2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 2
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
81 static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102 MGMT_EV_PASSKEY_NOTIFY,
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
109 #define LE_SCAN_TYPE 0x01
110 #define LE_SCAN_WIN 0x12
111 #define LE_SCAN_INT 0x12
112 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
113 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
115 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
118 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
120 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124 struct list_head list;
132 /* HCI to MGMT error code conversion table */
133 static u8 mgmt_status_table[] = {
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
197 bool mgmt_valid_hdev(struct hci_dev *hdev)
199 return hdev->dev_type == HCI_BREDR;
202 static u8 mgmt_status(u8 hci_status)
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
207 return MGMT_STATUS_FAILED;
210 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
226 hdr->index = cpu_to_le16(index);
227 hdr->len = cpu_to_le16(sizeof(*ev));
229 ev = (void *) skb_put(skb, sizeof(*ev));
231 ev->opcode = cpu_to_le16(cmd);
233 err = sock_queue_rcv_skb(sk, skb);
240 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 void *rp, size_t rp_len)
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
248 BT_DBG("sock %p", sk);
250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
257 hdr->index = cpu_to_le16(index);
258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
261 ev->opcode = cpu_to_le16(cmd);
265 memcpy(ev->data, rp, rp_len);
267 err = sock_queue_rcv_skb(sk, skb);
274 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
277 struct mgmt_rp_read_version rp;
279 BT_DBG("sock %p", sk);
281 rp.version = MGMT_VERSION;
282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
288 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
291 struct mgmt_rp_read_commands *rp;
292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
298 BT_DBG("sock %p", sk);
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
302 rp = kmalloc(rp_size, GFP_KERNEL);
306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
322 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
325 struct mgmt_rp_read_index_list *rp;
331 BT_DBG("sock %p", sk);
333 read_lock(&hci_dev_list_lock);
336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
346 read_unlock(&hci_dev_list_lock);
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (test_bit(HCI_SETUP, &d->dev_flags))
355 if (!mgmt_valid_hdev(d))
358 rp->index[count++] = cpu_to_le16(d->id);
359 BT_DBG("Added hci%u", d->id);
362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
365 read_unlock(&hci_dev_list_lock);
367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
375 static u32 get_supported_settings(struct hci_dev *hdev)
379 settings |= MGMT_SETTING_POWERED;
380 settings |= MGMT_SETTING_PAIRABLE;
382 if (lmp_ssp_capable(hdev))
383 settings |= MGMT_SETTING_SSP;
385 if (lmp_bredr_capable(hdev)) {
386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
394 settings |= MGMT_SETTING_HS;
396 if (lmp_le_capable(hdev))
397 settings |= MGMT_SETTING_LE;
402 static u32 get_current_settings(struct hci_dev *hdev)
406 if (hdev_is_powered(hdev))
407 settings |= MGMT_SETTING_POWERED;
409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
410 settings |= MGMT_SETTING_CONNECTABLE;
412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_DISCOVERABLE;
415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
416 settings |= MGMT_SETTING_PAIRABLE;
418 if (lmp_bredr_capable(hdev))
419 settings |= MGMT_SETTING_BREDR;
421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
422 settings |= MGMT_SETTING_LE;
424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
425 settings |= MGMT_SETTING_LINK_SECURITY;
427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
428 settings |= MGMT_SETTING_SSP;
430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
436 #define PNP_INFO_SVCLASS_ID 0x1200
438 static u8 bluetooth_base_uuid[] = {
439 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
440 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
443 static u16 get_uuid16(u8 *uuid128)
448 for (i = 0; i < 12; i++) {
449 if (bluetooth_base_uuid[i] != uuid128[i])
453 val = get_unaligned_le32(&uuid128[12]);
460 static void create_eir(struct hci_dev *hdev, u8 *data)
464 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
465 int i, truncated = 0;
466 struct bt_uuid *uuid;
469 name_len = strlen(hdev->dev_name);
475 ptr[1] = EIR_NAME_SHORT;
477 ptr[1] = EIR_NAME_COMPLETE;
479 /* EIR Data length */
480 ptr[0] = name_len + 1;
482 memcpy(ptr + 2, hdev->dev_name, name_len);
484 eir_len += (name_len + 2);
485 ptr += (name_len + 2);
488 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
490 ptr[1] = EIR_TX_POWER;
491 ptr[2] = (u8) hdev->inq_tx_power;
497 if (hdev->devid_source > 0) {
499 ptr[1] = EIR_DEVICE_ID;
501 put_unaligned_le16(hdev->devid_source, ptr + 2);
502 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
503 put_unaligned_le16(hdev->devid_product, ptr + 6);
504 put_unaligned_le16(hdev->devid_version, ptr + 8);
510 memset(uuid16_list, 0, sizeof(uuid16_list));
512 /* Group all UUID16 types */
513 list_for_each_entry(uuid, &hdev->uuids, list) {
516 uuid16 = get_uuid16(uuid->uuid);
523 if (uuid16 == PNP_INFO_SVCLASS_ID)
526 /* Stop if not enough space to put next UUID */
527 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
532 /* Check for duplicates */
533 for (i = 0; uuid16_list[i] != 0; i++)
534 if (uuid16_list[i] == uuid16)
537 if (uuid16_list[i] == 0) {
538 uuid16_list[i] = uuid16;
539 eir_len += sizeof(u16);
543 if (uuid16_list[0] != 0) {
547 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
552 for (i = 0; uuid16_list[i] != 0; i++) {
553 *ptr++ = (uuid16_list[i] & 0x00ff);
554 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
557 /* EIR Data length */
558 *length = (i * sizeof(u16)) + 1;
562 static int update_eir(struct hci_dev *hdev)
564 struct hci_cp_write_eir cp;
566 if (!hdev_is_powered(hdev))
569 if (!lmp_ext_inq_capable(hdev))
572 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
575 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
578 memset(&cp, 0, sizeof(cp));
580 create_eir(hdev, cp.data);
582 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
585 memcpy(hdev->eir, cp.data, sizeof(cp.data));
587 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
590 static u8 get_service_classes(struct hci_dev *hdev)
592 struct bt_uuid *uuid;
595 list_for_each_entry(uuid, &hdev->uuids, list)
596 val |= uuid->svc_hint;
601 static int update_class(struct hci_dev *hdev)
606 BT_DBG("%s", hdev->name);
608 if (!hdev_is_powered(hdev))
611 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
614 cod[0] = hdev->minor_class;
615 cod[1] = hdev->major_class;
616 cod[2] = get_service_classes(hdev);
618 if (memcmp(cod, hdev->dev_class, 3) == 0)
621 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
623 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
628 static void service_cache_off(struct work_struct *work)
630 struct hci_dev *hdev = container_of(work, struct hci_dev,
633 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
641 hci_dev_unlock(hdev);
644 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
646 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
649 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
651 /* Non-mgmt controlled devices get this bit set
652 * implicitly so that pairing works for them, however
653 * for mgmt we require user-space to explicitly enable
656 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
659 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
660 void *data, u16 data_len)
662 struct mgmt_rp_read_info rp;
664 BT_DBG("sock %p %s", sk, hdev->name);
668 memset(&rp, 0, sizeof(rp));
670 bacpy(&rp.bdaddr, &hdev->bdaddr);
672 rp.version = hdev->hci_ver;
673 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
675 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
676 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
678 memcpy(rp.dev_class, hdev->dev_class, 3);
680 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
681 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
683 hci_dev_unlock(hdev);
685 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
689 static void mgmt_pending_free(struct pending_cmd *cmd)
696 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
