2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 2
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
81 static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102 MGMT_EV_PASSKEY_NOTIFY,
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
109 #define LE_SCAN_TYPE 0x01
110 #define LE_SCAN_WIN 0x12
111 #define LE_SCAN_INT 0x12
112 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
113 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
115 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
118 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
120 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124 struct list_head list;
132 /* HCI to MGMT error code conversion table */
133 static u8 mgmt_status_table[] = {
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
197 bool mgmt_valid_hdev(struct hci_dev *hdev)
199 return hdev->dev_type == HCI_BREDR;
202 static u8 mgmt_status(u8 hci_status)
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
207 return MGMT_STATUS_FAILED;
210 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
226 hdr->index = cpu_to_le16(index);
227 hdr->len = cpu_to_le16(sizeof(*ev));
229 ev = (void *) skb_put(skb, sizeof(*ev));
231 ev->opcode = cpu_to_le16(cmd);
233 err = sock_queue_rcv_skb(sk, skb);
240 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 void *rp, size_t rp_len)
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
248 BT_DBG("sock %p", sk);
250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
257 hdr->index = cpu_to_le16(index);
258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
261 ev->opcode = cpu_to_le16(cmd);
265 memcpy(ev->data, rp, rp_len);
267 err = sock_queue_rcv_skb(sk, skb);
274 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
277 struct mgmt_rp_read_version rp;
279 BT_DBG("sock %p", sk);
281 rp.version = MGMT_VERSION;
282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
288 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
291 struct mgmt_rp_read_commands *rp;
292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
298 BT_DBG("sock %p", sk);
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
302 rp = kmalloc(rp_size, GFP_KERNEL);
306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
322 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
325 struct mgmt_rp_read_index_list *rp;
331 BT_DBG("sock %p", sk);
333 read_lock(&hci_dev_list_lock);
336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
346 read_unlock(&hci_dev_list_lock);
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (test_bit(HCI_SETUP, &d->dev_flags))
355 if (!mgmt_valid_hdev(d))
358 rp->index[count++] = cpu_to_le16(d->id);
359 BT_DBG("Added hci%u", d->id);
362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
365 read_unlock(&hci_dev_list_lock);
367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
375 static u32 get_supported_settings(struct hci_dev *hdev)
379 settings |= MGMT_SETTING_POWERED;
380 settings |= MGMT_SETTING_PAIRABLE;
382 if (lmp_ssp_capable(hdev))
383 settings |= MGMT_SETTING_SSP;
385 if (lmp_bredr_capable(hdev)) {
386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
394 settings |= MGMT_SETTING_HS;
396 if (lmp_le_capable(hdev))
397 settings |= MGMT_SETTING_LE;
402 static u32 get_current_settings(struct hci_dev *hdev)
406 if (hdev_is_powered(hdev))
407 settings |= MGMT_SETTING_POWERED;
409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
410 settings |= MGMT_SETTING_CONNECTABLE;
412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_DISCOVERABLE;
415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
416 settings |= MGMT_SETTING_PAIRABLE;
418 if (lmp_bredr_capable(hdev))
419 settings |= MGMT_SETTING_BREDR;
421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
422 settings |= MGMT_SETTING_LE;
424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
425 settings |= MGMT_SETTING_LINK_SECURITY;
427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
428 settings |= MGMT_SETTING_SSP;
430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
436 #define PNP_INFO_SVCLASS_ID 0x1200
438 static u8 bluetooth_base_uuid[] = {
439 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
440 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
443 static u16 get_uuid16(u8 *uuid128)
448 for (i = 0; i < 12; i++) {
449 if (bluetooth_base_uuid[i] != uuid128[i])
453 val = get_unaligned_le32(&uuid128[12]);
460 static void create_eir(struct hci_dev *hdev, u8 *data)
464 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
465 int i, truncated = 0;
466 struct bt_uuid *uuid;
469 name_len = strlen(hdev->dev_name);
475 ptr[1] = EIR_NAME_SHORT;
477 ptr[1] = EIR_NAME_COMPLETE;
479 /* EIR Data length */
480 ptr[0] = name_len + 1;
482 memcpy(ptr + 2, hdev->dev_name, name_len);
484 eir_len += (name_len + 2);
485 ptr += (name_len + 2);
488 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
490 ptr[1] = EIR_TX_POWER;
491 ptr[2] = (u8) hdev->inq_tx_power;
497 if (hdev->devid_source > 0) {
499 ptr[1] = EIR_DEVICE_ID;
501 put_unaligned_le16(hdev->devid_source, ptr + 2);
502 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
503 put_unaligned_le16(hdev->devid_product, ptr + 6);
504 put_unaligned_le16(hdev->devid_version, ptr + 8);
510 memset(uuid16_list, 0, sizeof(uuid16_list));
512 /* Group all UUID16 types */
513 list_for_each_entry(uuid, &hdev->uuids, list) {
516 uuid16 = get_uuid16(uuid->uuid);
523 if (uuid16 == PNP_INFO_SVCLASS_ID)
526 /* Stop if not enough space to put next UUID */
527 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
532 /* Check for duplicates */
533 for (i = 0; uuid16_list[i] != 0; i++)
534 if (uuid16_list[i] == uuid16)
537 if (uuid16_list[i] == 0) {
538 uuid16_list[i] = uuid16;
539 eir_len += sizeof(u16);
543 if (uuid16_list[0] != 0) {
547 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
552 for (i = 0; uuid16_list[i] != 0; i++) {
553 *ptr++ = (uuid16_list[i] & 0x00ff);
554 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
557 /* EIR Data length */
558 *length = (i * sizeof(u16)) + 1;
562 static int update_eir(struct hci_dev *hdev)
564 struct hci_cp_write_eir cp;
566 if (!hdev_is_powered(hdev))
569 if (!lmp_ext_inq_capable(hdev))
572 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
575 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
578 memset(&cp, 0, sizeof(cp));
580 create_eir(hdev, cp.data);
582 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
585 memcpy(hdev->eir, cp.data, sizeof(cp.data));
587 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
590 static u8 get_service_classes(struct hci_dev *hdev)
592 struct bt_uuid *uuid;
595 list_for_each_entry(uuid, &hdev->uuids, list)
596 val |= uuid->svc_hint;
601 static int update_class(struct hci_dev *hdev)
606 BT_DBG("%s", hdev->name);
608 if (!hdev_is_powered(hdev))
611 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
614 cod[0] = hdev->minor_class;
615 cod[1] = hdev->major_class;
616 cod[2] = get_service_classes(hdev);
618 if (memcmp(cod, hdev->dev_class, 3) == 0)
621 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
623 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
628 static void service_cache_off(struct work_struct *work)
630 struct hci_dev *hdev = container_of(work, struct hci_dev,
633 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
641 hci_dev_unlock(hdev);
644 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
646 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
649 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
651 /* Non-mgmt controlled devices get this bit set
652 * implicitly so that pairing works for them, however
653 * for mgmt we require user-space to explicitly enable
656 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
659 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
660 void *data, u16 data_len)
662 struct mgmt_rp_read_info rp;
664 BT_DBG("sock %p %s", sk, hdev->name);
668 memset(&rp, 0, sizeof(rp));
670 bacpy(&rp.bdaddr, &hdev->bdaddr);
672 rp.version = hdev->hci_ver;
673 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
675 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
676 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
678 memcpy(rp.dev_class, hdev->dev_class, 3);
680 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
681 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
683 hci_dev_unlock(hdev);
685 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
689 static void mgmt_pending_free(struct pending_cmd *cmd)
696 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
