2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 2
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
81 static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102 MGMT_EV_PASSKEY_NOTIFY,
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
109 #define LE_SCAN_TYPE 0x01
110 #define LE_SCAN_WIN 0x12
111 #define LE_SCAN_INT 0x12
112 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
113 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
115 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
118 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
120 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124 struct list_head list;
132 /* HCI to MGMT error code conversion table */
133 static u8 mgmt_status_table[] = {
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
197 bool mgmt_valid_hdev(struct hci_dev *hdev)
199 return hdev->dev_type == HCI_BREDR;
202 static u8 mgmt_status(u8 hci_status)
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
207 return MGMT_STATUS_FAILED;
210 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
226 hdr->index = cpu_to_le16(index);
227 hdr->len = cpu_to_le16(sizeof(*ev));
229 ev = (void *) skb_put(skb, sizeof(*ev));
231 ev->opcode = cpu_to_le16(cmd);
233 err = sock_queue_rcv_skb(sk, skb);
240 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 void *rp, size_t rp_len)
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
248 BT_DBG("sock %p", sk);
250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
257 hdr->index = cpu_to_le16(index);
258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
261 ev->opcode = cpu_to_le16(cmd);
265 memcpy(ev->data, rp, rp_len);
267 err = sock_queue_rcv_skb(sk, skb);
274 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
277 struct mgmt_rp_read_version rp;
279 BT_DBG("sock %p", sk);
281 rp.version = MGMT_VERSION;
282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
288 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
291 struct mgmt_rp_read_commands *rp;
292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
298 BT_DBG("sock %p", sk);
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
302 rp = kmalloc(rp_size, GFP_KERNEL);
306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
322 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
325 struct mgmt_rp_read_index_list *rp;
331 BT_DBG("sock %p", sk);
333 read_lock(&hci_dev_list_lock);
336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
346 read_unlock(&hci_dev_list_lock);
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (test_bit(HCI_SETUP, &d->dev_flags))
355 if (!mgmt_valid_hdev(d))
358 rp->index[count++] = cpu_to_le16(d->id);
359 BT_DBG("Added hci%u", d->id);
362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
365 read_unlock(&hci_dev_list_lock);
367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
375 static u32 get_supported_settings(struct hci_dev *hdev)
379 settings |= MGMT_SETTING_POWERED;
380 settings |= MGMT_SETTING_PAIRABLE;
382 if (lmp_ssp_capable(hdev))
383 settings |= MGMT_SETTING_SSP;
385 if (lmp_bredr_capable(hdev)) {
386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
394 settings |= MGMT_SETTING_HS;
396 if (lmp_le_capable(hdev))
397 settings |= MGMT_SETTING_LE;
402 static u32 get_current_settings(struct hci_dev *hdev)
406 if (hdev_is_powered(hdev))
407 settings |= MGMT_SETTING_POWERED;
409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
410 settings |= MGMT_SETTING_CONNECTABLE;
412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_DISCOVERABLE;
415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
416 settings |= MGMT_SETTING_PAIRABLE;
418 if (lmp_bredr_capable(hdev))
419 settings |= MGMT_SETTING_BREDR;
421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
422 settings |= MGMT_SETTING_LE;
424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
425 settings |= MGMT_SETTING_LINK_SECURITY;
427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
428 settings |= MGMT_SETTING_SSP;
430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
436 #define PNP_INFO_SVCLASS_ID 0x1200
438 static void create_eir(struct hci_dev *hdev, u8 *data)
442 struct bt_uuid *uuid;
445 name_len = strlen(hdev->dev_name);
451 ptr[1] = EIR_NAME_SHORT;
453 ptr[1] = EIR_NAME_COMPLETE;
455 /* EIR Data length */
456 ptr[0] = name_len + 1;
458 memcpy(ptr + 2, hdev->dev_name, name_len);
460 ptr += (name_len + 2);
463 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
465 ptr[1] = EIR_TX_POWER;
466 ptr[2] = (u8) hdev->inq_tx_power;
471 if (hdev->devid_source > 0) {
473 ptr[1] = EIR_DEVICE_ID;
475 put_unaligned_le16(hdev->devid_source, ptr + 2);
476 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
477 put_unaligned_le16(hdev->devid_product, ptr + 6);
478 put_unaligned_le16(hdev->devid_version, ptr + 8);
485 /* Group all UUID16 types */
486 list_for_each_entry(uuid, &hdev->uuids, list) {
489 if (uuid->size != 16)
492 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
496 if (uuid16 == PNP_INFO_SVCLASS_ID)
502 uuids_start[1] = EIR_UUID16_ALL;
506 /* Stop if not enough space to put next UUID */
507 if ((ptr - data) + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
508 uuids_start[1] = EIR_UUID16_SOME;
512 *ptr++ = (uuid16 & 0x00ff);
513 *ptr++ = (uuid16 & 0xff00) >> 8;
514 uuids_start[0] += sizeof(uuid16);
518 static int update_eir(struct hci_dev *hdev)
520 struct hci_cp_write_eir cp;
522 if (!hdev_is_powered(hdev))
525 if (!lmp_ext_inq_capable(hdev))
528 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
531 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
534 memset(&cp, 0, sizeof(cp));
536 create_eir(hdev, cp.data);
538 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
541 memcpy(hdev->eir, cp.data, sizeof(cp.data));
543 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
546 static u8 get_service_classes(struct hci_dev *hdev)
548 struct bt_uuid *uuid;
551 list_for_each_entry(uuid, &hdev->uuids, list)
552 val |= uuid->svc_hint;
557 static int update_class(struct hci_dev *hdev)
562 BT_DBG("%s", hdev->name);
564 if (!hdev_is_powered(hdev))
567 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
570 cod[0] = hdev->minor_class;
571 cod[1] = hdev->major_class;
572 cod[2] = get_service_classes(hdev);
574 if (memcmp(cod, hdev->dev_class, 3) == 0)
577 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
579 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
584 static void service_cache_off(struct work_struct *work)
586 struct hci_dev *hdev = container_of(work, struct hci_dev,
589 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
597 hci_dev_unlock(hdev);
600 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
602 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
605 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
607 /* Non-mgmt controlled devices get this bit set
608 * implicitly so that pairing works for them, however
609 * for mgmt we require user-space to explicitly enable
612 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
615 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
616 void *data, u16 data_len)
618 struct mgmt_rp_read_info rp;
620 BT_DBG("sock %p %s", sk, hdev->name);
624 memset(&rp, 0, sizeof(rp));
626 bacpy(&rp.bdaddr, &hdev->bdaddr);
628 rp.version = hdev->hci_ver;
629 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
631 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
632 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
634 memcpy(rp.dev_class, hdev->dev_class, 3);
636 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
637 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
639 hci_dev_unlock(hdev);
641 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
645 static void mgmt_pending_free(struct pending_cmd *cmd)
652 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
653 struct hci_dev *hdev, void *data,
656 struct pending_cmd *cmd;
658 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
662 cmd->opcode = opcode;
663 cmd->index = hdev->id;
665 cmd->param = kmalloc(len, GFP_KERNEL);
672 memcpy(cmd->param, data, len);
677 list_add(&cmd->list, &hdev->mgmt_pending);
682 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
683 void (*cb)(struct pending_cmd *cmd,
687 struct list_head *p, *n;
689 list_for_each_safe(p, n, &hdev->mgmt_pending) {
690 struct pending_cmd *cmd;
692 cmd = list_entry(p, struct pending_cmd, list);
694 if (opcode > 0 && cmd->opcode != opcode)
701 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
703 struct pending_cmd *cmd;
705 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
706 if (cmd->opcode == opcode)
713 static void mgmt_pending_remove(struct pending_cmd *cmd)
715 list_del(&cmd->list);
716 mgmt_pending_free(cmd);
719 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