697 struct hci_dev *hdev, void *data,
700 struct pending_cmd *cmd;
702 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
706 cmd->opcode = opcode;
707 cmd->index = hdev->id;
709 cmd->param = kmalloc(len, GFP_KERNEL);
716 memcpy(cmd->param, data, len);
721 list_add(&cmd->list, &hdev->mgmt_pending);
726 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
727 void (*cb)(struct pending_cmd *cmd,
731 struct list_head *p, *n;
733 list_for_each_safe(p, n, &hdev->mgmt_pending) {
734 struct pending_cmd *cmd;
736 cmd = list_entry(p, struct pending_cmd, list);
738 if (opcode > 0 && cmd->opcode != opcode)
745 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
747 struct pending_cmd *cmd;
749 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
750 if (cmd->opcode == opcode)
757 static void mgmt_pending_remove(struct pending_cmd *cmd)
759 list_del(&cmd->list);
760 mgmt_pending_free(cmd);
763 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
765 __le32 settings = cpu_to_le32(get_current_settings(hdev));
767 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
771 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
774 struct mgmt_mode *cp = data;
775 struct pending_cmd *cmd;
778 BT_DBG("request for %s", hdev->name);
780 if (cp->val != 0x00 && cp->val != 0x01)
781 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
782 MGMT_STATUS_INVALID_PARAMS);
786 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
787 cancel_delayed_work(&hdev->power_off);
790 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
792 err = mgmt_powered(hdev, 1);
797 if (!!cp->val == hdev_is_powered(hdev)) {
798 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
802 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
803 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
808 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
815 schedule_work(&hdev->power_on);
817 schedule_work(&hdev->power_off.work);
822 hci_dev_unlock(hdev);
826 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
827 struct sock *skip_sk)
830 struct mgmt_hdr *hdr;
832 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
836 hdr = (void *) skb_put(skb, sizeof(*hdr));
837 hdr->opcode = cpu_to_le16(event);
839 hdr->index = cpu_to_le16(hdev->id);
841 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
842 hdr->len = cpu_to_le16(data_len);
845 memcpy(skb_put(skb, data_len), data, data_len);
848 __net_timestamp(skb);
850 hci_send_to_control(skb, skip_sk);
856 static int new_settings(struct hci_dev *hdev, struct sock *skip)
860 ev = cpu_to_le32(get_current_settings(hdev));
862 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
865 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
868 struct mgmt_cp_set_discoverable *cp = data;
869 struct pending_cmd *cmd;
874 BT_DBG("request for %s", hdev->name);
876 if (!lmp_bredr_capable(hdev))
877 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
878 MGMT_STATUS_NOT_SUPPORTED);
880 if (cp->val != 0x00 && cp->val != 0x01)
881 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
882 MGMT_STATUS_INVALID_PARAMS);
884 timeout = __le16_to_cpu(cp->timeout);
885 if (!cp->val && timeout > 0)
886 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
887 MGMT_STATUS_INVALID_PARAMS);
891 if (!hdev_is_powered(hdev) && timeout > 0) {
892 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
893 MGMT_STATUS_NOT_POWERED);
897 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
898 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
899 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
904 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
905 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
906 MGMT_STATUS_REJECTED);
910 if (!hdev_is_powered(hdev)) {
911 bool changed = false;
913 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
914 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
918 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
923 err = new_settings(hdev, sk);
928 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
929 if (hdev->discov_timeout > 0) {
930 cancel_delayed_work(&hdev->discov_off);
931 hdev->discov_timeout = 0;
934 if (cp->val && timeout > 0) {
935 hdev->discov_timeout = timeout;
936 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
937 msecs_to_jiffies(hdev->discov_timeout * 1000));
940 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
944 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
953 scan |= SCAN_INQUIRY;
955 cancel_delayed_work(&hdev->discov_off);
957 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
959 mgmt_pending_remove(cmd);
962 hdev->discov_timeout = timeout;
965 hci_dev_unlock(hdev);
969 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
972 struct mgmt_mode *cp = data;
973 struct pending_cmd *cmd;
977 BT_DBG("request for %s", hdev->name);
979 if (!lmp_bredr_capable(hdev))
980 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
981 MGMT_STATUS_NOT_SUPPORTED);
983 if (cp->val != 0x00 && cp->val != 0x01)
984 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
985 MGMT_STATUS_INVALID_PARAMS);
989 if (!hdev_is_powered(hdev)) {
990 bool changed = false;
992 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
996 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
998 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
999 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1002 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1007 err = new_settings(hdev, sk);
1012 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1013 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1014 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1019 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1020 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1024 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1035 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1036 hdev->discov_timeout > 0)
1037 cancel_delayed_work(&hdev->discov_off);
1040 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1042 mgmt_pending_remove(cmd);
1045 hci_dev_unlock(hdev);
1049 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1052 struct mgmt_mode *cp = data;
1055 BT_DBG("request for %s", hdev->name);
1057 if (cp->val != 0x00 && cp->val != 0x01)
1058 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1059 MGMT_STATUS_INVALID_PARAMS);
1064 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1066 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1068 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1072 err = new_settings(hdev, sk);
1075 hci_dev_unlock(hdev);
1079 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1082 struct mgmt_mode *cp = data;
1083 struct pending_cmd *cmd;
1087 BT_DBG("request for %s", hdev->name);
1089 if (!lmp_bredr_capable(hdev))
1090 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1091 MGMT_STATUS_NOT_SUPPORTED);
1093 if (cp->val != 0x00 && cp->val != 0x01)
1094 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1095 MGMT_STATUS_INVALID_PARAMS);
1099 if (!hdev_is_powered(hdev)) {
1100 bool changed = false;
1102 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1103 &hdev->dev_flags)) {
1104 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1108 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1113 err = new_settings(hdev, sk);
1118 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1119 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1126 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1127 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1131 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1137 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1139 mgmt_pending_remove(cmd);
1144 hci_dev_unlock(hdev);
1148 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1150 struct mgmt_mode *cp = data;
1151 struct pending_cmd *cmd;
1155 BT_DBG("request for %s", hdev->name);
1157 if (!lmp_ssp_capable(hdev))
1158 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1159 MGMT_STATUS_NOT_SUPPORTED);
1161 if (cp->val != 0x00 && cp->val != 0x01)
1162 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1163 MGMT_STATUS_INVALID_PARAMS);
1169 if (!hdev_is_powered(hdev)) {
1170 bool changed = false;
1172 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1173 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1177 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1182 err = new_settings(hdev, sk);
