2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/kernel.h>
26 #include <linux/uaccess.h>
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
34 #define MGMT_VERSION 0
35 #define MGMT_REVISION 1
37 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
40 struct list_head list;
48 /* HCI to MGMT error code conversion table */
49 static u8 mgmt_status_table[] = {
51 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
52 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
53 MGMT_STATUS_FAILED, /* Hardware Failure */
54 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
55 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
56 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
57 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
58 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
59 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
60 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
61 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
62 MGMT_STATUS_BUSY, /* Command Disallowed */
63 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
64 MGMT_STATUS_REJECTED, /* Rejected Security */
65 MGMT_STATUS_REJECTED, /* Rejected Personal */
66 MGMT_STATUS_TIMEOUT, /* Host Timeout */
67 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
68 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
69 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
70 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
71 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
72 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
73 MGMT_STATUS_BUSY, /* Repeated Attempts */
74 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
75 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
76 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
77 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
78 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
79 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
80 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
81 MGMT_STATUS_FAILED, /* Unspecified Error */
82 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
83 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
84 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
85 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
86 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
87 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
88 MGMT_STATUS_FAILED, /* Unit Link Key Used */
89 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
90 MGMT_STATUS_TIMEOUT, /* Instant Passed */
91 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
92 MGMT_STATUS_FAILED, /* Transaction Collision */
93 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
94 MGMT_STATUS_REJECTED, /* QoS Rejected */
95 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
96 MGMT_STATUS_REJECTED, /* Insufficient Security */
97 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
98 MGMT_STATUS_BUSY, /* Role Switch Pending */
99 MGMT_STATUS_FAILED, /* Slot Violation */
100 MGMT_STATUS_FAILED, /* Role Switch Failed */
101 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
102 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
103 MGMT_STATUS_BUSY, /* Host Busy Pairing */
104 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
105 MGMT_STATUS_BUSY, /* Controller Busy */
106 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
107 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
108 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
109 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
110 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
113 static u8 mgmt_status(u8 hci_status)
115 if (hci_status < ARRAY_SIZE(mgmt_status_table))
116 return mgmt_status_table[hci_status];
118 return MGMT_STATUS_FAILED;
121 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
124 struct mgmt_hdr *hdr;
125 struct mgmt_ev_cmd_status *ev;
128 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
130 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
134 hdr = (void *) skb_put(skb, sizeof(*hdr));
136 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
137 hdr->index = cpu_to_le16(index);
138 hdr->len = cpu_to_le16(sizeof(*ev));
140 ev = (void *) skb_put(skb, sizeof(*ev));
142 put_unaligned_le16(cmd, &ev->opcode);
144 err = sock_queue_rcv_skb(sk, skb);
151 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
155 struct mgmt_hdr *hdr;
156 struct mgmt_ev_cmd_complete *ev;
159 BT_DBG("sock %p", sk);
161 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
165 hdr = (void *) skb_put(skb, sizeof(*hdr));
167 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
168 hdr->index = cpu_to_le16(index);
169 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
171 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
172 put_unaligned_le16(cmd, &ev->opcode);
175 memcpy(ev->data, rp, rp_len);
177 err = sock_queue_rcv_skb(sk, skb);
184 static int read_version(struct sock *sk)
186 struct mgmt_rp_read_version rp;
188 BT_DBG("sock %p", sk);
190 rp.version = MGMT_VERSION;
191 put_unaligned_le16(MGMT_REVISION, &rp.revision);
193 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
197 static int read_index_list(struct sock *sk)
199 struct mgmt_rp_read_index_list *rp;
206 BT_DBG("sock %p", sk);
208 read_lock(&hci_dev_list_lock);
211 list_for_each(p, &hci_dev_list) {
215 rp_len = sizeof(*rp) + (2 * count);
216 rp = kmalloc(rp_len, GFP_ATOMIC);
218 read_unlock(&hci_dev_list_lock);
222 put_unaligned_le16(count, &rp->num_controllers);
225 list_for_each_entry(d, &hci_dev_list, list) {
226 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
227 cancel_delayed_work(&d->power_off);
229 if (test_bit(HCI_SETUP, &d->flags))
232 put_unaligned_le16(d->id, &rp->index[i++]);
233 BT_DBG("Added hci%u", d->id);
236 read_unlock(&hci_dev_list_lock);
238 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
246 static int read_controller_info(struct sock *sk, u16 index)
248 struct mgmt_rp_read_info rp;
249 struct hci_dev *hdev;
251 BT_DBG("sock %p hci%u", sk, index);
253 hdev = hci_dev_get(index);
255 return cmd_status(sk, index, MGMT_OP_READ_INFO,
256 MGMT_STATUS_INVALID_PARAMS);
258 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
259 cancel_delayed_work_sync(&hdev->power_off);
261 hci_dev_lock_bh(hdev);
263 set_bit(HCI_MGMT, &hdev->flags);
265 memset(&rp, 0, sizeof(rp));
267 rp.type = hdev->dev_type;
269 rp.powered = test_bit(HCI_UP, &hdev->flags);
270 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
271 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
272 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
274 if (test_bit(HCI_AUTH, &hdev->flags))
276 else if (hdev->ssp_mode > 0)
