776 err = cmd_status(sk, index, opcode,
2777 MGMT_STATUS_INVALID_INDEX);
2782 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2783 mgmt_handlers[opcode].func == NULL) {
2784 BT_DBG("Unknown op %u", opcode);
2785 err = cmd_status(sk, index, opcode,
2786 MGMT_STATUS_UNKNOWN_COMMAND);
2790 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2791 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2792 err = cmd_status(sk, index, opcode,
2793 MGMT_STATUS_INVALID_INDEX);
2797 handler = &mgmt_handlers[opcode];
2799 if ((handler->var_len && len < handler->data_len) ||
2800 (!handler->var_len && len != handler->data_len)) {
2801 err = cmd_status(sk, index, opcode,
2802 MGMT_STATUS_INVALID_PARAMS);
2807 mgmt_init_hdev(sk, hdev);
2809 cp = buf + sizeof(*hdr);
2811 err = handler->func(sk, hdev, cp, len);
2825 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2829 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2830 mgmt_pending_remove(cmd);
2833 int mgmt_index_added(struct hci_dev *hdev)
2835 if (!mgmt_valid_hdev(hdev))
2838 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2841 int mgmt_index_removed(struct hci_dev *hdev)
2843 u8 status = MGMT_STATUS_INVALID_INDEX;
2845 if (!mgmt_valid_hdev(hdev))
2848 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2850 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2855 struct hci_dev *hdev;
2859 static void settings_rsp(struct pending_cmd *cmd, void *data)
2861 struct cmd_lookup *match = data;
2863 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2865 list_del(&cmd->list);
2867 if (match->sk == NULL) {
2868 match->sk = cmd->sk;
2869 sock_hold(match->sk);
2872 mgmt_pending_free(cmd);
2875 static int set_bredr_scan(struct hci_dev *hdev)
2879 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2881 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2882 scan |= SCAN_INQUIRY;
2887 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2890 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2892 struct cmd_lookup match = { NULL, hdev };
2895 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2898 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2901 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
2902 !lmp_host_ssp_capable(hdev)) {
2905 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2908 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2909 struct hci_cp_write_le_host_supported cp;
2912 cp.simul = lmp_le_br_capable(hdev);
2914 /* Check first if we already have the right
2915 * host state (host features set)
2917 if (cp.le != lmp_host_le_capable(hdev) ||
2918 cp.simul != lmp_host_le_br_capable(hdev))
2920 HCI_OP_WRITE_LE_HOST_SUPPORTED,
2924 if (lmp_bredr_capable(hdev)) {
2925 set_bredr_scan(hdev);
2927 update_name(hdev, hdev->dev_name);
2931 u8 status = MGMT_STATUS_NOT_POWERED;
2932 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2935 err = new_settings(hdev, match.sk);
2943 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2945 struct cmd_lookup match = { NULL, hdev };
2946 bool changed = false;
2950 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2953 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2957 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2961 err = new_settings(hdev, match.sk);
2969 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2971 struct cmd_lookup match = { NULL, hdev };
2972 bool changed = false;
2976 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2979 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2983 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2987 err = new_settings(hdev, match.sk);
2995 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2997 u8 mgmt_err = mgmt_status(status);
2999 if (scan & SCAN_PAGE)
3000 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3001 cmd_status_rsp, &mgmt_err);
3003 if (scan & SCAN_INQUIRY)
3004 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3005 cmd_status_rsp, &mgmt_err);
3010 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3013 struct mgmt_ev_new_link_key ev;
3015 memset(&ev, 0, sizeof(ev));
3017 ev.store_hint = persistent;
3018 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3019 ev.key.addr.type = BDADDR_BREDR;
3020 ev.key.type = key->type;
3021 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
3022 ev.key.pin_len = key->pin_len;
3024 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3027 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3029 struct mgmt_ev_new_long_term_key ev;
3031 memset(&ev, 0, sizeof(ev));
3033 ev.store_hint = persistent;
3034 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3035 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3036 ev.key.authenticated = key->authenticated;
3037 ev.key.enc_size = key->enc_size;
3038 ev.key.ediv = key->ediv;
3040 if (key->type == HCI_SMP_LTK)
3043 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3044 memcpy(ev.key.val, key->val, sizeof(key->val));
3046 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3050 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3051 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3055 struct mgmt_ev_device_connected *ev = (void *) buf;
3058 bacpy(&ev->addr.bdaddr, bdaddr);
3059 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3061 ev->flags = __cpu_to_le32(flags);
3064 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3067 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3068 eir_len = eir_append_data(ev->eir, eir_len,
3069 EIR_CLASS_OF_DEV, dev_class, 3);
3071 ev->eir_len = cpu_to_le16(eir_len);
3073 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3074 sizeof(*ev) + eir_len, NULL);
3077 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3079 struct mgmt_cp_disconnect *cp = cmd->param;
3080 struct sock **sk = data;
3081 struct mgmt_rp_disconnect rp;
3083 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3084 rp.addr.type = cp->addr.type;
3086 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3092 mgmt_pending_remove(cmd);
3095 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3097 struct hci_dev *hdev = data;
3098 struct mgmt_cp_unpair_device *cp = cmd->param;
3099 struct mgmt_rp_unpair_device rp;
3101 memset(&rp, 0, sizeof(rp));
3102 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3103 rp.addr.type = cp->addr.type;
3105 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3107 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3109 mgmt_pending_remove(cmd);