1187 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1188 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1193 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1194 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1198 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1204 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1206 mgmt_pending_remove(cmd);
1211 hci_dev_unlock(hdev);
1215 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1217 struct mgmt_mode *cp = data;
1219 BT_DBG("request for %s", hdev->name);
1222 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1223 MGMT_STATUS_NOT_SUPPORTED);
1225 if (cp->val != 0x00 && cp->val != 0x01)
1226 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1227 MGMT_STATUS_INVALID_PARAMS);
1230 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1232 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1234 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1237 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1239 struct mgmt_mode *cp = data;
1240 struct hci_cp_write_le_host_supported hci_cp;
1241 struct pending_cmd *cmd;
1245 BT_DBG("request for %s", hdev->name);
1247 if (!lmp_le_capable(hdev))
1248 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1249 MGMT_STATUS_NOT_SUPPORTED);
1251 if (cp->val != 0x00 && cp->val != 0x01)
1252 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1253 MGMT_STATUS_INVALID_PARAMS);
1258 enabled = lmp_host_le_capable(hdev);
1260 if (!hdev_is_powered(hdev) || val == enabled) {
1261 bool changed = false;
1263 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1264 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1268 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1273 err = new_settings(hdev, sk);
1278 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1279 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1284 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1290 memset(&hci_cp, 0, sizeof(hci_cp));
1294 hci_cp.simul = lmp_le_br_capable(hdev);
1297 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1300 mgmt_pending_remove(cmd);
1303 hci_dev_unlock(hdev);
1307 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1309 struct mgmt_cp_add_uuid *cp = data;
1310 struct pending_cmd *cmd;
1311 struct bt_uuid *uuid;
1314 BT_DBG("request for %s", hdev->name);
1318 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1319 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1324 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1330 memcpy(uuid->uuid, cp->uuid, 16);
1331 uuid->svc_hint = cp->svc_hint;
1333 list_add(&uuid->list, &hdev->uuids);
1335 err = update_class(hdev);
1339 err = update_eir(hdev);
1343 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1344 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1345 hdev->dev_class, 3);
1349 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1354 hci_dev_unlock(hdev);
1358 static bool enable_service_cache(struct hci_dev *hdev)
1360 if (!hdev_is_powered(hdev))
1363 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1364 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1371 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1374 struct mgmt_cp_remove_uuid *cp = data;
1375 struct pending_cmd *cmd;
1376 struct list_head *p, *n;
1377 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1380 BT_DBG("request for %s", hdev->name);
1384 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1385 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1390 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1391 err = hci_uuids_clear(hdev);
1393 if (enable_service_cache(hdev)) {
1394 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1395 0, hdev->dev_class, 3);
1404 list_for_each_safe(p, n, &hdev->uuids) {
1405 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1407 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1410 list_del(&match->list);
1416 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1417 MGMT_STATUS_INVALID_PARAMS);
1422 err = update_class(hdev);
1426 err = update_eir(hdev);
1430 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1431 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1432 hdev->dev_class, 3);
1436 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1441 hci_dev_unlock(hdev);
1445 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1448 struct mgmt_cp_set_dev_class *cp = data;
1449 struct pending_cmd *cmd;
1452 BT_DBG("request for %s", hdev->name);
1454 if (!lmp_bredr_capable(hdev))
1455 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1456 MGMT_STATUS_NOT_SUPPORTED);
1458 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags))
1459 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1462 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0)
1463 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1464 MGMT_STATUS_INVALID_PARAMS);
1468 hdev->major_class = cp->major;
1469 hdev->minor_class = cp->minor;
1471 if (!hdev_is_powered(hdev)) {
1472 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1473 hdev->dev_class, 3);
1477 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1478 hci_dev_unlock(hdev);
1479 cancel_delayed_work_sync(&hdev->service_cache);
1484 err = update_class(hdev);
1488 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1489 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1490 hdev->dev_class, 3);
1494 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1499 hci_dev_unlock(hdev);
1503 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1506 struct mgmt_cp_load_link_keys *cp = data;
1507 u16 key_count, expected_len;
1510 key_count = __le16_to_cpu(cp->key_count);
1512 expected_len = sizeof(*cp) + key_count *
1513 sizeof(struct mgmt_link_key_info);
1514 if (expected_len != len) {
1515 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1517 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1518 MGMT_STATUS_INVALID_PARAMS);
1521 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1526 hci_link_keys_clear(hdev);
1528 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1531 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1533 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1535 for (i = 0; i < key_count; i++) {
1536 struct mgmt_link_key_info *key = &cp->keys[i];
1538 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1539 key->type, key->pin_len);
1542 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1544 hci_dev_unlock(hdev);
1549 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1550 u8 addr_type, struct sock *skip_sk)
1552 struct mgmt_ev_device_unpaired ev;
1554 bacpy(&ev.addr.bdaddr, bdaddr);
1555 ev.addr.type = addr_type;
1557 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1561 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1564 struct mgmt_cp_unpair_device *cp = data;
1565 struct mgmt_rp_unpair_device rp;
1566 struct hci_cp_disconnect dc;
1567 struct pending_cmd *cmd;
1568 struct hci_conn *conn;
1573 memset(&rp, 0, sizeof(rp));
1574 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1575 rp.addr.type = cp->addr.type;
1577 if (!hdev_is_powered(hdev)) {
1578 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1579 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1583 if (cp->addr.type == BDADDR_BREDR)
1584 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1586 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1589 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1590 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1594 if (cp->disconnect) {
1595 if (cp->addr.type == BDADDR_BREDR)
1596 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1599 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1606 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1608 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1612 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1619 dc.handle = cpu_to_le16(conn->handle);
1620 dc.reason = 0x13; /* Remote User Terminated Connection */
1621 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1623 mgmt_pending_remove(cmd);
1626 hci_dev_unlock(hdev);
1630 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1633 struct mgmt_cp_disconnect *cp = data;
1634 struct hci_cp_disconnect dc;
1635 struct pending_cmd *cmd;
1636 struct hci_conn *conn;
1643 if (!test_bit(HCI_UP, &hdev->flags)) {
1644 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1645 MGMT_STATUS_NOT_POWERED);
1649 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1650 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1655 if (cp->addr.type == BDADDR_BREDR)