281 bacpy(&rp.bdaddr, &hdev->bdaddr);
282 memcpy(rp.features, hdev->features, 8);
283 memcpy(rp.dev_class, hdev->dev_class, 3);
284 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
285 rp.hci_ver = hdev->hci_ver;
286 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
288 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
290 hci_dev_unlock_bh(hdev);
293 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
296 static void mgmt_pending_free(struct pending_cmd *cmd)
303 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
304 struct hci_dev *hdev,
307 struct pending_cmd *cmd;
309 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
313 cmd->opcode = opcode;
314 cmd->index = hdev->id;
316 cmd->param = kmalloc(len, GFP_ATOMIC);
323 memcpy(cmd->param, data, len);
328 list_add(&cmd->list, &hdev->mgmt_pending);
333 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
334 void (*cb)(struct pending_cmd *cmd, void *data),
337 struct list_head *p, *n;
339 list_for_each_safe(p, n, &hdev->mgmt_pending) {
340 struct pending_cmd *cmd;
342 cmd = list_entry(p, struct pending_cmd, list);
344 if (opcode > 0 && cmd->opcode != opcode)
351 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
353 struct pending_cmd *cmd;
355 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
356 if (cmd->opcode == opcode)
363 static void mgmt_pending_remove(struct pending_cmd *cmd)
365 list_del(&cmd->list);
366 mgmt_pending_free(cmd);
369 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
375 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
378 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
380 struct mgmt_mode *cp;
381 struct hci_dev *hdev;
382 struct pending_cmd *cmd;
387 BT_DBG("request for hci%u", index);
389 if (len != sizeof(*cp))
390 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
391 MGMT_STATUS_INVALID_PARAMS);
393 hdev = hci_dev_get(index);
395 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
396 MGMT_STATUS_INVALID_PARAMS);
398 hci_dev_lock_bh(hdev);
400 up = test_bit(HCI_UP, &hdev->flags);
401 if ((cp->val && up) || (!cp->val && !up)) {
402 err = send_mode_rsp(sk, index, MGMT_OP_SET_POWERED, cp->val);
406 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
407 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
412 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
419 queue_work(hdev->workqueue, &hdev->power_on);
421 queue_work(hdev->workqueue, &hdev->power_off.work);
426 hci_dev_unlock_bh(hdev);
431 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
434 struct mgmt_cp_set_discoverable *cp;
435 struct hci_dev *hdev;
436 struct pending_cmd *cmd;
442 BT_DBG("request for hci%u", index);
444 if (len != sizeof(*cp))
445 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
446 MGMT_STATUS_INVALID_PARAMS);
448 hdev = hci_dev_get(index);
450 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
451 MGMT_STATUS_INVALID_PARAMS);
453 hci_dev_lock_bh(hdev);
455 if (!test_bit(HCI_UP, &hdev->flags)) {
456 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
457 MGMT_STATUS_NOT_POWERED);
461 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
462 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
463 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
468 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
469 test_bit(HCI_PSCAN, &hdev->flags)) {
470 err = send_mode_rsp(sk, index, MGMT_OP_SET_DISCOVERABLE,
475 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
484 scan |= SCAN_INQUIRY;
486 cancel_delayed_work(&hdev->discov_off);
488 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
490 mgmt_pending_remove(cmd);
493 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
496 hci_dev_unlock_bh(hdev);
502 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
505 struct mgmt_mode *cp;
506 struct hci_dev *hdev;
507 struct pending_cmd *cmd;
513 BT_DBG("request for hci%u", index);
515 if (len != sizeof(*cp))
516 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
517 MGMT_STATUS_INVALID_PARAMS);
519 hdev = hci_dev_get(index);
521 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
522 MGMT_STATUS_INVALID_PARAMS);
524 hci_dev_lock_bh(hdev);
526 if (!test_bit(HCI_UP, &hdev->flags)) {
527 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
528 MGMT_STATUS_NOT_POWERED);
532 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
533 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
534 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
539 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
540 err = send_mode_rsp(sk, index, MGMT_OP_SET_CONNECTABLE,
545 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
556 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
558 mgmt_pending_remove(cmd);
561 hci_dev_unlock_bh(hdev);
567 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
568 u16 data_len, struct sock *skip_sk)
571 struct mgmt_hdr *hdr;
573 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
577 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
579 hdr = (void *) skb_put(skb, sizeof(*hdr));
580 hdr->opcode = cpu_to_le16(event);
582 hdr->index = cpu_to_le16(hdev->id);
584 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
585 hdr->len = cpu_to_le16(data_len);
588 memcpy(skb_put(skb, data_len), data, data_len);
590 hci_send_to_sock(NULL, skb, skip_sk);
596 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
599 struct mgmt_mode *cp, ev;
600 struct hci_dev *hdev;
605 BT_DBG("request for hci%u", index);
607 if (len != sizeof(*cp))
608 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
609 MGMT_STATUS_INVALID_PARAMS);
611 hdev = hci_dev_get(index);
613 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
614 MGMT_STATUS_INVALID_PARAMS);
616 hci_dev_lock_bh(hdev);
619 set_bit(HCI_PAIRABLE, &hdev->flags);
621 clear_bit(HCI_PAIRABLE, &hdev->flags);
623 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
629 err = mgmt_event(MGMT_EV_PAIRABLE, hdev, &ev, sizeof(ev), sk);
632 hci_dev_unlock_bh(hdev);
638 #define EIR_FLAGS 0x01 /* flags */
639 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
640 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
641 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
642 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
643 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
644 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
645 #define EIR_NAME_SHORT 0x08 /* shortened local name */
646 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
647 #define EIR_TX_POWER 0x0A /* transmit power level */
648 #define EIR_DEVICE_ID 0x10 /* device ID */
650 #define PNP_INFO_SVCLASS_ID 0x1200
652 static u8 bluetooth_base_uuid[] = {
653 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
