2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 2
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
81 static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102 MGMT_EV_PASSKEY_NOTIFY,
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
109 #define LE_SCAN_TYPE 0x01
110 #define LE_SCAN_WIN 0x12
111 #define LE_SCAN_INT 0x12
112 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
113 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
115 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
118 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
120 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124 struct list_head list;
132 /* HCI to MGMT error code conversion table */
133 static u8 mgmt_status_table[] = {
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
197 bool mgmt_valid_hdev(struct hci_dev *hdev)
199 return hdev->dev_type == HCI_BREDR;
202 static u8 mgmt_status(u8 hci_status)
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
207 return MGMT_STATUS_FAILED;
210 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
226 hdr->index = cpu_to_le16(index);
227 hdr->len = cpu_to_le16(sizeof(*ev));
229 ev = (void *) skb_put(skb, sizeof(*ev));
231 ev->opcode = cpu_to_le16(cmd);
233 err = sock_queue_rcv_skb(sk, skb);
240 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 void *rp, size_t rp_len)
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
248 BT_DBG("sock %p", sk);
250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
256 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
257 hdr->index = cpu_to_le16(index);
258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
261 ev->opcode = cpu_to_le16(cmd);
265 memcpy(ev->data, rp, rp_len);
267 err = sock_queue_rcv_skb(sk, skb);
274 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
277 struct mgmt_rp_read_version rp;
279 BT_DBG("sock %p", sk);
281 rp.version = MGMT_VERSION;
282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
288 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
291 struct mgmt_rp_read_commands *rp;
292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
298 BT_DBG("sock %p", sk);
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
302 rp = kmalloc(rp_size, GFP_KERNEL);
306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
322 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
325 struct mgmt_rp_read_index_list *rp;
331 BT_DBG("sock %p", sk);
333 read_lock(&hci_dev_list_lock);
336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
346 read_unlock(&hci_dev_list_lock);
350 rp->num_controllers = cpu_to_le16(count);
353 list_for_each_entry(d, &hci_dev_list, list) {
354 if (test_bit(HCI_SETUP, &d->dev_flags))
357 if (!mgmt_valid_hdev(d))
360 rp->index[i++] = cpu_to_le16(d->id);
361 BT_DBG("Added hci%u", d->id);
364 read_unlock(&hci_dev_list_lock);
366 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
374 static u32 get_supported_settings(struct hci_dev *hdev)
378 settings |= MGMT_SETTING_POWERED;
379 settings |= MGMT_SETTING_PAIRABLE;
381 if (lmp_ssp_capable(hdev))
382 settings |= MGMT_SETTING_SSP;
384 if (lmp_bredr_capable(hdev)) {
385 settings |= MGMT_SETTING_CONNECTABLE;
386 settings |= MGMT_SETTING_FAST_CONNECTABLE;
387 settings |= MGMT_SETTING_DISCOVERABLE;
388 settings |= MGMT_SETTING_BREDR;
389 settings |= MGMT_SETTING_LINK_SECURITY;
393 settings |= MGMT_SETTING_HS;
395 if (lmp_le_capable(hdev))
396 settings |= MGMT_SETTING_LE;
401 static u32 get_current_settings(struct hci_dev *hdev)
405 if (hdev_is_powered(hdev))
406 settings |= MGMT_SETTING_POWERED;
408 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
409 settings |= MGMT_SETTING_CONNECTABLE;
411 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
412 settings |= MGMT_SETTING_DISCOVERABLE;
414 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
415 settings |= MGMT_SETTING_PAIRABLE;
417 if (lmp_bredr_capable(hdev))
418 settings |= MGMT_SETTING_BREDR;
420 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_LE;
423 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
424 settings |= MGMT_SETTING_LINK_SECURITY;
426 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
427 settings |= MGMT_SETTING_SSP;
429 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
430 settings |= MGMT_SETTING_HS;
435 #define PNP_INFO_SVCLASS_ID 0x1200
437 static u8 bluetooth_base_uuid[] = {
438 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
439 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
442 static u16 get_uuid16(u8 *uuid128)
447 for (i = 0; i < 12; i++) {
448 if (bluetooth_base_uuid[i] != uuid128[i])
452 val = get_unaligned_le32(&uuid128[12]);
459 static void create_eir(struct hci_dev *hdev, u8 *data)
463 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
464 int i, truncated = 0;
465 struct bt_uuid *uuid;
468 name_len = strlen(hdev->dev_name);
474 ptr[1] = EIR_NAME_SHORT;
476 ptr[1] = EIR_NAME_COMPLETE;
478 /* EIR Data length */
479 ptr[0] = name_len + 1;