1656 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1659 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1661 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1662 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1663 MGMT_STATUS_NOT_CONNECTED);
1667 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1673 dc.handle = cpu_to_le16(conn->handle);
1674 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1676 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1678 mgmt_pending_remove(cmd);
1681 hci_dev_unlock(hdev);
1685 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1687 switch (link_type) {
1689 switch (addr_type) {
1690 case ADDR_LE_DEV_PUBLIC:
1691 return BDADDR_LE_PUBLIC;
1694 /* Fallback to LE Random address type */
1695 return BDADDR_LE_RANDOM;
1699 /* Fallback to BR/EDR type */
1700 return BDADDR_BREDR;
1704 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1707 struct mgmt_rp_get_connections *rp;
1717 if (!hdev_is_powered(hdev)) {
1718 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1719 MGMT_STATUS_NOT_POWERED);
1724 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1725 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1729 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1730 rp = kmalloc(rp_len, GFP_KERNEL);
1737 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1738 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1740 bacpy(&rp->addr[i].bdaddr, &c->dst);
1741 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1742 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1747 rp->conn_count = cpu_to_le16(i);
1749 /* Recalculate length in case of filtered SCO connections, etc */
1750 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1752 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1758 hci_dev_unlock(hdev);
1762 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1763 struct mgmt_cp_pin_code_neg_reply *cp)
1765 struct pending_cmd *cmd;
1768 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1773 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1774 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1776 mgmt_pending_remove(cmd);
1781 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1784 struct hci_conn *conn;
1785 struct mgmt_cp_pin_code_reply *cp = data;
1786 struct hci_cp_pin_code_reply reply;
1787 struct pending_cmd *cmd;
1794 if (!hdev_is_powered(hdev)) {
1795 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1796 MGMT_STATUS_NOT_POWERED);
1800 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1802 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1803 MGMT_STATUS_NOT_CONNECTED);
1807 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1808 struct mgmt_cp_pin_code_neg_reply ncp;
1810 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1812 BT_ERR("PIN code is not 16 bytes long");
1814 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1816 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1817 MGMT_STATUS_INVALID_PARAMS);
1822 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1828 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1829 reply.pin_len = cp->pin_len;
1830 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1832 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1834 mgmt_pending_remove(cmd);
1837 hci_dev_unlock(hdev);
1841 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1844 struct mgmt_cp_set_io_capability *cp = data;
1850 hdev->io_capability = cp->io_capability;
1852 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1853 hdev->io_capability);
1855 hci_dev_unlock(hdev);
1857 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1861 static struct pending_cmd *find_pairing(struct hci_conn *conn)
1863 struct hci_dev *hdev = conn->hdev;
1864 struct pending_cmd *cmd;
1866 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1867 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1870 if (cmd->user_data != conn)
1879 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1881 struct mgmt_rp_pair_device rp;
1882 struct hci_conn *conn = cmd->user_data;
1884 bacpy(&rp.addr.bdaddr, &conn->dst);
1885 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1887 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1890 /* So we don't get further callbacks for this connection */
1891 conn->connect_cfm_cb = NULL;
1892 conn->security_cfm_cb = NULL;
1893 conn->disconn_cfm_cb = NULL;
1897 mgmt_pending_remove(cmd);
1900 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1902 struct pending_cmd *cmd;
1904 BT_DBG("status %u", status);
1906 cmd = find_pairing(conn);
1908 BT_DBG("Unable to find a pending command");
1910 pairing_complete(cmd, mgmt_status(status));
1913 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1915 struct pending_cmd *cmd;
1917 BT_DBG("status %u", status);
1922 cmd = find_pairing(conn);
1924 BT_DBG("Unable to find a pending command");
1926 pairing_complete(cmd, mgmt_status(status));
1929 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1932 struct mgmt_cp_pair_device *cp = data;
1933 struct mgmt_rp_pair_device rp;
1934 struct pending_cmd *cmd;
1935 u8 sec_level, auth_type;
1936 struct hci_conn *conn;
1943 if (!hdev_is_powered(hdev)) {
1944 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1945 MGMT_STATUS_NOT_POWERED);
1949 sec_level = BT_SECURITY_MEDIUM;
1950 if (cp->io_cap == 0x03)
1951 auth_type = HCI_AT_DEDICATED_BONDING;
1953 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1955 if (cp->addr.type == BDADDR_BREDR)
1956 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1957 cp->addr.type, sec_level, auth_type);
1959 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1960 cp->addr.type, sec_level, auth_type);
1962 memset(&rp, 0, sizeof(rp));
1963 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1964 rp.addr.type = cp->addr.type;
1969 if (PTR_ERR(conn) == -EBUSY)
1970 status = MGMT_STATUS_BUSY;
1972 status = MGMT_STATUS_CONNECT_FAILED;
1974 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1980 if (conn->connect_cfm_cb) {
1982 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1983 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1987 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1994 /* For LE, just connecting isn't a proof that the pairing finished */
1995 if (cp->addr.type == BDADDR_BREDR)
1996 conn->connect_cfm_cb = pairing_complete_cb;
1998 conn->connect_cfm_cb = le_connect_complete_cb;
2000 conn->security_cfm_cb = pairing_complete_cb;
2001 conn->disconn_cfm_cb = pairing_complete_cb;
2002 conn->io_capability = cp->io_cap;
2003 cmd->user_data = conn;
2005 if (conn->state == BT_CONNECTED &&
2006 hci_conn_security(conn, sec_level, auth_type))
2007 pairing_complete(cmd, 0);
2012 hci_dev_unlock(hdev);
2016 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2019 struct mgmt_addr_info *addr = data;
2020 struct pending_cmd *cmd;
2021 struct hci_conn *conn;
2028 if (!hdev_is_powered(hdev)) {
2029 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2030 MGMT_STATUS_NOT_POWERED);
2034 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2036 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2037 MGMT_STATUS_INVALID_PARAMS);
2041 conn = cmd->user_data;
2043 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2044 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2045 MGMT_STATUS_INVALID_PARAMS);
2049 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2051 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2052 addr, sizeof(*addr));
2054 hci_dev_unlock(hdev);
2058 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2059 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2060 u16 hci_op, __le32 passkey)
2062 struct pending_cmd *cmd;
2063 struct hci_conn *conn;
2068 if (!hdev_is_powered(hdev)) {
2069 err = cmd_status(sk, hdev->id, mgmt_op,
2070 MGMT_STATUS_NOT_POWERED);
2074 if (type == BDADDR_BREDR)
2075 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2077 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2080 err = cmd_status(sk, hdev->id, mgmt_op,
2081 MGMT_STATUS_NOT_CONNECTED);
2085 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2086 /* Continue with pairing via SMP */
2087 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2090 err = cmd_status(sk, hdev->id, mgmt_op,
2091 MGMT_STATUS_SUCCESS);
2093 err = cmd_status(sk, hdev->id, mgmt_op,
2094 MGMT_STATUS_FAILED);
2099 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2105 /* Continue with pairing via HCI */
2106 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2107 struct hci_cp_user_passkey_reply cp;
2109 bacpy(&cp.bdaddr, bdaddr);
2110 cp.passkey = passkey;