721 __le32 settings = cpu_to_le32(get_current_settings(hdev));
723 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
727 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
730 struct mgmt_mode *cp = data;
731 struct pending_cmd *cmd;
734 BT_DBG("request for %s", hdev->name);
736 if (cp->val != 0x00 && cp->val != 0x01)
737 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
738 MGMT_STATUS_INVALID_PARAMS);
742 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
743 cancel_delayed_work(&hdev->power_off);
746 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
748 err = mgmt_powered(hdev, 1);
753 if (!!cp->val == hdev_is_powered(hdev)) {
754 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
758 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
759 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
764 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
771 queue_work(hdev->req_workqueue, &hdev->power_on);
773 queue_work(hdev->req_workqueue, &hdev->power_off.work);
778 hci_dev_unlock(hdev);
782 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
783 struct sock *skip_sk)
786 struct mgmt_hdr *hdr;
788 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
792 hdr = (void *) skb_put(skb, sizeof(*hdr));
793 hdr->opcode = cpu_to_le16(event);
795 hdr->index = cpu_to_le16(hdev->id);
797 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
798 hdr->len = cpu_to_le16(data_len);
801 memcpy(skb_put(skb, data_len), data, data_len);
804 __net_timestamp(skb);
806 hci_send_to_control(skb, skip_sk);
812 static int new_settings(struct hci_dev *hdev, struct sock *skip)
816 ev = cpu_to_le32(get_current_settings(hdev));
818 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
821 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
824 struct mgmt_cp_set_discoverable *cp = data;
825 struct pending_cmd *cmd;
830 BT_DBG("request for %s", hdev->name);
832 if (!lmp_bredr_capable(hdev))
833 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
834 MGMT_STATUS_NOT_SUPPORTED);
836 if (cp->val != 0x00 && cp->val != 0x01)
837 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
838 MGMT_STATUS_INVALID_PARAMS);
840 timeout = __le16_to_cpu(cp->timeout);
841 if (!cp->val && timeout > 0)
842 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
843 MGMT_STATUS_INVALID_PARAMS);
847 if (!hdev_is_powered(hdev) && timeout > 0) {
848 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
849 MGMT_STATUS_NOT_POWERED);
853 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
854 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
855 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
860 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
861 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
862 MGMT_STATUS_REJECTED);
866 if (!hdev_is_powered(hdev)) {
867 bool changed = false;
869 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
870 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
874 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
879 err = new_settings(hdev, sk);
884 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
885 if (hdev->discov_timeout > 0) {
886 cancel_delayed_work(&hdev->discov_off);
887 hdev->discov_timeout = 0;
890 if (cp->val && timeout > 0) {
891 hdev->discov_timeout = timeout;
892 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
893 msecs_to_jiffies(hdev->discov_timeout * 1000));
896 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
900 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
909 scan |= SCAN_INQUIRY;
911 cancel_delayed_work(&hdev->discov_off);
913 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
915 mgmt_pending_remove(cmd);
918 hdev->discov_timeout = timeout;
921 hci_dev_unlock(hdev);
925 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
928 struct mgmt_mode *cp = data;
929 struct pending_cmd *cmd;
933 BT_DBG("request for %s", hdev->name);
935 if (!lmp_bredr_capable(hdev))
936 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
937 MGMT_STATUS_NOT_SUPPORTED);
939 if (cp->val != 0x00 && cp->val != 0x01)
940 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
941 MGMT_STATUS_INVALID_PARAMS);
945 if (!hdev_is_powered(hdev)) {
946 bool changed = false;
948 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
952 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
954 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
955 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
958 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
963 err = new_settings(hdev, sk);
968 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
969 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
970 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
975 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
976 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
980 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
991 if (test_bit(HCI_ISCAN, &hdev->flags) &&
992 hdev->discov_timeout > 0)
993 cancel_delayed_work(&hdev->discov_off);
996 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
998 mgmt_pending_remove(cmd);
1001 hci_dev_unlock(hdev);
1005 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1008 struct mgmt_mode *cp = data;
1011 BT_DBG("request for %s", hdev->name);
1013 if (cp->val != 0x00 && cp->val != 0x01)
1014 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1015 MGMT_STATUS_INVALID_PARAMS);
1020 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1022 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1024 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1028 err = new_settings(hdev, sk);
1031 hci_dev_unlock(hdev);
1035 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1038 struct mgmt_mode *cp = data;
1039 struct pending_cmd *cmd;
1043 BT_DBG("request for %s", hdev->name);
1045 if (!lmp_bredr_capable(hdev))
1046 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1047 MGMT_STATUS_NOT_SUPPORTED);
1049 if (cp->val != 0x00 && cp->val != 0x01)
1050 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1051 MGMT_STATUS_INVALID_PARAMS);
1055 if (!hdev_is_powered(hdev)) {
1056 bool changed = false;
1058 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1059 &hdev->dev_flags)) {
1060 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1064 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1069 err = new_settings(hdev, sk);
1074 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1075 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1082 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1083 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1087 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1093 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1095 mgmt_pending_remove(cmd);
1100 hci_dev_unlock(hdev);
1104 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1106 struct mgmt_mode *cp = data;
1107 struct pending_cmd *cmd;
1111 BT_DBG("request for %s", hdev->name);
1113 if (!lmp_ssp_capable(hdev))
1114 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1115 MGMT_STATUS_NOT_SUPPORTED);
1117 if (cp->val != 0x00 && cp->val != 0x01)
1118 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1119 MGMT_STATUS_INVALID_PARAMS);
1125 if (!hdev_is_powered(hdev)) {
1126 bool changed = false;
1128 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1129 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1133 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1138 err = new_settings(hdev, sk);
1143 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1144 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1149 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1150 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1154 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1160 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1162 mgmt_pending_remove(cmd);
1167 hci_dev_unlock(hdev);
1171 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1173 struct mgmt_mode *cp = data;
1175 BT_DBG("request for %s", hdev->name);
1178 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1179 MGMT_STATUS_NOT_SUPPORTED);
1181 if (cp->val != 0x00 && cp->val != 0x01)
1182 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1183 MGMT_STATUS_INVALID_PARAMS);
1186 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1188 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1190 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1193 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1195 struct mgmt_mode *cp = data;
1196 struct hci_cp_write_le_host_supported hci_cp;
1197 struct pending_cmd *cmd;
1201 BT_DBG("request for %s", hdev->name);
1203 if (!lmp_le_capable(hdev))
1204 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1205 MGMT_STATUS_NOT_SUPPORTED);