481 memcpy(ptr + 2, hdev->dev_name, name_len);
483 eir_len += (name_len + 2);
484 ptr += (name_len + 2);
487 if (hdev->inq_tx_power) {
489 ptr[1] = EIR_TX_POWER;
490 ptr[2] = (u8) hdev->inq_tx_power;
496 if (hdev->devid_source > 0) {
498 ptr[1] = EIR_DEVICE_ID;
500 put_unaligned_le16(hdev->devid_source, ptr + 2);
501 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
502 put_unaligned_le16(hdev->devid_product, ptr + 6);
503 put_unaligned_le16(hdev->devid_version, ptr + 8);
509 memset(uuid16_list, 0, sizeof(uuid16_list));
511 /* Group all UUID16 types */
512 list_for_each_entry(uuid, &hdev->uuids, list) {
515 uuid16 = get_uuid16(uuid->uuid);
522 if (uuid16 == PNP_INFO_SVCLASS_ID)
525 /* Stop if not enough space to put next UUID */
526 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
531 /* Check for duplicates */
532 for (i = 0; uuid16_list[i] != 0; i++)
533 if (uuid16_list[i] == uuid16)
536 if (uuid16_list[i] == 0) {
537 uuid16_list[i] = uuid16;
538 eir_len += sizeof(u16);
542 if (uuid16_list[0] != 0) {
546 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
551 for (i = 0; uuid16_list[i] != 0; i++) {
552 *ptr++ = (uuid16_list[i] & 0x00ff);
553 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
556 /* EIR Data length */
557 *length = (i * sizeof(u16)) + 1;
561 static int update_eir(struct hci_dev *hdev)
563 struct hci_cp_write_eir cp;
565 if (!hdev_is_powered(hdev))
568 if (!lmp_ext_inq_capable(hdev))
571 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
574 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
577 memset(&cp, 0, sizeof(cp));
579 create_eir(hdev, cp.data);
581 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
584 memcpy(hdev->eir, cp.data, sizeof(cp.data));
586 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
589 static u8 get_service_classes(struct hci_dev *hdev)
591 struct bt_uuid *uuid;
594 list_for_each_entry(uuid, &hdev->uuids, list)
595 val |= uuid->svc_hint;
600 static int update_class(struct hci_dev *hdev)
605 BT_DBG("%s", hdev->name);
607 if (!hdev_is_powered(hdev))
610 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
613 cod[0] = hdev->minor_class;
614 cod[1] = hdev->major_class;
615 cod[2] = get_service_classes(hdev);
617 if (memcmp(cod, hdev->dev_class, 3) == 0)
620 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
622 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
627 static void service_cache_off(struct work_struct *work)
629 struct hci_dev *hdev = container_of(work, struct hci_dev,
632 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
640 hci_dev_unlock(hdev);
643 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
645 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
648 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
650 /* Non-mgmt controlled devices get this bit set
651 * implicitly so that pairing works for them, however
652 * for mgmt we require user-space to explicitly enable
655 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
658 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
659 void *data, u16 data_len)
661 struct mgmt_rp_read_info rp;
663 BT_DBG("sock %p %s", sk, hdev->name);
667 memset(&rp, 0, sizeof(rp));
669 bacpy(&rp.bdaddr, &hdev->bdaddr);
671 rp.version = hdev->hci_ver;
672 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
674 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
675 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
677 memcpy(rp.dev_class, hdev->dev_class, 3);
679 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
680 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
682 hci_dev_unlock(hdev);
684 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
688 static void mgmt_pending_free(struct pending_cmd *cmd)
695 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
696 struct hci_dev *hdev, void *data,
699 struct pending_cmd *cmd;
701 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
705 cmd->opcode = opcode;
706 cmd->index = hdev->id;
708 cmd->param = kmalloc(len, GFP_KERNEL);
715 memcpy(cmd->param, data, len);
720 list_add(&cmd->list, &hdev->mgmt_pending);
725 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
726 void (*cb)(struct pending_cmd *cmd,
730 struct list_head *p, *n;
732 list_for_each_safe(p, n, &hdev->mgmt_pending) {
733 struct pending_cmd *cmd;
735 cmd = list_entry(p, struct pending_cmd, list);
737 if (opcode > 0 && cmd->opcode != opcode)
744 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
746 struct pending_cmd *cmd;
748 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
749 if (cmd->opcode == opcode)
756 static void mgmt_pending_remove(struct pending_cmd *cmd)
758 list_del(&cmd->list);
759 mgmt_pending_free(cmd);
762 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
764 __le32 settings = cpu_to_le32(get_current_settings(hdev));
766 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
770 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
773 struct mgmt_mode *cp = data;
774 struct pending_cmd *cmd;
