2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/kernel.h>
28 #include <linux/uaccess.h>
29 #include <linux/module.h>
30 #include <asm/unaligned.h>
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/mgmt.h>
35 #include <net/bluetooth/smp.h>
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 1
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
81 MGMT_OP_SET_DEVICE_ID,
84 static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
87 MGMT_EV_INDEX_REMOVED,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
100 MGMT_EV_DEVICE_FOUND,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
108 * These LE scan and inquiry parameters were chosen according to LE General
109 * Discovery Procedure specification.
111 #define LE_SCAN_TYPE 0x01
112 #define LE_SCAN_WIN 0x12
113 #define LE_SCAN_INT 0x12
114 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
115 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
117 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
118 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
120 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
122 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
123 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
126 struct list_head list;
134 /* HCI to MGMT error code conversion table */
135 static u8 mgmt_status_table[] = {
137 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
138 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
139 MGMT_STATUS_FAILED, /* Hardware Failure */
140 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
141 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
142 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
143 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
144 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
146 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
147 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
148 MGMT_STATUS_BUSY, /* Command Disallowed */
149 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
150 MGMT_STATUS_REJECTED, /* Rejected Security */
151 MGMT_STATUS_REJECTED, /* Rejected Personal */
152 MGMT_STATUS_TIMEOUT, /* Host Timeout */
153 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
155 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
156 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
157 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
158 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
159 MGMT_STATUS_BUSY, /* Repeated Attempts */
160 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
161 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
162 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
163 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
164 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
165 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
166 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
167 MGMT_STATUS_FAILED, /* Unspecified Error */
168 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
169 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
170 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
171 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
172 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
173 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
174 MGMT_STATUS_FAILED, /* Unit Link Key Used */
175 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
176 MGMT_STATUS_TIMEOUT, /* Instant Passed */
177 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
178 MGMT_STATUS_FAILED, /* Transaction Collision */
179 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
180 MGMT_STATUS_REJECTED, /* QoS Rejected */
181 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
182 MGMT_STATUS_REJECTED, /* Insufficient Security */
183 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
184 MGMT_STATUS_BUSY, /* Role Switch Pending */
185 MGMT_STATUS_FAILED, /* Slot Violation */
186 MGMT_STATUS_FAILED, /* Role Switch Failed */
187 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
188 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
189 MGMT_STATUS_BUSY, /* Host Busy Pairing */
190 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
191 MGMT_STATUS_BUSY, /* Controller Busy */
192 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
193 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
194 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
195 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
196 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
199 static u8 mgmt_status(u8 hci_status)
201 if (hci_status < ARRAY_SIZE(mgmt_status_table))
202 return mgmt_status_table[hci_status];
204 return MGMT_STATUS_FAILED;
207 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
210 struct mgmt_hdr *hdr;
211 struct mgmt_ev_cmd_status *ev;
214 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
216 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
220 hdr = (void *) skb_put(skb, sizeof(*hdr));
222 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
223 hdr->index = cpu_to_le16(index);
224 hdr->len = cpu_to_le16(sizeof(*ev));
226 ev = (void *) skb_put(skb, sizeof(*ev));
228 ev->opcode = cpu_to_le16(cmd);
230 err = sock_queue_rcv_skb(sk, skb);
237 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
238 void *rp, size_t rp_len)
241 struct mgmt_hdr *hdr;
242 struct mgmt_ev_cmd_complete *ev;
245 BT_DBG("sock %p", sk);
247 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
251 hdr = (void *) skb_put(skb, sizeof(*hdr));
253 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
254 hdr->index = cpu_to_le16(index);
255 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
257 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
258 ev->opcode = cpu_to_le16(cmd);
262 memcpy(ev->data, rp, rp_len);
264 err = sock_queue_rcv_skb(sk, skb);
271 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
274 struct mgmt_rp_read_version rp;
276 BT_DBG("sock %p", sk);
278 rp.version = MGMT_VERSION;
279 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
281 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
285 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
288 struct mgmt_rp_read_commands *rp;
289 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
290 const u16 num_events = ARRAY_SIZE(mgmt_events);
295 BT_DBG("sock %p", sk);
297 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
299 rp = kmalloc(rp_size, GFP_KERNEL);
303 rp->num_commands = __constant_cpu_to_le16(num_commands);
304 rp->num_events = __constant_cpu_to_le16(num_events);
306 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
307 put_unaligned_le16(mgmt_commands[i], opcode);
309 for (i = 0; i < num_events; i++, opcode++)
310 put_unaligned_le16(mgmt_events[i], opcode);
312 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
319 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
322 struct mgmt_rp_read_index_list *rp;
329 BT_DBG("sock %p", sk);
331 read_lock(&hci_dev_list_lock);
334 list_for_each(p, &hci_dev_list) {
338 rp_len = sizeof(*rp) + (2 * count);
339 rp = kmalloc(rp_len, GFP_ATOMIC);
341 read_unlock(&hci_dev_list_lock);
345 rp->num_controllers = cpu_to_le16(count);
348 list_for_each_entry(d, &hci_dev_list, list) {
349 if (test_bit(HCI_SETUP, &d->dev_flags))
352 rp->index[i++] = cpu_to_le16(d->id);
353 BT_DBG("Added hci%u", d->id);
356 read_unlock(&hci_dev_list_lock);
358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
366 static u32 get_supported_settings(struct hci_dev *hdev)
370 settings |= MGMT_SETTING_POWERED;
371 settings |= MGMT_SETTING_CONNECTABLE;
372 settings |= MGMT_SETTING_FAST_CONNECTABLE;
373 settings |= MGMT_SETTING_DISCOVERABLE;
374 settings |= MGMT_SETTING_PAIRABLE;
376 if (hdev->features[6] & LMP_SIMPLE_PAIR)
377 settings |= MGMT_SETTING_SSP;
379 if (!(hdev->features[4] & LMP_NO_BREDR)) {
380 settings |= MGMT_SETTING_BREDR;
381 settings |= MGMT_SETTING_LINK_SECURITY;
385 settings |= MGMT_SETTING_HS;
388 if (hdev->features[4] & LMP_LE)
389 settings |= MGMT_SETTING_LE;
395 static u32 get_current_settings(struct hci_dev *hdev)
399 if (hdev_is_powered(hdev))
400 settings |= MGMT_SETTING_POWERED;
402 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
403 settings |= MGMT_SETTING_CONNECTABLE;
405 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
406 settings |= MGMT_SETTING_DISCOVERABLE;
408 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
409 settings |= MGMT_SETTING_PAIRABLE;
411 if (!(hdev->features[4] & LMP_NO_BREDR))
412 settings |= MGMT_SETTING_BREDR;
414 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
415 settings |= MGMT_SETTING_LE;