1207 if (cp->val != 0x00 && cp->val != 0x01)
1208 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1209 MGMT_STATUS_INVALID_PARAMS);
1214 enabled = lmp_host_le_capable(hdev);
1216 if (!hdev_is_powered(hdev) || val == enabled) {
1217 bool changed = false;
1219 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1220 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1224 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1229 err = new_settings(hdev, sk);
1234 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1235 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1240 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1246 memset(&hci_cp, 0, sizeof(hci_cp));
1250 hci_cp.simul = lmp_le_br_capable(hdev);
1253 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1256 mgmt_pending_remove(cmd);
1259 hci_dev_unlock(hdev);
1263 static const u8 bluetooth_base_uuid[] = {
1264 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1265 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1268 static u8 get_uuid_size(const u8 *uuid)
1272 if (memcmp(uuid, bluetooth_base_uuid, 12))
1275 val = get_unaligned_le32(&uuid[12]);
1282 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1284 struct mgmt_cp_add_uuid *cp = data;
1285 struct pending_cmd *cmd;
1286 struct bt_uuid *uuid;
1289 BT_DBG("request for %s", hdev->name);
1293 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1294 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1299 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1305 memcpy(uuid->uuid, cp->uuid, 16);
1306 uuid->svc_hint = cp->svc_hint;
1307 uuid->size = get_uuid_size(cp->uuid);
1309 list_add_tail(&uuid->list, &hdev->uuids);
1311 err = update_class(hdev);
1315 err = update_eir(hdev);
1319 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1320 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1321 hdev->dev_class, 3);
1325 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1330 hci_dev_unlock(hdev);
1334 static bool enable_service_cache(struct hci_dev *hdev)
1336 if (!hdev_is_powered(hdev))
1339 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1340 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1348 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1351 struct mgmt_cp_remove_uuid *cp = data;
1352 struct pending_cmd *cmd;
1353 struct bt_uuid *match, *tmp;
1354 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1357 BT_DBG("request for %s", hdev->name);
1361 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1362 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1367 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1368 err = hci_uuids_clear(hdev);
1370 if (enable_service_cache(hdev)) {
1371 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1372 0, hdev->dev_class, 3);
1381 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1382 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1385 list_del(&match->list);
1391 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1392 MGMT_STATUS_INVALID_PARAMS);
1397 err = update_class(hdev);
1401 err = update_eir(hdev);
1405 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1406 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1407 hdev->dev_class, 3);
1411 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1416 hci_dev_unlock(hdev);
1420 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1423 struct mgmt_cp_set_dev_class *cp = data;
1424 struct pending_cmd *cmd;
1427 BT_DBG("request for %s", hdev->name);
1429 if (!lmp_bredr_capable(hdev))
1430 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1431 MGMT_STATUS_NOT_SUPPORTED);
1433 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags))
1434 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1437 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0)
1438 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1439 MGMT_STATUS_INVALID_PARAMS);
1443 hdev->major_class = cp->major;
1444 hdev->minor_class = cp->minor;
1446 if (!hdev_is_powered(hdev)) {
1447 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1448 hdev->dev_class, 3);
1452 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1453 hci_dev_unlock(hdev);
1454 cancel_delayed_work_sync(&hdev->service_cache);
1459 err = update_class(hdev);
1463 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1464 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1465 hdev->dev_class, 3);
1469 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1474 hci_dev_unlock(hdev);
1478 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1481 struct mgmt_cp_load_link_keys *cp = data;
1482 u16 key_count, expected_len;
1485 key_count = __le16_to_cpu(cp->key_count);
1487 expected_len = sizeof(*cp) + key_count *
1488 sizeof(struct mgmt_link_key_info);
1489 if (expected_len != len) {
1490 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1492 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1493 MGMT_STATUS_INVALID_PARAMS);
1496 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1497 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1498 MGMT_STATUS_INVALID_PARAMS);
1500 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1503 for (i = 0; i < key_count; i++) {
1504 struct mgmt_link_key_info *key = &cp->keys[i];
1506 if (key->addr.type != BDADDR_BREDR)
1507 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1508 MGMT_STATUS_INVALID_PARAMS);
1513 hci_link_keys_clear(hdev);
1515 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1518 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1520 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1522 for (i = 0; i < key_count; i++) {
1523 struct mgmt_link_key_info *key = &cp->keys[i];
1525 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1526 key->type, key->pin_len);
1529 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1531 hci_dev_unlock(hdev);
1536 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1537 u8 addr_type, struct sock *skip_sk)
1539 struct mgmt_ev_device_unpaired ev;
1541 bacpy(&ev.addr.bdaddr, bdaddr);
1542 ev.addr.type = addr_type;
1544 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1548 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1551 struct mgmt_cp_unpair_device *cp = data;
1552 struct mgmt_rp_unpair_device rp;
1553 struct hci_cp_disconnect dc;
1554 struct pending_cmd *cmd;
1555 struct hci_conn *conn;
1558 memset(&rp, 0, sizeof(rp));
1559 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1560 rp.addr.type = cp->addr.type;
1562 if (!bdaddr_type_is_valid(cp->addr.type))
1563 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1564 MGMT_STATUS_INVALID_PARAMS,
1567 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1568 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1569 MGMT_STATUS_INVALID_PARAMS,
1574 if (!hdev_is_powered(hdev)) {
1575 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1576 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1580 if (cp->addr.type == BDADDR_BREDR)
1581 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1583 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1586 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1587 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1591 if (cp->disconnect) {
1592 if (cp->addr.type == BDADDR_BREDR)
1593 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1596 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1603 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1605 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1609 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1616 dc.handle = cpu_to_le16(conn->handle);
1617 dc.reason = 0x13; /* Remote User Terminated Connection */
1618 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1620 mgmt_pending_remove(cmd);
1623 hci_dev_unlock(hdev);
1627 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1630 struct mgmt_cp_disconnect *cp = data;
1631 struct mgmt_rp_disconnect rp;
1632 struct hci_cp_disconnect dc;
1633 struct pending_cmd *cmd;
1634 struct hci_conn *conn;
1639 memset(&rp, 0, sizeof(rp));
1640 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1641 rp.addr.type = cp->addr.type;
1643 if (!bdaddr_type_is_valid(cp->addr.type))
1644 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1645 MGMT_STATUS_INVALID_PARAMS,
1650 if (!test_bit(HCI_UP, &hdev->flags)) {
1651 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1652 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1656 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1657 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1658 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1662 if (cp->addr.type == BDADDR_BREDR)
