2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 2
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
81 static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102 MGMT_EV_PASSKEY_NOTIFY,
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
109 #define LE_SCAN_TYPE 0x01
110 #define LE_SCAN_WIN 0x12
111 #define LE_SCAN_INT 0x12
112 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
113 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
115 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
118 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
120 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124 struct list_head list;
132 /* HCI to MGMT error code conversion table */
133 static u8 mgmt_status_table[] = {
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
197 bool mgmt_valid_hdev(struct hci_dev *hdev)
199 return hdev->dev_type == HCI_BREDR;
202 static u8 mgmt_status(u8 hci_status)
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
207 return MGMT_STATUS_FAILED;
210 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
226 hdr->index = cpu_to_le16(index);
227 hdr->len = cpu_to_le16(sizeof(*ev));
229 ev = (void *) skb_put(skb, sizeof(*ev));
231 ev->opcode = cpu_to_le16(cmd);
233 err = sock_queue_rcv_skb(sk, skb);
240 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 void *rp, size_t rp_len)
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
248 BT_DBG("sock %p", sk);
250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
257 hdr->index = cpu_to_le16(index);
258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
261 ev->opcode = cpu_to_le16(cmd);
265 memcpy(ev->data, rp, rp_len);
267 err = sock_queue_rcv_skb(sk, skb);
274 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
277 struct mgmt_rp_read_version rp;
279 BT_DBG("sock %p", sk);
281 rp.version = MGMT_VERSION;
282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
288 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
291 struct mgmt_rp_read_commands *rp;
292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
298 BT_DBG("sock %p", sk);
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
302 rp = kmalloc(rp_size, GFP_KERNEL);
306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
322 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
325 struct mgmt_rp_read_index_list *rp;
331 BT_DBG("sock %p", sk);
333 read_lock(&hci_dev_list_lock);
336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
346 read_unlock(&hci_dev_list_lock);
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (test_bit(HCI_SETUP, &d->dev_flags))
355 if (!mgmt_valid_hdev(d))
358 rp->index[count++] = cpu_to_le16(d->id);
359 BT_DBG("Added hci%u", d->id);
362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
365 read_unlock(&hci_dev_list_lock);
367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
375 static u32 get_supported_settings(struct hci_dev *hdev)
379 settings |= MGMT_SETTING_POWERED;
380 settings |= MGMT_SETTING_PAIRABLE;
382 if (lmp_ssp_capable(hdev))
383 settings |= MGMT_SETTING_SSP;
385 if (lmp_bredr_capable(hdev)) {
386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
394 settings |= MGMT_SETTING_HS;
396 if (lmp_le_capable(hdev))
397 settings |= MGMT_SETTING_LE;
402 static u32 get_current_settings(struct hci_dev *hdev)
406 if (hdev_is_powered(hdev))
407 settings |= MGMT_SETTING_POWERED;
409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
410 settings |= MGMT_SETTING_CONNECTABLE;
412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_DISCOVERABLE;
415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
416 settings |= MGMT_SETTING_PAIRABLE;
418 if (lmp_bredr_capable(hdev))
419 settings |= MGMT_SETTING_BREDR;
421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
422 settings |= MGMT_SETTING_LE;
424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
425 settings |= MGMT_SETTING_LINK_SECURITY;
427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
428 settings |= MGMT_SETTING_SSP;
430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
436 #define PNP_INFO_SVCLASS_ID 0x1200
438 static u8 bluetooth_base_uuid[] = {
439 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
440 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
443 static u16 get_uuid16(u8 *uuid128)
448 for (i = 0; i < 12; i++) {
449 if (bluetooth_base_uuid[i] != uuid128[i])
453 val = get_unaligned_le32(&uuid128[12]);
460 static void create_eir(struct hci_dev *hdev, u8 *data)
464 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
465 int i, truncated = 0;
466 struct bt_uuid *uuid;
469 name_len = strlen(hdev->dev_name);
475 ptr[1] = EIR_NAME_SHORT;
477 ptr[1] = EIR_NAME_COMPLETE;
479 /* EIR Data length */
480 ptr[0] = name_len + 1;
482 memcpy(ptr + 2, hdev->dev_name, name_len);
484 eir_len += (name_len + 2);
485 ptr += (name_len + 2);
488 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
490 ptr[1] = EIR_TX_POWER;
491 ptr[2] = (u8) hdev->inq_tx_power;
497 if (hdev->devid_source > 0) {
499 ptr[1] = EIR_DEVICE_ID;
501 put_unaligned_le16(hdev->devid_source, ptr + 2);
502 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
503 put_unaligned_le16(hdev->devid_product, ptr + 6);
504 put_unaligned_le16(hdev->devid_version, ptr + 8);
510 memset(uuid16_list, 0, sizeof(uuid16_list));
512 /* Group all UUID16 types */
513 list_for_each_entry(uuid, &hdev->uuids, list) {
516 uuid16 = get_uuid16(uuid->uuid);
523 if (uuid16 == PNP_INFO_SVCLASS_ID)
526 /* Stop if not enough space to put next UUID */
527 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
532 /* Check for duplicates */
533 for (i = 0; uuid16_list[i] != 0; i++)
534 if (uuid16_list[i] == uuid16)
537 if (uuid16_list[i] == 0) {
538 uuid16_list[i] = uuid16;
539 eir_len += sizeof(u16);
543 if (uuid16_list[0] != 0) {
547 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
552 for (i = 0; uuid16_list[i] != 0; i++) {
553 *ptr++ = (uuid16_list[i] & 0x00ff);
554 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
557 /* EIR Data length */
558 *length = (i * sizeof(u16)) + 1;
562 static int update_eir(struct hci_dev *hdev)
564 struct hci_cp_write_eir cp;
566 if (!hdev_is_powered(hdev))
569 if (!lmp_ext_inq_capable(hdev))
572 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
575 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
578 memset(&cp, 0, sizeof(cp));
580 create_eir(hdev, cp.data);
582 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
585 memcpy(hdev->eir, cp.data, sizeof(cp.data));
587 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
590 static u8 get_service_classes(struct hci_dev *hdev)
592 struct bt_uuid *uuid;
595 list_for_each_entry(uuid, &hdev->uuids, list)
596 val |= uuid->svc_hint;
601 static int update_class(struct hci_dev *hdev)
606 BT_DBG("%s", hdev->name);
608 if (!hdev_is_powered(hdev))
611 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
614 cod[0] = hdev->minor_class;
615 cod[1] = hdev->major_class;
616 cod[2] = get_service_classes(hdev);
618 if (memcmp(cod, hdev->dev_class, 3) == 0)
621 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
623 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
628 static void service_cache_off(struct work_struct *work)
630 struct hci_dev *hdev = container_of(work, struct hci_dev,
633 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
641 hci_dev_unlock(hdev);
644 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
646 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
649 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
651 /* Non-mgmt controlled devices get this bit set
652 * implicitly so that pairing works for them, however
653 * for mgmt we require user-space to explicitly enable
656 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
659 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
660 void *data, u16 data_len)
662 struct mgmt_rp_read_info rp;
664 BT_DBG("sock %p %s", sk, hdev->name);
668 memset(&rp, 0, sizeof(rp));
670 bacpy(&rp.bdaddr, &hdev->bdaddr);
672 rp.version = hdev->hci_ver;
673 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
675 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
676 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
678 memcpy(rp.dev_class, hdev->dev_class, 3);
680 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
681 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
683 hci_dev_unlock(hdev);
685 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
689 static void mgmt_pending_free(struct pending_cmd *cmd)
696 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
697 struct hci_dev *hdev, void *data,
700 struct pending_cmd *cmd;
702 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
706 cmd->opcode = opcode;
707 cmd->index = hdev->id;
709 cmd->param = kmalloc(len, GFP_KERNEL);
716 memcpy(cmd->param, data, len);