2111 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2113 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2116 mgmt_pending_remove(cmd);
2119 hci_dev_unlock(hdev);
2123 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2124 void *data, u16 len)
2126 struct mgmt_cp_pin_code_neg_reply *cp = data;
2130 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2131 MGMT_OP_PIN_CODE_NEG_REPLY,
2132 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2135 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2138 struct mgmt_cp_user_confirm_reply *cp = data;
2142 if (len != sizeof(*cp))
2143 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2144 MGMT_STATUS_INVALID_PARAMS);
2146 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2147 MGMT_OP_USER_CONFIRM_REPLY,
2148 HCI_OP_USER_CONFIRM_REPLY, 0);
2151 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2152 void *data, u16 len)
2154 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2158 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2159 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2160 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2163 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2166 struct mgmt_cp_user_passkey_reply *cp = data;
2170 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2171 MGMT_OP_USER_PASSKEY_REPLY,
2172 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2175 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2176 void *data, u16 len)
2178 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2182 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2183 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2184 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2187 static int update_name(struct hci_dev *hdev, const char *name)
2189 struct hci_cp_write_local_name cp;
2191 memcpy(cp.name, name, sizeof(cp.name));
2193 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2196 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2199 struct mgmt_cp_set_local_name *cp = data;
2200 struct pending_cmd *cmd;
2207 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2209 if (!hdev_is_powered(hdev)) {
2210 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2212 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2217 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2223 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2229 err = update_name(hdev, cp->name);
2231 mgmt_pending_remove(cmd);
2234 hci_dev_unlock(hdev);
2238 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2239 void *data, u16 data_len)
2241 struct pending_cmd *cmd;
2244 BT_DBG("%s", hdev->name);
2248 if (!hdev_is_powered(hdev)) {
2249 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2250 MGMT_STATUS_NOT_POWERED);
2254 if (!lmp_ssp_capable(hdev)) {
2255 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2256 MGMT_STATUS_NOT_SUPPORTED);
2260 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2261 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2266 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2272 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2274 mgmt_pending_remove(cmd);
2277 hci_dev_unlock(hdev);
2281 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2282 void *data, u16 len)
2284 struct mgmt_cp_add_remote_oob_data *cp = data;
2288 BT_DBG("%s ", hdev->name);
2292 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2295 status = MGMT_STATUS_FAILED;
2297 status = MGMT_STATUS_SUCCESS;
2299 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2300 &cp->addr, sizeof(cp->addr));
2302 hci_dev_unlock(hdev);
2306 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2307 void *data, u16 len)
2309 struct mgmt_cp_remove_remote_oob_data *cp = data;
2313 BT_DBG("%s", hdev->name);
2317 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2319 status = MGMT_STATUS_INVALID_PARAMS;
2321 status = MGMT_STATUS_SUCCESS;
2323 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2324 status, &cp->addr, sizeof(cp->addr));
2326 hci_dev_unlock(hdev);
2330 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2334 BT_DBG("%s", hdev->name);
2338 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2340 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2342 hci_dev_unlock(hdev);
2347 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2348 void *data, u16 len)
2350 struct mgmt_cp_start_discovery *cp = data;
2351 struct pending_cmd *cmd;
2354 BT_DBG("%s", hdev->name);
2358 if (!hdev_is_powered(hdev)) {
2359 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2360 MGMT_STATUS_NOT_POWERED);
2364 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2365 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2370 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2371 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2376 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2382 hdev->discovery.type = cp->type;
2384 switch (hdev->discovery.type) {
2385 case DISCOV_TYPE_BREDR:
2386 if (!lmp_bredr_capable(hdev)) {
2387 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2388 MGMT_STATUS_NOT_SUPPORTED);
2389 mgmt_pending_remove(cmd);
2393 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2396 case DISCOV_TYPE_LE:
2397 if (!lmp_host_le_capable(hdev)) {
2398 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2399 MGMT_STATUS_NOT_SUPPORTED);
2400 mgmt_pending_remove(cmd);
2404 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2405 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2408 case DISCOV_TYPE_INTERLEAVED:
2409 if (!lmp_host_le_capable(hdev) || !lmp_bredr_capable(hdev)) {
2410 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2411 MGMT_STATUS_NOT_SUPPORTED);
2412 mgmt_pending_remove(cmd);
2416 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN,
2417 LE_SCAN_TIMEOUT_BREDR_LE);
2421 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2422 MGMT_STATUS_INVALID_PARAMS);
2423 mgmt_pending_remove(cmd);
2428 mgmt_pending_remove(cmd);
2430 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2433 hci_dev_unlock(hdev);
2437 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2440 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2441 struct pending_cmd *cmd;
2442 struct hci_cp_remote_name_req_cancel cp;
2443 struct inquiry_entry *e;
2446 BT_DBG("%s", hdev->name);
2450 if (!hci_discovery_active(hdev)) {
2451 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2452 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2453 sizeof(mgmt_cp->type));
2457 if (hdev->discovery.type != mgmt_cp->type) {
2458 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2459 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2460 sizeof(mgmt_cp->type));
2464 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2470 switch (hdev->discovery.state) {
2471 case DISCOVERY_FINDING:
2472 if (test_bit(HCI_INQUIRY, &hdev->flags))
2473 err = hci_cancel_inquiry(hdev);
2475 err = hci_cancel_le_scan(hdev);
2479 case DISCOVERY_RESOLVING:
2480 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2483 mgmt_pending_remove(cmd);
2484 err = cmd_complete(sk, hdev->id,
2485 MGMT_OP_STOP_DISCOVERY, 0,
2487 sizeof(mgmt_cp->type));
2488 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2492 bacpy(&cp.bdaddr, &e->data.bdaddr);
2493 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2499 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2504 mgmt_pending_remove(cmd);
2506 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2509 hci_dev_unlock(hdev);
2513 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2516 struct mgmt_cp_confirm_name *cp = data;
2517 struct inquiry_entry *e;
2520 BT_DBG("%s", hdev->name);
2524 if (!hci_discovery_active(hdev)) {
2525 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2526 MGMT_STATUS_FAILED);
2530 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2532 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2533 MGMT_STATUS_INVALID_PARAMS);
2537 if (cp->name_known) {
2538 e->name_state = NAME_KNOWN;
2541 e->name_state = NAME_NEEDED;
2542 hci_inquiry_cache_update_resolve(hdev, e);
2545 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2549 hci_dev_unlock(hdev);
2553 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2556 struct mgmt_cp_block_device *cp = data;
2560 BT_DBG("%s", hdev->name);
2564 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2566 status = MGMT_STATUS_FAILED;
2568 status = MGMT_STATUS_SUCCESS;
2570 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2571 &cp->addr, sizeof(cp->addr));
2573 hci_dev_unlock(hdev);