417 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
418 settings |= MGMT_SETTING_LINK_SECURITY;
420 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_SSP;
423 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
424 settings |= MGMT_SETTING_HS;
429 #define PNP_INFO_SVCLASS_ID 0x1200
431 static u8 bluetooth_base_uuid[] = {
432 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
433 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
436 static u16 get_uuid16(u8 *uuid128)
441 for (i = 0; i < 12; i++) {
442 if (bluetooth_base_uuid[i] != uuid128[i])
446 val = get_unaligned_le32(&uuid128[12]);
453 static void create_eir(struct hci_dev *hdev, u8 *data)
457 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
458 int i, truncated = 0;
459 struct bt_uuid *uuid;
462 name_len = strlen(hdev->dev_name);
468 ptr[1] = EIR_NAME_SHORT;
470 ptr[1] = EIR_NAME_COMPLETE;
472 /* EIR Data length */
473 ptr[0] = name_len + 1;
475 memcpy(ptr + 2, hdev->dev_name, name_len);
477 eir_len += (name_len + 2);
478 ptr += (name_len + 2);
481 if (hdev->inq_tx_power) {
483 ptr[1] = EIR_TX_POWER;
484 ptr[2] = (u8) hdev->inq_tx_power;
490 if (hdev->devid_source > 0) {
492 ptr[1] = EIR_DEVICE_ID;
494 put_unaligned_le16(hdev->devid_source, ptr + 2);
495 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
496 put_unaligned_le16(hdev->devid_product, ptr + 6);
497 put_unaligned_le16(hdev->devid_version, ptr + 8);
503 memset(uuid16_list, 0, sizeof(uuid16_list));
505 /* Group all UUID16 types */
506 list_for_each_entry(uuid, &hdev->uuids, list) {
509 uuid16 = get_uuid16(uuid->uuid);
516 if (uuid16 == PNP_INFO_SVCLASS_ID)
519 /* Stop if not enough space to put next UUID */
520 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
525 /* Check for duplicates */
526 for (i = 0; uuid16_list[i] != 0; i++)
527 if (uuid16_list[i] == uuid16)
530 if (uuid16_list[i] == 0) {
531 uuid16_list[i] = uuid16;
532 eir_len += sizeof(u16);
536 if (uuid16_list[0] != 0) {
540 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
545 for (i = 0; uuid16_list[i] != 0; i++) {
546 *ptr++ = (uuid16_list[i] & 0x00ff);
547 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
550 /* EIR Data length */
551 *length = (i * sizeof(u16)) + 1;
555 static int update_eir(struct hci_dev *hdev)
557 struct hci_cp_write_eir cp;
559 if (!hdev_is_powered(hdev))
562 if (!(hdev->features[6] & LMP_EXT_INQ))
565 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
568 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
571 memset(&cp, 0, sizeof(cp));
573 create_eir(hdev, cp.data);
575 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
578 memcpy(hdev->eir, cp.data, sizeof(cp.data));
580 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
583 static u8 get_service_classes(struct hci_dev *hdev)
585 struct bt_uuid *uuid;
588 list_for_each_entry(uuid, &hdev->uuids, list)
589 val |= uuid->svc_hint;
594 static int update_class(struct hci_dev *hdev)
599 BT_DBG("%s", hdev->name);
601 if (!hdev_is_powered(hdev))
604 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
607 cod[0] = hdev->minor_class;
608 cod[1] = hdev->major_class;
609 cod[2] = get_service_classes(hdev);
611 if (memcmp(cod, hdev->dev_class, 3) == 0)
614 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
616 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
621 static void service_cache_off(struct work_struct *work)
623 struct hci_dev *hdev = container_of(work, struct hci_dev,
626 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
634 hci_dev_unlock(hdev);
637 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
639 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
642 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
644 /* Non-mgmt controlled devices get this bit set
645 * implicitly so that pairing works for them, however
646 * for mgmt we require user-space to explicitly enable
649 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
652 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
653 void *data, u16 data_len)
655 struct mgmt_rp_read_info rp;
657 BT_DBG("sock %p %s", sk, hdev->name);
661 memset(&rp, 0, sizeof(rp));
663 bacpy(&rp.bdaddr, &hdev->bdaddr);
665 rp.version = hdev->hci_ver;
666 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
668 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
669 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
671 memcpy(rp.dev_class, hdev->dev_class, 3);
673 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
674 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
676 hci_dev_unlock(hdev);
678 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
682 static void mgmt_pending_free(struct pending_cmd *cmd)
689 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
690 struct hci_dev *hdev, void *data,
693 struct pending_cmd *cmd;
695 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
699 cmd->opcode = opcode;
700 cmd->index = hdev->id;
702 cmd->param = kmalloc(len, GFP_ATOMIC);
709 memcpy(cmd->param, data, len);
714 list_add(&cmd->list, &hdev->mgmt_pending);
719 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
720 void (*cb)(struct pending_cmd *cmd, void *data),
723 struct list_head *p, *n;
725 list_for_each_safe(p, n, &hdev->mgmt_pending) {
726 struct pending_cmd *cmd;
728 cmd = list_entry(p, struct pending_cmd, list);
730 if (opcode > 0 && cmd->opcode != opcode)
737 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
739 struct pending_cmd *cmd;
741 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
742 if (cmd->opcode == opcode)
749 static void mgmt_pending_remove(struct pending_cmd *cmd)
751 list_del(&cmd->list);
752 mgmt_pending_free(cmd);
755 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
757 __le32 settings = cpu_to_le32(get_current_settings(hdev));
759 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
763 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
766 struct mgmt_mode *cp = data;
767 struct pending_cmd *cmd;
770 BT_DBG("request for %s", hdev->name);
774 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
775 cancel_delayed_work(&hdev->power_off);
778 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
779 mgmt_powered(hdev, 1);
784 if (!!cp->val == hdev_is_powered(hdev)) {
785 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
789 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
790 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
795 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
802 schedule_work(&hdev->power_on);
804 schedule_work(&hdev->power_off.work);
809 hci_dev_unlock(hdev);
813 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
814 struct sock *skip_sk)
817 struct mgmt_hdr *hdr;
819 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
823 hdr = (void *) skb_put(skb, sizeof(*hdr));
824 hdr->opcode = cpu_to_le16(event);
826 hdr->index = cpu_to_le16(hdev->id);
828 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
829 hdr->len = cpu_to_le16(data_len);
832 memcpy(skb_put(skb, data_len), data, data_len);
835 __net_timestamp(skb);
837 hci_send_to_control(skb, skip_sk);
843 static int new_settings(struct hci_dev *hdev, struct sock *skip)
847 ev = cpu_to_le32(get_current_settings(hdev));
849 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
852 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
855 struct mgmt_cp_set_discoverable *cp = data;
856 struct pending_cmd *cmd;
861 BT_DBG("request for %s", hdev->name);
863 timeout = __le16_to_cpu(cp->timeout);
864 if (!cp->val && timeout > 0)
865 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
866 MGMT_STATUS_INVALID_PARAMS);
870 if (!hdev_is_powered(hdev) && timeout > 0) {
871 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
872 MGMT_STATUS_NOT_POWERED);
876 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
877 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
878 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
883 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
884 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
885 MGMT_STATUS_REJECTED);
889 if (!hdev_is_powered(hdev)) {
890 bool changed = false;
892 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
893 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
897 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
902 err = new_settings(hdev, sk);
907 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
908 if (hdev->discov_timeout > 0) {
909 cancel_delayed_work(&hdev->discov_off);
910 hdev->discov_timeout = 0;
913 if (cp->val && timeout > 0) {
914 hdev->discov_timeout = timeout;
915 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