721 list_add(&cmd->list, &hdev->mgmt_pending);
726 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
727 void (*cb)(struct pending_cmd *cmd,
731 struct list_head *p, *n;
733 list_for_each_safe(p, n, &hdev->mgmt_pending) {
734 struct pending_cmd *cmd;
736 cmd = list_entry(p, struct pending_cmd, list);
738 if (opcode > 0 && cmd->opcode != opcode)
745 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
747 struct pending_cmd *cmd;
749 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
750 if (cmd->opcode == opcode)
757 static void mgmt_pending_remove(struct pending_cmd *cmd)
759 list_del(&cmd->list);
760 mgmt_pending_free(cmd);
763 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
765 __le32 settings = cpu_to_le32(get_current_settings(hdev));
767 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
771 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
774 struct mgmt_mode *cp = data;
775 struct pending_cmd *cmd;
778 BT_DBG("request for %s", hdev->name);
780 if (cp->val != 0x00 && cp->val != 0x01)
781 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
782 MGMT_STATUS_INVALID_PARAMS);
786 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
787 cancel_delayed_work(&hdev->power_off);
790 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
792 err = mgmt_powered(hdev, 1);
797 if (!!cp->val == hdev_is_powered(hdev)) {
798 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
802 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
803 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
808 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
815 queue_work(hdev->req_workqueue, &hdev->power_on);
817 queue_work(hdev->req_workqueue, &hdev->power_off.work);
822 hci_dev_unlock(hdev);
826 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
827 struct sock *skip_sk)
830 struct mgmt_hdr *hdr;
832 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
836 hdr = (void *) skb_put(skb, sizeof(*hdr));
837 hdr->opcode = cpu_to_le16(event);
839 hdr->index = cpu_to_le16(hdev->id);
841 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
842 hdr->len = cpu_to_le16(data_len);
845 memcpy(skb_put(skb, data_len), data, data_len);
848 __net_timestamp(skb);
850 hci_send_to_control(skb, skip_sk);
856 static int new_settings(struct hci_dev *hdev, struct sock *skip)
860 ev = cpu_to_le32(get_current_settings(hdev));
862 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
865 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
868 struct mgmt_cp_set_discoverable *cp = data;
869 struct pending_cmd *cmd;
874 BT_DBG("request for %s", hdev->name);
876 if (!lmp_bredr_capable(hdev))
877 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
878 MGMT_STATUS_NOT_SUPPORTED);
880 if (cp->val != 0x00 && cp->val != 0x01)
881 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
882 MGMT_STATUS_INVALID_PARAMS);
884 timeout = __le16_to_cpu(cp->timeout);
885 if (!cp->val && timeout > 0)
886 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
887 MGMT_STATUS_INVALID_PARAMS);
891 if (!hdev_is_powered(hdev) && timeout > 0) {
892 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
893 MGMT_STATUS_NOT_POWERED);
897 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
898 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
899 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
904 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
905 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
906 MGMT_STATUS_REJECTED);
910 if (!hdev_is_powered(hdev)) {
911 bool changed = false;
913 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
914 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
918 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
923 err = new_settings(hdev, sk);
928 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
929 if (hdev->discov_timeout > 0) {
930 cancel_delayed_work(&hdev->discov_off);
931 hdev->discov_timeout = 0;
934 if (cp->val && timeout > 0) {
935 hdev->discov_timeout = timeout;
936 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
937 msecs_to_jiffies(hdev->discov_timeout * 1000));
940 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
944 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
953 scan |= SCAN_INQUIRY;
955 cancel_delayed_work(&hdev->discov_off);
957 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
959 mgmt_pending_remove(cmd);
962 hdev->discov_timeout = timeout;
965 hci_dev_unlock(hdev);
969 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
972 struct mgmt_mode *cp = data;
973 struct pending_cmd *cmd;
977 BT_DBG("request for %s", hdev->name);
979 if (!lmp_bredr_capable(hdev))
980 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
981 MGMT_STATUS_NOT_SUPPORTED);
983 if (cp->val != 0x00 && cp->val != 0x01)
984 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
985 MGMT_STATUS_INVALID_PARAMS);
989 if (!hdev_is_powered(hdev)) {
990 bool changed = false;
992 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
996 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
998 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
999 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1002 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1007 err = new_settings(hdev, sk);
1012 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1013 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1014 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1019 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1020 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1024 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1035 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1036 hdev->discov_timeout > 0)
1037 cancel_delayed_work(&hdev->discov_off);
1040 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1042 mgmt_pending_remove(cmd);
1045 hci_dev_unlock(hdev);
1049 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1052 struct mgmt_mode *cp = data;
1055 BT_DBG("request for %s", hdev->name);
1057 if (cp->val != 0x00 && cp->val != 0x01)
1058 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1059 MGMT_STATUS_INVALID_PARAMS);
1064 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1066 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1068 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1072 err = new_settings(hdev, sk);
1075 hci_dev_unlock(hdev);
1079 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1082 struct mgmt_mode *cp = data;
1083 struct pending_cmd *cmd;
1087 BT_DBG("request for %s", hdev->name);
1089 if (!lmp_bredr_capable(hdev))
1090 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1091 MGMT_STATUS_NOT_SUPPORTED);
1093 if (cp->val != 0x00 && cp->val != 0x01)
1094 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1095 MGMT_STATUS_INVALID_PARAMS);
1099 if (!hdev_is_powered(hdev)) {
1100 bool changed = false;
1102 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1103 &hdev->dev_flags)) {
1104 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1108 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1113 err = new_settings(hdev, sk);
1118 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1119 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1126 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1127 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1131 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1137 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1139 mgmt_pending_remove(cmd);
1144 hci_dev_unlock(hdev);
1148 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1150 struct mgmt_mode *cp = data;
1151 struct pending_cmd *cmd;
1155 BT_DBG("request for %s", hdev->name);
1157 if (!lmp_ssp_capable(hdev))
1158 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1159 MGMT_STATUS_NOT_SUPPORTED);
1161 if (cp->val != 0x00 && cp->val != 0x01)
1162 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1163 MGMT_STATUS_INVALID_PARAMS);
1169 if (!hdev_is_powered(hdev)) {
1170 bool changed = false;
1172 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1173 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1177 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1182 err = new_settings(hdev, sk);
1187 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1188 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1193 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1194 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1198 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1204 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1206 mgmt_pending_remove(cmd);
1211 hci_dev_unlock(hdev);
1215 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1217 struct mgmt_mode *cp = data;
1219 BT_DBG("request for %s", hdev->name);
1222 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1223 MGMT_STATUS_NOT_SUPPORTED);