654 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
657 static u16 get_uuid16(u8 *uuid128)
662 for (i = 0; i < 12; i++) {
663 if (bluetooth_base_uuid[i] != uuid128[i])
667 memcpy(&val, &uuid128[12], 4);
669 val = le32_to_cpu(val);
676 static void create_eir(struct hci_dev *hdev, u8 *data)
680 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
681 int i, truncated = 0;
682 struct bt_uuid *uuid;
685 name_len = strlen(hdev->dev_name);
691 ptr[1] = EIR_NAME_SHORT;
693 ptr[1] = EIR_NAME_COMPLETE;
695 /* EIR Data length */
696 ptr[0] = name_len + 1;
698 memcpy(ptr + 2, hdev->dev_name, name_len);
700 eir_len += (name_len + 2);
701 ptr += (name_len + 2);
704 memset(uuid16_list, 0, sizeof(uuid16_list));
706 /* Group all UUID16 types */
707 list_for_each_entry(uuid, &hdev->uuids, list) {
710 uuid16 = get_uuid16(uuid->uuid);
717 if (uuid16 == PNP_INFO_SVCLASS_ID)
720 /* Stop if not enough space to put next UUID */
721 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
726 /* Check for duplicates */
727 for (i = 0; uuid16_list[i] != 0; i++)
728 if (uuid16_list[i] == uuid16)
731 if (uuid16_list[i] == 0) {
732 uuid16_list[i] = uuid16;
733 eir_len += sizeof(u16);
737 if (uuid16_list[0] != 0) {
741 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
746 for (i = 0; uuid16_list[i] != 0; i++) {
747 *ptr++ = (uuid16_list[i] & 0x00ff);
748 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
751 /* EIR Data length */
752 *length = (i * sizeof(u16)) + 1;
756 static int update_eir(struct hci_dev *hdev)
758 struct hci_cp_write_eir cp;
760 if (!(hdev->features[6] & LMP_EXT_INQ))
763 if (hdev->ssp_mode == 0)
766 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
769 memset(&cp, 0, sizeof(cp));
771 create_eir(hdev, cp.data);
773 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
776 memcpy(hdev->eir, cp.data, sizeof(cp.data));
778 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
781 static u8 get_service_classes(struct hci_dev *hdev)
783 struct bt_uuid *uuid;
786 list_for_each_entry(uuid, &hdev->uuids, list)
787 val |= uuid->svc_hint;
792 static int update_class(struct hci_dev *hdev)
796 BT_DBG("%s", hdev->name);
798 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
801 cod[0] = hdev->minor_class;
802 cod[1] = hdev->major_class;
803 cod[2] = get_service_classes(hdev);
805 if (memcmp(cod, hdev->dev_class, 3) == 0)
808 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
811 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
813 struct mgmt_cp_add_uuid *cp;
814 struct hci_dev *hdev;
815 struct bt_uuid *uuid;
820 BT_DBG("request for hci%u", index);
822 if (len != sizeof(*cp))
823 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
824 MGMT_STATUS_INVALID_PARAMS);
826 hdev = hci_dev_get(index);
828 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
829 MGMT_STATUS_INVALID_PARAMS);
831 hci_dev_lock_bh(hdev);
833 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
839 memcpy(uuid->uuid, cp->uuid, 16);
840 uuid->svc_hint = cp->svc_hint;
842 list_add(&uuid->list, &hdev->uuids);
844 err = update_class(hdev);
848 err = update_eir(hdev);
852 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
855 hci_dev_unlock_bh(hdev);
861 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
863 struct list_head *p, *n;
864 struct mgmt_cp_remove_uuid *cp;
865 struct hci_dev *hdev;
866 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
871 BT_DBG("request for hci%u", index);
873 if (len != sizeof(*cp))
874 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
875 MGMT_STATUS_INVALID_PARAMS);
877 hdev = hci_dev_get(index);
879 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
880 MGMT_STATUS_INVALID_PARAMS);
882 hci_dev_lock_bh(hdev);
884 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
885 err = hci_uuids_clear(hdev);
891 list_for_each_safe(p, n, &hdev->uuids) {
892 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
894 if (memcmp(match->uuid, cp->uuid, 16) != 0)
897 list_del(&match->list);
902 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
903 MGMT_STATUS_INVALID_PARAMS);
907 err = update_class(hdev);
911 err = update_eir(hdev);
915 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
918 hci_dev_unlock_bh(hdev);
924 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
927 struct hci_dev *hdev;
928 struct mgmt_cp_set_dev_class *cp;
933 BT_DBG("request for hci%u", index);
935 if (len != sizeof(*cp))
936 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
937 MGMT_STATUS_INVALID_PARAMS);
939 hdev = hci_dev_get(index);
941 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
942 MGMT_STATUS_INVALID_PARAMS);
944 hci_dev_lock_bh(hdev);
946 hdev->major_class = cp->major;
947 hdev->minor_class = cp->minor;
949 err = update_class(hdev);
952 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
954 hci_dev_unlock_bh(hdev);
960 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
963 struct hci_dev *hdev;
964 struct mgmt_cp_set_service_cache *cp;
969 if (len != sizeof(*cp))
970 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE,
971 MGMT_STATUS_INVALID_PARAMS);
973 hdev = hci_dev_get(index);
975 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE,
976 MGMT_STATUS_INVALID_PARAMS);
978 hci_dev_lock_bh(hdev);
980 BT_DBG("hci%u enable %d", index, cp->enable);
983 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
986 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
987 err = update_class(hdev);
989 err = update_eir(hdev);
993 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
996 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
999 hci_dev_unlock_bh(hdev);
1005 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
1008 struct hci_dev *hdev;
1009 struct mgmt_cp_load_link_keys *cp;
1010 u16 key_count, expected_len;
1015 if (len < sizeof(*cp))
1016 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1017 MGMT_STATUS_INVALID_PARAMS);
1019 key_count = get_unaligned_le16(&cp->key_count);
1021 expected_len = sizeof(*cp) + key_count *
1022 sizeof(struct mgmt_link_key_info);
1023 if (expected_len != len) {
1024 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1026 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1027 MGMT_STATUS_INVALID_PARAMS);
1030 hdev = hci_dev_get(index);
1032 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1033 MGMT_STATUS_INVALID_PARAMS);
1035 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1038 hci_dev_lock_bh(hdev);
1040 hci_link_keys_clear(hdev);
1042 set_bit(HCI_LINK_KEYS, &hdev->flags);
1045 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
1047 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
1049 for (i = 0; i < key_count; i++) {
1050 struct mgmt_link_key_info *key = &cp->keys[i];