916 msecs_to_jiffies(hdev->discov_timeout * 1000));
919 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
923 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
932 scan |= SCAN_INQUIRY;
934 cancel_delayed_work(&hdev->discov_off);
936 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
938 mgmt_pending_remove(cmd);
941 hdev->discov_timeout = timeout;
944 hci_dev_unlock(hdev);
948 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
951 struct mgmt_mode *cp = data;
952 struct pending_cmd *cmd;
956 BT_DBG("request for %s", hdev->name);
960 if (!hdev_is_powered(hdev)) {
961 bool changed = false;
963 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
967 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
969 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
970 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
973 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
978 err = new_settings(hdev, sk);
983 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
984 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
985 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
990 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
991 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
995 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1006 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1007 hdev->discov_timeout > 0)
1008 cancel_delayed_work(&hdev->discov_off);
1011 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1013 mgmt_pending_remove(cmd);
1016 hci_dev_unlock(hdev);
1020 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1023 struct mgmt_mode *cp = data;
1026 BT_DBG("request for %s", hdev->name);
1031 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1033 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1035 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1039 err = new_settings(hdev, sk);
1042 hci_dev_unlock(hdev);
1046 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1049 struct mgmt_mode *cp = data;
1050 struct pending_cmd *cmd;
1054 BT_DBG("request for %s", hdev->name);
1058 if (!hdev_is_powered(hdev)) {
1059 bool changed = false;
1061 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1062 &hdev->dev_flags)) {
1063 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1067 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1072 err = new_settings(hdev, sk);
1077 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1078 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1085 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1086 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1090 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1096 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1098 mgmt_pending_remove(cmd);
1103 hci_dev_unlock(hdev);
1107 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1109 struct mgmt_mode *cp = data;
1110 struct pending_cmd *cmd;
1114 BT_DBG("request for %s", hdev->name);
1118 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1119 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1120 MGMT_STATUS_NOT_SUPPORTED);
1126 if (!hdev_is_powered(hdev)) {
1127 bool changed = false;
1129 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1130 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1134 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1139 err = new_settings(hdev, sk);
1144 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1145 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1150 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1151 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1155 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1161 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1163 mgmt_pending_remove(cmd);
1168 hci_dev_unlock(hdev);
1172 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1174 struct mgmt_mode *cp = data;
1176 BT_DBG("request for %s", hdev->name);
1179 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1180 MGMT_STATUS_NOT_SUPPORTED);
1183 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1185 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1187 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1190 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1192 struct mgmt_mode *cp = data;
1193 struct hci_cp_write_le_host_supported hci_cp;
1194 struct pending_cmd *cmd;
1198 BT_DBG("request for %s", hdev->name);
1202 if (!enable_le || !(hdev->features[4] & LMP_LE)) {
1203 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1204 MGMT_STATUS_NOT_SUPPORTED);
1209 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
1211 if (!hdev_is_powered(hdev) || val == enabled) {
1212 bool changed = false;
1214 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1215 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1219 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1224 err = new_settings(hdev, sk);
1229 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1230 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1235 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1241 memset(&hci_cp, 0, sizeof(hci_cp));
1245 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1248 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1251 mgmt_pending_remove(cmd);
1256 hci_dev_unlock(hdev);
1260 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1262 struct mgmt_cp_add_uuid *cp = data;
1263 struct pending_cmd *cmd;
1264 struct bt_uuid *uuid;
1267 BT_DBG("request for %s", hdev->name);
1271 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1272 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1277 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1283 memcpy(uuid->uuid, cp->uuid, 16);
1284 uuid->svc_hint = cp->svc_hint;
1286 list_add(&uuid->list, &hdev->uuids);
1288 err = update_class(hdev);
1292 err = update_eir(hdev);
1296 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1297 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1298 hdev->dev_class, 3);
1302 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1309 hci_dev_unlock(hdev);
1313 static bool enable_service_cache(struct hci_dev *hdev)
1315 if (!hdev_is_powered(hdev))
1318 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1319 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1326 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1329 struct mgmt_cp_remove_uuid *cp = data;
1330 struct pending_cmd *cmd;
1331 struct list_head *p, *n;
1332 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1335 BT_DBG("request for %s", hdev->name);
1339 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1340 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1345 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1346 err = hci_uuids_clear(hdev);
1348 if (enable_service_cache(hdev)) {
1349 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1350 0, hdev->dev_class, 3);
1359 list_for_each_safe(p, n, &hdev->uuids) {
1360 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1362 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1365 list_del(&match->list);
1370 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1371 MGMT_STATUS_INVALID_PARAMS);
1376 err = update_class(hdev);
1380 err = update_eir(hdev);
1384 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1385 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1386 hdev->dev_class, 3);
1390 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1397 hci_dev_unlock(hdev);
1401 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1404 struct mgmt_cp_set_dev_class *cp = data;
1405 struct pending_cmd *cmd;
1408 BT_DBG("request for %s", hdev->name);
1412 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1413 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1418 hdev->major_class = cp->major;
1419 hdev->minor_class = cp->minor;
1421 if (!hdev_is_powered(hdev)) {
1422 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1423 hdev->dev_class, 3);
1427 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1428 hci_dev_unlock(hdev);
1429 cancel_delayed_work_sync(&hdev->service_cache);
1434 err = update_class(hdev);
1438 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1439 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1440 hdev->dev_class, 3);
1444 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1451 hci_dev_unlock(hdev);
1455 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1458 struct mgmt_cp_load_link_keys *cp = data;
1459 u16 key_count, expected_len;
1462 key_count = __le16_to_cpu(cp->key_count);
1464 expected_len = sizeof(*cp) + key_count *
1465 sizeof(struct mgmt_link_key_info);
1466 if (expected_len != len) {