1663 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1666 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1668 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1669 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1670 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
1674 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1680 dc.handle = cpu_to_le16(conn->handle);
1681 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1683 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1685 mgmt_pending_remove(cmd);
1688 hci_dev_unlock(hdev);
1692 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1694 switch (link_type) {
1696 switch (addr_type) {
1697 case ADDR_LE_DEV_PUBLIC:
1698 return BDADDR_LE_PUBLIC;
1701 /* Fallback to LE Random address type */
1702 return BDADDR_LE_RANDOM;
1706 /* Fallback to BR/EDR type */
1707 return BDADDR_BREDR;
1711 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1714 struct mgmt_rp_get_connections *rp;
1724 if (!hdev_is_powered(hdev)) {
1725 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1726 MGMT_STATUS_NOT_POWERED);
1731 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1732 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1736 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1737 rp = kmalloc(rp_len, GFP_KERNEL);
1744 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1745 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1747 bacpy(&rp->addr[i].bdaddr, &c->dst);
1748 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1749 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1754 rp->conn_count = cpu_to_le16(i);
1756 /* Recalculate length in case of filtered SCO connections, etc */
1757 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1759 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1765 hci_dev_unlock(hdev);
1769 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1770 struct mgmt_cp_pin_code_neg_reply *cp)
1772 struct pending_cmd *cmd;
1775 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1780 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1781 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1783 mgmt_pending_remove(cmd);
1788 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1791 struct hci_conn *conn;
1792 struct mgmt_cp_pin_code_reply *cp = data;
1793 struct hci_cp_pin_code_reply reply;
1794 struct pending_cmd *cmd;
1801 if (!hdev_is_powered(hdev)) {
1802 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1803 MGMT_STATUS_NOT_POWERED);
1807 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1809 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1810 MGMT_STATUS_NOT_CONNECTED);
1814 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1815 struct mgmt_cp_pin_code_neg_reply ncp;
1817 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1819 BT_ERR("PIN code is not 16 bytes long");
1821 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1823 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1824 MGMT_STATUS_INVALID_PARAMS);
1829 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1835 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1836 reply.pin_len = cp->pin_len;
1837 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1839 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1841 mgmt_pending_remove(cmd);
1844 hci_dev_unlock(hdev);
1848 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1851 struct mgmt_cp_set_io_capability *cp = data;
1857 hdev->io_capability = cp->io_capability;
1859 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1860 hdev->io_capability);
1862 hci_dev_unlock(hdev);
1864 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1868 static struct pending_cmd *find_pairing(struct hci_conn *conn)
1870 struct hci_dev *hdev = conn->hdev;
1871 struct pending_cmd *cmd;
1873 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1874 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1877 if (cmd->user_data != conn)
1886 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1888 struct mgmt_rp_pair_device rp;
1889 struct hci_conn *conn = cmd->user_data;
1891 bacpy(&rp.addr.bdaddr, &conn->dst);
1892 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1894 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1897 /* So we don't get further callbacks for this connection */
1898 conn->connect_cfm_cb = NULL;
1899 conn->security_cfm_cb = NULL;
1900 conn->disconn_cfm_cb = NULL;
1904 mgmt_pending_remove(cmd);
1907 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1909 struct pending_cmd *cmd;
1911 BT_DBG("status %u", status);
1913 cmd = find_pairing(conn);
1915 BT_DBG("Unable to find a pending command");
1917 pairing_complete(cmd, mgmt_status(status));
1920 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1922 struct pending_cmd *cmd;
1924 BT_DBG("status %u", status);
1929 cmd = find_pairing(conn);
1931 BT_DBG("Unable to find a pending command");
1933 pairing_complete(cmd, mgmt_status(status));
1936 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1939 struct mgmt_cp_pair_device *cp = data;
1940 struct mgmt_rp_pair_device rp;
1941 struct pending_cmd *cmd;
1942 u8 sec_level, auth_type;
1943 struct hci_conn *conn;
1948 memset(&rp, 0, sizeof(rp));
1949 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1950 rp.addr.type = cp->addr.type;
1952 if (!bdaddr_type_is_valid(cp->addr.type))
1953 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1954 MGMT_STATUS_INVALID_PARAMS,
1959 if (!hdev_is_powered(hdev)) {
1960 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1961 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1965 sec_level = BT_SECURITY_MEDIUM;
1966 if (cp->io_cap == 0x03)
1967 auth_type = HCI_AT_DEDICATED_BONDING;
1969 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1971 if (cp->addr.type == BDADDR_BREDR)
1972 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1973 cp->addr.type, sec_level, auth_type);
1975 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1976 cp->addr.type, sec_level, auth_type);
1981 if (PTR_ERR(conn) == -EBUSY)
1982 status = MGMT_STATUS_BUSY;
1984 status = MGMT_STATUS_CONNECT_FAILED;
1986 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1992 if (conn->connect_cfm_cb) {
1994 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1995 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1999 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2006 /* For LE, just connecting isn't a proof that the pairing finished */
2007 if (cp->addr.type == BDADDR_BREDR)
2008 conn->connect_cfm_cb = pairing_complete_cb;
2010 conn->connect_cfm_cb = le_connect_complete_cb;
2012 conn->security_cfm_cb = pairing_complete_cb;
2013 conn->disconn_cfm_cb = pairing_complete_cb;
2014 conn->io_capability = cp->io_cap;
2015 cmd->user_data = conn;
2017 if (conn->state == BT_CONNECTED &&
2018 hci_conn_security(conn, sec_level, auth_type))
2019 pairing_complete(cmd, 0);
2024 hci_dev_unlock(hdev);
2028 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2031 struct mgmt_addr_info *addr = data;
2032 struct pending_cmd *cmd;
2033 struct hci_conn *conn;
2040 if (!hdev_is_powered(hdev)) {
2041 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2042 MGMT_STATUS_NOT_POWERED);
2046 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2048 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2049 MGMT_STATUS_INVALID_PARAMS);
2053 conn = cmd->user_data;
2055 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2056 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2057 MGMT_STATUS_INVALID_PARAMS);
2061 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2063 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2064 addr, sizeof(*addr));
2066 hci_dev_unlock(hdev);
2070 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2071 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2072 u16 hci_op, __le32 passkey)
2074 struct pending_cmd *cmd;
2075 struct hci_conn *conn;
2080 if (!hdev_is_powered(hdev)) {
2081 err = cmd_status(sk, hdev->id, mgmt_op,
2082 MGMT_STATUS_NOT_POWERED);
2086 if (type == BDADDR_BREDR)
2087 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2089 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2092 err = cmd_status(sk, hdev->id, mgmt_op,
2093 MGMT_STATUS_NOT_CONNECTED);
2097 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2098 /* Continue with pairing via SMP */
2099 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2102 err = cmd_status(sk, hdev->id, mgmt_op,
2103 MGMT_STATUS_SUCCESS);
2105 err = cmd_status(sk, hdev->id, mgmt_op,
2106 MGMT_STATUS_FAILED);
2111 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2117 /* Continue with pairing via HCI */
2118 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2119 struct hci_cp_user_passkey_reply cp;
2121 bacpy(&cp.bdaddr, bdaddr);
2122 cp.passkey = passkey;
2123 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2125 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2128 mgmt_pending_remove(cmd);