1052 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
1056 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0);
1058 hci_dev_unlock_bh(hdev);
1064 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
1067 struct hci_dev *hdev;
1068 struct mgmt_cp_remove_keys *cp;
1069 struct mgmt_rp_remove_keys rp;
1070 struct hci_cp_disconnect dc;
1071 struct pending_cmd *cmd;
1072 struct hci_conn *conn;
1077 if (len != sizeof(*cp))
1078 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1079 MGMT_STATUS_INVALID_PARAMS);
1081 hdev = hci_dev_get(index);
1083 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1084 MGMT_STATUS_INVALID_PARAMS);
1086 hci_dev_lock_bh(hdev);
1088 memset(&rp, 0, sizeof(rp));
1089 bacpy(&rp.bdaddr, &cp->bdaddr);
1090 rp.status = MGMT_STATUS_FAILED;
1092 err = hci_remove_link_key(hdev, &cp->bdaddr);
1094 rp.status = MGMT_STATUS_NOT_PAIRED;
1098 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1099 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1104 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1106 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1111 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp));
1117 put_unaligned_le16(conn->handle, &dc.handle);
1118 dc.reason = 0x13; /* Remote User Terminated Connection */
1119 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1121 mgmt_pending_remove(cmd);
1125 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1127 hci_dev_unlock_bh(hdev);
1133 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1135 struct hci_dev *hdev;
1136 struct mgmt_cp_disconnect *cp;
1137 struct hci_cp_disconnect dc;
1138 struct pending_cmd *cmd;
1139 struct hci_conn *conn;
1146 if (len != sizeof(*cp))
1147 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1148 MGMT_STATUS_INVALID_PARAMS);
1150 hdev = hci_dev_get(index);
1152 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1153 MGMT_STATUS_INVALID_PARAMS);
1155 hci_dev_lock_bh(hdev);
1157 if (!test_bit(HCI_UP, &hdev->flags)) {
1158 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1159 MGMT_STATUS_NOT_POWERED);
1163 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1164 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1169 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1171 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1174 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1175 MGMT_STATUS_NOT_CONNECTED);
1179 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1185 put_unaligned_le16(conn->handle, &dc.handle);
1186 dc.reason = 0x13; /* Remote User Terminated Connection */
1188 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1190 mgmt_pending_remove(cmd);
1193 hci_dev_unlock_bh(hdev);
1199 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1201 switch (link_type) {
1203 switch (addr_type) {
1204 case ADDR_LE_DEV_PUBLIC:
1205 return MGMT_ADDR_LE_PUBLIC;
1206 case ADDR_LE_DEV_RANDOM:
1207 return MGMT_ADDR_LE_RANDOM;
1209 return MGMT_ADDR_INVALID;
1212 return MGMT_ADDR_BREDR;
1214 return MGMT_ADDR_INVALID;
1218 static int get_connections(struct sock *sk, u16 index)
1220 struct mgmt_rp_get_connections *rp;
1221 struct hci_dev *hdev;
1223 struct list_head *p;
1230 hdev = hci_dev_get(index);
1232 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1233 MGMT_STATUS_INVALID_PARAMS);
1235 hci_dev_lock_bh(hdev);
1238 list_for_each(p, &hdev->conn_hash.list) {
1242 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1243 rp = kmalloc(rp_len, GFP_ATOMIC);
1249 put_unaligned_le16(count, &rp->conn_count);
1252 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1253 bacpy(&rp->addr[i].bdaddr, &c->dst);
1254 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1255 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1260 /* Recalculate length in case of filtered SCO connections, etc */
1261 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1263 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1267 hci_dev_unlock_bh(hdev);
1272 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1273 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1275 struct pending_cmd *cmd;
1278 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1283 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1286 mgmt_pending_remove(cmd);
1291 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1294 struct hci_dev *hdev;
1295 struct hci_conn *conn;
1296 struct mgmt_cp_pin_code_reply *cp;
1297 struct mgmt_cp_pin_code_neg_reply ncp;
1298 struct hci_cp_pin_code_reply reply;
1299 struct pending_cmd *cmd;
1306 if (len != sizeof(*cp))
1307 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1308 MGMT_STATUS_INVALID_PARAMS);
1310 hdev = hci_dev_get(index);
1312 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1313 MGMT_STATUS_INVALID_PARAMS);
1315 hci_dev_lock_bh(hdev);
1317 if (!test_bit(HCI_UP, &hdev->flags)) {
1318 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1319 MGMT_STATUS_NOT_POWERED);
1323 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1325 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1326 MGMT_STATUS_NOT_CONNECTED);
1330 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1331 bacpy(&ncp.bdaddr, &cp->bdaddr);
1333 BT_ERR("PIN code is not 16 bytes long");
1335 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1337 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1338 MGMT_STATUS_INVALID_PARAMS);
1343 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1349 bacpy(&reply.bdaddr, &cp->bdaddr);
1350 reply.pin_len = cp->pin_len;
1351 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1353 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1355 mgmt_pending_remove(cmd);
1358 hci_dev_unlock_bh(hdev);
1364 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1367 struct hci_dev *hdev;
1368 struct mgmt_cp_pin_code_neg_reply *cp;
1375 if (len != sizeof(*cp))
1376 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1377 MGMT_STATUS_INVALID_PARAMS);
1379 hdev = hci_dev_get(index);
1381 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1382 MGMT_STATUS_INVALID_PARAMS);
1384 hci_dev_lock_bh(hdev);
1386 if (!test_bit(HCI_UP, &hdev->flags)) {
1387 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1388 MGMT_STATUS_NOT_POWERED);
1392 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1395 hci_dev_unlock_bh(hdev);
1401 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1404 struct hci_dev *hdev;
1405 struct mgmt_cp_set_io_capability *cp;
1411 if (len != sizeof(*cp))
1412 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1413 MGMT_STATUS_INVALID_PARAMS);
1415 hdev = hci_dev_get(index);
1417 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1418 MGMT_STATUS_INVALID_PARAMS);