1467 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1469 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1470 MGMT_STATUS_INVALID_PARAMS);
1473 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1478 hci_link_keys_clear(hdev);
1480 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1483 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1485 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1487 for (i = 0; i < key_count; i++) {
1488 struct mgmt_link_key_info *key = &cp->keys[i];
1490 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1491 key->type, key->pin_len);
1494 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1496 hci_dev_unlock(hdev);
1501 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1502 u8 addr_type, struct sock *skip_sk)
1504 struct mgmt_ev_device_unpaired ev;
1506 bacpy(&ev.addr.bdaddr, bdaddr);
1507 ev.addr.type = addr_type;
1509 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1513 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1516 struct mgmt_cp_unpair_device *cp = data;
1517 struct mgmt_rp_unpair_device rp;
1518 struct hci_cp_disconnect dc;
1519 struct pending_cmd *cmd;
1520 struct hci_conn *conn;
1525 memset(&rp, 0, sizeof(rp));
1526 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1527 rp.addr.type = cp->addr.type;
1529 if (!hdev_is_powered(hdev)) {
1530 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1531 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1535 if (cp->addr.type == MGMT_ADDR_BREDR)
1536 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1538 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1541 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1542 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1546 if (cp->disconnect) {
1547 if (cp->addr.type == MGMT_ADDR_BREDR)
1548 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1551 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1558 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1560 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1564 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1571 dc.handle = cpu_to_le16(conn->handle);
1572 dc.reason = 0x13; /* Remote User Terminated Connection */
1573 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1575 mgmt_pending_remove(cmd);
1578 hci_dev_unlock(hdev);
1582 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1585 struct mgmt_cp_disconnect *cp = data;
1586 struct hci_cp_disconnect dc;
1587 struct pending_cmd *cmd;
1588 struct hci_conn *conn;
1595 if (!test_bit(HCI_UP, &hdev->flags)) {
1596 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1597 MGMT_STATUS_NOT_POWERED);
1601 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1602 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1607 if (cp->addr.type == MGMT_ADDR_BREDR)
1608 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1610 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1613 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1614 MGMT_STATUS_NOT_CONNECTED);
1618 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1624 dc.handle = cpu_to_le16(conn->handle);
1625 dc.reason = 0x13; /* Remote User Terminated Connection */
1627 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1629 mgmt_pending_remove(cmd);
1632 hci_dev_unlock(hdev);
1636 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1638 switch (link_type) {
1640 switch (addr_type) {
1641 case ADDR_LE_DEV_PUBLIC:
1642 return MGMT_ADDR_LE_PUBLIC;
1645 /* Fallback to LE Random address type */
1646 return MGMT_ADDR_LE_RANDOM;
1650 /* Fallback to BR/EDR type */
1651 return MGMT_ADDR_BREDR;
1655 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1658 struct mgmt_rp_get_connections *rp;
1668 if (!hdev_is_powered(hdev)) {
1669 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1670 MGMT_STATUS_NOT_POWERED);
1675 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1676 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1680 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1681 rp = kmalloc(rp_len, GFP_ATOMIC);
1688 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1689 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1691 bacpy(&rp->addr[i].bdaddr, &c->dst);
1692 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1693 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1698 rp->conn_count = cpu_to_le16(i);
1700 /* Recalculate length in case of filtered SCO connections, etc */
1701 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1703 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1709 hci_dev_unlock(hdev);
1713 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1714 struct mgmt_cp_pin_code_neg_reply *cp)
1716 struct pending_cmd *cmd;
1719 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1724 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1725 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1727 mgmt_pending_remove(cmd);
1732 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1735 struct hci_conn *conn;
1736 struct mgmt_cp_pin_code_reply *cp = data;
1737 struct hci_cp_pin_code_reply reply;
1738 struct pending_cmd *cmd;
1745 if (!hdev_is_powered(hdev)) {
1746 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1747 MGMT_STATUS_NOT_POWERED);
1751 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1753 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1754 MGMT_STATUS_NOT_CONNECTED);
1758 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1759 struct mgmt_cp_pin_code_neg_reply ncp;
1761 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1763 BT_ERR("PIN code is not 16 bytes long");
1765 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1767 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1768 MGMT_STATUS_INVALID_PARAMS);
1773 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1779 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1780 reply.pin_len = cp->pin_len;
1781 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1783 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1785 mgmt_pending_remove(cmd);
1788 hci_dev_unlock(hdev);
1792 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1793 void *data, u16 len)
1795 struct mgmt_cp_pin_code_neg_reply *cp = data;
1802 if (!hdev_is_powered(hdev)) {
1803 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
1804 MGMT_STATUS_NOT_POWERED);
1808 err = send_pin_code_neg_reply(sk, hdev, cp);
1811 hci_dev_unlock(hdev);
1815 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1818 struct mgmt_cp_set_io_capability *cp = data;
1824 hdev->io_capability = cp->io_capability;
1826 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1827 hdev->io_capability);
1829 hci_dev_unlock(hdev);
1831 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1835 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1837 struct hci_dev *hdev = conn->hdev;
1838 struct pending_cmd *cmd;
1840 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1841 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1844 if (cmd->user_data != conn)
1853 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1855 struct mgmt_rp_pair_device rp;
1856 struct hci_conn *conn = cmd->user_data;
1858 bacpy(&rp.addr.bdaddr, &conn->dst);
1859 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1861 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1864 /* So we don't get further callbacks for this connection */
1865 conn->connect_cfm_cb = NULL;
1866 conn->security_cfm_cb = NULL;
1867 conn->disconn_cfm_cb = NULL;
1871 mgmt_pending_remove(cmd);
1874 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1876 struct pending_cmd *cmd;
1878 BT_DBG("status %u", status);
1880 cmd = find_pairing(conn);
1882 BT_DBG("Unable to find a pending command");
1884 pairing_complete(cmd, mgmt_status(status));
1887 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1890 struct mgmt_cp_pair_device *cp = data;
1891 struct mgmt_rp_pair_device rp;
1892 struct pending_cmd *cmd;
1893 u8 sec_level, auth_type;
1894 struct hci_conn *conn;
1901 if (!hdev_is_powered(hdev)) {
1902 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1903 MGMT_STATUS_NOT_POWERED);
1907 sec_level = BT_SECURITY_MEDIUM;
1908 if (cp->io_cap == 0x03)
1909 auth_type = HCI_AT_DEDICATED_BONDING;
1911 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1913 if (cp->addr.type == MGMT_ADDR_BREDR)
1914 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1917 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1920 memset(&rp, 0, sizeof(rp));
1921 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1922 rp.addr.type = cp->addr.type;