697 struct hci_dev *hdev, void *data,
700 struct pending_cmd *cmd;
702 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
706 cmd->opcode = opcode;
707 cmd->index = hdev->id;
709 cmd->param = kmalloc(len, GFP_KERNEL);
716 memcpy(cmd->param, data, len);
721 list_add(&cmd->list, &hdev->mgmt_pending);
726 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
727 void (*cb)(struct pending_cmd *cmd,
731 struct list_head *p, *n;
733 list_for_each_safe(p, n, &hdev->mgmt_pending) {
734 struct pending_cmd *cmd;
736 cmd = list_entry(p, struct pending_cmd, list);
738 if (opcode > 0 && cmd->opcode != opcode)
745 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
747 struct pending_cmd *cmd;
749 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
750 if (cmd->opcode == opcode)
757 static void mgmt_pending_remove(struct pending_cmd *cmd)
759 list_del(&cmd->list);
760 mgmt_pending_free(cmd);
763 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
765 __le32 settings = cpu_to_le32(get_current_settings(hdev));
767 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
771 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
774 struct mgmt_mode *cp = data;
775 struct pending_cmd *cmd;
778 BT_DBG("request for %s", hdev->name);
780 if (cp->val != 0x00 && cp->val != 0x01)
781 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
782 MGMT_STATUS_INVALID_PARAMS);
786 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
787 cancel_delayed_work(&hdev->power_off);
790 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
792 err = mgmt_powered(hdev, 1);
797 if (!!cp->val == hdev_is_powered(hdev)) {
798 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
802 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
803 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
808 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
815 queue_work(hdev->req_workqueue, &hdev->power_on);
817 queue_work(hdev->req_workqueue, &hdev->power_off.work);
822 hci_dev_unlock(hdev);
826 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
827 struct sock *skip_sk)
830 struct mgmt_hdr *hdr;
832 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
836 hdr = (void *) skb_put(skb, sizeof(*hdr));
837 hdr->opcode = cpu_to_le16(event);
839 hdr->index = cpu_to_le16(hdev->id);
841 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
842 hdr->len = cpu_to_le16(data_len);
845 memcpy(skb_put(skb, data_len), data, data_len);
848 __net_timestamp(skb);
850 hci_send_to_control(skb, skip_sk);
856 static int new_settings(struct hci_dev *hdev, struct sock *skip)
860 ev = cpu_to_le32(get_current_settings(hdev));
862 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
865 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
868 struct mgmt_cp_set_discoverable *cp = data;
869 struct pending_cmd *cmd;
874 BT_DBG("request for %s", hdev->name);
876 if (!lmp_bredr_capable(hdev))
877 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
878 MGMT_STATUS_NOT_SUPPORTED);
880 if (cp->val != 0x00 && cp->val != 0x01)
881 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
882 MGMT_STATUS_INVALID_PARAMS);
884 timeout = __le16_to_cpu(cp->timeout);
885 if (!cp->val && timeout > 0)
886 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
887 MGMT_STATUS_INVALID_PARAMS);
891 if (!hdev_is_powered(hdev) && timeout > 0) {
892 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
893 MGMT_STATUS_NOT_POWERED);
897 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
898 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
899 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
904 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
905 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
906 MGMT_STATUS_REJECTED);
910 if (!hdev_is_powered(hdev)) {
911 bool changed = false;
913 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
914 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
918 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
923 err = new_settings(hdev, sk);
928 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
929 if (hdev->discov_timeout > 0) {
930 cancel_delayed_work(&hdev->discov_off);
931 hdev->discov_timeout = 0;
934 if (cp->val && timeout > 0) {
935 hdev->discov_timeout = timeout;
936 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
937 msecs_to_jiffies(hdev->discov_timeout * 1000));
940 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
944 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
953 scan |= SCAN_INQUIRY;
955 cancel_delayed_work(&hdev->discov_off);
957 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
959 mgmt_pending_remove(cmd);
962 hdev->discov_timeout = timeout;
965 hci_dev_unlock(hdev);
969 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
972 struct mgmt_mode *cp = data;
973 struct pending_cmd *cmd;
977 BT_DBG("request for %s", hdev->name);
979 if (!lmp_bredr_capable(hdev))
980 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
981 MGMT_STATUS_NOT_SUPPORTED);
983 if (cp->val != 0x00 && cp->val != 0x01)
984 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
985 MGMT_STATUS_INVALID_PARAMS);
989 if (!hdev_is_powered(hdev)) {
990 bool changed = false;
992 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
996 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
998 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
999 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1002 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1007 err = new_settings(hdev, sk);
1012 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1013 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1014 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1019 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1020 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1024 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1035 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1036 hdev->discov_timeout > 0)
1037 cancel_delayed_work(&hdev->discov_off);
1040 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1042 mgmt_pending_remove(cmd);
1045 hci_dev_unlock(hdev);
1049 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1052 struct mgmt_mode *cp = data;
1055 BT_DBG("request for %s", hdev->name);
1057 if (cp->val != 0x00 && cp->val != 0x01)
1058 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1059 MGMT_STATUS_INVALID_PARAMS);
1064 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1066 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1068 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1072 err = new_settings(hdev, sk);
1075 hci_dev_unlock(hdev);
1079 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1082 struct mgmt_mode *cp = data;
1083 struct pending_cmd *cmd;
1087 BT_DBG("request for %s", hdev->name);
1089 if (!lmp_bredr_capable(hdev))
1090 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1091 MGMT_STATUS_NOT_SUPPORTED);
1093 if (cp->val != 0x00 && cp->val != 0x01)
1094 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1095 MGMT_STATUS_INVALID_PARAMS);
1099 if (!hdev_is_powered(hdev)) {
1100 bool changed = false;
1102 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1103 &hdev->dev_flags)) {
1104 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1108 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1113 err = new_settings(hdev, sk);
1118 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1119 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1126 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1127 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1131 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1137 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1139 mgmt_pending_remove(cmd);
1144 hci_dev_unlock(hdev);
1148 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1150 struct mgmt_mode *cp = data;
1151 struct pending_cmd *cmd;
1155 BT_DBG("request for %s", hdev->name);
1157 if (!lmp_ssp_capable(hdev))
1158 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1159 MGMT_STATUS_NOT_SUPPORTED);
1161 if (cp->val != 0x00 && cp->val != 0x01)
1162 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1163 MGMT_STATUS_INVALID_PARAMS);
1169 if (!hdev_is_powered(hdev)) {
1170 bool changed = false;
1172 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1173 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1177 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1182 err = new_settings(hdev, sk);