777 BT_DBG("request for %s", hdev->name);
781 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
782 cancel_delayed_work(&hdev->power_off);
785 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
786 mgmt_powered(hdev, 1);
791 if (!!cp->val == hdev_is_powered(hdev)) {
792 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
796 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
797 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
802 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
809 schedule_work(&hdev->power_on);
811 schedule_work(&hdev->power_off.work);
816 hci_dev_unlock(hdev);
820 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
821 struct sock *skip_sk)
824 struct mgmt_hdr *hdr;
826 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
830 hdr = (void *) skb_put(skb, sizeof(*hdr));
831 hdr->opcode = cpu_to_le16(event);
833 hdr->index = cpu_to_le16(hdev->id);
835 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
836 hdr->len = cpu_to_le16(data_len);
839 memcpy(skb_put(skb, data_len), data, data_len);
842 __net_timestamp(skb);
844 hci_send_to_control(skb, skip_sk);
850 static int new_settings(struct hci_dev *hdev, struct sock *skip)
854 ev = cpu_to_le32(get_current_settings(hdev));
856 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
859 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
862 struct mgmt_cp_set_discoverable *cp = data;
863 struct pending_cmd *cmd;
868 BT_DBG("request for %s", hdev->name);
870 if (!lmp_bredr_capable(hdev))
871 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
872 MGMT_STATUS_NOT_SUPPORTED);
874 timeout = __le16_to_cpu(cp->timeout);
875 if (!cp->val && timeout > 0)
876 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
877 MGMT_STATUS_INVALID_PARAMS);
881 if (!hdev_is_powered(hdev) && timeout > 0) {
882 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
883 MGMT_STATUS_NOT_POWERED);
887 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
888 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
889 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
894 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
895 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
896 MGMT_STATUS_REJECTED);
900 if (!hdev_is_powered(hdev)) {
901 bool changed = false;
903 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
904 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
908 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
913 err = new_settings(hdev, sk);
918 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
919 if (hdev->discov_timeout > 0) {
920 cancel_delayed_work(&hdev->discov_off);
921 hdev->discov_timeout = 0;
924 if (cp->val && timeout > 0) {
925 hdev->discov_timeout = timeout;
926 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
927 msecs_to_jiffies(hdev->discov_timeout * 1000));
930 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
934 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
943 scan |= SCAN_INQUIRY;
945 cancel_delayed_work(&hdev->discov_off);
947 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
949 mgmt_pending_remove(cmd);
952 hdev->discov_timeout = timeout;
955 hci_dev_unlock(hdev);
959 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
962 struct mgmt_mode *cp = data;
963 struct pending_cmd *cmd;
967 BT_DBG("request for %s", hdev->name);
969 if (!lmp_bredr_capable(hdev))
970 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
971 MGMT_STATUS_NOT_SUPPORTED);
975 if (!hdev_is_powered(hdev)) {
976 bool changed = false;
978 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
982 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
984 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
985 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
988 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
993 err = new_settings(hdev, sk);
998 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
999 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1000 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1005 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1006 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1010 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1021 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1022 hdev->discov_timeout > 0)
1023 cancel_delayed_work(&hdev->discov_off);
1026 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1028 mgmt_pending_remove(cmd);
1031 hci_dev_unlock(hdev);
1035 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1038 struct mgmt_mode *cp = data;
1041 BT_DBG("request for %s", hdev->name);
1046 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1048 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1050 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1054 err = new_settings(hdev, sk);
1057 hci_dev_unlock(hdev);
1061 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1064 struct mgmt_mode *cp = data;
1065 struct pending_cmd *cmd;