1225 if (cp->val != 0x00 && cp->val != 0x01)
1226 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1227 MGMT_STATUS_INVALID_PARAMS);
1230 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1232 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1234 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1237 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1239 struct mgmt_mode *cp = data;
1240 struct hci_cp_write_le_host_supported hci_cp;
1241 struct pending_cmd *cmd;
1245 BT_DBG("request for %s", hdev->name);
1247 if (!lmp_le_capable(hdev))
1248 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1249 MGMT_STATUS_NOT_SUPPORTED);
1251 if (cp->val != 0x00 && cp->val != 0x01)
1252 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1253 MGMT_STATUS_INVALID_PARAMS);
1258 enabled = lmp_host_le_capable(hdev);
1260 if (!hdev_is_powered(hdev) || val == enabled) {
1261 bool changed = false;
1263 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1264 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1268 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1273 err = new_settings(hdev, sk);
1278 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1279 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1284 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1290 memset(&hci_cp, 0, sizeof(hci_cp));
1294 hci_cp.simul = lmp_le_br_capable(hdev);
1297 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1300 mgmt_pending_remove(cmd);
1303 hci_dev_unlock(hdev);
1307 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1309 struct mgmt_cp_add_uuid *cp = data;
1310 struct pending_cmd *cmd;
1311 struct bt_uuid *uuid;
1314 BT_DBG("request for %s", hdev->name);
1318 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1319 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1324 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1330 memcpy(uuid->uuid, cp->uuid, 16);
1331 uuid->svc_hint = cp->svc_hint;
1333 list_add(&uuid->list, &hdev->uuids);
1335 err = update_class(hdev);
1339 err = update_eir(hdev);
1343 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1344 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1345 hdev->dev_class, 3);
1349 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1354 hci_dev_unlock(hdev);
1358 static bool enable_service_cache(struct hci_dev *hdev)
1360 if (!hdev_is_powered(hdev))
1363 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1364 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1372 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1375 struct mgmt_cp_remove_uuid *cp = data;
1376 struct pending_cmd *cmd;
1377 struct list_head *p, *n;
1378 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1381 BT_DBG("request for %s", hdev->name);
1385 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1386 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1391 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1392 err = hci_uuids_clear(hdev);
1394 if (enable_service_cache(hdev)) {
1395 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1396 0, hdev->dev_class, 3);
1405 list_for_each_safe(p, n, &hdev->uuids) {
1406 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1408 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1411 list_del(&match->list);
1417 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1418 MGMT_STATUS_INVALID_PARAMS);
1423 err = update_class(hdev);
1427 err = update_eir(hdev);
1431 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1432 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1433 hdev->dev_class, 3);
1437 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1442 hci_dev_unlock(hdev);
1446 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1449 struct mgmt_cp_set_dev_class *cp = data;
1450 struct pending_cmd *cmd;
1453 BT_DBG("request for %s", hdev->name);
1455 if (!lmp_bredr_capable(hdev))
1456 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1457 MGMT_STATUS_NOT_SUPPORTED);
1459 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags))
1460 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1463 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0)
1464 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1465 MGMT_STATUS_INVALID_PARAMS);
1469 hdev->major_class = cp->major;
1470 hdev->minor_class = cp->minor;
1472 if (!hdev_is_powered(hdev)) {
1473 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1474 hdev->dev_class, 3);
1478 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1479 hci_dev_unlock(hdev);
1480 cancel_delayed_work_sync(&hdev->service_cache);
1485 err = update_class(hdev);
1489 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1490 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1491 hdev->dev_class, 3);
1495 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1500 hci_dev_unlock(hdev);
1504 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1507 struct mgmt_cp_load_link_keys *cp = data;
1508 u16 key_count, expected_len;
1511 key_count = __le16_to_cpu(cp->key_count);
1513 expected_len = sizeof(*cp) + key_count *
1514 sizeof(struct mgmt_link_key_info);
1515 if (expected_len != len) {
1516 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1518 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1519 MGMT_STATUS_INVALID_PARAMS);
1522 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1523 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1524 MGMT_STATUS_INVALID_PARAMS);
1526 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1529 for (i = 0; i < key_count; i++) {
1530 struct mgmt_link_key_info *key = &cp->keys[i];
1532 if (key->addr.type != BDADDR_BREDR)
1533 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1534 MGMT_STATUS_INVALID_PARAMS);
1539 hci_link_keys_clear(hdev);
1541 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1544 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1546 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1548 for (i = 0; i < key_count; i++) {
1549 struct mgmt_link_key_info *key = &cp->keys[i];
1551 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1552 key->type, key->pin_len);
1555 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1557 hci_dev_unlock(hdev);
1562 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1563 u8 addr_type, struct sock *skip_sk)
1565 struct mgmt_ev_device_unpaired ev;
1567 bacpy(&ev.addr.bdaddr, bdaddr);
1568 ev.addr.type = addr_type;
1570 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1574 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1577 struct mgmt_cp_unpair_device *cp = data;
1578 struct mgmt_rp_unpair_device rp;
1579 struct hci_cp_disconnect dc;
1580 struct pending_cmd *cmd;
1581 struct hci_conn *conn;
1584 memset(&rp, 0, sizeof(rp));
1585 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1586 rp.addr.type = cp->addr.type;
1588 if (!bdaddr_type_is_valid(cp->addr.type))
1589 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1590 MGMT_STATUS_INVALID_PARAMS,
1593 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1594 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1595 MGMT_STATUS_INVALID_PARAMS,
1600 if (!hdev_is_powered(hdev)) {
1601 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1602 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1606 if (cp->addr.type == BDADDR_BREDR)
1607 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1609 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1612 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1613 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1617 if (cp->disconnect) {
1618 if (cp->addr.type == BDADDR_BREDR)
1619 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1622 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1629 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1631 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1635 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1642 dc.handle = cpu_to_le16(conn->handle);
1643 dc.reason = 0x13; /* Remote User Terminated Connection */
1644 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1646 mgmt_pending_remove(cmd);
1649 hci_dev_unlock(hdev);
1653 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1656 struct mgmt_cp_disconnect *cp = data;
1657 struct mgmt_rp_disconnect rp;
1658 struct hci_cp_disconnect dc;
1659 struct pending_cmd *cmd;
1660 struct hci_conn *conn;
1665 memset(&rp, 0, sizeof(rp));
1666 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1667 rp.addr.type = cp->addr.type;
1669 if (!bdaddr_type_is_valid(cp->addr.type))
1670 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1671 MGMT_STATUS_INVALID_PARAMS,
1676 if (!test_bit(HCI_UP, &hdev->flags)) {
1677 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1678 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1682 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1683 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1684 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1688 if (cp->addr.type == BDADDR_BREDR)