2131 hci_dev_unlock(hdev);
2135 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2136 void *data, u16 len)
2138 struct mgmt_cp_pin_code_neg_reply *cp = data;
2142 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2143 MGMT_OP_PIN_CODE_NEG_REPLY,
2144 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2147 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2150 struct mgmt_cp_user_confirm_reply *cp = data;
2154 if (len != sizeof(*cp))
2155 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2156 MGMT_STATUS_INVALID_PARAMS);
2158 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2159 MGMT_OP_USER_CONFIRM_REPLY,
2160 HCI_OP_USER_CONFIRM_REPLY, 0);
2163 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2164 void *data, u16 len)
2166 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2170 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2171 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2172 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2175 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2178 struct mgmt_cp_user_passkey_reply *cp = data;
2182 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2183 MGMT_OP_USER_PASSKEY_REPLY,
2184 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2187 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2188 void *data, u16 len)
2190 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2194 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2195 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2196 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2199 static int update_name(struct hci_dev *hdev, const char *name)
2201 struct hci_cp_write_local_name cp;
2203 memcpy(cp.name, name, sizeof(cp.name));
2205 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2208 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2211 struct mgmt_cp_set_local_name *cp = data;
2212 struct pending_cmd *cmd;
2219 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2221 if (!hdev_is_powered(hdev)) {
2222 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2224 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2229 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2235 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2241 err = update_name(hdev, cp->name);
2243 mgmt_pending_remove(cmd);
2246 hci_dev_unlock(hdev);
2250 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2251 void *data, u16 data_len)
2253 struct pending_cmd *cmd;
2256 BT_DBG("%s", hdev->name);
2260 if (!hdev_is_powered(hdev)) {
2261 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2262 MGMT_STATUS_NOT_POWERED);
2266 if (!lmp_ssp_capable(hdev)) {
2267 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2268 MGMT_STATUS_NOT_SUPPORTED);
2272 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2273 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2278 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2284 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2286 mgmt_pending_remove(cmd);
2289 hci_dev_unlock(hdev);
2293 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2294 void *data, u16 len)
2296 struct mgmt_cp_add_remote_oob_data *cp = data;
2300 BT_DBG("%s ", hdev->name);
2304 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2307 status = MGMT_STATUS_FAILED;
2309 status = MGMT_STATUS_SUCCESS;
2311 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2312 &cp->addr, sizeof(cp->addr));
2314 hci_dev_unlock(hdev);
2318 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2319 void *data, u16 len)
2321 struct mgmt_cp_remove_remote_oob_data *cp = data;
2325 BT_DBG("%s", hdev->name);
2329 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2331 status = MGMT_STATUS_INVALID_PARAMS;
2333 status = MGMT_STATUS_SUCCESS;
2335 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2336 status, &cp->addr, sizeof(cp->addr));
2338 hci_dev_unlock(hdev);
2342 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2346 BT_DBG("%s", hdev->name);
2350 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2352 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2354 hci_dev_unlock(hdev);
2359 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2360 void *data, u16 len)
2362 struct mgmt_cp_start_discovery *cp = data;
2363 struct pending_cmd *cmd;
2366 BT_DBG("%s", hdev->name);
2370 if (!hdev_is_powered(hdev)) {
2371 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2372 MGMT_STATUS_NOT_POWERED);
2376 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2377 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2382 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2383 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2388 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2394 hdev->discovery.type = cp->type;
2396 switch (hdev->discovery.type) {
2397 case DISCOV_TYPE_BREDR:
2398 if (!lmp_bredr_capable(hdev)) {
2399 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2400 MGMT_STATUS_NOT_SUPPORTED);
2401 mgmt_pending_remove(cmd);
2405 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2408 case DISCOV_TYPE_LE:
2409 if (!lmp_host_le_capable(hdev)) {
2410 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2411 MGMT_STATUS_NOT_SUPPORTED);
2412 mgmt_pending_remove(cmd);
2416 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2417 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2420 case DISCOV_TYPE_INTERLEAVED:
2421 if (!lmp_host_le_capable(hdev) || !lmp_bredr_capable(hdev)) {
2422 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2423 MGMT_STATUS_NOT_SUPPORTED);
2424 mgmt_pending_remove(cmd);
2428 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN,
2429 LE_SCAN_TIMEOUT_BREDR_LE);
2433 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2434 MGMT_STATUS_INVALID_PARAMS);
2435 mgmt_pending_remove(cmd);
2440 mgmt_pending_remove(cmd);
2442 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2445 hci_dev_unlock(hdev);
2449 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2452 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2453 struct pending_cmd *cmd;
2454 struct hci_cp_remote_name_req_cancel cp;
2455 struct inquiry_entry *e;
2458 BT_DBG("%s", hdev->name);
2462 if (!hci_discovery_active(hdev)) {
2463 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2464 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2465 sizeof(mgmt_cp->type));
2469 if (hdev->discovery.type != mgmt_cp->type) {
2470 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2471 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2472 sizeof(mgmt_cp->type));
2476 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2482 switch (hdev->discovery.state) {
2483 case DISCOVERY_FINDING:
2484 if (test_bit(HCI_INQUIRY, &hdev->flags))
2485 err = hci_cancel_inquiry(hdev);
2487 err = hci_cancel_le_scan(hdev);
2491 case DISCOVERY_RESOLVING:
2492 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2495 mgmt_pending_remove(cmd);
2496 err = cmd_complete(sk, hdev->id,
2497 MGMT_OP_STOP_DISCOVERY, 0,
2499 sizeof(mgmt_cp->type));
2500 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2504 bacpy(&cp.bdaddr, &e->data.bdaddr);
2505 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2511 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2516 mgmt_pending_remove(cmd);
2518 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2521 hci_dev_unlock(hdev);
2525 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2528 struct mgmt_cp_confirm_name *cp = data;
2529 struct inquiry_entry *e;
2532 BT_DBG("%s", hdev->name);
2536 if (!hci_discovery_active(hdev)) {
2537 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2538 MGMT_STATUS_FAILED);
2542 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2544 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2545 MGMT_STATUS_INVALID_PARAMS);
2549 if (cp->name_known) {
2550 e->name_state = NAME_KNOWN;
2553 e->name_state = NAME_NEEDED;
2554 hci_inquiry_cache_update_resolve(hdev, e);
2557 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2561 hci_dev_unlock(hdev);
2565 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2568 struct mgmt_cp_block_device *cp = data;
2572 BT_DBG("%s", hdev->name);
2574 if (!bdaddr_type_is_valid(cp->addr.type))
2575 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
2576 MGMT_STATUS_INVALID_PARAMS,
2577 &cp->addr, sizeof(cp->addr));
2581 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2583 status = MGMT_STATUS_FAILED;
2585 status = MGMT_STATUS_SUCCESS;
2587 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2588 &cp->addr, sizeof(cp->addr));
2590 hci_dev_unlock(hdev);
2595 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2598 struct mgmt_cp_unblock_device *cp = data;
2602 BT_DBG("%s", hdev->name);