1069 BT_DBG("request for %s", hdev->name);
1071 if (!lmp_bredr_capable(hdev))
1072 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1073 MGMT_STATUS_NOT_SUPPORTED);
1077 if (!hdev_is_powered(hdev)) {
1078 bool changed = false;
1080 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1081 &hdev->dev_flags)) {
1082 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1086 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1091 err = new_settings(hdev, sk);
1096 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1097 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1104 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1105 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1109 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1115 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1117 mgmt_pending_remove(cmd);
1122 hci_dev_unlock(hdev);
1126 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1128 struct mgmt_mode *cp = data;
1129 struct pending_cmd *cmd;
1133 BT_DBG("request for %s", hdev->name);
1137 if (!lmp_ssp_capable(hdev)) {
1138 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1139 MGMT_STATUS_NOT_SUPPORTED);
1145 if (!hdev_is_powered(hdev)) {
1146 bool changed = false;
1148 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1149 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1153 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1158 err = new_settings(hdev, sk);
1163 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1164 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1169 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1170 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1174 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1180 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1182 mgmt_pending_remove(cmd);
1187 hci_dev_unlock(hdev);
1191 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1193 struct mgmt_mode *cp = data;
1195 BT_DBG("request for %s", hdev->name);
1198 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1199 MGMT_STATUS_NOT_SUPPORTED);
1202 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1204 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1206 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1209 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1211 struct mgmt_mode *cp = data;
1212 struct hci_cp_write_le_host_supported hci_cp;
1213 struct pending_cmd *cmd;
1217 BT_DBG("request for %s", hdev->name);
1221 if (!lmp_le_capable(hdev)) {
1222 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1223 MGMT_STATUS_NOT_SUPPORTED);
1228 enabled = !!lmp_host_le_capable(hdev);
1230 if (!hdev_is_powered(hdev) || val == enabled) {
1231 bool changed = false;
1233 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1234 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1238 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1243 err = new_settings(hdev, sk);
1248 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1249 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1254 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1260 memset(&hci_cp, 0, sizeof(hci_cp));
1264 hci_cp.simul = !!lmp_le_br_capable(hdev);
1267 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1270 mgmt_pending_remove(cmd);
1273 hci_dev_unlock(hdev);
1277 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1279 struct mgmt_cp_add_uuid *cp = data;
1280 struct pending_cmd *cmd;
1281 struct bt_uuid *uuid;
1284 BT_DBG("request for %s", hdev->name);
1288 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1289 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1294 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1300 memcpy(uuid->uuid, cp->uuid, 16);
1301 uuid->svc_hint = cp->svc_hint;
1303 list_add(&uuid->list, &hdev->uuids);
1305 err = update_class(hdev);
1309 err = update_eir(hdev);
1313 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1314 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1315 hdev->dev_class, 3);
1319 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1324 hci_dev_unlock(hdev);
1328 static bool enable_service_cache(struct hci_dev *hdev)
1330 if (!hdev_is_powered(hdev))
1333 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1334 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1341 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1344 struct mgmt_cp_remove_uuid *cp = data;
1345 struct pending_cmd *cmd;
1346 struct list_head *p, *n;
1347 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1350 BT_DBG("request for %s", hdev->name);
1354 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1355 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1360 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1361 err = hci_uuids_clear(hdev);
1363 if (enable_service_cache(hdev)) {
1364 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1365 0, hdev->dev_class, 3);
1374 list_for_each_safe(p, n, &hdev->uuids) {