1187 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1188 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1193 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1194 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1198 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1204 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1206 mgmt_pending_remove(cmd);
1211 hci_dev_unlock(hdev);
1215 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1217 struct mgmt_mode *cp = data;
1219 BT_DBG("request for %s", hdev->name);
1222 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1223 MGMT_STATUS_NOT_SUPPORTED);
1225 if (cp->val != 0x00 && cp->val != 0x01)
1226 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1227 MGMT_STATUS_INVALID_PARAMS);
1230 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1232 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1234 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1237 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1239 struct mgmt_mode *cp = data;
1240 struct hci_cp_write_le_host_supported hci_cp;
1241 struct pending_cmd *cmd;
1245 BT_DBG("request for %s", hdev->name);
1247 if (!lmp_le_capable(hdev))
1248 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1249 MGMT_STATUS_NOT_SUPPORTED);
1251 if (cp->val != 0x00 && cp->val != 0x01)
1252 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1253 MGMT_STATUS_INVALID_PARAMS);
1258 enabled = lmp_host_le_capable(hdev);
1260 if (!hdev_is_powered(hdev) || val == enabled) {
1261 bool changed = false;
1263 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1264 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1268 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1273 err = new_settings(hdev, sk);
1278 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1279 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1284 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1290 memset(&hci_cp, 0, sizeof(hci_cp));
1294 hci_cp.simul = lmp_le_br_capable(hdev);
1297 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1300 mgmt_pending_remove(cmd);
1303 hci_dev_unlock(hdev);
1307 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1309 struct mgmt_cp_add_uuid *cp = data;
1310 struct pending_cmd *cmd;
1311 struct bt_uuid *uuid;
1314 BT_DBG("request for %s", hdev->name);
1318 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1319 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1324 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1330 memcpy(uuid->uuid, cp->uuid, 16);
1331 uuid->svc_hint = cp->svc_hint;
1333 list_add(&uuid->list, &hdev->uuids);
1335 err = update_class(hdev);
1339 err = update_eir(hdev);
1343 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1344 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1345 hdev->dev_class, 3);
1349 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1354 hci_dev_unlock(hdev);
1358 static bool enable_service_cache(struct hci_dev *hdev)
1360 if (!hdev_is_powered(hdev))
1363 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1364 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1372 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1375 struct mgmt_cp_remove_uuid *cp = data;
1376 struct pending_cmd *cmd;
1377 struct list_head *p, *n;
1378 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1381 BT_DBG("request for %s", hdev->name);
1385 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1386 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1391 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1392 err = hci_uuids_clear(hdev);
1394 if (enable_service_cache(hdev)) {
1395 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1396 0, hdev->dev_class, 3);
1405 list_for_each_safe(p, n, &hdev->uuids) {
1406 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1408 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1411 list_del(&match->list);
1417 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1418 MGMT_STATUS_INVALID_PARAMS);
1423 err = update_class(hdev);
1427 err = update_eir(hdev);
1431 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1432 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1433 hdev->dev_class, 3);
1437 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1442 hci_dev_unlock(hdev);
1446 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1449 struct mgmt_cp_set_dev_class *cp = data;
1450 struct pending_cmd *cmd;
1453 BT_DBG("request for %s", hdev->name);
1455 if (!lmp_bredr_capable(hdev))
1456 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1457 MGMT_STATUS_NOT_SUPPORTED);
1459 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags))
1460 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1463 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0)
1464 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1465 MGMT_STATUS_INVALID_PARAMS);
1469 hdev->major_class = cp->major;
1470 hdev->minor_class = cp->minor;
1472 if (!hdev_is_powered(hdev)) {
1473 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1474 hdev->dev_class, 3);
1478 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1479 hci_dev_unlock(hdev);
1480 cancel_delayed_work_sync(&hdev->service_cache);
1485 err = update_class(hdev);
1489 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1490 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1491 hdev->dev_class, 3);
1495 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1500 hci_dev_unlock(hdev);
1504 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1507 struct mgmt_cp_load_link_keys *cp = data;
1508 u16 key_count, expected_len;
1511 key_count = __le16_to_cpu(cp->key_count);
1513 expected_len = sizeof(*cp) + key_count *
1514 sizeof(struct mgmt_link_key_info);
1515 if (expected_len != len) {
1516 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1518 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1519 MGMT_STATUS_INVALID_PARAMS);
1522 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1527 hci_link_keys_clear(hdev);
1529 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1532 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1534 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1536 for (i = 0; i < key_count; i++) {
1537 struct mgmt_link_key_info *key = &cp->keys[i];
1539 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1540 key->type, key->pin_len);
1543 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1545 hci_dev_unlock(hdev);
1550 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1551 u8 addr_type, struct sock *skip_sk)
1553 struct mgmt_ev_device_unpaired ev;
1555 bacpy(&ev.addr.bdaddr, bdaddr);
1556 ev.addr.type = addr_type;
1558 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1562 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1565 struct mgmt_cp_unpair_device *cp = data;
1566 struct mgmt_rp_unpair_device rp;
1567 struct hci_cp_disconnect dc;
1568 struct pending_cmd *cmd;
1569 struct hci_conn *conn;
1574 memset(&rp, 0, sizeof(rp));
1575 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1576 rp.addr.type = cp->addr.type;
1578 if (!hdev_is_powered(hdev)) {
1579 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1580 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1584 if (cp->addr.type == BDADDR_BREDR)
1585 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1587 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1590 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1591 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1595 if (cp->disconnect) {
1596 if (cp->addr.type == BDADDR_BREDR)
1597 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1600 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1607 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1609 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1613 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1620 dc.handle = cpu_to_le16(conn->handle);
1621 dc.reason = 0x13; /* Remote User Terminated Connection */
1622 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1624 mgmt_pending_remove(cmd);
1627 hci_dev_unlock(hdev);
1631 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1634 struct mgmt_cp_disconnect *cp = data;
1635 struct hci_cp_disconnect dc;
1636 struct pending_cmd *cmd;
1637 struct hci_conn *conn;
1644 if (!test_bit(HCI_UP, &hdev->flags)) {
1645 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1646 MGMT_STATUS_NOT_POWERED);
1650 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1651 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1656 if (cp->addr.type == BDADDR_BREDR)