2604 if (!bdaddr_type_is_valid(cp->addr.type))
2605 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
2606 MGMT_STATUS_INVALID_PARAMS,
2607 &cp->addr, sizeof(cp->addr));
2611 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2613 status = MGMT_STATUS_INVALID_PARAMS;
2615 status = MGMT_STATUS_SUCCESS;
2617 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2618 &cp->addr, sizeof(cp->addr));
2620 hci_dev_unlock(hdev);
2625 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2628 struct mgmt_cp_set_device_id *cp = data;
2632 BT_DBG("%s", hdev->name);
2634 source = __le16_to_cpu(cp->source);
2636 if (source > 0x0002)
2637 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2638 MGMT_STATUS_INVALID_PARAMS);
2642 hdev->devid_source = source;
2643 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2644 hdev->devid_product = __le16_to_cpu(cp->product);
2645 hdev->devid_version = __le16_to_cpu(cp->version);
2647 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2651 hci_dev_unlock(hdev);
2656 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2657 void *data, u16 len)
2659 struct mgmt_mode *cp = data;
2660 struct hci_cp_write_page_scan_activity acp;
2664 BT_DBG("%s", hdev->name);
2666 if (!lmp_bredr_capable(hdev))
2667 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2668 MGMT_STATUS_NOT_SUPPORTED);
2670 if (cp->val != 0x00 && cp->val != 0x01)
2671 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2672 MGMT_STATUS_INVALID_PARAMS);
2674 if (!hdev_is_powered(hdev))
2675 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2676 MGMT_STATUS_NOT_POWERED);
2678 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2679 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2680 MGMT_STATUS_REJECTED);
2685 type = PAGE_SCAN_TYPE_INTERLACED;
2687 /* 160 msec page scan interval */
2688 acp.interval = __constant_cpu_to_le16(0x0100);
2690 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2692 /* default 1.28 sec page scan */
2693 acp.interval = __constant_cpu_to_le16(0x0800);
2696 /* default 11.25 msec page scan window */
2697 acp.window = __constant_cpu_to_le16(0x0012);
2699 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2702 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2703 MGMT_STATUS_FAILED);
2707 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2709 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2710 MGMT_STATUS_FAILED);
2714 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2717 hci_dev_unlock(hdev);
2721 static bool ltk_is_valid(struct mgmt_ltk_info *key)
2723 if (key->authenticated != 0x00 && key->authenticated != 0x01)
2725 if (key->master != 0x00 && key->master != 0x01)
2727 if (!bdaddr_type_is_le(key->addr.type))
2732 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2733 void *cp_data, u16 len)
2735 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2736 u16 key_count, expected_len;
2739 key_count = __le16_to_cpu(cp->key_count);
2741 expected_len = sizeof(*cp) + key_count *
2742 sizeof(struct mgmt_ltk_info);
2743 if (expected_len != len) {
2744 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2746 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2747 MGMT_STATUS_INVALID_PARAMS);
2750 BT_DBG("%s key_count %u", hdev->name, key_count);
2752 for (i = 0; i < key_count; i++) {
2753 struct mgmt_ltk_info *key = &cp->keys[i];
2755 if (!ltk_is_valid(key))
2756 return cmd_status(sk, hdev->id,
2757 MGMT_OP_LOAD_LONG_TERM_KEYS,
2758 MGMT_STATUS_INVALID_PARAMS);
2763 hci_smp_ltks_clear(hdev);
2765 for (i = 0; i < key_count; i++) {
2766 struct mgmt_ltk_info *key = &cp->keys[i];
2772 type = HCI_SMP_LTK_SLAVE;
2774 hci_add_ltk(hdev, &key->addr.bdaddr,
2775 bdaddr_to_le(key->addr.type),
2776 type, 0, key->authenticated, key->val,
2777 key->enc_size, key->ediv, key->rand);
2780 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
2783 hci_dev_unlock(hdev);
2788 static const struct mgmt_handler {
2789 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2793 } mgmt_handlers[] = {
2794 { NULL }, /* 0x0000 (no command) */
2795 { read_version, false, MGMT_READ_VERSION_SIZE },
2796 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2797 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2798 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2799 { set_powered, false, MGMT_SETTING_SIZE },
2800 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2801 { set_connectable, false, MGMT_SETTING_SIZE },
2802 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2803 { set_pairable, false, MGMT_SETTING_SIZE },
2804 { set_link_security, false, MGMT_SETTING_SIZE },
2805 { set_ssp, false, MGMT_SETTING_SIZE },
2806 { set_hs, false, MGMT_SETTING_SIZE },
2807 { set_le, false, MGMT_SETTING_SIZE },
2808 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2809 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2810 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2811 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2812 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2813 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2814 { disconnect, false, MGMT_DISCONNECT_SIZE },
2815 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2816 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2817 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2818 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2819 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2820 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2821 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2822 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2823 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2824 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2825 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2826 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2827 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2828 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2829 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2830 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2831 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2832 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2833 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2834 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2838 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2842 struct mgmt_hdr *hdr;
2843 u16 opcode, index, len;
2844 struct hci_dev *hdev = NULL;
2845 const struct mgmt_handler *handler;
2848 BT_DBG("got %zu bytes", msglen);
2850 if (msglen < sizeof(*hdr))
2853 buf = kmalloc(msglen, GFP_KERNEL);
2857 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2863 opcode = __le16_to_cpu(hdr->opcode);
2864 index = __le16_to_cpu(hdr->index);
2865 len = __le16_to_cpu(hdr->len);
2867 if (len != msglen - sizeof(*hdr)) {
2872 if (index != MGMT_INDEX_NONE) {
2873 hdev = hci_dev_get(index);
2875 err = cmd_status(sk, index, opcode,
2876 MGMT_STATUS_INVALID_INDEX);
2881 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2882 mgmt_handlers[opcode].func == NULL) {
2883 BT_DBG("Unknown op %u", opcode);
2884 err = cmd_status(sk, index, opcode,
2885 MGMT_STATUS_UNKNOWN_COMMAND);
2889 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2890 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2891 err = cmd_status(sk, index, opcode,
2892 MGMT_STATUS_INVALID_INDEX);
2896 handler = &mgmt_handlers[opcode];
2898 if ((handler->var_len && len < handler->data_len) ||
2899 (!handler->var_len && len != handler->data_len)) {
2900 err = cmd_status(sk, index, opcode,
2901 MGMT_STATUS_INVALID_PARAMS);
2906 mgmt_init_hdev(sk, hdev);
2908 cp = buf + sizeof(*hdr);
2910 err = handler->func(sk, hdev, cp, len);
2924 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2928 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2929 mgmt_pending_remove(cmd);
2932 int mgmt_index_added(struct hci_dev *hdev)
2934 if (!mgmt_valid_hdev(hdev))
2937 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2940 int mgmt_index_removed(struct hci_dev *hdev)
2942 u8 status = MGMT_STATUS_INVALID_INDEX;
2944 if (!mgmt_valid_hdev(hdev))
2947 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2949 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2954 struct hci_dev *hdev;
2958 static void settings_rsp(struct pending_cmd *cmd, void *data)
2960 struct cmd_lookup *match = data;
2962 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2964 list_del(&cmd->list);
2966 if (match->sk == NULL) {
2967 match->sk = cmd->sk;
2968 sock_hold(match->sk);
2971 mgmt_pending_free(cmd);
2974 static int set_bredr_scan(struct hci_dev *hdev)
2978 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2980 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2981 scan |= SCAN_INQUIRY;