1375 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1377 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1380 list_del(&match->list);
1385 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1386 MGMT_STATUS_INVALID_PARAMS);
1391 err = update_class(hdev);
1395 err = update_eir(hdev);
1399 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1400 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1401 hdev->dev_class, 3);
1405 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1410 hci_dev_unlock(hdev);
1414 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1417 struct mgmt_cp_set_dev_class *cp = data;
1418 struct pending_cmd *cmd;
1421 BT_DBG("request for %s", hdev->name);
1425 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1426 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1431 hdev->major_class = cp->major;
1432 hdev->minor_class = cp->minor;
1434 if (!hdev_is_powered(hdev)) {
1435 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1436 hdev->dev_class, 3);
1440 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1441 hci_dev_unlock(hdev);
1442 cancel_delayed_work_sync(&hdev->service_cache);
1447 err = update_class(hdev);
1451 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1452 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1453 hdev->dev_class, 3);
1457 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1462 hci_dev_unlock(hdev);
1466 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1469 struct mgmt_cp_load_link_keys *cp = data;
1470 u16 key_count, expected_len;
1473 key_count = __le16_to_cpu(cp->key_count);
1475 expected_len = sizeof(*cp) + key_count *
1476 sizeof(struct mgmt_link_key_info);
1477 if (expected_len != len) {
1478 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1480 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1481 MGMT_STATUS_INVALID_PARAMS);
1484 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1489 hci_link_keys_clear(hdev);
1491 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1494 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1496 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1498 for (i = 0; i < key_count; i++) {
1499 struct mgmt_link_key_info *key = &cp->keys[i];
1501 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1502 key->type, key->pin_len);
1505 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1507 hci_dev_unlock(hdev);
1512 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1513 u8 addr_type, struct sock *skip_sk)
1515 struct mgmt_ev_device_unpaired ev;
1517 bacpy(&ev.addr.bdaddr, bdaddr);
1518 ev.addr.type = addr_type;
1520 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1524 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1527 struct mgmt_cp_unpair_device *cp = data;
1528 struct mgmt_rp_unpair_device rp;
1529 struct hci_cp_disconnect dc;
1530 struct pending_cmd *cmd;
1531 struct hci_conn *conn;
1536 memset(&rp, 0, sizeof(rp));
1537 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1538 rp.addr.type = cp->addr.type;
1540 if (!hdev_is_powered(hdev)) {
1541 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1542 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1546 if (cp->addr.type == BDADDR_BREDR)
1547 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1549 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1552 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1553 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1557 if (cp->disconnect) {
1558 if (cp->addr.type == BDADDR_BREDR)
1559 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1562 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1569 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1571 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1575 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1582 dc.handle = cpu_to_le16(conn->handle);
1583 dc.reason = 0x13; /* Remote User Terminated Connection */
1584 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1586 mgmt_pending_remove(cmd);
1589 hci_dev_unlock(hdev);
1593 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1596 struct mgmt_cp_disconnect *cp = data;
1597 struct hci_cp_disconnect dc;
1598 struct pending_cmd *cmd;
1599 struct hci_conn *conn;
1606 if (!test_bit(HCI_UP, &hdev->flags)) {
1607 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1608 MGMT_STATUS_NOT_POWERED);
1612 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1613 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1618 if (cp->addr.type == BDADDR_BREDR)
1619 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1622 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1624 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1625 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1626 MGMT_STATUS_NOT_CONNECTED);
1630 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1636 dc.handle = cpu_to_le16(conn->handle);
1637 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1639 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1641 mgmt_pending_remove(cmd);