1657 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1660 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1662 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1663 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1664 MGMT_STATUS_NOT_CONNECTED);
1668 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1674 dc.handle = cpu_to_le16(conn->handle);
1675 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1677 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1679 mgmt_pending_remove(cmd);
1682 hci_dev_unlock(hdev);
1686 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1688 switch (link_type) {
1690 switch (addr_type) {
1691 case ADDR_LE_DEV_PUBLIC:
1692 return BDADDR_LE_PUBLIC;
1695 /* Fallback to LE Random address type */
1696 return BDADDR_LE_RANDOM;
1700 /* Fallback to BR/EDR type */
1701 return BDADDR_BREDR;
1705 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1708 struct mgmt_rp_get_connections *rp;
1718 if (!hdev_is_powered(hdev)) {
1719 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1720 MGMT_STATUS_NOT_POWERED);
1725 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1726 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1730 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1731 rp = kmalloc(rp_len, GFP_KERNEL);
1738 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1739 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1741 bacpy(&rp->addr[i].bdaddr, &c->dst);
1742 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1743 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1748 rp->conn_count = cpu_to_le16(i);
1750 /* Recalculate length in case of filtered SCO connections, etc */
1751 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1753 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1759 hci_dev_unlock(hdev);
1763 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1764 struct mgmt_cp_pin_code_neg_reply *cp)
1766 struct pending_cmd *cmd;
1769 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1774 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1775 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1777 mgmt_pending_remove(cmd);
1782 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1785 struct hci_conn *conn;
1786 struct mgmt_cp_pin_code_reply *cp = data;
1787 struct hci_cp_pin_code_reply reply;
1788 struct pending_cmd *cmd;
1795 if (!hdev_is_powered(hdev)) {
1796 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1797 MGMT_STATUS_NOT_POWERED);
1801 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1803 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1804 MGMT_STATUS_NOT_CONNECTED);
1808 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1809 struct mgmt_cp_pin_code_neg_reply ncp;
1811 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1813 BT_ERR("PIN code is not 16 bytes long");
1815 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1817 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1818 MGMT_STATUS_INVALID_PARAMS);
1823 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1829 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1830 reply.pin_len = cp->pin_len;
1831 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1833 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1835 mgmt_pending_remove(cmd);
1838 hci_dev_unlock(hdev);
1842 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1845 struct mgmt_cp_set_io_capability *cp = data;
1851 hdev->io_capability = cp->io_capability;
1853 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1854 hdev->io_capability);
1856 hci_dev_unlock(hdev);
1858 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1862 static struct pending_cmd *find_pairing(struct hci_conn *conn)
1864 struct hci_dev *hdev = conn->hdev;
1865 struct pending_cmd *cmd;
1867 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1868 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1871 if (cmd->user_data != conn)
1880 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1882 struct mgmt_rp_pair_device rp;
1883 struct hci_conn *conn = cmd->user_data;
1885 bacpy(&rp.addr.bdaddr, &conn->dst);
1886 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1888 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1891 /* So we don't get further callbacks for this connection */
1892 conn->connect_cfm_cb = NULL;
1893 conn->security_cfm_cb = NULL;
1894 conn->disconn_cfm_cb = NULL;
1898 mgmt_pending_remove(cmd);
1901 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1903 struct pending_cmd *cmd;
1905 BT_DBG("status %u", status);
1907 cmd = find_pairing(conn);
1909 BT_DBG("Unable to find a pending command");
1911 pairing_complete(cmd, mgmt_status(status));
1914 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1916 struct pending_cmd *cmd;
1918 BT_DBG("status %u", status);
1923 cmd = find_pairing(conn);
1925 BT_DBG("Unable to find a pending command");
1927 pairing_complete(cmd, mgmt_status(status));
1930 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1933 struct mgmt_cp_pair_device *cp = data;
1934 struct mgmt_rp_pair_device rp;
1935 struct pending_cmd *cmd;
1936 u8 sec_level, auth_type;
1937 struct hci_conn *conn;
1944 if (!hdev_is_powered(hdev)) {
1945 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1946 MGMT_STATUS_NOT_POWERED);
1950 sec_level = BT_SECURITY_MEDIUM;
1951 if (cp->io_cap == 0x03)
1952 auth_type = HCI_AT_DEDICATED_BONDING;
1954 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1956 if (cp->addr.type == BDADDR_BREDR)
1957 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1958 cp->addr.type, sec_level, auth_type);
1960 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1961 cp->addr.type, sec_level, auth_type);
1963 memset(&rp, 0, sizeof(rp));
1964 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1965 rp.addr.type = cp->addr.type;
1970 if (PTR_ERR(conn) == -EBUSY)
1971 status = MGMT_STATUS_BUSY;
1973 status = MGMT_STATUS_CONNECT_FAILED;
1975 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1981 if (conn->connect_cfm_cb) {
1983 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1984 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1988 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1995 /* For LE, just connecting isn't a proof that the pairing finished */
1996 if (cp->addr.type == BDADDR_BREDR)
1997 conn->connect_cfm_cb = pairing_complete_cb;
1999 conn->connect_cfm_cb = le_connect_complete_cb;
2001 conn->security_cfm_cb = pairing_complete_cb;
2002 conn->disconn_cfm_cb = pairing_complete_cb;
2003 conn->io_capability = cp->io_cap;
2004 cmd->user_data = conn;
2006 if (conn->state == BT_CONNECTED &&
2007 hci_conn_security(conn, sec_level, auth_type))
2008 pairing_complete(cmd, 0);
2013 hci_dev_unlock(hdev);
2017 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2020 struct mgmt_addr_info *addr = data;
2021 struct pending_cmd *cmd;
2022 struct hci_conn *conn;
2029 if (!hdev_is_powered(hdev)) {
2030 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2031 MGMT_STATUS_NOT_POWERED);
2035 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2037 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2038 MGMT_STATUS_INVALID_PARAMS);
2042 conn = cmd->user_data;
2044 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2045 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2046 MGMT_STATUS_INVALID_PARAMS);
2050 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2052 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2053 addr, sizeof(*addr));
2055 hci_dev_unlock(hdev);
2059 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2060 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2061 u16 hci_op, __le32 passkey)
2063 struct pending_cmd *cmd;
2064 struct hci_conn *conn;
2069 if (!hdev_is_powered(hdev)) {
2070 err = cmd_status(sk, hdev->id, mgmt_op,
2071 MGMT_STATUS_NOT_POWERED);
2075 if (type == BDADDR_BREDR)
2076 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2078 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2081 err = cmd_status(sk, hdev->id, mgmt_op,
2082 MGMT_STATUS_NOT_CONNECTED);
2086 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2087 /* Continue with pairing via SMP */
2088 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2091 err = cmd_status(sk, hdev->id, mgmt_op,
2092 MGMT_STATUS_SUCCESS);
2094 err = cmd_status(sk, hdev->id, mgmt_op,
2095 MGMT_STATUS_FAILED);
2100 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2106 /* Continue with pairing via HCI */
2107 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2108 struct hci_cp_user_passkey_reply cp;
2110 bacpy(&cp.bdaddr, bdaddr);
2111 cp.passkey = passkey;