3112 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3113 u8 link_type, u8 addr_type, u8 reason)
3115 struct mgmt_ev_device_disconnected ev;
3116 struct sock *sk = NULL;
3119 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3121 bacpy(&ev.addr.bdaddr, bdaddr);
3122 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3125 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3131 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3137 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3138 u8 link_type, u8 addr_type, u8 status)
3140 struct mgmt_rp_disconnect rp;
3141 struct pending_cmd *cmd;
3144 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3147 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3151 bacpy(&rp.addr.bdaddr, bdaddr);
3152 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3154 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3155 mgmt_status(status), &rp, sizeof(rp));
3157 mgmt_pending_remove(cmd);
3162 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3163 u8 addr_type, u8 status)
3165 struct mgmt_ev_connect_failed ev;
3167 bacpy(&ev.addr.bdaddr, bdaddr);
3168 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3169 ev.status = mgmt_status(status);
3171 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3174 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3176 struct mgmt_ev_pin_code_request ev;
3178 bacpy(&ev.addr.bdaddr, bdaddr);
3179 ev.addr.type = BDADDR_BREDR;
3182 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3186 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3189 struct pending_cmd *cmd;
3190 struct mgmt_rp_pin_code_reply rp;
3193 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3197 bacpy(&rp.addr.bdaddr, bdaddr);
3198 rp.addr.type = BDADDR_BREDR;
3200 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3201 mgmt_status(status), &rp, sizeof(rp));
3203 mgmt_pending_remove(cmd);
3208 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3211 struct pending_cmd *cmd;
3212 struct mgmt_rp_pin_code_reply rp;
3215 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3219 bacpy(&rp.addr.bdaddr, bdaddr);
3220 rp.addr.type = BDADDR_BREDR;
3222 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3223 mgmt_status(status), &rp, sizeof(rp));
3225 mgmt_pending_remove(cmd);
3230 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3231 u8 link_type, u8 addr_type, __le32 value,
3234 struct mgmt_ev_user_confirm_request ev;
3236 BT_DBG("%s", hdev->name);
3238 bacpy(&ev.addr.bdaddr, bdaddr);
3239 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3240 ev.confirm_hint = confirm_hint;
3243 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3247 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3248 u8 link_type, u8 addr_type)
3250 struct mgmt_ev_user_passkey_request ev;
3252 BT_DBG("%s", hdev->name);
3254 bacpy(&ev.addr.bdaddr, bdaddr);
3255 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3257 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3261 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3262 u8 link_type, u8 addr_type, u8 status,
3265 struct pending_cmd *cmd;
3266 struct mgmt_rp_user_confirm_reply rp;
3269 cmd = mgmt_pending_find(opcode, hdev);
3273 bacpy(&rp.addr.bdaddr, bdaddr);
3274 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3275 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3278 mgmt_pending_remove(cmd);
3283 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3284 u8 link_type, u8 addr_type, u8 status)
3286 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3287 status, MGMT_OP_USER_CONFIRM_REPLY);
3290 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3291 u8 link_type, u8 addr_type, u8 status)
3293 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3295 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3298 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3299 u8 link_type, u8 addr_type, u8 status)
3301 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3302 status, MGMT_OP_USER_PASSKEY_REPLY);
3305 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3306 u8 link_type, u8 addr_type, u8 status)
3308 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3310 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3313 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3314 u8 link_type, u8 addr_type, u32 passkey,
3317 struct mgmt_ev_passkey_notify ev;
3319 BT_DBG("%s", hdev->name);
3321 bacpy(&ev.addr.bdaddr, bdaddr);
3322 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3323 ev.passkey = __cpu_to_le32(passkey);
3324 ev.entered = entered;
3326 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3329 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3330 u8 addr_type, u8 status)
3332 struct mgmt_ev_auth_failed ev;
3334 bacpy(&ev.addr.bdaddr, bdaddr);
3335 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3336 ev.status = mgmt_status(status);
3338 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3341 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3343 struct cmd_lookup match = { NULL, hdev };
3344 bool changed = false;
3348 u8 mgmt_err = mgmt_status(status);
3349 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3350 cmd_status_rsp, &mgmt_err);
3354 if (test_bit(HCI_AUTH, &hdev->flags)) {
3355 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3358 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3362 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3366 err = new_settings(hdev, match.sk);
3374 static int clear_eir(struct hci_dev *hdev)
3376 struct hci_cp_write_eir cp;
3378 if (!lmp_ext_inq_capable(hdev))
3381 memset(hdev->eir, 0, sizeof(hdev->eir));
3383 memset(&cp, 0, sizeof(cp));
3385 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3388 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3390 struct cmd_lookup match = { NULL, hdev };
3391 bool changed = false;
3395 u8 mgmt_err = mgmt_status(status);
3397 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3399 err = new_settings(hdev, NULL);
3401 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3408 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3411 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3415 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3418 err = new_settings(hdev, match.sk);
3423 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3431 static void class_rsp(struct pending_cmd *cmd, void *data)