1420 hci_dev_lock_bh(hdev);
1422 hdev->io_capability = cp->io_capability;
1424 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1425 hdev->io_capability);
1427 hci_dev_unlock_bh(hdev);
1430 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1433 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1435 struct hci_dev *hdev = conn->hdev;
1436 struct pending_cmd *cmd;
1438 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1439 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1442 if (cmd->user_data != conn)
1451 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1453 struct mgmt_rp_pair_device rp;
1454 struct hci_conn *conn = cmd->user_data;
1456 bacpy(&rp.addr.bdaddr, &conn->dst);
1457 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1460 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1462 /* So we don't get further callbacks for this connection */
1463 conn->connect_cfm_cb = NULL;
1464 conn->security_cfm_cb = NULL;
1465 conn->disconn_cfm_cb = NULL;
1469 mgmt_pending_remove(cmd);
1472 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1474 struct pending_cmd *cmd;
1476 BT_DBG("status %u", status);
1478 cmd = find_pairing(conn);
1480 BT_DBG("Unable to find a pending command");
1482 pairing_complete(cmd, status);
1485 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1487 struct hci_dev *hdev;
1488 struct mgmt_cp_pair_device *cp;
1489 struct mgmt_rp_pair_device rp;
1490 struct pending_cmd *cmd;
1491 u8 sec_level, auth_type;
1492 struct hci_conn *conn;
1499 if (len != sizeof(*cp))
1500 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1501 MGMT_STATUS_INVALID_PARAMS);
1503 hdev = hci_dev_get(index);
1505 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1506 MGMT_STATUS_INVALID_PARAMS);
1508 hci_dev_lock_bh(hdev);
1510 sec_level = BT_SECURITY_MEDIUM;
1511 if (cp->io_cap == 0x03)
1512 auth_type = HCI_AT_DEDICATED_BONDING;
1514 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1516 if (cp->addr.type == MGMT_ADDR_BREDR)
1517 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1520 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1523 memset(&rp, 0, sizeof(rp));
1524 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1525 rp.addr.type = cp->addr.type;
1528 rp.status = -PTR_ERR(conn);
1529 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1534 if (conn->connect_cfm_cb) {
1537 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1542 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1549 /* For LE, just connecting isn't a proof that the pairing finished */
1550 if (cp->addr.type == MGMT_ADDR_BREDR)
1551 conn->connect_cfm_cb = pairing_complete_cb;
1553 conn->security_cfm_cb = pairing_complete_cb;
1554 conn->disconn_cfm_cb = pairing_complete_cb;
1555 conn->io_capability = cp->io_cap;
1556 cmd->user_data = conn;
1558 if (conn->state == BT_CONNECTED &&
1559 hci_conn_security(conn, sec_level, auth_type))
1560 pairing_complete(cmd, 0);
1565 hci_dev_unlock_bh(hdev);
1571 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1572 u16 mgmt_op, u16 hci_op, __le32 passkey)
1574 struct pending_cmd *cmd;
1575 struct hci_dev *hdev;
1576 struct hci_conn *conn;
1579 hdev = hci_dev_get(index);
1581 return cmd_status(sk, index, mgmt_op,
1582 MGMT_STATUS_INVALID_PARAMS);
1584 hci_dev_lock_bh(hdev);
1586 if (!test_bit(HCI_UP, &hdev->flags)) {
1587 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1592 * Check for an existing ACL link, if present pair via
1595 * If no ACL link is present, check for an LE link and if
1596 * present, pair via the SMP engine.
1598 * If neither ACL nor LE links are present, fail with error.
1600 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1602 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1604 err = cmd_status(sk, index, mgmt_op,
1605 MGMT_STATUS_NOT_CONNECTED);
1609 /* Continue with pairing via SMP */
1611 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_SUCCESS);
1615 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
1621 /* Continue with pairing via HCI */
1622 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1623 struct hci_cp_user_passkey_reply cp;
1625 bacpy(&cp.bdaddr, bdaddr);
1626 cp.passkey = passkey;
1627 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1629 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1632 mgmt_pending_remove(cmd);
1635 hci_dev_unlock_bh(hdev);
1641 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1643 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1647 if (len != sizeof(*cp))
1648 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1649 MGMT_STATUS_INVALID_PARAMS);
1651 return user_pairing_resp(sk, index, &cp->bdaddr,
1652 MGMT_OP_USER_CONFIRM_REPLY,
1653 HCI_OP_USER_CONFIRM_REPLY, 0);
1656 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1659 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1663 if (len != sizeof(*cp))
1664 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1665 MGMT_STATUS_INVALID_PARAMS);
1667 return user_pairing_resp(sk, index, &cp->bdaddr,
1668 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1669 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1672 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1674 struct mgmt_cp_user_passkey_reply *cp = (void *) data;
1678 if (len != sizeof(*cp))
1679 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1682 return user_pairing_resp(sk, index, &cp->bdaddr,
1683 MGMT_OP_USER_PASSKEY_REPLY,
1684 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
1687 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1690 struct mgmt_cp_user_passkey_neg_reply *cp = (void *) data;
1694 if (len != sizeof(*cp))
1695 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1698 return user_pairing_resp(sk, index, &cp->bdaddr,
1699 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1700 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
1703 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1706 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1707 struct hci_cp_write_local_name hci_cp;
1708 struct hci_dev *hdev;
1709 struct pending_cmd *cmd;
1714 if (len != sizeof(*mgmt_cp))
1715 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1716 MGMT_STATUS_INVALID_PARAMS);
1718 hdev = hci_dev_get(index);
1720 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1721 MGMT_STATUS_INVALID_PARAMS);
1723 hci_dev_lock_bh(hdev);
1725 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
1731 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1732 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1735 mgmt_pending_remove(cmd);
1738 hci_dev_unlock_bh(hdev);
1744 static int read_local_oob_data(struct sock *sk, u16 index)
1746 struct hci_dev *hdev;
1747 struct pending_cmd *cmd;