1689 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1692 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1694 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1695 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1696 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
1700 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1706 dc.handle = cpu_to_le16(conn->handle);
1707 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1709 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1711 mgmt_pending_remove(cmd);
1714 hci_dev_unlock(hdev);
1718 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1720 switch (link_type) {
1722 switch (addr_type) {
1723 case ADDR_LE_DEV_PUBLIC:
1724 return BDADDR_LE_PUBLIC;
1727 /* Fallback to LE Random address type */
1728 return BDADDR_LE_RANDOM;
1732 /* Fallback to BR/EDR type */
1733 return BDADDR_BREDR;
1737 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1740 struct mgmt_rp_get_connections *rp;
1750 if (!hdev_is_powered(hdev)) {
1751 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1752 MGMT_STATUS_NOT_POWERED);
1757 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1758 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1762 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1763 rp = kmalloc(rp_len, GFP_KERNEL);
1770 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1771 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1773 bacpy(&rp->addr[i].bdaddr, &c->dst);
1774 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1775 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1780 rp->conn_count = cpu_to_le16(i);
1782 /* Recalculate length in case of filtered SCO connections, etc */
1783 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1785 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1791 hci_dev_unlock(hdev);
1795 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1796 struct mgmt_cp_pin_code_neg_reply *cp)
1798 struct pending_cmd *cmd;
1801 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1806 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1807 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1809 mgmt_pending_remove(cmd);
1814 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1817 struct hci_conn *conn;
1818 struct mgmt_cp_pin_code_reply *cp = data;
1819 struct hci_cp_pin_code_reply reply;
1820 struct pending_cmd *cmd;
1827 if (!hdev_is_powered(hdev)) {
1828 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1829 MGMT_STATUS_NOT_POWERED);
1833 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1835 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1836 MGMT_STATUS_NOT_CONNECTED);
1840 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1841 struct mgmt_cp_pin_code_neg_reply ncp;
1843 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1845 BT_ERR("PIN code is not 16 bytes long");
1847 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1849 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1850 MGMT_STATUS_INVALID_PARAMS);
1855 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1861 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1862 reply.pin_len = cp->pin_len;
1863 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1865 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1867 mgmt_pending_remove(cmd);
1870 hci_dev_unlock(hdev);
1874 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1877 struct mgmt_cp_set_io_capability *cp = data;
1883 hdev->io_capability = cp->io_capability;
1885 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1886 hdev->io_capability);
1888 hci_dev_unlock(hdev);
1890 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1894 static struct pending_cmd *find_pairing(struct hci_conn *conn)
1896 struct hci_dev *hdev = conn->hdev;
1897 struct pending_cmd *cmd;
1899 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1900 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1903 if (cmd->user_data != conn)
1912 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1914 struct mgmt_rp_pair_device rp;
1915 struct hci_conn *conn = cmd->user_data;
1917 bacpy(&rp.addr.bdaddr, &conn->dst);
1918 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1920 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1923 /* So we don't get further callbacks for this connection */
1924 conn->connect_cfm_cb = NULL;
1925 conn->security_cfm_cb = NULL;
1926 conn->disconn_cfm_cb = NULL;
1930 mgmt_pending_remove(cmd);
1933 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1935 struct pending_cmd *cmd;
1937 BT_DBG("status %u", status);
1939 cmd = find_pairing(conn);
1941 BT_DBG("Unable to find a pending command");
1943 pairing_complete(cmd, mgmt_status(status));
1946 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1948 struct pending_cmd *cmd;
1950 BT_DBG("status %u", status);
1955 cmd = find_pairing(conn);
1957 BT_DBG("Unable to find a pending command");
1959 pairing_complete(cmd, mgmt_status(status));
1962 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1965 struct mgmt_cp_pair_device *cp = data;
1966 struct mgmt_rp_pair_device rp;
1967 struct pending_cmd *cmd;
1968 u8 sec_level, auth_type;
1969 struct hci_conn *conn;
1974 memset(&rp, 0, sizeof(rp));
1975 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1976 rp.addr.type = cp->addr.type;
1978 if (!bdaddr_type_is_valid(cp->addr.type))
1979 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1980 MGMT_STATUS_INVALID_PARAMS,
1985 if (!hdev_is_powered(hdev)) {
1986 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1987 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1991 sec_level = BT_SECURITY_MEDIUM;
1992 if (cp->io_cap == 0x03)
1993 auth_type = HCI_AT_DEDICATED_BONDING;
1995 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1997 if (cp->addr.type == BDADDR_BREDR)
1998 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1999 cp->addr.type, sec_level, auth_type);
2001 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2002 cp->addr.type, sec_level, auth_type);
2007 if (PTR_ERR(conn) == -EBUSY)
2008 status = MGMT_STATUS_BUSY;
2010 status = MGMT_STATUS_CONNECT_FAILED;
2012 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2018 if (conn->connect_cfm_cb) {
2020 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2021 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2025 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2032 /* For LE, just connecting isn't a proof that the pairing finished */
2033 if (cp->addr.type == BDADDR_BREDR)
2034 conn->connect_cfm_cb = pairing_complete_cb;
2036 conn->connect_cfm_cb = le_connect_complete_cb;
2038 conn->security_cfm_cb = pairing_complete_cb;
2039 conn->disconn_cfm_cb = pairing_complete_cb;
2040 conn->io_capability = cp->io_cap;
2041 cmd->user_data = conn;
2043 if (conn->state == BT_CONNECTED &&
2044 hci_conn_security(conn, sec_level, auth_type))
2045 pairing_complete(cmd, 0);
2050 hci_dev_unlock(hdev);
2054 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2057 struct mgmt_addr_info *addr = data;
2058 struct pending_cmd *cmd;
2059 struct hci_conn *conn;
2066 if (!hdev_is_powered(hdev)) {
2067 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2068 MGMT_STATUS_NOT_POWERED);
2072 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2074 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2075 MGMT_STATUS_INVALID_PARAMS);
2079 conn = cmd->user_data;
2081 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2082 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2083 MGMT_STATUS_INVALID_PARAMS);
2087 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2089 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2090 addr, sizeof(*addr));
2092 hci_dev_unlock(hdev);
2096 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2097 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2098 u16 hci_op, __le32 passkey)
2100 struct pending_cmd *cmd;
2101 struct hci_conn *conn;
2106 if (!hdev_is_powered(hdev)) {
2107 err = cmd_status(sk, hdev->id, mgmt_op,
2108 MGMT_STATUS_NOT_POWERED);
2112 if (type == BDADDR_BREDR)
2113 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2115 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2118 err = cmd_status(sk, hdev->id, mgmt_op,
2119 MGMT_STATUS_NOT_CONNECTED);
2123 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2124 /* Continue with pairing via SMP */
2125 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2128 err = cmd_status(sk, hdev->id, mgmt_op,
2129 MGMT_STATUS_SUCCESS);
2131 err = cmd_status(sk, hdev->id, mgmt_op,
2132 MGMT_STATUS_FAILED);
2137 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2143 /* Continue with pairing via HCI */