2112 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2114 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2117 mgmt_pending_remove(cmd);
2120 hci_dev_unlock(hdev);
2124 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2125 void *data, u16 len)
2127 struct mgmt_cp_pin_code_neg_reply *cp = data;
2131 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2132 MGMT_OP_PIN_CODE_NEG_REPLY,
2133 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2136 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2139 struct mgmt_cp_user_confirm_reply *cp = data;
2143 if (len != sizeof(*cp))
2144 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2145 MGMT_STATUS_INVALID_PARAMS);
2147 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2148 MGMT_OP_USER_CONFIRM_REPLY,
2149 HCI_OP_USER_CONFIRM_REPLY, 0);
2152 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2153 void *data, u16 len)
2155 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2159 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2160 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2161 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2164 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2167 struct mgmt_cp_user_passkey_reply *cp = data;
2171 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2172 MGMT_OP_USER_PASSKEY_REPLY,
2173 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2176 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2177 void *data, u16 len)
2179 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2183 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2184 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2185 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2188 static int update_name(struct hci_dev *hdev, const char *name)
2190 struct hci_cp_write_local_name cp;
2192 memcpy(cp.name, name, sizeof(cp.name));
2194 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2197 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2200 struct mgmt_cp_set_local_name *cp = data;
2201 struct pending_cmd *cmd;
2208 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2210 if (!hdev_is_powered(hdev)) {
2211 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2213 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2218 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2224 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2230 err = update_name(hdev, cp->name);
2232 mgmt_pending_remove(cmd);
2235 hci_dev_unlock(hdev);
2239 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2240 void *data, u16 data_len)
2242 struct pending_cmd *cmd;
2245 BT_DBG("%s", hdev->name);
2249 if (!hdev_is_powered(hdev)) {
2250 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2251 MGMT_STATUS_NOT_POWERED);
2255 if (!lmp_ssp_capable(hdev)) {
2256 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2257 MGMT_STATUS_NOT_SUPPORTED);
2261 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2262 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2267 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2273 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2275 mgmt_pending_remove(cmd);
2278 hci_dev_unlock(hdev);
2282 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2283 void *data, u16 len)
2285 struct mgmt_cp_add_remote_oob_data *cp = data;
2289 BT_DBG("%s ", hdev->name);
2293 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2296 status = MGMT_STATUS_FAILED;
2298 status = MGMT_STATUS_SUCCESS;
2300 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2301 &cp->addr, sizeof(cp->addr));
2303 hci_dev_unlock(hdev);
2307 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2308 void *data, u16 len)
2310 struct mgmt_cp_remove_remote_oob_data *cp = data;
2314 BT_DBG("%s", hdev->name);
2318 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2320 status = MGMT_STATUS_INVALID_PARAMS;
2322 status = MGMT_STATUS_SUCCESS;
2324 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2325 status, &cp->addr, sizeof(cp->addr));
2327 hci_dev_unlock(hdev);
2331 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2335 BT_DBG("%s", hdev->name);
2339 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2341 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2343 hci_dev_unlock(hdev);
2348 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2349 void *data, u16 len)
2351 struct mgmt_cp_start_discovery *cp = data;
2352 struct pending_cmd *cmd;
2355 BT_DBG("%s", hdev->name);
2359 if (!hdev_is_powered(hdev)) {
2360 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2361 MGMT_STATUS_NOT_POWERED);
2365 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2366 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2371 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2372 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2377 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2383 hdev->discovery.type = cp->type;
2385 switch (hdev->discovery.type) {
2386 case DISCOV_TYPE_BREDR:
2387 if (!lmp_bredr_capable(hdev)) {
2388 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2389 MGMT_STATUS_NOT_SUPPORTED);
2390 mgmt_pending_remove(cmd);
2394 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2397 case DISCOV_TYPE_LE:
2398 if (!lmp_host_le_capable(hdev)) {
2399 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2400 MGMT_STATUS_NOT_SUPPORTED);
2401 mgmt_pending_remove(cmd);
2405 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2406 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2409 case DISCOV_TYPE_INTERLEAVED:
2410 if (!lmp_host_le_capable(hdev) || !lmp_bredr_capable(hdev)) {
2411 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2412 MGMT_STATUS_NOT_SUPPORTED);
2413 mgmt_pending_remove(cmd);
2417 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN,
2418 LE_SCAN_TIMEOUT_BREDR_LE);
2422 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2423 MGMT_STATUS_INVALID_PARAMS);
2424 mgmt_pending_remove(cmd);
2429 mgmt_pending_remove(cmd);
2431 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2434 hci_dev_unlock(hdev);
2438 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2441 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2442 struct pending_cmd *cmd;
2443 struct hci_cp_remote_name_req_cancel cp;
2444 struct inquiry_entry *e;
2447 BT_DBG("%s", hdev->name);
2451 if (!hci_discovery_active(hdev)) {
2452 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2453 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2454 sizeof(mgmt_cp->type));
2458 if (hdev->discovery.type != mgmt_cp->type) {
2459 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2460 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2461 sizeof(mgmt_cp->type));
2465 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2471 switch (hdev->discovery.state) {
2472 case DISCOVERY_FINDING:
2473 if (test_bit(HCI_INQUIRY, &hdev->flags))
2474 err = hci_cancel_inquiry(hdev);
2476 err = hci_cancel_le_scan(hdev);
2480 case DISCOVERY_RESOLVING:
2481 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2484 mgmt_pending_remove(cmd);
2485 err = cmd_complete(sk, hdev->id,
2486 MGMT_OP_STOP_DISCOVERY, 0,
2488 sizeof(mgmt_cp->type));
2489 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2493 bacpy(&cp.bdaddr, &e->data.bdaddr);
2494 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2500 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2505 mgmt_pending_remove(cmd);
2507 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2510 hci_dev_unlock(hdev);
2514 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2517 struct mgmt_cp_confirm_name *cp = data;
2518 struct inquiry_entry *e;
2521 BT_DBG("%s", hdev->name);
2525 if (!hci_discovery_active(hdev)) {
2526 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2527 MGMT_STATUS_FAILED);
2531 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2533 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2534 MGMT_STATUS_INVALID_PARAMS);
2538 if (cp->name_known) {
2539 e->name_state = NAME_KNOWN;
2542 e->name_state = NAME_NEEDED;
2543 hci_inquiry_cache_update_resolve(hdev, e);
2546 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2550 hci_dev_unlock(hdev);
2554 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2557 struct mgmt_cp_block_device *cp = data;
2561 BT_DBG("%s", hdev->name);
2565 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2567 status = MGMT_STATUS_FAILED;
2569 status = MGMT_STATUS_SUCCESS;
2571 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2572 &cp->addr, sizeof(cp->addr));
2574 hci_dev_unlock(hdev);
2579 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2582 struct mgmt_cp_unblock_device *cp = data;