2578 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2581 struct mgmt_cp_unblock_device *cp = data;
2585 BT_DBG("%s", hdev->name);
2589 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2591 status = MGMT_STATUS_INVALID_PARAMS;
2593 status = MGMT_STATUS_SUCCESS;
2595 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2596 &cp->addr, sizeof(cp->addr));
2598 hci_dev_unlock(hdev);
2603 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2606 struct mgmt_cp_set_device_id *cp = data;
2610 BT_DBG("%s", hdev->name);
2612 source = __le16_to_cpu(cp->source);
2614 if (source > 0x0002)
2615 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2616 MGMT_STATUS_INVALID_PARAMS);
2620 hdev->devid_source = source;
2621 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2622 hdev->devid_product = __le16_to_cpu(cp->product);
2623 hdev->devid_version = __le16_to_cpu(cp->version);
2625 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2629 hci_dev_unlock(hdev);
2634 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2635 void *data, u16 len)
2637 struct mgmt_mode *cp = data;
2638 struct hci_cp_write_page_scan_activity acp;
2642 BT_DBG("%s", hdev->name);
2644 if (!lmp_bredr_capable(hdev))
2645 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2646 MGMT_STATUS_NOT_SUPPORTED);
2648 if (cp->val != 0x00 && cp->val != 0x01)
2649 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2650 MGMT_STATUS_INVALID_PARAMS);
2652 if (!hdev_is_powered(hdev))
2653 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2654 MGMT_STATUS_NOT_POWERED);
2656 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2657 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2658 MGMT_STATUS_REJECTED);
2663 type = PAGE_SCAN_TYPE_INTERLACED;
2665 /* 160 msec page scan interval */
2666 acp.interval = __constant_cpu_to_le16(0x0100);
2668 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2670 /* default 1.28 sec page scan */
2671 acp.interval = __constant_cpu_to_le16(0x0800);
2674 /* default 11.25 msec page scan window */
2675 acp.window = __constant_cpu_to_le16(0x0012);
2677 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2680 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2681 MGMT_STATUS_FAILED);
2685 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2687 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2688 MGMT_STATUS_FAILED);
2692 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2695 hci_dev_unlock(hdev);
2699 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2700 void *cp_data, u16 len)
2702 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2703 u16 key_count, expected_len;
2706 key_count = __le16_to_cpu(cp->key_count);
2708 expected_len = sizeof(*cp) + key_count *
2709 sizeof(struct mgmt_ltk_info);
2710 if (expected_len != len) {
2711 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2713 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2717 BT_DBG("%s key_count %u", hdev->name, key_count);
2721 hci_smp_ltks_clear(hdev);
2723 for (i = 0; i < key_count; i++) {
2724 struct mgmt_ltk_info *key = &cp->keys[i];
2730 type = HCI_SMP_LTK_SLAVE;
2732 hci_add_ltk(hdev, &key->addr.bdaddr,
2733 bdaddr_to_le(key->addr.type),
2734 type, 0, key->authenticated, key->val,
2735 key->enc_size, key->ediv, key->rand);
2738 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
2741 hci_dev_unlock(hdev);
2746 static const struct mgmt_handler {
2747 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2751 } mgmt_handlers[] = {
2752 { NULL }, /* 0x0000 (no command) */
2753 { read_version, false, MGMT_READ_VERSION_SIZE },
2754 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2755 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2756 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2757 { set_powered, false, MGMT_SETTING_SIZE },
2758 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2759 { set_connectable, false, MGMT_SETTING_SIZE },
2760 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2761 { set_pairable, false, MGMT_SETTING_SIZE },
2762 { set_link_security, false, MGMT_SETTING_SIZE },
2763 { set_ssp, false, MGMT_SETTING_SIZE },
2764 { set_hs, false, MGMT_SETTING_SIZE },
2765 { set_le, false, MGMT_SETTING_SIZE },
2766 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2767 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2768 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2769 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2770 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2771 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2772 { disconnect, false, MGMT_DISCONNECT_SIZE },
2773 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2774 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2775 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2776 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2777 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2778 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2779 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2780 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2781 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2782 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2783 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2784 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2785 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2786 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2787 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2788 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2789 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2790 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2791 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2792 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2796 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2800 struct mgmt_hdr *hdr;
2801 u16 opcode, index, len;
2802 struct hci_dev *hdev = NULL;
2803 const struct mgmt_handler *handler;
2806 BT_DBG("got %zu bytes", msglen);
2808 if (msglen < sizeof(*hdr))
2811 buf = kmalloc(msglen, GFP_KERNEL);
2815 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2821 opcode = __le16_to_cpu(hdr->opcode);
2822 index = __le16_to_cpu(hdr->index);
2823 len = __le16_to_cpu(hdr->len);
2825 if (len != msglen - sizeof(*hdr)) {
2830 if (index != MGMT_INDEX_NONE) {
2831 hdev = hci_dev_get(index);
2833 err = cmd_status(sk, index, opcode,
2834 MGMT_STATUS_INVALID_INDEX);
2839 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2840 mgmt_handlers[opcode].func == NULL) {
2841 BT_DBG("Unknown op %u", opcode);
2842 err = cmd_status(sk, index, opcode,
2843 MGMT_STATUS_UNKNOWN_COMMAND);
2847 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2848 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2849 err = cmd_status(sk, index, opcode,
2850 MGMT_STATUS_INVALID_INDEX);
2854 handler = &mgmt_handlers[opcode];
2856 if ((handler->var_len && len < handler->data_len) ||
2857 (!handler->var_len && len != handler->data_len)) {
2858 err = cmd_status(sk, index, opcode,
2859 MGMT_STATUS_INVALID_PARAMS);
2864 mgmt_init_hdev(sk, hdev);
2866 cp = buf + sizeof(*hdr);
2868 err = handler->func(sk, hdev, cp, len);
2882 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2886 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2887 mgmt_pending_remove(cmd);
2890 int mgmt_index_added(struct hci_dev *hdev)
2892 if (!mgmt_valid_hdev(hdev))
2895 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2898 int mgmt_index_removed(struct hci_dev *hdev)
2900 u8 status = MGMT_STATUS_INVALID_INDEX;
2902 if (!mgmt_valid_hdev(hdev))
2905 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2907 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2912 struct hci_dev *hdev;
2916 static void settings_rsp(struct pending_cmd *cmd, void *data)
2918 struct cmd_lookup *match = data;
2920 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2922 list_del(&cmd->list);
2924 if (match->sk == NULL) {
2925 match->sk = cmd->sk;
2926 sock_hold(match->sk);
2929 mgmt_pending_free(cmd);
2932 static int set_bredr_scan(struct hci_dev *hdev)
2936 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2938 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2939 scan |= SCAN_INQUIRY;
2944 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2947 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2949 struct cmd_lookup match = { NULL, hdev };
2952 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2955 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2958 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