2144 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2145 struct hci_cp_user_passkey_reply cp;
2147 bacpy(&cp.bdaddr, bdaddr);
2148 cp.passkey = passkey;
2149 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2151 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2154 mgmt_pending_remove(cmd);
2157 hci_dev_unlock(hdev);
2161 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2162 void *data, u16 len)
2164 struct mgmt_cp_pin_code_neg_reply *cp = data;
2168 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2169 MGMT_OP_PIN_CODE_NEG_REPLY,
2170 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2173 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2176 struct mgmt_cp_user_confirm_reply *cp = data;
2180 if (len != sizeof(*cp))
2181 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2182 MGMT_STATUS_INVALID_PARAMS);
2184 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2185 MGMT_OP_USER_CONFIRM_REPLY,
2186 HCI_OP_USER_CONFIRM_REPLY, 0);
2189 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2190 void *data, u16 len)
2192 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2196 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2197 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2198 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2201 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2204 struct mgmt_cp_user_passkey_reply *cp = data;
2208 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2209 MGMT_OP_USER_PASSKEY_REPLY,
2210 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2213 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2214 void *data, u16 len)
2216 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2220 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2221 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2222 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2225 static int update_name(struct hci_dev *hdev, const char *name)
2227 struct hci_cp_write_local_name cp;
2229 memcpy(cp.name, name, sizeof(cp.name));
2231 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2234 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2237 struct mgmt_cp_set_local_name *cp = data;
2238 struct pending_cmd *cmd;
2245 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2247 if (!hdev_is_powered(hdev)) {
2248 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2250 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2255 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2261 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2267 err = update_name(hdev, cp->name);
2269 mgmt_pending_remove(cmd);
2272 hci_dev_unlock(hdev);
2276 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2277 void *data, u16 data_len)
2279 struct pending_cmd *cmd;
2282 BT_DBG("%s", hdev->name);
2286 if (!hdev_is_powered(hdev)) {
2287 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2288 MGMT_STATUS_NOT_POWERED);
2292 if (!lmp_ssp_capable(hdev)) {
2293 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2294 MGMT_STATUS_NOT_SUPPORTED);
2298 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2299 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2304 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2310 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2312 mgmt_pending_remove(cmd);
2315 hci_dev_unlock(hdev);
2319 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2320 void *data, u16 len)
2322 struct mgmt_cp_add_remote_oob_data *cp = data;
2326 BT_DBG("%s ", hdev->name);
2330 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2333 status = MGMT_STATUS_FAILED;
2335 status = MGMT_STATUS_SUCCESS;
2337 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2338 &cp->addr, sizeof(cp->addr));
2340 hci_dev_unlock(hdev);
2344 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2345 void *data, u16 len)
2347 struct mgmt_cp_remove_remote_oob_data *cp = data;
2351 BT_DBG("%s", hdev->name);
2355 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2357 status = MGMT_STATUS_INVALID_PARAMS;
2359 status = MGMT_STATUS_SUCCESS;
2361 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2362 status, &cp->addr, sizeof(cp->addr));
2364 hci_dev_unlock(hdev);
2368 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2372 BT_DBG("%s", hdev->name);
2376 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2378 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2380 hci_dev_unlock(hdev);
2385 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2386 void *data, u16 len)
2388 struct mgmt_cp_start_discovery *cp = data;
2389 struct pending_cmd *cmd;
2392 BT_DBG("%s", hdev->name);
2396 if (!hdev_is_powered(hdev)) {
2397 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2398 MGMT_STATUS_NOT_POWERED);
2402 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2403 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2408 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2409 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2414 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2420 hdev->discovery.type = cp->type;
2422 switch (hdev->discovery.type) {
2423 case DISCOV_TYPE_BREDR:
2424 if (!lmp_bredr_capable(hdev)) {
2425 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2426 MGMT_STATUS_NOT_SUPPORTED);
2427 mgmt_pending_remove(cmd);
2431 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2434 case DISCOV_TYPE_LE:
2435 if (!lmp_host_le_capable(hdev)) {
2436 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2437 MGMT_STATUS_NOT_SUPPORTED);
2438 mgmt_pending_remove(cmd);
2442 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2443 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2446 case DISCOV_TYPE_INTERLEAVED:
2447 if (!lmp_host_le_capable(hdev) || !lmp_bredr_capable(hdev)) {
2448 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2449 MGMT_STATUS_NOT_SUPPORTED);
2450 mgmt_pending_remove(cmd);
2454 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN,
2455 LE_SCAN_TIMEOUT_BREDR_LE);
2459 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2460 MGMT_STATUS_INVALID_PARAMS);
2461 mgmt_pending_remove(cmd);
2466 mgmt_pending_remove(cmd);
2468 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2471 hci_dev_unlock(hdev);
2475 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2478 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2479 struct pending_cmd *cmd;
2480 struct hci_cp_remote_name_req_cancel cp;
2481 struct inquiry_entry *e;
2484 BT_DBG("%s", hdev->name);
2488 if (!hci_discovery_active(hdev)) {
2489 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2490 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2491 sizeof(mgmt_cp->type));
2495 if (hdev->discovery.type != mgmt_cp->type) {
2496 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2497 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2498 sizeof(mgmt_cp->type));
2502 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2508 switch (hdev->discovery.state) {
2509 case DISCOVERY_FINDING:
2510 if (test_bit(HCI_INQUIRY, &hdev->flags))
2511 err = hci_cancel_inquiry(hdev);
2513 err = hci_cancel_le_scan(hdev);
2517 case DISCOVERY_RESOLVING:
2518 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2521 mgmt_pending_remove(cmd);
2522 err = cmd_complete(sk, hdev->id,
2523 MGMT_OP_STOP_DISCOVERY, 0,
2525 sizeof(mgmt_cp->type));
2526 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2530 bacpy(&cp.bdaddr, &e->data.bdaddr);
2531 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2537 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2542 mgmt_pending_remove(cmd);
2544 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2547 hci_dev_unlock(hdev);
2551 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2554 struct mgmt_cp_confirm_name *cp = data;
2555 struct inquiry_entry *e;
2558 BT_DBG("%s", hdev->name);
2562 if (!hci_discovery_active(hdev)) {
2563 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2564 MGMT_STATUS_FAILED);
2568 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2570 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2571 MGMT_STATUS_INVALID_PARAMS);
2575 if (cp->name_known) {
2576 e->name_state = NAME_KNOWN;
2579 e->name_state = NAME_NEEDED;
2580 hci_inquiry_cache_update_resolve(hdev, e);
2583 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2587 hci_dev_unlock(hdev);
2591 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2594 struct mgmt_cp_block_device *cp = data;
2598 BT_DBG("%s", hdev->name);
2600 if (!bdaddr_type_is_valid(cp->addr.type))
2601 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
2602 MGMT_STATUS_INVALID_PARAMS,
2603 &cp->addr, sizeof(cp->addr));
2607 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2609 status = MGMT_STATUS_FAILED;
2611 status = MGMT_STATUS_SUCCESS;
2613 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2614 &cp->addr, sizeof(cp->addr));