2586 BT_DBG("%s", hdev->name);
2590 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2592 status = MGMT_STATUS_INVALID_PARAMS;
2594 status = MGMT_STATUS_SUCCESS;
2596 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2597 &cp->addr, sizeof(cp->addr));
2599 hci_dev_unlock(hdev);
2604 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2607 struct mgmt_cp_set_device_id *cp = data;
2611 BT_DBG("%s", hdev->name);
2613 source = __le16_to_cpu(cp->source);
2615 if (source > 0x0002)
2616 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2617 MGMT_STATUS_INVALID_PARAMS);
2621 hdev->devid_source = source;
2622 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2623 hdev->devid_product = __le16_to_cpu(cp->product);
2624 hdev->devid_version = __le16_to_cpu(cp->version);
2626 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2630 hci_dev_unlock(hdev);
2635 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2636 void *data, u16 len)
2638 struct mgmt_mode *cp = data;
2639 struct hci_cp_write_page_scan_activity acp;
2643 BT_DBG("%s", hdev->name);
2645 if (!lmp_bredr_capable(hdev))
2646 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2647 MGMT_STATUS_NOT_SUPPORTED);
2649 if (cp->val != 0x00 && cp->val != 0x01)
2650 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2651 MGMT_STATUS_INVALID_PARAMS);
2653 if (!hdev_is_powered(hdev))
2654 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2655 MGMT_STATUS_NOT_POWERED);
2657 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2658 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2659 MGMT_STATUS_REJECTED);
2664 type = PAGE_SCAN_TYPE_INTERLACED;
2666 /* 160 msec page scan interval */
2667 acp.interval = __constant_cpu_to_le16(0x0100);
2669 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2671 /* default 1.28 sec page scan */
2672 acp.interval = __constant_cpu_to_le16(0x0800);
2675 /* default 11.25 msec page scan window */
2676 acp.window = __constant_cpu_to_le16(0x0012);
2678 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2681 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2682 MGMT_STATUS_FAILED);
2686 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2688 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2689 MGMT_STATUS_FAILED);
2693 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2696 hci_dev_unlock(hdev);
2700 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2701 void *cp_data, u16 len)
2703 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2704 u16 key_count, expected_len;
2707 key_count = __le16_to_cpu(cp->key_count);
2709 expected_len = sizeof(*cp) + key_count *
2710 sizeof(struct mgmt_ltk_info);
2711 if (expected_len != len) {
2712 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2714 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2718 BT_DBG("%s key_count %u", hdev->name, key_count);
2722 hci_smp_ltks_clear(hdev);
2724 for (i = 0; i < key_count; i++) {
2725 struct mgmt_ltk_info *key = &cp->keys[i];
2731 type = HCI_SMP_LTK_SLAVE;
2733 hci_add_ltk(hdev, &key->addr.bdaddr,
2734 bdaddr_to_le(key->addr.type),
2735 type, 0, key->authenticated, key->val,
2736 key->enc_size, key->ediv, key->rand);
2739 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
2742 hci_dev_unlock(hdev);
2747 static const struct mgmt_handler {
2748 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2752 } mgmt_handlers[] = {
2753 { NULL }, /* 0x0000 (no command) */
2754 { read_version, false, MGMT_READ_VERSION_SIZE },
2755 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2756 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2757 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2758 { set_powered, false, MGMT_SETTING_SIZE },
2759 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2760 { set_connectable, false, MGMT_SETTING_SIZE },
2761 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2762 { set_pairable, false, MGMT_SETTING_SIZE },
2763 { set_link_security, false, MGMT_SETTING_SIZE },
2764 { set_ssp, false, MGMT_SETTING_SIZE },
2765 { set_hs, false, MGMT_SETTING_SIZE },
2766 { set_le, false, MGMT_SETTING_SIZE },
2767 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2768 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2769 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2770 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2771 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2772 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2773 { disconnect, false, MGMT_DISCONNECT_SIZE },
2774 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2775 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2776 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2777 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2778 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2779 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2780 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2781 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2782 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2783 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2784 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2785 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2786 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2787 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2788 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2789 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2790 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2791 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2792 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2793 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2797 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2801 struct mgmt_hdr *hdr;
2802 u16 opcode, index, len;
2803 struct hci_dev *hdev = NULL;
2804 const struct mgmt_handler *handler;
2807 BT_DBG("got %zu bytes", msglen);
2809 if (msglen < sizeof(*hdr))
2812 buf = kmalloc(msglen, GFP_KERNEL);
2816 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2822 opcode = __le16_to_cpu(hdr->opcode);
2823 index = __le16_to_cpu(hdr->index);
2824 len = __le16_to_cpu(hdr->len);
2826 if (len != msglen - sizeof(*hdr)) {
2831 if (index != MGMT_INDEX_NONE) {
2832 hdev = hci_dev_get(index);
2834 err = cmd_status(sk, index, opcode,
2835 MGMT_STATUS_INVALID_INDEX);
2840 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2841 mgmt_handlers[opcode].func == NULL) {
2842 BT_DBG("Unknown op %u", opcode);
2843 err = cmd_status(sk, index, opcode,
2844 MGMT_STATUS_UNKNOWN_COMMAND);
2848 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2849 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2850 err = cmd_status(sk, index, opcode,
2851 MGMT_STATUS_INVALID_INDEX);
2855 handler = &mgmt_handlers[opcode];
2857 if ((handler->var_len && len < handler->data_len) ||
2858 (!handler->var_len && len != handler->data_len)) {
2859 err = cmd_status(sk, index, opcode,
2860 MGMT_STATUS_INVALID_PARAMS);
2865 mgmt_init_hdev(sk, hdev);
2867 cp = buf + sizeof(*hdr);
2869 err = handler->func(sk, hdev, cp, len);
2883 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2887 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2888 mgmt_pending_remove(cmd);
2891 int mgmt_index_added(struct hci_dev *hdev)
2893 if (!mgmt_valid_hdev(hdev))
2896 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2899 int mgmt_index_removed(struct hci_dev *hdev)
2901 u8 status = MGMT_STATUS_INVALID_INDEX;
2903 if (!mgmt_valid_hdev(hdev))
2906 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2908 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2913 struct hci_dev *hdev;
2917 static void settings_rsp(struct pending_cmd *cmd, void *data)
2919 struct cmd_lookup *match = data;
2921 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2923 list_del(&cmd->list);
2925 if (match->sk == NULL) {
2926 match->sk = cmd->sk;
2927 sock_hold(match->sk);
2930 mgmt_pending_free(cmd);
2933 static int set_bredr_scan(struct hci_dev *hdev)
2937 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2939 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2940 scan |= SCAN_INQUIRY;
2945 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2948 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2950 struct cmd_lookup match = { NULL, hdev };
2953 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2956 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2959 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
2960 !lmp_host_ssp_capable(hdev)) {