1644 hci_dev_unlock(hdev);
1648 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1650 switch (link_type) {
1652 switch (addr_type) {
1653 case ADDR_LE_DEV_PUBLIC:
1654 return BDADDR_LE_PUBLIC;
1657 /* Fallback to LE Random address type */
1658 return BDADDR_LE_RANDOM;
1662 /* Fallback to BR/EDR type */
1663 return BDADDR_BREDR;
1667 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1670 struct mgmt_rp_get_connections *rp;
1680 if (!hdev_is_powered(hdev)) {
1681 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1682 MGMT_STATUS_NOT_POWERED);
1687 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1688 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1692 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1693 rp = kmalloc(rp_len, GFP_KERNEL);
1700 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1701 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1703 bacpy(&rp->addr[i].bdaddr, &c->dst);
1704 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1705 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1710 rp->conn_count = cpu_to_le16(i);
1712 /* Recalculate length in case of filtered SCO connections, etc */
1713 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1715 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1721 hci_dev_unlock(hdev);
1725 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1726 struct mgmt_cp_pin_code_neg_reply *cp)
1728 struct pending_cmd *cmd;
1731 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1736 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1737 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1739 mgmt_pending_remove(cmd);
1744 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1747 struct hci_conn *conn;
1748 struct mgmt_cp_pin_code_reply *cp = data;
1749 struct hci_cp_pin_code_reply reply;
1750 struct pending_cmd *cmd;
1757 if (!hdev_is_powered(hdev)) {
1758 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1759 MGMT_STATUS_NOT_POWERED);
1763 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1765 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1766 MGMT_STATUS_NOT_CONNECTED);
1770 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1771 struct mgmt_cp_pin_code_neg_reply ncp;
1773 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1775 BT_ERR("PIN code is not 16 bytes long");
1777 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1779 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1780 MGMT_STATUS_INVALID_PARAMS);
1785 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1791 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1792 reply.pin_len = cp->pin_len;
1793 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1795 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1797 mgmt_pending_remove(cmd);
1800 hci_dev_unlock(hdev);
1804 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1807 struct mgmt_cp_set_io_capability *cp = data;
1813 hdev->io_capability = cp->io_capability;
1815 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1816 hdev->io_capability);
1818 hci_dev_unlock(hdev);
1820 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1824 static struct pending_cmd *find_pairing(struct hci_conn *conn)
1826 struct hci_dev *hdev = conn->hdev;
1827 struct pending_cmd *cmd;
1829 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1830 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1833 if (cmd->user_data != conn)
1842 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1844 struct mgmt_rp_pair_device rp;
1845 struct hci_conn *conn = cmd->user_data;
1847 bacpy(&rp.addr.bdaddr, &conn->dst);
1848 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1850 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1853 /* So we don't get further callbacks for this connection */
1854 conn->connect_cfm_cb = NULL;
1855 conn->security_cfm_cb = NULL;
1856 conn->disconn_cfm_cb = NULL;
1860 mgmt_pending_remove(cmd);
1863 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1865 struct pending_cmd *cmd;
1867 BT_DBG("status %u", status);
1869 cmd = find_pairing(conn);
1871 BT_DBG("Unable to find a pending command");
1873 pairing_complete(cmd, mgmt_status(status));
1876 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1878 struct pending_cmd *cmd;
1880 BT_DBG("status %u", status);
1885 cmd = find_pairing(conn);
1887 BT_DBG("Unable to find a pending command");
1889 pairing_complete(cmd, mgmt_status(status));
1892 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1895 struct mgmt_cp_pair_device *cp = data;
1896 struct mgmt_rp_pair_device rp;
1897 struct pending_cmd *cmd;
1898 u8 sec_level, auth_type;
1899 struct hci_conn *conn;
1906 if (!hdev_is_powered(hdev)) {
1907 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1908 MGMT_STATUS_NOT_POWERED);
1912 sec_level = BT_SECURITY_MEDIUM;
1913 if (cp->io_cap == 0x03)
1914 auth_type = HCI_AT_DEDICATED_BONDING;
1916 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1918 if (cp->addr.type == BDADDR_BREDR)