1925 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1926 MGMT_STATUS_CONNECT_FAILED, &rp,
1931 if (conn->connect_cfm_cb) {
1933 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1934 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1938 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1945 /* For LE, just connecting isn't a proof that the pairing finished */
1946 if (cp->addr.type == MGMT_ADDR_BREDR)
1947 conn->connect_cfm_cb = pairing_complete_cb;
1949 conn->security_cfm_cb = pairing_complete_cb;
1950 conn->disconn_cfm_cb = pairing_complete_cb;
1951 conn->io_capability = cp->io_cap;
1952 cmd->user_data = conn;
1954 if (conn->state == BT_CONNECTED &&
1955 hci_conn_security(conn, sec_level, auth_type))
1956 pairing_complete(cmd, 0);
1961 hci_dev_unlock(hdev);
1965 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1968 struct mgmt_addr_info *addr = data;
1969 struct pending_cmd *cmd;
1970 struct hci_conn *conn;
1977 if (!hdev_is_powered(hdev)) {
1978 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1979 MGMT_STATUS_NOT_POWERED);
1983 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1985 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1986 MGMT_STATUS_INVALID_PARAMS);
1990 conn = cmd->user_data;
1992 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1993 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1994 MGMT_STATUS_INVALID_PARAMS);
1998 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2000 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2001 addr, sizeof(*addr));
2003 hci_dev_unlock(hdev);
2007 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2008 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2009 u16 hci_op, __le32 passkey)
2011 struct pending_cmd *cmd;
2012 struct hci_conn *conn;
2017 if (!hdev_is_powered(hdev)) {
2018 err = cmd_status(sk, hdev->id, mgmt_op,
2019 MGMT_STATUS_NOT_POWERED);
2023 if (type == MGMT_ADDR_BREDR)
2024 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2026 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2029 err = cmd_status(sk, hdev->id, mgmt_op,
2030 MGMT_STATUS_NOT_CONNECTED);
2034 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
2035 /* Continue with pairing via SMP */
2036 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2039 err = cmd_status(sk, hdev->id, mgmt_op,
2040 MGMT_STATUS_SUCCESS);
2042 err = cmd_status(sk, hdev->id, mgmt_op,
2043 MGMT_STATUS_FAILED);
2048 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2054 /* Continue with pairing via HCI */
2055 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2056 struct hci_cp_user_passkey_reply cp;
2058 bacpy(&cp.bdaddr, bdaddr);
2059 cp.passkey = passkey;
2060 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2062 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2065 mgmt_pending_remove(cmd);
2068 hci_dev_unlock(hdev);
2072 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2075 struct mgmt_cp_user_confirm_reply *cp = data;
2079 if (len != sizeof(*cp))
2080 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2081 MGMT_STATUS_INVALID_PARAMS);
2083 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2084 MGMT_OP_USER_CONFIRM_REPLY,
2085 HCI_OP_USER_CONFIRM_REPLY, 0);
2088 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2089 void *data, u16 len)
2091 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2095 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2096 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2097 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2100 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2103 struct mgmt_cp_user_passkey_reply *cp = data;
2107 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2108 MGMT_OP_USER_PASSKEY_REPLY,
2109 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2112 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2113 void *data, u16 len)
2115 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2119 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2120 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2121 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2124 static int update_name(struct hci_dev *hdev, const char *name)
2126 struct hci_cp_write_local_name cp;
2128 memcpy(cp.name, name, sizeof(cp.name));
2130 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2133 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2136 struct mgmt_cp_set_local_name *cp = data;
2137 struct pending_cmd *cmd;
2144 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2146 if (!hdev_is_powered(hdev)) {
2147 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2149 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2154 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2160 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2166 err = update_name(hdev, cp->name);
2168 mgmt_pending_remove(cmd);
2171 hci_dev_unlock(hdev);
2175 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2176 void *data, u16 data_len)
2178 struct pending_cmd *cmd;
2181 BT_DBG("%s", hdev->name);
2185 if (!hdev_is_powered(hdev)) {
2186 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2187 MGMT_STATUS_NOT_POWERED);
2191 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2192 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2193 MGMT_STATUS_NOT_SUPPORTED);
2197 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2198 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2203 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2209 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2211 mgmt_pending_remove(cmd);
2214 hci_dev_unlock(hdev);
2218 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2219 void *data, u16 len)
2221 struct mgmt_cp_add_remote_oob_data *cp = data;
2225 BT_DBG("%s ", hdev->name);
2229 if (!hdev_is_powered(hdev)) {
2230 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
2231 MGMT_STATUS_NOT_POWERED, &cp->addr,
2236 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2239 status = MGMT_STATUS_FAILED;
2243 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2244 &cp->addr, sizeof(cp->addr));
2247 hci_dev_unlock(hdev);
2251 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2252 void *data, u16 len)
2254 struct mgmt_cp_remove_remote_oob_data *cp = data;
2258 BT_DBG("%s", hdev->name);
2262 if (!hdev_is_powered(hdev)) {
2263 err = cmd_complete(sk, hdev->id,
2264 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2265 MGMT_STATUS_NOT_POWERED, &cp->addr,
2270 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2272 status = MGMT_STATUS_INVALID_PARAMS;
2276 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2277 status, &cp->addr, sizeof(cp->addr));
2280 hci_dev_unlock(hdev);
2284 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2288 BT_DBG("%s", hdev->name);
2292 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2294 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2296 hci_dev_unlock(hdev);
2301 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2302 void *data, u16 len)
2304 struct mgmt_cp_start_discovery *cp = data;
2305 struct pending_cmd *cmd;
2308 BT_DBG("%s", hdev->name);
2312 if (!hdev_is_powered(hdev)) {
2313 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2314 MGMT_STATUS_NOT_POWERED);
2318 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2319 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2324 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2325 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2330 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2336 hdev->discovery.type = cp->type;
2338 switch (hdev->discovery.type) {
2339 case DISCOV_TYPE_BREDR:
2340 if (lmp_bredr_capable(hdev))
2341 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2346 case DISCOV_TYPE_LE:
2347 if (lmp_host_le_capable(hdev))
2348 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2349 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2354 case DISCOV_TYPE_INTERLEAVED:
2355 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2356 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2358 LE_SCAN_TIMEOUT_BREDR_LE);
2368 mgmt_pending_remove(cmd);
2370 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2373 hci_dev_unlock(hdev);
2377 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2380 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2381 struct pending_cmd *cmd;
2382 struct hci_cp_remote_name_req_cancel cp;
2383 struct inquiry_entry *e;
2386 BT_DBG("%s", hdev->name);
2390 if (!hci_discovery_active(hdev)) {
2391 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2392 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2393 sizeof(mgmt_cp->type));
2397 if (hdev->discovery.type != mgmt_cp->type) {