2963 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2966 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2967 struct hci_cp_write_le_host_supported cp;
2970 cp.simul = lmp_le_br_capable(hdev);
2972 /* Check first if we already have the right
2973 * host state (host features set)
2975 if (cp.le != lmp_host_le_capable(hdev) ||
2976 cp.simul != lmp_host_le_br_capable(hdev))
2978 HCI_OP_WRITE_LE_HOST_SUPPORTED,
2982 if (lmp_bredr_capable(hdev)) {
2983 set_bredr_scan(hdev);
2985 update_name(hdev, hdev->dev_name);
2989 u8 status = MGMT_STATUS_NOT_POWERED;
2990 u8 zero_cod[] = { 0, 0, 0 };
2992 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2994 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
2995 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
2996 zero_cod, sizeof(zero_cod), NULL);
2999 err = new_settings(hdev, match.sk);
3007 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3009 struct cmd_lookup match = { NULL, hdev };
3010 bool changed = false;
3014 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3017 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3021 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3025 err = new_settings(hdev, match.sk);
3033 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3035 struct cmd_lookup match = { NULL, hdev };
3036 bool changed = false;
3040 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3043 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3047 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3051 err = new_settings(hdev, match.sk);
3059 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3061 u8 mgmt_err = mgmt_status(status);
3063 if (scan & SCAN_PAGE)
3064 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3065 cmd_status_rsp, &mgmt_err);
3067 if (scan & SCAN_INQUIRY)
3068 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3069 cmd_status_rsp, &mgmt_err);
3074 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3077 struct mgmt_ev_new_link_key ev;
3079 memset(&ev, 0, sizeof(ev));
3081 ev.store_hint = persistent;
3082 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3083 ev.key.addr.type = BDADDR_BREDR;
3084 ev.key.type = key->type;
3085 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
3086 ev.key.pin_len = key->pin_len;
3088 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3091 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3093 struct mgmt_ev_new_long_term_key ev;
3095 memset(&ev, 0, sizeof(ev));
3097 ev.store_hint = persistent;
3098 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3099 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3100 ev.key.authenticated = key->authenticated;
3101 ev.key.enc_size = key->enc_size;
3102 ev.key.ediv = key->ediv;
3104 if (key->type == HCI_SMP_LTK)
3107 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3108 memcpy(ev.key.val, key->val, sizeof(key->val));
3110 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3114 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3115 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3119 struct mgmt_ev_device_connected *ev = (void *) buf;
3122 bacpy(&ev->addr.bdaddr, bdaddr);
3123 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3125 ev->flags = __cpu_to_le32(flags);
3128 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3131 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3132 eir_len = eir_append_data(ev->eir, eir_len,
3133 EIR_CLASS_OF_DEV, dev_class, 3);
3135 ev->eir_len = cpu_to_le16(eir_len);
3137 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3138 sizeof(*ev) + eir_len, NULL);
3141 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3143 struct mgmt_cp_disconnect *cp = cmd->param;
3144 struct sock **sk = data;
3145 struct mgmt_rp_disconnect rp;
3147 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3148 rp.addr.type = cp->addr.type;
3150 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3156 mgmt_pending_remove(cmd);
3159 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3161 struct hci_dev *hdev = data;
3162 struct mgmt_cp_unpair_device *cp = cmd->param;
3163 struct mgmt_rp_unpair_device rp;
3165 memset(&rp, 0, sizeof(rp));
3166 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3167 rp.addr.type = cp->addr.type;
3169 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3171 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3173 mgmt_pending_remove(cmd);
3176 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3177 u8 link_type, u8 addr_type, u8 reason)
3179 struct mgmt_ev_device_disconnected ev;
3180 struct sock *sk = NULL;
3183 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3185 bacpy(&ev.addr.bdaddr, bdaddr);
3186 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3189 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3195 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3201 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3202 u8 link_type, u8 addr_type, u8 status)
3204 struct mgmt_rp_disconnect rp;
3205 struct pending_cmd *cmd;
3208 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3211 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3215 bacpy(&rp.addr.bdaddr, bdaddr);
3216 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3218 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3219 mgmt_status(status), &rp, sizeof(rp));
3221 mgmt_pending_remove(cmd);
3226 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3227 u8 addr_type, u8 status)
3229 struct mgmt_ev_connect_failed ev;
3231 bacpy(&ev.addr.bdaddr, bdaddr);
3232 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3233 ev.status = mgmt_status(status);
3235 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3238 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3240 struct mgmt_ev_pin_code_request ev;
3242 bacpy(&ev.addr.bdaddr, bdaddr);
3243 ev.addr.type = BDADDR_BREDR;
3246 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3250 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3253 struct pending_cmd *cmd;
3254 struct mgmt_rp_pin_code_reply rp;
3257 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3261 bacpy(&rp.addr.bdaddr, bdaddr);
3262 rp.addr.type = BDADDR_BREDR;
3264 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3265 mgmt_status(status), &rp, sizeof(rp));
3267 mgmt_pending_remove(cmd);
3272 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3275 struct pending_cmd *cmd;
3276 struct mgmt_rp_pin_code_reply rp;
3279 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3283 bacpy(&rp.addr.bdaddr, bdaddr);
3284 rp.addr.type = BDADDR_BREDR;
3286 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3287 mgmt_status(status), &rp, sizeof(rp));
3289 mgmt_pending_remove(cmd);
3294 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3295 u8 link_type, u8 addr_type, __le32 value,
3298 struct mgmt_ev_user_confirm_request ev;
3300 BT_DBG("%s", hdev->name);
3302 bacpy(&ev.addr.bdaddr, bdaddr);
3303 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3304 ev.confirm_hint = confirm_hint;
3307 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3311 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3312 u8 link_type, u8 addr_type)
3314 struct mgmt_ev_user_passkey_request ev;
3316 BT_DBG("%s", hdev->name);
3318 bacpy(&ev.addr.bdaddr, bdaddr);
3319 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3321 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3325 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3326 u8 link_type, u8 addr_type, u8 status,
3329 struct pending_cmd *cmd;
3330 struct mgmt_rp_user_confirm_reply rp;
3333 cmd = mgmt_pending_find(opcode, hdev);
3337 bacpy(&rp.addr.bdaddr, bdaddr);
3338 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3339 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3342 mgmt_pending_remove(cmd);
3347 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3348 u8 link_type, u8 addr_type, u8 status)
3350 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3351 status, MGMT_OP_USER_CONFIRM_REPLY);
3354 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3355 u8 link_type, u8 addr_type, u8 status)
3357 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3359 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3362 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3363 u8 link_type, u8 addr_type, u8 status)
3365 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3366 status, MGMT_OP_USER_PASSKEY_REPLY);
3369 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3370 u8 link_type, u8 addr_type, u8 status)