2616 hci_dev_unlock(hdev);
2621 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2624 struct mgmt_cp_unblock_device *cp = data;
2628 BT_DBG("%s", hdev->name);
2630 if (!bdaddr_type_is_valid(cp->addr.type))
2631 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
2632 MGMT_STATUS_INVALID_PARAMS,
2633 &cp->addr, sizeof(cp->addr));
2637 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2639 status = MGMT_STATUS_INVALID_PARAMS;
2641 status = MGMT_STATUS_SUCCESS;
2643 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2644 &cp->addr, sizeof(cp->addr));
2646 hci_dev_unlock(hdev);
2651 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2654 struct mgmt_cp_set_device_id *cp = data;
2658 BT_DBG("%s", hdev->name);
2660 source = __le16_to_cpu(cp->source);
2662 if (source > 0x0002)
2663 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2664 MGMT_STATUS_INVALID_PARAMS);
2668 hdev->devid_source = source;
2669 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2670 hdev->devid_product = __le16_to_cpu(cp->product);
2671 hdev->devid_version = __le16_to_cpu(cp->version);
2673 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2677 hci_dev_unlock(hdev);
2682 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2683 void *data, u16 len)
2685 struct mgmt_mode *cp = data;
2686 struct hci_cp_write_page_scan_activity acp;
2690 BT_DBG("%s", hdev->name);
2692 if (!lmp_bredr_capable(hdev))
2693 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2694 MGMT_STATUS_NOT_SUPPORTED);
2696 if (cp->val != 0x00 && cp->val != 0x01)
2697 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2698 MGMT_STATUS_INVALID_PARAMS);
2700 if (!hdev_is_powered(hdev))
2701 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2702 MGMT_STATUS_NOT_POWERED);
2704 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2705 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2706 MGMT_STATUS_REJECTED);
2711 type = PAGE_SCAN_TYPE_INTERLACED;
2713 /* 160 msec page scan interval */
2714 acp.interval = __constant_cpu_to_le16(0x0100);
2716 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2718 /* default 1.28 sec page scan */
2719 acp.interval = __constant_cpu_to_le16(0x0800);
2722 /* default 11.25 msec page scan window */
2723 acp.window = __constant_cpu_to_le16(0x0012);
2725 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2728 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2729 MGMT_STATUS_FAILED);
2733 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2735 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2736 MGMT_STATUS_FAILED);
2740 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2743 hci_dev_unlock(hdev);
2747 static bool ltk_is_valid(struct mgmt_ltk_info *key)
2749 if (key->authenticated != 0x00 && key->authenticated != 0x01)
2751 if (key->master != 0x00 && key->master != 0x01)
2753 if (!bdaddr_type_is_le(key->addr.type))
2758 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2759 void *cp_data, u16 len)
2761 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2762 u16 key_count, expected_len;
2765 key_count = __le16_to_cpu(cp->key_count);
2767 expected_len = sizeof(*cp) + key_count *
2768 sizeof(struct mgmt_ltk_info);
2769 if (expected_len != len) {
2770 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2772 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2773 MGMT_STATUS_INVALID_PARAMS);
2776 BT_DBG("%s key_count %u", hdev->name, key_count);
2778 for (i = 0; i < key_count; i++) {
2779 struct mgmt_ltk_info *key = &cp->keys[i];
2781 if (!ltk_is_valid(key))
2782 return cmd_status(sk, hdev->id,
2783 MGMT_OP_LOAD_LONG_TERM_KEYS,
2784 MGMT_STATUS_INVALID_PARAMS);
2789 hci_smp_ltks_clear(hdev);
2791 for (i = 0; i < key_count; i++) {
2792 struct mgmt_ltk_info *key = &cp->keys[i];
2798 type = HCI_SMP_LTK_SLAVE;
2800 hci_add_ltk(hdev, &key->addr.bdaddr,
2801 bdaddr_to_le(key->addr.type),
2802 type, 0, key->authenticated, key->val,
2803 key->enc_size, key->ediv, key->rand);
2806 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
2809 hci_dev_unlock(hdev);
2814 static const struct mgmt_handler {
2815 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2819 } mgmt_handlers[] = {
2820 { NULL }, /* 0x0000 (no command) */
2821 { read_version, false, MGMT_READ_VERSION_SIZE },
2822 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2823 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2824 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2825 { set_powered, false, MGMT_SETTING_SIZE },
2826 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2827 { set_connectable, false, MGMT_SETTING_SIZE },
2828 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2829 { set_pairable, false, MGMT_SETTING_SIZE },
2830 { set_link_security, false, MGMT_SETTING_SIZE },
2831 { set_ssp, false, MGMT_SETTING_SIZE },
2832 { set_hs, false, MGMT_SETTING_SIZE },
2833 { set_le, false, MGMT_SETTING_SIZE },
2834 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2835 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2836 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2837 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2838 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2839 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2840 { disconnect, false, MGMT_DISCONNECT_SIZE },
2841 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2842 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2843 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2844 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2845 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2846 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2847 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2848 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2849 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2850 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2851 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2852 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2853 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2854 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2855 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2856 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2857 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2858 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2859 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2860 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2864 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2868 struct mgmt_hdr *hdr;
2869 u16 opcode, index, len;
2870 struct hci_dev *hdev = NULL;
2871 const struct mgmt_handler *handler;
2874 BT_DBG("got %zu bytes", msglen);
2876 if (msglen < sizeof(*hdr))
2879 buf = kmalloc(msglen, GFP_KERNEL);
2883 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2889 opcode = __le16_to_cpu(hdr->opcode);
2890 index = __le16_to_cpu(hdr->index);
2891 len = __le16_to_cpu(hdr->len);
2893 if (len != msglen - sizeof(*hdr)) {
2898 if (index != MGMT_INDEX_NONE) {
2899 hdev = hci_dev_get(index);
2901 err = cmd_status(sk, index, opcode,
2902 MGMT_STATUS_INVALID_INDEX);
2907 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2908 mgmt_handlers[opcode].func == NULL) {
2909 BT_DBG("Unknown op %u", opcode);
2910 err = cmd_status(sk, index, opcode,
2911 MGMT_STATUS_UNKNOWN_COMMAND);
2915 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2916 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2917 err = cmd_status(sk, index, opcode,
2918 MGMT_STATUS_INVALID_INDEX);
2922 handler = &mgmt_handlers[opcode];
2924 if ((handler->var_len && len < handler->data_len) ||
2925 (!handler->var_len && len != handler->data_len)) {
2926 err = cmd_status(sk, index, opcode,
2927 MGMT_STATUS_INVALID_PARAMS);
2932 mgmt_init_hdev(sk, hdev);
2934 cp = buf + sizeof(*hdr);
2936 err = handler->func(sk, hdev, cp, len);
2950 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2954 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2955 mgmt_pending_remove(cmd);
2958 int mgmt_index_added(struct hci_dev *hdev)
2960 if (!mgmt_valid_hdev(hdev))
2963 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2966 int mgmt_index_removed(struct hci_dev *hdev)
2968 u8 status = MGMT_STATUS_INVALID_INDEX;
2970 if (!mgmt_valid_hdev(hdev))
2973 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2975 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2980 struct hci_dev *hdev;
2984 static void settings_rsp(struct pending_cmd *cmd, void *data)
2986 struct cmd_lookup *match = data;
2988 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2990 list_del(&cmd->list);
2992 if (match->sk == NULL) {
2993 match->sk = cmd->sk;
2994 sock_hold(match->sk);
2997 mgmt_pending_free(cmd);
3000 static int set_bredr_scan(struct hci_dev *hdev)