2398 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2399 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2400 sizeof(mgmt_cp->type));
2404 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2410 switch (hdev->discovery.state) {
2411 case DISCOVERY_FINDING:
2412 if (test_bit(HCI_INQUIRY, &hdev->flags))
2413 err = hci_cancel_inquiry(hdev);
2415 err = hci_cancel_le_scan(hdev);
2419 case DISCOVERY_RESOLVING:
2420 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2423 mgmt_pending_remove(cmd);
2424 err = cmd_complete(sk, hdev->id,
2425 MGMT_OP_STOP_DISCOVERY, 0,
2427 sizeof(mgmt_cp->type));
2428 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2432 bacpy(&cp.bdaddr, &e->data.bdaddr);
2433 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2439 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2444 mgmt_pending_remove(cmd);
2446 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2449 hci_dev_unlock(hdev);
2453 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2456 struct mgmt_cp_confirm_name *cp = data;
2457 struct inquiry_entry *e;
2460 BT_DBG("%s", hdev->name);
2464 if (!hci_discovery_active(hdev)) {
2465 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2466 MGMT_STATUS_FAILED);
2470 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2472 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2473 MGMT_STATUS_INVALID_PARAMS);
2477 if (cp->name_known) {
2478 e->name_state = NAME_KNOWN;
2481 e->name_state = NAME_NEEDED;
2482 hci_inquiry_cache_update_resolve(hdev, e);
2488 hci_dev_unlock(hdev);
2492 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2495 struct mgmt_cp_block_device *cp = data;
2499 BT_DBG("%s", hdev->name);
2503 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2505 status = MGMT_STATUS_FAILED;
2509 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2510 &cp->addr, sizeof(cp->addr));
2512 hci_dev_unlock(hdev);
2517 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2520 struct mgmt_cp_unblock_device *cp = data;
2524 BT_DBG("%s", hdev->name);
2528 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2530 status = MGMT_STATUS_INVALID_PARAMS;
2534 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2535 &cp->addr, sizeof(cp->addr));
2537 hci_dev_unlock(hdev);
2542 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2545 struct mgmt_cp_set_device_id *cp = data;
2549 BT_DBG("%s", hdev->name);
2551 source = __le16_to_cpu(cp->source);
2553 if (source > 0x0002)
2554 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2555 MGMT_STATUS_INVALID_PARAMS);
2559 hdev->devid_source = source;
2560 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2561 hdev->devid_product = __le16_to_cpu(cp->product);
2562 hdev->devid_version = __le16_to_cpu(cp->version);
2564 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2568 hci_dev_unlock(hdev);
2573 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2574 void *data, u16 len)
2576 struct mgmt_mode *cp = data;
2577 struct hci_cp_write_page_scan_activity acp;
2581 BT_DBG("%s", hdev->name);
2583 if (!hdev_is_powered(hdev))
2584 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2585 MGMT_STATUS_NOT_POWERED);
2587 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2588 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2589 MGMT_STATUS_REJECTED);
2594 type = PAGE_SCAN_TYPE_INTERLACED;
2596 /* 22.5 msec page scan interval */
2597 acp.interval = __constant_cpu_to_le16(0x0024);
2599 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2601 /* default 1.28 sec page scan */
2602 acp.interval = __constant_cpu_to_le16(0x0800);
2605 /* default 11.25 msec page scan window */
2606 acp.window = __constant_cpu_to_le16(0x0012);
2608 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2611 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2612 MGMT_STATUS_FAILED);
2616 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2618 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2619 MGMT_STATUS_FAILED);
2623 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2626 hci_dev_unlock(hdev);
2630 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2631 void *cp_data, u16 len)
2633 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2634 u16 key_count, expected_len;
2637 key_count = __le16_to_cpu(cp->key_count);
2639 expected_len = sizeof(*cp) + key_count *
2640 sizeof(struct mgmt_ltk_info);
2641 if (expected_len != len) {
2642 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2644 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2648 BT_DBG("%s key_count %u", hdev->name, key_count);
2652 hci_smp_ltks_clear(hdev);
2654 for (i = 0; i < key_count; i++) {
2655 struct mgmt_ltk_info *key = &cp->keys[i];
2661 type = HCI_SMP_LTK_SLAVE;
2663 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2664 type, 0, key->authenticated, key->val,
2665 key->enc_size, key->ediv, key->rand);
2668 hci_dev_unlock(hdev);
2673 static const struct mgmt_handler {
2674 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2678 } mgmt_handlers[] = {
2679 { NULL }, /* 0x0000 (no command) */
2680 { read_version, false, MGMT_READ_VERSION_SIZE },
2681 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2682 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2683 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2684 { set_powered, false, MGMT_SETTING_SIZE },
2685 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2686 { set_connectable, false, MGMT_SETTING_SIZE },
2687 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2688 { set_pairable, false, MGMT_SETTING_SIZE },
2689 { set_link_security, false, MGMT_SETTING_SIZE },
2690 { set_ssp, false, MGMT_SETTING_SIZE },
2691 { set_hs, false, MGMT_SETTING_SIZE },
2692 { set_le, false, MGMT_SETTING_SIZE },
2693 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2694 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2695 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2696 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2697 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2698 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2699 { disconnect, false, MGMT_DISCONNECT_SIZE },
2700 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2701 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2702 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2703 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2704 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2705 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2706 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2707 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2708 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2709 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2710 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2711 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2712 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2713 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2714 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2715 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2716 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2717 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2718 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2719 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2723 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2727 struct mgmt_hdr *hdr;
2728 u16 opcode, index, len;
2729 struct hci_dev *hdev = NULL;
2730 const struct mgmt_handler *handler;
2733 BT_DBG("got %zu bytes", msglen);
2735 if (msglen < sizeof(*hdr))
2738 buf = kmalloc(msglen, GFP_KERNEL);
2742 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2748 opcode = __le16_to_cpu(hdr->opcode);
2749 index = __le16_to_cpu(hdr->index);
2750 len = __le16_to_cpu(hdr->len);
2752 if (len != msglen - sizeof(*hdr)) {
2757 if (index != MGMT_INDEX_NONE) {
2758 hdev = hci_dev_get(index);
2760 err = cmd_status(sk, index, opcode,
2761 MGMT_STATUS_INVALID_INDEX);
2766 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2767 mgmt_handlers[opcode].func == NULL) {
2768 BT_DBG("Unknown op %u", opcode);
2769 err = cmd_status(sk, index, opcode,
2770 MGMT_STATUS_UNKNOWN_COMMAND);
2774 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2775 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2776 err = cmd_status(sk, index, opcode,
2777 MGMT_STATUS_INVALID_INDEX);
2781 handler = &mgmt_handlers[opcode];
2783 if ((handler->var_len && len < handler->data_len) ||
2784 (!handler->var_len && len != handler->data_len)) {
2785 err = cmd_status(sk, index, opcode,
2786 MGMT_STATUS_INVALID_PARAMS);