3433 struct cmd_lookup *match = data;
3435 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3436 match->hdev->dev_class, 3);
3438 list_del(&cmd->list);
3440 if (match->sk == NULL) {
3441 match->sk = cmd->sk;
3442 sock_hold(match->sk);
3445 mgmt_pending_free(cmd);
3448 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3451 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3454 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3456 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3457 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3458 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3461 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3470 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3472 struct pending_cmd *cmd;
3473 struct mgmt_cp_set_local_name ev;
3474 bool changed = false;
3477 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3478 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3482 memset(&ev, 0, sizeof(ev));
3483 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3484 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3486 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3490 /* Always assume that either the short or the complete name has
3491 * changed if there was a pending mgmt command */
3495 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3496 mgmt_status(status));
3500 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3507 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3508 sizeof(ev), cmd ? cmd->sk : NULL);
3510 /* EIR is taken care of separately when powering on the
3511 * adapter so only update them here if this is a name change
3512 * unrelated to power on.
3514 if (!test_bit(HCI_INIT, &hdev->flags))
3519 mgmt_pending_remove(cmd);
3523 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3524 u8 *randomizer, u8 status)
3526 struct pending_cmd *cmd;
3529 BT_DBG("%s status %u", hdev->name, status);
3531 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3536 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3537 mgmt_status(status));
3539 struct mgmt_rp_read_local_oob_data rp;
3541 memcpy(rp.hash, hash, sizeof(rp.hash));
3542 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3544 err = cmd_complete(cmd->sk, hdev->id,
3545 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3549 mgmt_pending_remove(cmd);
3554 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3556 struct cmd_lookup match = { NULL, hdev };
3557 bool changed = false;
3561 u8 mgmt_err = mgmt_status(status);
3563 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3565 err = new_settings(hdev, NULL);
3567 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3574 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3577 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3581 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3584 err = new_settings(hdev, match.sk);
3592 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3593 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3594 ssp, u8 *eir, u16 eir_len)
3597 struct mgmt_ev_device_found *ev = (void *) buf;
3600 /* Leave 5 bytes for a potential CoD field */
3601 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3604 memset(buf, 0, sizeof(buf));
3606 bacpy(&ev->addr.bdaddr, bdaddr);
3607 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3610 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3612 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3615 memcpy(ev->eir, eir, eir_len);
3617 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3618 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3621 ev->eir_len = cpu_to_le16(eir_len);
3622 ev_size = sizeof(*ev) + eir_len;
3624 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3627 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3628 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3630 struct mgmt_ev_device_found *ev;
3631 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3634 ev = (struct mgmt_ev_device_found *) buf;
3636 memset(buf, 0, sizeof(buf));
3638 bacpy(&ev->addr.bdaddr, bdaddr);
3639 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3642 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3645 ev->eir_len = cpu_to_le16(eir_len);
3647 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3648 sizeof(*ev) + eir_len, NULL);
3651 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3653 struct pending_cmd *cmd;
3657 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3659 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3663 type = hdev->discovery.type;
3665 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3666 &type, sizeof(type));
3667 mgmt_pending_remove(cmd);
3672 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3674 struct pending_cmd *cmd;
3677 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3681 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3682 &hdev->discovery.type, sizeof(hdev->discovery.type));
3683 mgmt_pending_remove(cmd);
3688 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3690 struct mgmt_ev_discovering ev;
3691 struct pending_cmd *cmd;
3693 BT_DBG("%s discovering %u", hdev->name, discovering);
3696 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3698 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3701 u8 type = hdev->discovery.type;
3703 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3705 mgmt_pending_remove(cmd);
3708 memset(&ev, 0, sizeof(ev));
3709 ev.type = hdev->discovery.type;
3710 ev.discovering = discovering;
3712 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3715 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3717 struct pending_cmd *cmd;
3718 struct mgmt_ev_device_blocked ev;
3720 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3722 bacpy(&ev.addr.bdaddr, bdaddr);
3723 ev.addr.type = type;
3725 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3726 cmd ? cmd->sk : NULL);
3729 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3731 struct pending_cmd *cmd;
3732 struct mgmt_ev_device_unblocked ev;
3734 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3736 bacpy(&ev.addr.bdaddr, bdaddr);
3737 ev.addr.type = type;
3739 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3740 cmd ? cmd->sk : NULL);
3743 module_param(enable_hs, bool, 0644);
3744 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
projects / karo-tx-linux.git / blob