2959 !lmp_host_ssp_capable(hdev)) {
2962 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2965 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2966 struct hci_cp_write_le_host_supported cp;
2969 cp.simul = lmp_le_br_capable(hdev);
2971 /* Check first if we already have the right
2972 * host state (host features set)
2974 if (cp.le != lmp_host_le_capable(hdev) ||
2975 cp.simul != lmp_host_le_br_capable(hdev))
2977 HCI_OP_WRITE_LE_HOST_SUPPORTED,
2981 if (lmp_bredr_capable(hdev)) {
2982 set_bredr_scan(hdev);
2984 update_name(hdev, hdev->dev_name);
2988 u8 status = MGMT_STATUS_NOT_POWERED;
2989 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2992 err = new_settings(hdev, match.sk);
3000 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3002 struct cmd_lookup match = { NULL, hdev };
3003 bool changed = false;
3007 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3010 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3014 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3018 err = new_settings(hdev, match.sk);
3026 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3028 struct cmd_lookup match = { NULL, hdev };
3029 bool changed = false;
3033 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3036 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3040 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3044 err = new_settings(hdev, match.sk);
3052 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3054 u8 mgmt_err = mgmt_status(status);
3056 if (scan & SCAN_PAGE)
3057 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3058 cmd_status_rsp, &mgmt_err);
3060 if (scan & SCAN_INQUIRY)
3061 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3062 cmd_status_rsp, &mgmt_err);
3067 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3070 struct mgmt_ev_new_link_key ev;
3072 memset(&ev, 0, sizeof(ev));
3074 ev.store_hint = persistent;
3075 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3076 ev.key.addr.type = BDADDR_BREDR;
3077 ev.key.type = key->type;
3078 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
3079 ev.key.pin_len = key->pin_len;
3081 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3084 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3086 struct mgmt_ev_new_long_term_key ev;
3088 memset(&ev, 0, sizeof(ev));
3090 ev.store_hint = persistent;
3091 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3092 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3093 ev.key.authenticated = key->authenticated;
3094 ev.key.enc_size = key->enc_size;
3095 ev.key.ediv = key->ediv;
3097 if (key->type == HCI_SMP_LTK)
3100 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3101 memcpy(ev.key.val, key->val, sizeof(key->val));
3103 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3107 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3108 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3112 struct mgmt_ev_device_connected *ev = (void *) buf;
3115 bacpy(&ev->addr.bdaddr, bdaddr);
3116 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3118 ev->flags = __cpu_to_le32(flags);
3121 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3124 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3125 eir_len = eir_append_data(ev->eir, eir_len,
3126 EIR_CLASS_OF_DEV, dev_class, 3);
3128 ev->eir_len = cpu_to_le16(eir_len);
3130 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3131 sizeof(*ev) + eir_len, NULL);
3134 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3136 struct mgmt_cp_disconnect *cp = cmd->param;
3137 struct sock **sk = data;
3138 struct mgmt_rp_disconnect rp;
3140 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3141 rp.addr.type = cp->addr.type;
3143 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3149 mgmt_pending_remove(cmd);
3152 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3154 struct hci_dev *hdev = data;
3155 struct mgmt_cp_unpair_device *cp = cmd->param;
3156 struct mgmt_rp_unpair_device rp;
3158 memset(&rp, 0, sizeof(rp));
3159 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3160 rp.addr.type = cp->addr.type;
3162 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3164 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3166 mgmt_pending_remove(cmd);
3169 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3170 u8 link_type, u8 addr_type, u8 reason)
3172 struct mgmt_ev_device_disconnected ev;
3173 struct sock *sk = NULL;
3176 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3178 bacpy(&ev.addr.bdaddr, bdaddr);
3179 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3182 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3188 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3194 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3195 u8 link_type, u8 addr_type, u8 status)
3197 struct mgmt_rp_disconnect rp;
3198 struct pending_cmd *cmd;
3201 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3204 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3208 bacpy(&rp.addr.bdaddr, bdaddr);
3209 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3211 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3212 mgmt_status(status), &rp, sizeof(rp));
3214 mgmt_pending_remove(cmd);
3219 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3220 u8 addr_type, u8 status)
3222 struct mgmt_ev_connect_failed ev;
3224 bacpy(&ev.addr.bdaddr, bdaddr);
3225 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3226 ev.status = mgmt_status(status);
3228 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3231 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3233 struct mgmt_ev_pin_code_request ev;
3235 bacpy(&ev.addr.bdaddr, bdaddr);
3236 ev.addr.type = BDADDR_BREDR;
3239 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3243 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3246 struct pending_cmd *cmd;
3247 struct mgmt_rp_pin_code_reply rp;
3250 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3254 bacpy(&rp.addr.bdaddr, bdaddr);
3255 rp.addr.type = BDADDR_BREDR;
3257 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3258 mgmt_status(status), &rp, sizeof(rp));
3260 mgmt_pending_remove(cmd);
3265 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3268 struct pending_cmd *cmd;
3269 struct mgmt_rp_pin_code_reply rp;
3272 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3276 bacpy(&rp.addr.bdaddr, bdaddr);
3277 rp.addr.type = BDADDR_BREDR;
3279 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3280 mgmt_status(status), &rp, sizeof(rp));
3282 mgmt_pending_remove(cmd);
3287 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3288 u8 link_type, u8 addr_type, __le32 value,
3291 struct mgmt_ev_user_confirm_request ev;
3293 BT_DBG("%s", hdev->name);
3295 bacpy(&ev.addr.bdaddr, bdaddr);
3296 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3297 ev.confirm_hint = confirm_hint;
3300 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3304 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3305 u8 link_type, u8 addr_type)
3307 struct mgmt_ev_user_passkey_request ev;
3309 BT_DBG("%s", hdev->name);
3311 bacpy(&ev.addr.bdaddr, bdaddr);
3312 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3314 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3318 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3319 u8 link_type, u8 addr_type, u8 status,
3322 struct pending_cmd *cmd;
3323 struct mgmt_rp_user_confirm_reply rp;
3326 cmd = mgmt_pending_find(opcode, hdev);
3330 bacpy(&rp.addr.bdaddr, bdaddr);
3331 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3332 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3335 mgmt_pending_remove(cmd);
3340 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3341 u8 link_type, u8 addr_type, u8 status)
3343 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3344 status, MGMT_OP_USER_CONFIRM_REPLY);
3347 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3348 u8 link_type, u8 addr_type, u8 status)
3350 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3352 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3355 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3356 u8 link_type, u8 addr_type, u8 status)
3358 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3359 status, MGMT_OP_USER_PASSKEY_REPLY);
3362 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3363 u8 link_type, u8 addr_type, u8 status)
3365 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3367 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3370 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3371 u8 link_type, u8 addr_type, u32 passkey,