2791 mgmt_init_hdev(sk, hdev);
2793 cp = buf + sizeof(*hdr);
2795 err = handler->func(sk, hdev, cp, len);
2809 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2813 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2814 mgmt_pending_remove(cmd);
2817 int mgmt_index_added(struct hci_dev *hdev)
2819 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2822 int mgmt_index_removed(struct hci_dev *hdev)
2824 u8 status = MGMT_STATUS_INVALID_INDEX;
2826 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2828 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2833 struct hci_dev *hdev;
2837 static void settings_rsp(struct pending_cmd *cmd, void *data)
2839 struct cmd_lookup *match = data;
2841 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2843 list_del(&cmd->list);
2845 if (match->sk == NULL) {
2846 match->sk = cmd->sk;
2847 sock_hold(match->sk);
2850 mgmt_pending_free(cmd);
2853 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2855 struct cmd_lookup match = { NULL, hdev };
2858 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2861 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2866 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2868 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2869 scan |= SCAN_INQUIRY;
2872 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2875 update_name(hdev, hdev->dev_name);
2878 u8 status = MGMT_STATUS_NOT_POWERED;
2879 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2882 err = new_settings(hdev, match.sk);
2890 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2892 struct cmd_lookup match = { NULL, hdev };
2893 bool changed = false;
2897 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2900 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2904 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2908 err = new_settings(hdev, match.sk);
2916 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2918 struct cmd_lookup match = { NULL, hdev };
2919 bool changed = false;
2923 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2926 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2930 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2934 err = new_settings(hdev, match.sk);
2942 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2944 u8 mgmt_err = mgmt_status(status);
2946 if (scan & SCAN_PAGE)
2947 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2948 cmd_status_rsp, &mgmt_err);
2950 if (scan & SCAN_INQUIRY)
2951 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2952 cmd_status_rsp, &mgmt_err);
2957 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, bool persistent)
2959 struct mgmt_ev_new_link_key ev;
2961 memset(&ev, 0, sizeof(ev));
2963 ev.store_hint = persistent;
2964 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2965 ev.key.addr.type = MGMT_ADDR_BREDR;
2966 ev.key.type = key->type;
2967 memcpy(ev.key.val, key->val, 16);
2968 ev.key.pin_len = key->pin_len;
2970 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2973 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2975 struct mgmt_ev_new_long_term_key ev;
2977 memset(&ev, 0, sizeof(ev));
2979 ev.store_hint = persistent;
2980 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2981 ev.key.addr.type = link_to_mgmt(LE_LINK, key->bdaddr_type);
2982 ev.key.authenticated = key->authenticated;
2983 ev.key.enc_size = key->enc_size;
2984 ev.key.ediv = key->ediv;
2986 if (key->type == HCI_SMP_LTK)
2989 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2990 memcpy(ev.key.val, key->val, sizeof(key->val));
2992 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
2996 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2997 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3001 struct mgmt_ev_device_connected *ev = (void *) buf;
3004 bacpy(&ev->addr.bdaddr, bdaddr);
3005 ev->addr.type = link_to_mgmt(link_type, addr_type);
3007 ev->flags = __cpu_to_le32(flags);
3010 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3013 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3014 eir_len = eir_append_data(ev->eir, eir_len,
3015 EIR_CLASS_OF_DEV, dev_class, 3);
3017 ev->eir_len = cpu_to_le16(eir_len);
3019 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3020 sizeof(*ev) + eir_len, NULL);
3023 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3025 struct mgmt_cp_disconnect *cp = cmd->param;
3026 struct sock **sk = data;
3027 struct mgmt_rp_disconnect rp;
3029 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3030 rp.addr.type = cp->addr.type;
3032 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3038 mgmt_pending_remove(cmd);
3041 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3043 struct hci_dev *hdev = data;
3044 struct mgmt_cp_unpair_device *cp = cmd->param;
3045 struct mgmt_rp_unpair_device rp;
3047 memset(&rp, 0, sizeof(rp));
3048 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3049 rp.addr.type = cp->addr.type;
3051 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3053 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3055 mgmt_pending_remove(cmd);
3058 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3059 u8 link_type, u8 addr_type)
3061 struct mgmt_addr_info ev;
3062 struct sock *sk = NULL;
3065 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3067 bacpy(&ev.bdaddr, bdaddr);
3068 ev.type = link_to_mgmt(link_type, addr_type);
3070 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3076 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3082 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3083 u8 link_type, u8 addr_type, u8 status)
3085 struct mgmt_rp_disconnect rp;
3086 struct pending_cmd *cmd;
3089 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3093 bacpy(&rp.addr.bdaddr, bdaddr);
3094 rp.addr.type = link_to_mgmt(link_type, addr_type);
3096 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3097 mgmt_status(status), &rp, sizeof(rp));
3099 mgmt_pending_remove(cmd);
3101 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3106 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3107 u8 addr_type, u8 status)
3109 struct mgmt_ev_connect_failed ev;
3111 bacpy(&ev.addr.bdaddr, bdaddr);
3112 ev.addr.type = link_to_mgmt(link_type, addr_type);
3113 ev.status = mgmt_status(status);
3115 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3118 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3120 struct mgmt_ev_pin_code_request ev;
3122 bacpy(&ev.addr.bdaddr, bdaddr);
3123 ev.addr.type = MGMT_ADDR_BREDR;
3126 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3130 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3133 struct pending_cmd *cmd;
3134 struct mgmt_rp_pin_code_reply rp;
3137 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3141 bacpy(&rp.addr.bdaddr, bdaddr);
3142 rp.addr.type = MGMT_ADDR_BREDR;
3144 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3145 mgmt_status(status), &rp, sizeof(rp));
3147 mgmt_pending_remove(cmd);
3152 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3155 struct pending_cmd *cmd;
3156 struct mgmt_rp_pin_code_reply rp;
3159 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3163 bacpy(&rp.addr.bdaddr, bdaddr);
3164 rp.addr.type = MGMT_ADDR_BREDR;
3166 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3167 mgmt_status(status), &rp, sizeof(rp));
3169 mgmt_pending_remove(cmd);
3174 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3175 u8 link_type, u8 addr_type, __le32 value,
3178 struct mgmt_ev_user_confirm_request ev;
3180 BT_DBG("%s", hdev->name);
3182 bacpy(&ev.addr.bdaddr, bdaddr);
3183 ev.addr.type = link_to_mgmt(link_type, addr_type);
3184 ev.confirm_hint = confirm_hint;
3187 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3191 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3192 u8 link_type, u8 addr_type)
3194 struct mgmt_ev_user_passkey_request ev;
3196 BT_DBG("%s", hdev->name);
3198 bacpy(&ev.addr.bdaddr, bdaddr);
3199 ev.addr.type = link_to_mgmt(link_type, addr_type);
3201 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3205 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3206 u8 link_type, u8 addr_type, u8 status,
3209 struct pending_cmd *cmd;
3210 struct mgmt_rp_user_confirm_reply rp;
3213 cmd = mgmt_pending_find(opcode, hdev);
3217 bacpy(&rp.addr.bdaddr, bdaddr);
3218 rp.addr.type = link_to_mgmt(link_type, addr_type);
3219 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3222 mgmt_pending_remove(cmd);
3227 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3228 u8 link_type, u8 addr_type, u8 status)
3230 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3231 status, MGMT_OP_USER_CONFIRM_REPLY);