2986 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2989 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2991 struct cmd_lookup match = { NULL, hdev };
2994 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2997 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3000 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3001 !lmp_host_ssp_capable(hdev)) {
3004 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
3007 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
3008 struct hci_cp_write_le_host_supported cp;
3011 cp.simul = lmp_le_br_capable(hdev);
3013 /* Check first if we already have the right
3014 * host state (host features set)
3016 if (cp.le != lmp_host_le_capable(hdev) ||
3017 cp.simul != lmp_host_le_br_capable(hdev))
3019 HCI_OP_WRITE_LE_HOST_SUPPORTED,
3023 if (lmp_bredr_capable(hdev)) {
3024 set_bredr_scan(hdev);
3026 update_name(hdev, hdev->dev_name);
3030 u8 status = MGMT_STATUS_NOT_POWERED;
3031 u8 zero_cod[] = { 0, 0, 0 };
3033 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3035 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3036 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3037 zero_cod, sizeof(zero_cod), NULL);
3040 err = new_settings(hdev, match.sk);
3048 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3050 struct cmd_lookup match = { NULL, hdev };
3051 bool changed = false;
3055 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3058 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3062 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3066 err = new_settings(hdev, match.sk);
3074 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3076 struct cmd_lookup match = { NULL, hdev };
3077 bool changed = false;
3081 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3084 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3088 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3092 err = new_settings(hdev, match.sk);
3100 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3102 u8 mgmt_err = mgmt_status(status);
3104 if (scan & SCAN_PAGE)
3105 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3106 cmd_status_rsp, &mgmt_err);
3108 if (scan & SCAN_INQUIRY)
3109 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3110 cmd_status_rsp, &mgmt_err);
3115 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3118 struct mgmt_ev_new_link_key ev;
3120 memset(&ev, 0, sizeof(ev));
3122 ev.store_hint = persistent;
3123 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3124 ev.key.addr.type = BDADDR_BREDR;
3125 ev.key.type = key->type;
3126 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
3127 ev.key.pin_len = key->pin_len;
3129 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3132 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3134 struct mgmt_ev_new_long_term_key ev;
3136 memset(&ev, 0, sizeof(ev));
3138 ev.store_hint = persistent;
3139 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3140 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3141 ev.key.authenticated = key->authenticated;
3142 ev.key.enc_size = key->enc_size;
3143 ev.key.ediv = key->ediv;
3145 if (key->type == HCI_SMP_LTK)
3148 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3149 memcpy(ev.key.val, key->val, sizeof(key->val));
3151 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3155 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3156 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3160 struct mgmt_ev_device_connected *ev = (void *) buf;
3163 bacpy(&ev->addr.bdaddr, bdaddr);
3164 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3166 ev->flags = __cpu_to_le32(flags);
3169 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3172 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3173 eir_len = eir_append_data(ev->eir, eir_len,
3174 EIR_CLASS_OF_DEV, dev_class, 3);
3176 ev->eir_len = cpu_to_le16(eir_len);
3178 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3179 sizeof(*ev) + eir_len, NULL);
3182 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3184 struct mgmt_cp_disconnect *cp = cmd->param;
3185 struct sock **sk = data;
3186 struct mgmt_rp_disconnect rp;
3188 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3189 rp.addr.type = cp->addr.type;
3191 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3197 mgmt_pending_remove(cmd);
3200 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3202 struct hci_dev *hdev = data;
3203 struct mgmt_cp_unpair_device *cp = cmd->param;
3204 struct mgmt_rp_unpair_device rp;
3206 memset(&rp, 0, sizeof(rp));
3207 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3208 rp.addr.type = cp->addr.type;
3210 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3212 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3214 mgmt_pending_remove(cmd);
3217 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3218 u8 link_type, u8 addr_type, u8 reason)
3220 struct mgmt_ev_device_disconnected ev;
3221 struct sock *sk = NULL;
3224 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3226 bacpy(&ev.addr.bdaddr, bdaddr);
3227 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3230 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3236 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3242 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3243 u8 link_type, u8 addr_type, u8 status)
3245 struct mgmt_rp_disconnect rp;
3246 struct pending_cmd *cmd;
3249 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3252 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3256 bacpy(&rp.addr.bdaddr, bdaddr);
3257 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3259 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3260 mgmt_status(status), &rp, sizeof(rp));
3262 mgmt_pending_remove(cmd);
3267 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3268 u8 addr_type, u8 status)
3270 struct mgmt_ev_connect_failed ev;
3272 bacpy(&ev.addr.bdaddr, bdaddr);
3273 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3274 ev.status = mgmt_status(status);
3276 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3279 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3281 struct mgmt_ev_pin_code_request ev;
3283 bacpy(&ev.addr.bdaddr, bdaddr);
3284 ev.addr.type = BDADDR_BREDR;
3287 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3291 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3294 struct pending_cmd *cmd;
3295 struct mgmt_rp_pin_code_reply rp;
3298 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3302 bacpy(&rp.addr.bdaddr, bdaddr);
3303 rp.addr.type = BDADDR_BREDR;
3305 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3306 mgmt_status(status), &rp, sizeof(rp));
3308 mgmt_pending_remove(cmd);
3313 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3316 struct pending_cmd *cmd;
3317 struct mgmt_rp_pin_code_reply rp;
3320 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3324 bacpy(&rp.addr.bdaddr, bdaddr);
3325 rp.addr.type = BDADDR_BREDR;
3327 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3328 mgmt_status(status), &rp, sizeof(rp));
3330 mgmt_pending_remove(cmd);
3335 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3336 u8 link_type, u8 addr_type, __le32 value,
3339 struct mgmt_ev_user_confirm_request ev;
3341 BT_DBG("%s", hdev->name);
3343 bacpy(&ev.addr.bdaddr, bdaddr);
3344 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3345 ev.confirm_hint = confirm_hint;
3348 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3352 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3353 u8 link_type, u8 addr_type)
3355 struct mgmt_ev_user_passkey_request ev;
3357 BT_DBG("%s", hdev->name);
3359 bacpy(&ev.addr.bdaddr, bdaddr);
3360 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3362 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3366 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3367 u8 link_type, u8 addr_type, u8 status,
3370 struct pending_cmd *cmd;
3371 struct mgmt_rp_user_confirm_reply rp;
3374 cmd = mgmt_pending_find(opcode, hdev);
3378 bacpy(&rp.addr.bdaddr, bdaddr);
3379 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3380 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3383 mgmt_pending_remove(cmd);
3388 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3389 u8 link_type, u8 addr_type, u8 status)
3391 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3392 status, MGMT_OP_USER_CONFIRM_REPLY);
3395 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3396 u8 link_type, u8 addr_type, u8 status)
3398 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3400 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3403 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3404 u8 link_type, u8 addr_type, u8 status)
3406 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3407 status, MGMT_OP_USER_PASSKEY_REPLY);