3004 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3006 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3007 scan |= SCAN_INQUIRY;
3012 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3015 int mgmt_powered(struct hci_dev *hdev, u8 powered)
3017 struct cmd_lookup match = { NULL, hdev };
3020 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3023 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3026 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3027 !lmp_host_ssp_capable(hdev)) {
3030 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
3033 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
3034 struct hci_cp_write_le_host_supported cp;
3037 cp.simul = lmp_le_br_capable(hdev);
3039 /* Check first if we already have the right
3040 * host state (host features set)
3042 if (cp.le != lmp_host_le_capable(hdev) ||
3043 cp.simul != lmp_host_le_br_capable(hdev))
3045 HCI_OP_WRITE_LE_HOST_SUPPORTED,
3049 if (lmp_bredr_capable(hdev)) {
3050 set_bredr_scan(hdev);
3052 update_name(hdev, hdev->dev_name);
3056 u8 status = MGMT_STATUS_NOT_POWERED;
3057 u8 zero_cod[] = { 0, 0, 0 };
3059 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3061 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3062 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3063 zero_cod, sizeof(zero_cod), NULL);
3066 err = new_settings(hdev, match.sk);
3074 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3076 struct cmd_lookup match = { NULL, hdev };
3077 bool changed = false;
3081 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3084 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3088 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3092 err = new_settings(hdev, match.sk);
3100 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3102 struct cmd_lookup match = { NULL, hdev };
3103 bool changed = false;
3107 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3110 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3114 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3118 err = new_settings(hdev, match.sk);
3126 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3128 u8 mgmt_err = mgmt_status(status);
3130 if (scan & SCAN_PAGE)
3131 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3132 cmd_status_rsp, &mgmt_err);
3134 if (scan & SCAN_INQUIRY)
3135 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3136 cmd_status_rsp, &mgmt_err);
3141 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3144 struct mgmt_ev_new_link_key ev;
3146 memset(&ev, 0, sizeof(ev));
3148 ev.store_hint = persistent;
3149 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3150 ev.key.addr.type = BDADDR_BREDR;
3151 ev.key.type = key->type;
3152 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
3153 ev.key.pin_len = key->pin_len;
3155 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3158 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3160 struct mgmt_ev_new_long_term_key ev;
3162 memset(&ev, 0, sizeof(ev));
3164 ev.store_hint = persistent;
3165 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3166 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3167 ev.key.authenticated = key->authenticated;
3168 ev.key.enc_size = key->enc_size;
3169 ev.key.ediv = key->ediv;
3171 if (key->type == HCI_SMP_LTK)
3174 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3175 memcpy(ev.key.val, key->val, sizeof(key->val));
3177 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3181 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3182 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3186 struct mgmt_ev_device_connected *ev = (void *) buf;
3189 bacpy(&ev->addr.bdaddr, bdaddr);
3190 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3192 ev->flags = __cpu_to_le32(flags);
3195 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3198 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3199 eir_len = eir_append_data(ev->eir, eir_len,
3200 EIR_CLASS_OF_DEV, dev_class, 3);
3202 ev->eir_len = cpu_to_le16(eir_len);
3204 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3205 sizeof(*ev) + eir_len, NULL);
3208 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3210 struct mgmt_cp_disconnect *cp = cmd->param;
3211 struct sock **sk = data;
3212 struct mgmt_rp_disconnect rp;
3214 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3215 rp.addr.type = cp->addr.type;
3217 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3223 mgmt_pending_remove(cmd);
3226 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3228 struct hci_dev *hdev = data;
3229 struct mgmt_cp_unpair_device *cp = cmd->param;
3230 struct mgmt_rp_unpair_device rp;
3232 memset(&rp, 0, sizeof(rp));
3233 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3234 rp.addr.type = cp->addr.type;
3236 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3238 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3240 mgmt_pending_remove(cmd);
3243 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3244 u8 link_type, u8 addr_type, u8 reason)
3246 struct mgmt_ev_device_disconnected ev;
3247 struct sock *sk = NULL;
3250 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3252 bacpy(&ev.addr.bdaddr, bdaddr);
3253 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3256 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3262 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3268 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3269 u8 link_type, u8 addr_type, u8 status)
3271 struct mgmt_rp_disconnect rp;
3272 struct pending_cmd *cmd;
3275 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3278 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3282 bacpy(&rp.addr.bdaddr, bdaddr);
3283 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3285 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3286 mgmt_status(status), &rp, sizeof(rp));
3288 mgmt_pending_remove(cmd);
3293 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3294 u8 addr_type, u8 status)
3296 struct mgmt_ev_connect_failed ev;
3298 bacpy(&ev.addr.bdaddr, bdaddr);
3299 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3300 ev.status = mgmt_status(status);
3302 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3305 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3307 struct mgmt_ev_pin_code_request ev;
3309 bacpy(&ev.addr.bdaddr, bdaddr);
3310 ev.addr.type = BDADDR_BREDR;
3313 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3317 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3320 struct pending_cmd *cmd;
3321 struct mgmt_rp_pin_code_reply rp;
3324 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3328 bacpy(&rp.addr.bdaddr, bdaddr);
3329 rp.addr.type = BDADDR_BREDR;
3331 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3332 mgmt_status(status), &rp, sizeof(rp));
3334 mgmt_pending_remove(cmd);
3339 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3342 struct pending_cmd *cmd;
3343 struct mgmt_rp_pin_code_reply rp;
3346 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3350 bacpy(&rp.addr.bdaddr, bdaddr);
3351 rp.addr.type = BDADDR_BREDR;
3353 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3354 mgmt_status(status), &rp, sizeof(rp));
3356 mgmt_pending_remove(cmd);
3361 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3362 u8 link_type, u8 addr_type, __le32 value,
3365 struct mgmt_ev_user_confirm_request ev;
3367 BT_DBG("%s", hdev->name);
3369 bacpy(&ev.addr.bdaddr, bdaddr);
3370 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3371 ev.confirm_hint = confirm_hint;
3374 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3378 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3379 u8 link_type, u8 addr_type)
3381 struct mgmt_ev_user_passkey_request ev;
3383 BT_DBG("%s", hdev->name);
3385 bacpy(&ev.addr.bdaddr, bdaddr);
3386 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3388 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3392 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3393 u8 link_type, u8 addr_type, u8 status,
3396 struct pending_cmd *cmd;
3397 struct mgmt_rp_user_confirm_reply rp;
3400 cmd = mgmt_pending_find(opcode, hdev);
3404 bacpy(&rp.addr.bdaddr, bdaddr);
3405 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3406 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3409 mgmt_pending_remove(cmd);
3414 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3415 u8 link_type, u8 addr_type, u8 status)
3417 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3418 status, MGMT_OP_USER_CONFIRM_REPLY);
3421 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3422 u8 link_type, u8 addr_type, u8 status)
3424 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3426 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3429 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3430 u8 link_type, u8 addr_type, u8 status)