3234 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3235 u8 link_type, u8 addr_type, u8 status)
3237 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3238 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
3241 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3242 u8 link_type, u8 addr_type, u8 status)
3244 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3245 status, MGMT_OP_USER_PASSKEY_REPLY);
3248 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3249 u8 link_type, u8 addr_type, u8 status)
3251 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3252 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
3255 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3256 u8 addr_type, u8 status)
3258 struct mgmt_ev_auth_failed ev;
3260 bacpy(&ev.addr.bdaddr, bdaddr);
3261 ev.addr.type = link_to_mgmt(link_type, addr_type);
3262 ev.status = mgmt_status(status);
3264 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3267 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3269 struct cmd_lookup match = { NULL, hdev };
3270 bool changed = false;
3274 u8 mgmt_err = mgmt_status(status);
3275 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3276 cmd_status_rsp, &mgmt_err);
3280 if (test_bit(HCI_AUTH, &hdev->flags)) {
3281 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3284 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3288 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3292 err = new_settings(hdev, match.sk);
3300 static int clear_eir(struct hci_dev *hdev)
3302 struct hci_cp_write_eir cp;
3304 if (!(hdev->features[6] & LMP_EXT_INQ))
3307 memset(hdev->eir, 0, sizeof(hdev->eir));
3309 memset(&cp, 0, sizeof(cp));
3311 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3314 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3316 struct cmd_lookup match = { NULL, hdev };
3317 bool changed = false;
3321 u8 mgmt_err = mgmt_status(status);
3323 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3325 err = new_settings(hdev, NULL);
3327 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3334 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3337 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3341 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3344 err = new_settings(hdev, match.sk);
3349 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3357 static void class_rsp(struct pending_cmd *cmd, void *data)
3359 struct cmd_lookup *match = data;
3361 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3362 match->hdev->dev_class, 3);
3364 list_del(&cmd->list);
3366 if (match->sk == NULL) {
3367 match->sk = cmd->sk;
3368 sock_hold(match->sk);
3371 mgmt_pending_free(cmd);
3374 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3377 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3380 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3382 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3383 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3384 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3387 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3396 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3398 struct pending_cmd *cmd;
3399 struct mgmt_cp_set_local_name ev;
3400 bool changed = false;
3403 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3404 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3408 memset(&ev, 0, sizeof(ev));
3409 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3410 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3412 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3416 /* Always assume that either the short or the complete name has
3417 * changed if there was a pending mgmt command */
3421 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3422 mgmt_status(status));
3426 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3433 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3434 sizeof(ev), cmd ? cmd->sk : NULL);
3440 mgmt_pending_remove(cmd);
3444 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3445 u8 *randomizer, u8 status)
3447 struct pending_cmd *cmd;
3450 BT_DBG("%s status %u", hdev->name, status);
3452 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3457 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3458 mgmt_status(status));
3460 struct mgmt_rp_read_local_oob_data rp;
3462 memcpy(rp.hash, hash, sizeof(rp.hash));
3463 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3465 err = cmd_complete(cmd->sk, hdev->id,
3466 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3470 mgmt_pending_remove(cmd);
3475 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3477 struct cmd_lookup match = { NULL, hdev };
3478 bool changed = false;
3482 u8 mgmt_err = mgmt_status(status);
3484 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3486 err = new_settings(hdev, NULL);
3488 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3495 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3498 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3502 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3505 err = new_settings(hdev, match.sk);
3513 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3514 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3515 ssp, u8 *eir, u16 eir_len)
3518 struct mgmt_ev_device_found *ev = (void *) buf;
3521 /* Leave 5 bytes for a potential CoD field */
3522 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3525 memset(buf, 0, sizeof(buf));
3527 bacpy(&ev->addr.bdaddr, bdaddr);
3528 ev->addr.type = link_to_mgmt(link_type, addr_type);
3531 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME;
3533 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING;
3536 memcpy(ev->eir, eir, eir_len);
3538 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3539 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3542 ev->eir_len = cpu_to_le16(eir_len);
3544 ev_size = sizeof(*ev) + eir_len;
3546 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3549 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3550 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3552 struct mgmt_ev_device_found *ev;
3553 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3556 ev = (struct mgmt_ev_device_found *) buf;
3558 memset(buf, 0, sizeof(buf));
3560 bacpy(&ev->addr.bdaddr, bdaddr);
3561 ev->addr.type = link_to_mgmt(link_type, addr_type);
3564 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3567 ev->eir_len = cpu_to_le16(eir_len);
3569 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3570 sizeof(*ev) + eir_len, NULL);
3573 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3575 struct pending_cmd *cmd;
3579 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3581 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3585 type = hdev->discovery.type;
3587 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3588 &type, sizeof(type));
3589 mgmt_pending_remove(cmd);
3594 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3596 struct pending_cmd *cmd;
3599 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3603 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3604 &hdev->discovery.type, sizeof(hdev->discovery.type));
3605 mgmt_pending_remove(cmd);
3610 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3612 struct mgmt_ev_discovering ev;
3613 struct pending_cmd *cmd;
3615 BT_DBG("%s discovering %u", hdev->name, discovering);
3618 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3620 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3623 u8 type = hdev->discovery.type;
3625 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3627 mgmt_pending_remove(cmd);
3630 memset(&ev, 0, sizeof(ev));
3631 ev.type = hdev->discovery.type;
3632 ev.discovering = discovering;
3634 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3637 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3639 struct pending_cmd *cmd;
3640 struct mgmt_ev_device_blocked ev;
3642 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3644 bacpy(&ev.addr.bdaddr, bdaddr);
3645 ev.addr.type = type;
3647 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3648 cmd ? cmd->sk : NULL);
3651 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3653 struct pending_cmd *cmd;
3654 struct mgmt_ev_device_unblocked ev;
3656 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3658 bacpy(&ev.addr.bdaddr, bdaddr);
3659 ev.addr.type = type;
3661 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3662 cmd ? cmd->sk : NULL);
3665 module_param(enable_hs, bool, 0644);
3666 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3668 module_param(enable_le, bool, 0644);
3669 MODULE_PARM_DESC(enable_le, "Enable Low Energy support");