1750 BT_DBG("hci%u", index);
1752 hdev = hci_dev_get(index);
1754 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1755 MGMT_STATUS_INVALID_PARAMS);
1757 hci_dev_lock_bh(hdev);
1759 if (!test_bit(HCI_UP, &hdev->flags)) {
1760 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1761 MGMT_STATUS_NOT_POWERED);
1765 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1766 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1767 MGMT_STATUS_NOT_SUPPORTED);
1771 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1772 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1777 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1783 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1785 mgmt_pending_remove(cmd);
1788 hci_dev_unlock_bh(hdev);
1794 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1797 struct hci_dev *hdev;
1798 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1801 BT_DBG("hci%u ", index);
1803 if (len != sizeof(*cp))
1804 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1805 MGMT_STATUS_INVALID_PARAMS);
1807 hdev = hci_dev_get(index);
1809 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1810 MGMT_STATUS_INVALID_PARAMS);
1812 hci_dev_lock_bh(hdev);
1814 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1817 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1818 MGMT_STATUS_FAILED);
1820 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1823 hci_dev_unlock_bh(hdev);
1829 static int remove_remote_oob_data(struct sock *sk, u16 index,
1830 unsigned char *data, u16 len)
1832 struct hci_dev *hdev;
1833 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1836 BT_DBG("hci%u ", index);
1838 if (len != sizeof(*cp))
1839 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1840 MGMT_STATUS_INVALID_PARAMS);
1842 hdev = hci_dev_get(index);
1844 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1845 MGMT_STATUS_INVALID_PARAMS);
1847 hci_dev_lock_bh(hdev);
1849 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1851 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1852 MGMT_STATUS_INVALID_PARAMS);
1854 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1857 hci_dev_unlock_bh(hdev);
1863 static int start_discovery(struct sock *sk, u16 index,
1864 unsigned char *data, u16 len)
1866 struct mgmt_cp_start_discovery *cp = (void *) data;
1867 struct pending_cmd *cmd;
1868 struct hci_dev *hdev;
1871 BT_DBG("hci%u", index);
1873 if (len != sizeof(*cp))
1874 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1875 MGMT_STATUS_INVALID_PARAMS);
1877 hdev = hci_dev_get(index);
1879 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1880 MGMT_STATUS_INVALID_PARAMS);
1882 hci_dev_lock_bh(hdev);
1884 if (!test_bit(HCI_UP, &hdev->flags)) {
1885 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1886 MGMT_STATUS_NOT_POWERED);
1890 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1896 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1898 mgmt_pending_remove(cmd);
1901 hci_dev_unlock_bh(hdev);
1907 static int stop_discovery(struct sock *sk, u16 index)
1909 struct hci_dev *hdev;
1910 struct pending_cmd *cmd;
1913 BT_DBG("hci%u", index);
1915 hdev = hci_dev_get(index);
1917 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
1918 MGMT_STATUS_INVALID_PARAMS);
1920 hci_dev_lock_bh(hdev);
1922 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
1928 err = hci_cancel_inquiry(hdev);
1930 mgmt_pending_remove(cmd);
1933 hci_dev_unlock_bh(hdev);
1939 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1942 struct hci_dev *hdev;
1943 struct mgmt_cp_block_device *cp = (void *) data;
1946 BT_DBG("hci%u", index);
1948 if (len != sizeof(*cp))
1949 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1950 MGMT_STATUS_INVALID_PARAMS);
1952 hdev = hci_dev_get(index);
1954 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1955 MGMT_STATUS_INVALID_PARAMS);
1957 hci_dev_lock_bh(hdev);
1959 err = hci_blacklist_add(hdev, &cp->bdaddr);
1961 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1962 MGMT_STATUS_FAILED);
1964 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1967 hci_dev_unlock_bh(hdev);
1973 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1976 struct hci_dev *hdev;
1977 struct mgmt_cp_unblock_device *cp = (void *) data;
1980 BT_DBG("hci%u", index);
1982 if (len != sizeof(*cp))
1983 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1984 MGMT_STATUS_INVALID_PARAMS);
1986 hdev = hci_dev_get(index);
1988 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1989 MGMT_STATUS_INVALID_PARAMS);
1991 hci_dev_lock_bh(hdev);
1993 err = hci_blacklist_del(hdev, &cp->bdaddr);
1996 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1997 MGMT_STATUS_INVALID_PARAMS);
1999 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2002 hci_dev_unlock_bh(hdev);
2008 static int set_fast_connectable(struct sock *sk, u16 index,
2009 unsigned char *data, u16 len)
2011 struct hci_dev *hdev;
2012 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
2013 struct hci_cp_write_page_scan_activity acp;
2017 BT_DBG("hci%u", index);
2019 if (len != sizeof(*cp))
2020 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2021 MGMT_STATUS_INVALID_PARAMS);
2023 hdev = hci_dev_get(index);
2025 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2026 MGMT_STATUS_INVALID_PARAMS);
2031 type = PAGE_SCAN_TYPE_INTERLACED;
2032 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2034 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2035 acp.interval = 0x0800; /* default 1.28 sec page scan */
2038 acp.window = 0x0012; /* default 11.25 msec page scan window */
2040 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2043 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2044 MGMT_STATUS_FAILED);
2048 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2050 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2051 MGMT_STATUS_FAILED);
2055 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2058 hci_dev_unlock(hdev);
2064 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2067 struct mgmt_hdr *hdr;
2068 u16 opcode, index, len;
2071 BT_DBG("got %zu bytes", msglen);
2073 if (msglen < sizeof(*hdr))
2076 buf = kmalloc(msglen, GFP_KERNEL);
2080 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2085 hdr = (struct mgmt_hdr *) buf;
2086 opcode = get_unaligned_le16(&hdr->opcode);
2087 index = get_unaligned_le16(&hdr->index);
2088 len = get_unaligned_le16(&hdr->len);
2090 if (len != msglen - sizeof(*hdr)) {
2096 case MGMT_OP_READ_VERSION:
2097 err = read_version(sk);
2099 case MGMT_OP_READ_INDEX_LIST:
2100 err = read_index_list(sk);
2102 case MGMT_OP_READ_INFO:
2103 err = read_controller_info(sk, index);
2105 case MGMT_OP_SET_POWERED:
2106 err = set_powered(sk, index, buf + sizeof(*hdr), len);
2108 case MGMT_OP_SET_DISCOVERABLE:
2109 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
2111 case MGMT_OP_SET_CONNECTABLE:
2112 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
2114 case MGMT_OP_SET_PAIRABLE:
2115 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
2117 case MGMT_OP_ADD_UUID:
2118 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
2120 case MGMT_OP_REMOVE_UUID:
2121 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
2123 case MGMT_OP_SET_DEV_CLASS:
2124 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
2126 case MGMT_OP_SET_SERVICE_CACHE:
2127 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
2129 case MGMT_OP_LOAD_LINK_KEYS:
2130 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
2132 case MGMT_OP_REMOVE_KEYS:
2133 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
2135 case MGMT_OP_DISCONNECT:
2136 err = disconnect(sk, index, buf + sizeof(*hdr), len);
2138 case MGMT_OP_GET_CONNECTIONS:
2139 err = get_connections(sk, index);
2141 case MGMT_OP_PIN_CODE_REPLY:
2142 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
2144 case MGMT_OP_PIN_CODE_NEG_REPLY:
2145 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
2147 case MGMT_OP_SET_IO_CAPABILITY:
2148 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
2150 case MGMT_OP_PAIR_DEVICE:
2151 err = pair_device(sk, index, buf + sizeof(*hdr), len);
2153 case MGMT_OP_USER_CONFIRM_REPLY:
2154 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len);
2156 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2157 err = user_confirm_neg_reply(sk, index, buf + sizeof(*hdr),
2160 case MGMT_OP_USER_PASSKEY_REPLY:
2161 err = user_passkey_reply(sk, index, buf + sizeof(*hdr), len);
2163 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2164 err = user_passkey_neg_reply(sk, index, buf + sizeof(*hdr),
2167 case MGMT_OP_SET_LOCAL_NAME:
2168 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
2170 case MGMT_OP_READ_LOCAL_OOB_DATA:
2171 err = read_local_oob_data(sk, index);
2173 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2174 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
2176 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2177 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
2180 case MGMT_OP_START_DISCOVERY:
2181 err = start_discovery(sk, index, buf + sizeof(*hdr), len);
2183 case MGMT_OP_STOP_DISCOVERY:
2184 err = stop_discovery(sk, index);
2186 case MGMT_OP_BLOCK_DEVICE:
2187 err = block_device(sk, index, buf + sizeof(*hdr), len);
2189 case MGMT_OP_UNBLOCK_DEVICE:
2190 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
2192 case MGMT_OP_SET_FAST_CONNECTABLE:
2193 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
2197 BT_DBG("Unknown op %u", opcode);
2198 err = cmd_status(sk, index, opcode,
2199 MGMT_STATUS_UNKNOWN_COMMAND);
2213 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2217 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2218 mgmt_pending_remove(cmd);
2221 int mgmt_index_added(struct hci_dev *hdev)
2223 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2226 int mgmt_index_removed(struct hci_dev *hdev)
2230 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2232 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2240 static void mode_rsp(struct pending_cmd *cmd, void *data)
2242 struct mgmt_mode *cp = cmd->param;
2243 struct cmd_lookup *match = data;
2245 if (cp->val != match->val)
2248 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
2250 list_del(&cmd->list);
2252 if (match->sk == NULL) {
2253 match->sk = cmd->sk;
2254 sock_hold(match->sk);
2257 mgmt_pending_free(cmd);
2260 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2262 struct mgmt_mode ev;
2263 struct cmd_lookup match = { powered, NULL };
2266 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, mode_rsp, &match);
2269 u8 status = ENETDOWN;
2270 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2275 ret = mgmt_event(MGMT_EV_POWERED, hdev, &ev, sizeof(ev), match.sk);
2283 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2285 struct mgmt_mode ev;
2286 struct cmd_lookup match = { discoverable, NULL };
2289 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, mode_rsp, &match);
2291 ev.val = discoverable;
2293 ret = mgmt_event(MGMT_EV_DISCOVERABLE, hdev, &ev, sizeof(ev),
2302 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2304 struct mgmt_mode ev;
2305 struct cmd_lookup match = { connectable, NULL };
2308 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, mode_rsp, &match);
2310 ev.val = connectable;
2312 ret = mgmt_event(MGMT_EV_CONNECTABLE, hdev, &ev, sizeof(ev), match.sk);
2320 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2322 u8 mgmt_err = mgmt_status(status);
2324 if (scan & SCAN_PAGE)
2325 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2326 cmd_status_rsp, &mgmt_err);
2328 if (scan & SCAN_INQUIRY)
2329 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2330 cmd_status_rsp, &mgmt_err);
2335 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2338 struct mgmt_ev_new_link_key ev;
2340 memset(&ev, 0, sizeof(ev));
2342 ev.store_hint = persistent;
2343 bacpy(&ev.key.bdaddr, &key->bdaddr);
2344 ev.key.type = key->type;
2345 memcpy(ev.key.val, key->val, 16);
2346 ev.key.pin_len = key->pin_len;
2348 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2351 int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2354 struct mgmt_addr_info ev;
2356 bacpy(&ev.bdaddr, bdaddr);
2357 ev.type = link_to_mgmt(link_type, addr_type);
2359 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
2362 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2364 struct mgmt_cp_disconnect *cp = cmd->param;
2365 struct sock **sk = data;
2366 struct mgmt_rp_disconnect rp;
2368 bacpy(&rp.bdaddr, &cp->bdaddr);
2371 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2376 mgmt_pending_remove(cmd);
2379 static void remove_keys_rsp(struct pending_cmd *cmd, void *data)
2382 struct mgmt_cp_remove_keys *cp = cmd->param;
2383 struct mgmt_rp_remove_keys rp;
2385 memset(&rp, 0, sizeof(rp));
2386 bacpy(&rp.bdaddr, &cp->bdaddr);
2388 rp.status = *status;
2390 cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp,
2393 mgmt_pending_remove(cmd);
2396 int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2399 struct mgmt_addr_info ev;
2400 struct sock *sk = NULL;
2403 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2405 bacpy(&ev.bdaddr, bdaddr);
2406 ev.type = link_to_mgmt(link_type, addr_type);
2408 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
2413 mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL);
2418 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2420 struct pending_cmd *cmd;