3432 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3433 status, MGMT_OP_USER_PASSKEY_REPLY);
3436 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3437 u8 link_type, u8 addr_type, u8 status)
3439 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3441 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3444 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3445 u8 link_type, u8 addr_type, u32 passkey,
3448 struct mgmt_ev_passkey_notify ev;
3450 BT_DBG("%s", hdev->name);
3452 bacpy(&ev.addr.bdaddr, bdaddr);
3453 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3454 ev.passkey = __cpu_to_le32(passkey);
3455 ev.entered = entered;
3457 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3460 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3461 u8 addr_type, u8 status)
3463 struct mgmt_ev_auth_failed ev;
3465 bacpy(&ev.addr.bdaddr, bdaddr);
3466 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3467 ev.status = mgmt_status(status);
3469 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3472 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3474 struct cmd_lookup match = { NULL, hdev };
3475 bool changed = false;
3479 u8 mgmt_err = mgmt_status(status);
3480 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3481 cmd_status_rsp, &mgmt_err);
3485 if (test_bit(HCI_AUTH, &hdev->flags)) {
3486 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3489 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3493 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3497 err = new_settings(hdev, match.sk);
3505 static int clear_eir(struct hci_dev *hdev)
3507 struct hci_cp_write_eir cp;
3509 if (!lmp_ext_inq_capable(hdev))
3512 memset(hdev->eir, 0, sizeof(hdev->eir));
3514 memset(&cp, 0, sizeof(cp));
3516 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3519 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3521 struct cmd_lookup match = { NULL, hdev };
3522 bool changed = false;
3526 u8 mgmt_err = mgmt_status(status);
3528 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3530 err = new_settings(hdev, NULL);
3532 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3539 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3542 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3546 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3549 err = new_settings(hdev, match.sk);
3554 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3562 static void class_rsp(struct pending_cmd *cmd, void *data)
3564 struct cmd_lookup *match = data;
3566 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3567 match->hdev->dev_class, 3);
3569 list_del(&cmd->list);
3571 if (match->sk == NULL) {
3572 match->sk = cmd->sk;
3573 sock_hold(match->sk);
3576 mgmt_pending_free(cmd);
3579 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3582 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3585 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3587 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3588 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3589 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3592 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3601 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3603 struct pending_cmd *cmd;
3604 struct mgmt_cp_set_local_name ev;
3605 bool changed = false;
3608 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3609 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3613 memset(&ev, 0, sizeof(ev));
3614 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3615 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3617 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3621 /* Always assume that either the short or the complete name has
3622 * changed if there was a pending mgmt command */
3626 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3627 mgmt_status(status));
3631 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3638 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3639 sizeof(ev), cmd ? cmd->sk : NULL);
3641 /* EIR is taken care of separately when powering on the
3642 * adapter so only update them here if this is a name change
3643 * unrelated to power on.
3645 if (!test_bit(HCI_INIT, &hdev->flags))
3650 mgmt_pending_remove(cmd);
3654 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3655 u8 *randomizer, u8 status)
3657 struct pending_cmd *cmd;
3660 BT_DBG("%s status %u", hdev->name, status);
3662 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3667 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3668 mgmt_status(status));
3670 struct mgmt_rp_read_local_oob_data rp;
3672 memcpy(rp.hash, hash, sizeof(rp.hash));
3673 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3675 err = cmd_complete(cmd->sk, hdev->id,
3676 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3680 mgmt_pending_remove(cmd);
3685 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3687 struct cmd_lookup match = { NULL, hdev };
3688 bool changed = false;
3692 u8 mgmt_err = mgmt_status(status);
3694 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3696 err = new_settings(hdev, NULL);
3698 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3705 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3708 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3712 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3715 err = new_settings(hdev, match.sk);
3723 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3724 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3725 ssp, u8 *eir, u16 eir_len)
3728 struct mgmt_ev_device_found *ev = (void *) buf;
3731 /* Leave 5 bytes for a potential CoD field */
3732 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3735 memset(buf, 0, sizeof(buf));
3737 bacpy(&ev->addr.bdaddr, bdaddr);
3738 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3741 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3743 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3746 memcpy(ev->eir, eir, eir_len);
3748 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3749 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3752 ev->eir_len = cpu_to_le16(eir_len);
3753 ev_size = sizeof(*ev) + eir_len;
3755 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3758 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3759 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3761 struct mgmt_ev_device_found *ev;
3762 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3765 ev = (struct mgmt_ev_device_found *) buf;
3767 memset(buf, 0, sizeof(buf));
3769 bacpy(&ev->addr.bdaddr, bdaddr);
3770 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3773 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3776 ev->eir_len = cpu_to_le16(eir_len);
3778 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3779 sizeof(*ev) + eir_len, NULL);
3782 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3784 struct pending_cmd *cmd;
3788 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3790 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3794 type = hdev->discovery.type;
3796 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3797 &type, sizeof(type));
3798 mgmt_pending_remove(cmd);
3803 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3805 struct pending_cmd *cmd;
3808 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3812 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3813 &hdev->discovery.type, sizeof(hdev->discovery.type));
3814 mgmt_pending_remove(cmd);
3819 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3821 struct mgmt_ev_discovering ev;
3822 struct pending_cmd *cmd;
3824 BT_DBG("%s discovering %u", hdev->name, discovering);
3827 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3829 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3832 u8 type = hdev->discovery.type;
3834 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3836 mgmt_pending_remove(cmd);
3839 memset(&ev, 0, sizeof(ev));
3840 ev.type = hdev->discovery.type;
3841 ev.discovering = discovering;
3843 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3846 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3848 struct pending_cmd *cmd;
3849 struct mgmt_ev_device_blocked ev;
3851 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3853 bacpy(&ev.addr.bdaddr, bdaddr);
3854 ev.addr.type = type;
3856 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3857 cmd ? cmd->sk : NULL);
3860 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3862 struct pending_cmd *cmd;
3863 struct mgmt_ev_device_unblocked ev;
3865 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3867 bacpy(&ev.addr.bdaddr, bdaddr);
3868 ev.addr.type = type;
3870 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3871 cmd ? cmd->sk : NULL);
3874 module_param(enable_hs, bool, 0644);
3875 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
projects / karo-tx-linux.git / blob