3410 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3411 u8 link_type, u8 addr_type, u8 status)
3413 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3415 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3418 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3419 u8 link_type, u8 addr_type, u32 passkey,
3422 struct mgmt_ev_passkey_notify ev;
3424 BT_DBG("%s", hdev->name);
3426 bacpy(&ev.addr.bdaddr, bdaddr);
3427 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3428 ev.passkey = __cpu_to_le32(passkey);
3429 ev.entered = entered;
3431 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3434 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3435 u8 addr_type, u8 status)
3437 struct mgmt_ev_auth_failed ev;
3439 bacpy(&ev.addr.bdaddr, bdaddr);
3440 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3441 ev.status = mgmt_status(status);
3443 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3446 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3448 struct cmd_lookup match = { NULL, hdev };
3449 bool changed = false;
3453 u8 mgmt_err = mgmt_status(status);
3454 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3455 cmd_status_rsp, &mgmt_err);
3459 if (test_bit(HCI_AUTH, &hdev->flags)) {
3460 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3463 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3467 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3471 err = new_settings(hdev, match.sk);
3479 static int clear_eir(struct hci_dev *hdev)
3481 struct hci_cp_write_eir cp;
3483 if (!lmp_ext_inq_capable(hdev))
3486 memset(hdev->eir, 0, sizeof(hdev->eir));
3488 memset(&cp, 0, sizeof(cp));
3490 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3493 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3495 struct cmd_lookup match = { NULL, hdev };
3496 bool changed = false;
3500 u8 mgmt_err = mgmt_status(status);
3502 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3504 err = new_settings(hdev, NULL);
3506 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3513 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3516 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3520 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3523 err = new_settings(hdev, match.sk);
3528 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3536 static void class_rsp(struct pending_cmd *cmd, void *data)
3538 struct cmd_lookup *match = data;
3540 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3541 match->hdev->dev_class, 3);
3543 list_del(&cmd->list);
3545 if (match->sk == NULL) {
3546 match->sk = cmd->sk;
3547 sock_hold(match->sk);
3550 mgmt_pending_free(cmd);
3553 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3556 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3559 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3561 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3562 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3563 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3566 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3575 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3577 struct pending_cmd *cmd;
3578 struct mgmt_cp_set_local_name ev;
3579 bool changed = false;
3582 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3583 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3587 memset(&ev, 0, sizeof(ev));
3588 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3589 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3591 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3595 /* Always assume that either the short or the complete name has
3596 * changed if there was a pending mgmt command */
3600 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3601 mgmt_status(status));
3605 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3612 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3613 sizeof(ev), cmd ? cmd->sk : NULL);
3615 /* EIR is taken care of separately when powering on the
3616 * adapter so only update them here if this is a name change
3617 * unrelated to power on.
3619 if (!test_bit(HCI_INIT, &hdev->flags))
3624 mgmt_pending_remove(cmd);
3628 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3629 u8 *randomizer, u8 status)
3631 struct pending_cmd *cmd;
3634 BT_DBG("%s status %u", hdev->name, status);
3636 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3641 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3642 mgmt_status(status));
3644 struct mgmt_rp_read_local_oob_data rp;
3646 memcpy(rp.hash, hash, sizeof(rp.hash));
3647 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3649 err = cmd_complete(cmd->sk, hdev->id,
3650 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3654 mgmt_pending_remove(cmd);
3659 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3661 struct cmd_lookup match = { NULL, hdev };
3662 bool changed = false;
3666 u8 mgmt_err = mgmt_status(status);
3668 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3670 err = new_settings(hdev, NULL);
3672 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3679 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3682 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3686 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3689 err = new_settings(hdev, match.sk);
3697 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3698 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3699 ssp, u8 *eir, u16 eir_len)
3702 struct mgmt_ev_device_found *ev = (void *) buf;
3705 /* Leave 5 bytes for a potential CoD field */
3706 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3709 memset(buf, 0, sizeof(buf));
3711 bacpy(&ev->addr.bdaddr, bdaddr);
3712 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3715 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3717 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3720 memcpy(ev->eir, eir, eir_len);
3722 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3723 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3726 ev->eir_len = cpu_to_le16(eir_len);
3727 ev_size = sizeof(*ev) + eir_len;
3729 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3732 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3733 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3735 struct mgmt_ev_device_found *ev;
3736 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3739 ev = (struct mgmt_ev_device_found *) buf;
3741 memset(buf, 0, sizeof(buf));
3743 bacpy(&ev->addr.bdaddr, bdaddr);
3744 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3747 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3750 ev->eir_len = cpu_to_le16(eir_len);
3752 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3753 sizeof(*ev) + eir_len, NULL);
3756 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3758 struct pending_cmd *cmd;
3762 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3764 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3768 type = hdev->discovery.type;
3770 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3771 &type, sizeof(type));
3772 mgmt_pending_remove(cmd);
3777 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3779 struct pending_cmd *cmd;
3782 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3786 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3787 &hdev->discovery.type, sizeof(hdev->discovery.type));
3788 mgmt_pending_remove(cmd);
3793 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3795 struct mgmt_ev_discovering ev;
3796 struct pending_cmd *cmd;
3798 BT_DBG("%s discovering %u", hdev->name, discovering);
3801 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3803 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3806 u8 type = hdev->discovery.type;
3808 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3810 mgmt_pending_remove(cmd);
3813 memset(&ev, 0, sizeof(ev));
3814 ev.type = hdev->discovery.type;
3815 ev.discovering = discovering;
3817 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3820 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3822 struct pending_cmd *cmd;
3823 struct mgmt_ev_device_blocked ev;
3825 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3827 bacpy(&ev.addr.bdaddr, bdaddr);
3828 ev.addr.type = type;
3830 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3831 cmd ? cmd->sk : NULL);
3834 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3836 struct pending_cmd *cmd;
3837 struct mgmt_ev_device_unblocked ev;
3839 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3841 bacpy(&ev.addr.bdaddr, bdaddr);
3842 ev.addr.type = type;
3844 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3845 cmd ? cmd->sk : NULL);
3848 module_param(enable_hs, bool, 0644);
3849 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
projects / firefly-linux-kernel-4.4.55.git / blob