2421 u8 mgmt_err = mgmt_status(status);
2424 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2429 struct mgmt_rp_disconnect rp;
2431 bacpy(&rp.bdaddr, bdaddr);
2434 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2437 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT,
2440 mgmt_pending_remove(cmd);
2445 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2446 u8 addr_type, u8 status)
2448 struct mgmt_ev_connect_failed ev;
2450 bacpy(&ev.addr.bdaddr, bdaddr);
2451 ev.addr.type = link_to_mgmt(link_type, addr_type);
2452 ev.status = mgmt_status(status);
2454 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2457 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2459 struct mgmt_ev_pin_code_request ev;
2461 bacpy(&ev.bdaddr, bdaddr);
2464 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2468 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2471 struct pending_cmd *cmd;
2472 struct mgmt_rp_pin_code_reply rp;
2475 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2479 bacpy(&rp.bdaddr, bdaddr);
2480 rp.status = mgmt_status(status);
2482 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2485 mgmt_pending_remove(cmd);
2490 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2493 struct pending_cmd *cmd;
2494 struct mgmt_rp_pin_code_reply rp;
2497 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2501 bacpy(&rp.bdaddr, bdaddr);
2502 rp.status = mgmt_status(status);
2504 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2507 mgmt_pending_remove(cmd);
2512 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2513 __le32 value, u8 confirm_hint)
2515 struct mgmt_ev_user_confirm_request ev;
2517 BT_DBG("%s", hdev->name);
2519 bacpy(&ev.bdaddr, bdaddr);
2520 ev.confirm_hint = confirm_hint;
2521 put_unaligned_le32(value, &ev.value);
2523 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2527 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr)
2529 struct mgmt_ev_user_passkey_request ev;
2531 BT_DBG("%s", hdev->name);
2533 bacpy(&ev.bdaddr, bdaddr);
2535 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
2539 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2540 u8 status, u8 opcode)
2542 struct pending_cmd *cmd;
2543 struct mgmt_rp_user_confirm_reply rp;
2546 cmd = mgmt_pending_find(opcode, hdev);
2550 bacpy(&rp.bdaddr, bdaddr);
2551 rp.status = mgmt_status(status);
2552 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2554 mgmt_pending_remove(cmd);
2559 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2562 return user_pairing_resp_complete(hdev, bdaddr, status,
2563 MGMT_OP_USER_CONFIRM_REPLY);
2566 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2567 bdaddr_t *bdaddr, u8 status)
2569 return user_pairing_resp_complete(hdev, bdaddr, status,
2570 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2573 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2576 return user_pairing_resp_complete(hdev, bdaddr, status,
2577 MGMT_OP_USER_PASSKEY_REPLY);
2580 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev,
2581 bdaddr_t *bdaddr, u8 status)
2583 return user_pairing_resp_complete(hdev, bdaddr, status,
2584 MGMT_OP_USER_PASSKEY_NEG_REPLY);
2587 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2589 struct mgmt_ev_auth_failed ev;
2591 bacpy(&ev.bdaddr, bdaddr);
2592 ev.status = mgmt_status(status);
2594 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2597 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2599 struct pending_cmd *cmd;
2600 struct mgmt_cp_set_local_name ev;
2603 memset(&ev, 0, sizeof(ev));
2604 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2606 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2611 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2612 mgmt_status(status));
2618 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2624 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2625 cmd ? cmd->sk : NULL);
2629 mgmt_pending_remove(cmd);
2633 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2634 u8 *randomizer, u8 status)
2636 struct pending_cmd *cmd;
2639 BT_DBG("%s status %u", hdev->name, status);
2641 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2646 err = cmd_status(cmd->sk, hdev->id,
2647 MGMT_OP_READ_LOCAL_OOB_DATA,
2648 mgmt_status(status));
2650 struct mgmt_rp_read_local_oob_data rp;
2652 memcpy(rp.hash, hash, sizeof(rp.hash));
2653 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2655 err = cmd_complete(cmd->sk, hdev->id,
2656 MGMT_OP_READ_LOCAL_OOB_DATA,
2660 mgmt_pending_remove(cmd);
2665 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2666 u8 addr_type, u8 *dev_class, s8 rssi, u8 *eir)
2668 struct mgmt_ev_device_found ev;
2670 memset(&ev, 0, sizeof(ev));
2672 bacpy(&ev.addr.bdaddr, bdaddr);
2673 ev.addr.type = link_to_mgmt(link_type, addr_type);
2677 memcpy(ev.eir, eir, sizeof(ev.eir));
2680 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2682 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
2685 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
2687 struct mgmt_ev_remote_name ev;
2689 memset(&ev, 0, sizeof(ev));
2691 bacpy(&ev.bdaddr, bdaddr);
2692 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2694 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
2697 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2699 struct pending_cmd *cmd;
2702 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2706 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
2707 mgmt_pending_remove(cmd);
2712 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2714 struct pending_cmd *cmd;
2717 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2721 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status);
2722 mgmt_pending_remove(cmd);
2727 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2729 struct pending_cmd *cmd;
2732 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2734 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2737 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
2738 mgmt_pending_remove(cmd);
2741 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
2742 sizeof(discovering), NULL);
2745 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2747 struct pending_cmd *cmd;
2748 struct mgmt_ev_device_blocked ev;
2750 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
2752 bacpy(&ev.bdaddr, bdaddr);
2754 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2755 cmd ? cmd->sk : NULL);
2758 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2760 struct pending_cmd *cmd;
2761 struct mgmt_ev_device_unblocked ev;
2763 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
2765 bacpy(&ev.bdaddr, bdaddr);
2767 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2768 cmd ? cmd->sk : NULL);