3372 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3374 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3377 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3378 u8 link_type, u8 addr_type, u32 passkey,
3381 struct mgmt_ev_passkey_notify ev;
3383 BT_DBG("%s", hdev->name);
3385 bacpy(&ev.addr.bdaddr, bdaddr);
3386 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3387 ev.passkey = __cpu_to_le32(passkey);
3388 ev.entered = entered;
3390 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3393 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3394 u8 addr_type, u8 status)
3396 struct mgmt_ev_auth_failed ev;
3398 bacpy(&ev.addr.bdaddr, bdaddr);
3399 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3400 ev.status = mgmt_status(status);
3402 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3405 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3407 struct cmd_lookup match = { NULL, hdev };
3408 bool changed = false;
3412 u8 mgmt_err = mgmt_status(status);
3413 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3414 cmd_status_rsp, &mgmt_err);
3418 if (test_bit(HCI_AUTH, &hdev->flags)) {
3419 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3422 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3426 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3430 err = new_settings(hdev, match.sk);
3438 static int clear_eir(struct hci_dev *hdev)
3440 struct hci_cp_write_eir cp;
3442 if (!lmp_ext_inq_capable(hdev))
3445 memset(hdev->eir, 0, sizeof(hdev->eir));
3447 memset(&cp, 0, sizeof(cp));
3449 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3452 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3454 struct cmd_lookup match = { NULL, hdev };
3455 bool changed = false;
3459 u8 mgmt_err = mgmt_status(status);
3461 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3463 err = new_settings(hdev, NULL);
3465 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3472 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3475 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3479 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3482 err = new_settings(hdev, match.sk);
3487 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3495 static void class_rsp(struct pending_cmd *cmd, void *data)
3497 struct cmd_lookup *match = data;
3499 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3500 match->hdev->dev_class, 3);
3502 list_del(&cmd->list);
3504 if (match->sk == NULL) {
3505 match->sk = cmd->sk;
3506 sock_hold(match->sk);
3509 mgmt_pending_free(cmd);
3512 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3515 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3518 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3520 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3521 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3522 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3525 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3534 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3536 struct pending_cmd *cmd;
3537 struct mgmt_cp_set_local_name ev;
3538 bool changed = false;
3541 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3542 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3546 memset(&ev, 0, sizeof(ev));
3547 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3548 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3550 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3554 /* Always assume that either the short or the complete name has
3555 * changed if there was a pending mgmt command */
3559 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3560 mgmt_status(status));
3564 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3571 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3572 sizeof(ev), cmd ? cmd->sk : NULL);
3574 /* EIR is taken care of separately when powering on the
3575 * adapter so only update them here if this is a name change
3576 * unrelated to power on.
3578 if (!test_bit(HCI_INIT, &hdev->flags))
3583 mgmt_pending_remove(cmd);
3587 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3588 u8 *randomizer, u8 status)
3590 struct pending_cmd *cmd;
3593 BT_DBG("%s status %u", hdev->name, status);
3595 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3600 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3601 mgmt_status(status));
3603 struct mgmt_rp_read_local_oob_data rp;
3605 memcpy(rp.hash, hash, sizeof(rp.hash));
3606 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3608 err = cmd_complete(cmd->sk, hdev->id,
3609 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3613 mgmt_pending_remove(cmd);
3618 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3620 struct cmd_lookup match = { NULL, hdev };
3621 bool changed = false;
3625 u8 mgmt_err = mgmt_status(status);
3627 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3629 err = new_settings(hdev, NULL);
3631 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3638 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3641 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3645 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3648 err = new_settings(hdev, match.sk);
3656 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3657 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3658 ssp, u8 *eir, u16 eir_len)
3661 struct mgmt_ev_device_found *ev = (void *) buf;
3664 /* Leave 5 bytes for a potential CoD field */
3665 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3668 memset(buf, 0, sizeof(buf));
3670 bacpy(&ev->addr.bdaddr, bdaddr);
3671 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3674 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3676 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3679 memcpy(ev->eir, eir, eir_len);
3681 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3682 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3685 ev->eir_len = cpu_to_le16(eir_len);
3686 ev_size = sizeof(*ev) + eir_len;
3688 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3691 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3692 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3694 struct mgmt_ev_device_found *ev;
3695 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3698 ev = (struct mgmt_ev_device_found *) buf;
3700 memset(buf, 0, sizeof(buf));
3702 bacpy(&ev->addr.bdaddr, bdaddr);
3703 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3706 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3709 ev->eir_len = cpu_to_le16(eir_len);
3711 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3712 sizeof(*ev) + eir_len, NULL);
3715 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3717 struct pending_cmd *cmd;
3721 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3723 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3727 type = hdev->discovery.type;
3729 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3730 &type, sizeof(type));
3731 mgmt_pending_remove(cmd);
3736 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3738 struct pending_cmd *cmd;
3741 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3745 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3746 &hdev->discovery.type, sizeof(hdev->discovery.type));
3747 mgmt_pending_remove(cmd);
3752 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3754 struct mgmt_ev_discovering ev;
3755 struct pending_cmd *cmd;
3757 BT_DBG("%s discovering %u", hdev->name, discovering);
3760 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3762 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3765 u8 type = hdev->discovery.type;
3767 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3769 mgmt_pending_remove(cmd);
3772 memset(&ev, 0, sizeof(ev));
3773 ev.type = hdev->discovery.type;
3774 ev.discovering = discovering;
3776 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3779 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3781 struct pending_cmd *cmd;
3782 struct mgmt_ev_device_blocked ev;
3784 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3786 bacpy(&ev.addr.bdaddr, bdaddr);
3787 ev.addr.type = type;
3789 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3790 cmd ? cmd->sk : NULL);
3793 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3795 struct pending_cmd *cmd;
3796 struct mgmt_ev_device_unblocked ev;
3798 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3800 bacpy(&ev.addr.bdaddr, bdaddr);
3801 ev.addr.type = type;
3803 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3804 cmd ? cmd->sk : NULL);
3807 module_param(enable_hs, bool, 0644);
3808 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
projects / firefly-linux-kernel-4.4.55.git / blob