3374 struct mgmt_ev_passkey_notify ev;
3376 BT_DBG("%s", hdev->name);
3378 bacpy(&ev.addr.bdaddr, bdaddr);
3379 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3380 ev.passkey = __cpu_to_le32(passkey);
3381 ev.entered = entered;
3383 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3386 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3387 u8 addr_type, u8 status)
3389 struct mgmt_ev_auth_failed ev;
3391 bacpy(&ev.addr.bdaddr, bdaddr);
3392 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3393 ev.status = mgmt_status(status);
3395 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3398 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3400 struct cmd_lookup match = { NULL, hdev };
3401 bool changed = false;
3405 u8 mgmt_err = mgmt_status(status);
3406 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3407 cmd_status_rsp, &mgmt_err);
3411 if (test_bit(HCI_AUTH, &hdev->flags)) {
3412 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3415 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3419 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3423 err = new_settings(hdev, match.sk);
3431 static int clear_eir(struct hci_dev *hdev)
3433 struct hci_cp_write_eir cp;
3435 if (!lmp_ext_inq_capable(hdev))
3438 memset(hdev->eir, 0, sizeof(hdev->eir));
3440 memset(&cp, 0, sizeof(cp));
3442 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3445 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3447 struct cmd_lookup match = { NULL, hdev };
3448 bool changed = false;
3452 u8 mgmt_err = mgmt_status(status);
3454 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3456 err = new_settings(hdev, NULL);
3458 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3465 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3468 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3472 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3475 err = new_settings(hdev, match.sk);
3480 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3488 static void class_rsp(struct pending_cmd *cmd, void *data)
3490 struct cmd_lookup *match = data;
3492 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3493 match->hdev->dev_class, 3);
3495 list_del(&cmd->list);
3497 if (match->sk == NULL) {
3498 match->sk = cmd->sk;
3499 sock_hold(match->sk);
3502 mgmt_pending_free(cmd);
3505 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3508 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3511 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3513 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3514 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3515 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3518 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3527 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3529 struct pending_cmd *cmd;
3530 struct mgmt_cp_set_local_name ev;
3531 bool changed = false;
3534 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3535 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3539 memset(&ev, 0, sizeof(ev));
3540 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3541 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3543 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3547 /* Always assume that either the short or the complete name has
3548 * changed if there was a pending mgmt command */
3552 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3553 mgmt_status(status));
3557 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3564 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3565 sizeof(ev), cmd ? cmd->sk : NULL);
3567 /* EIR is taken care of separately when powering on the
3568 * adapter so only update them here if this is a name change
3569 * unrelated to power on.
3571 if (!test_bit(HCI_INIT, &hdev->flags))
3576 mgmt_pending_remove(cmd);
3580 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3581 u8 *randomizer, u8 status)
3583 struct pending_cmd *cmd;
3586 BT_DBG("%s status %u", hdev->name, status);
3588 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3593 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3594 mgmt_status(status));
3596 struct mgmt_rp_read_local_oob_data rp;
3598 memcpy(rp.hash, hash, sizeof(rp.hash));
3599 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3601 err = cmd_complete(cmd->sk, hdev->id,
3602 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3606 mgmt_pending_remove(cmd);
3611 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3613 struct cmd_lookup match = { NULL, hdev };
3614 bool changed = false;
3618 u8 mgmt_err = mgmt_status(status);
3620 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3622 err = new_settings(hdev, NULL);
3624 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3631 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3634 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3638 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3641 err = new_settings(hdev, match.sk);
3649 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3650 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3651 ssp, u8 *eir, u16 eir_len)
3654 struct mgmt_ev_device_found *ev = (void *) buf;
3657 /* Leave 5 bytes for a potential CoD field */
3658 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3661 memset(buf, 0, sizeof(buf));
3663 bacpy(&ev->addr.bdaddr, bdaddr);
3664 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3667 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3669 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3672 memcpy(ev->eir, eir, eir_len);
3674 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3675 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3678 ev->eir_len = cpu_to_le16(eir_len);
3679 ev_size = sizeof(*ev) + eir_len;
3681 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3684 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3685 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3687 struct mgmt_ev_device_found *ev;
3688 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3691 ev = (struct mgmt_ev_device_found *) buf;
3693 memset(buf, 0, sizeof(buf));
3695 bacpy(&ev->addr.bdaddr, bdaddr);
3696 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3699 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3702 ev->eir_len = cpu_to_le16(eir_len);
3704 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3705 sizeof(*ev) + eir_len, NULL);
3708 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3710 struct pending_cmd *cmd;
3714 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3716 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3720 type = hdev->discovery.type;
3722 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3723 &type, sizeof(type));
3724 mgmt_pending_remove(cmd);
3729 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3731 struct pending_cmd *cmd;
3734 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3738 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3739 &hdev->discovery.type, sizeof(hdev->discovery.type));
3740 mgmt_pending_remove(cmd);
3745 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3747 struct mgmt_ev_discovering ev;
3748 struct pending_cmd *cmd;
3750 BT_DBG("%s discovering %u", hdev->name, discovering);
3753 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3755 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3758 u8 type = hdev->discovery.type;
3760 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3762 mgmt_pending_remove(cmd);
3765 memset(&ev, 0, sizeof(ev));
3766 ev.type = hdev->discovery.type;
3767 ev.discovering = discovering;
3769 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3772 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3774 struct pending_cmd *cmd;
3775 struct mgmt_ev_device_blocked ev;
3777 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3779 bacpy(&ev.addr.bdaddr, bdaddr);
3780 ev.addr.type = type;
3782 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3783 cmd ? cmd->sk : NULL);
3786 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3788 struct pending_cmd *cmd;
3789 struct mgmt_ev_device_unblocked ev;
3791 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3793 bacpy(&ev.addr.bdaddr, bdaddr);
3794 ev.addr.type = type;
3796 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3797 cmd ? cmd->sk : NULL);
3800 module_param(enable_hs, bool, 0644);
3801 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
projects / firefly-linux-kernel-4.4.55.git / blob