1919 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1920 cp->addr.type, sec_level, auth_type);
1922 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1923 cp->addr.type, sec_level, auth_type);
1925 memset(&rp, 0, sizeof(rp));
1926 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1927 rp.addr.type = cp->addr.type;
1932 if (PTR_ERR(conn) == -EBUSY)
1933 status = MGMT_STATUS_BUSY;
1935 status = MGMT_STATUS_CONNECT_FAILED;
1937 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1943 if (conn->connect_cfm_cb) {
1945 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1946 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1950 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1957 /* For LE, just connecting isn't a proof that the pairing finished */
1958 if (cp->addr.type == BDADDR_BREDR)
1959 conn->connect_cfm_cb = pairing_complete_cb;
1961 conn->connect_cfm_cb = le_connect_complete_cb;
1963 conn->security_cfm_cb = pairing_complete_cb;
1964 conn->disconn_cfm_cb = pairing_complete_cb;
1965 conn->io_capability = cp->io_cap;
1966 cmd->user_data = conn;
1968 if (conn->state == BT_CONNECTED &&
1969 hci_conn_security(conn, sec_level, auth_type))
1970 pairing_complete(cmd, 0);
1975 hci_dev_unlock(hdev);
1979 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1982 struct mgmt_addr_info *addr = data;
1983 struct pending_cmd *cmd;
1984 struct hci_conn *conn;
1991 if (!hdev_is_powered(hdev)) {
1992 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1993 MGMT_STATUS_NOT_POWERED);
1997 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1999 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2000 MGMT_STATUS_INVALID_PARAMS);
2004 conn = cmd->user_data;
2006 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2007 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2008 MGMT_STATUS_INVALID_PARAMS);
2012 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2014 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2015 addr, sizeof(*addr));
2017 hci_dev_unlock(hdev);
2021 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2022 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2023 u16 hci_op, __le32 passkey)
2025 struct pending_cmd *cmd;
2026 struct hci_conn *conn;
2031 if (!hdev_is_powered(hdev)) {
2032 err = cmd_status(sk, hdev->id, mgmt_op,
2033 MGMT_STATUS_NOT_POWERED);
2037 if (type == BDADDR_BREDR)
2038 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2040 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2043 err = cmd_status(sk, hdev->id, mgmt_op,
2044 MGMT_STATUS_NOT_CONNECTED);
2048 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2049 /* Continue with pairing via SMP */
2050 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2053 err = cmd_status(sk, hdev->id, mgmt_op,
2054 MGMT_STATUS_SUCCESS);
2056 err = cmd_status(sk, hdev->id, mgmt_op,
2057 MGMT_STATUS_FAILED);
2062 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2068 /* Continue with pairing via HCI */
2069 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2070 struct hci_cp_user_passkey_reply cp;
2072 bacpy(&cp.bdaddr, bdaddr);
2073 cp.passkey = passkey;
2074 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2076 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2079 mgmt_pending_remove(cmd);
2082 hci_dev_unlock(hdev);
2086 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2087 void *data, u16 len)
2089 struct mgmt_cp_pin_code_neg_reply *cp = data;
2093 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2094 MGMT_OP_PIN_CODE_NEG_REPLY,
2095 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2098 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2101 struct mgmt_cp_user_confirm_reply *cp = data;
2105 if (len != sizeof(*cp))
2106 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2107 MGMT_STATUS_INVALID_PARAMS);
2109 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2110 MGMT_OP_USER_CONFIRM_REPLY,
2111 HCI_OP_USER_CONFIRM_REPLY, 0);
2114 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2115 void *data, u16 len)
2117 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2121 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2122 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2123 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2126 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2129 struct mgmt_cp_user_passkey_reply *cp = data;
2133 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2134 MGMT_OP_USER_PASSKEY_REPLY,
2135 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2138 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2139 void *data, u16 len)
2141 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2145 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2146 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2147 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2150 static int update_name(struct hci_dev *hdev, const char *name)
2152 struct hci_cp_write_local_name cp;
2154 memcpy(cp.name, name, sizeof(cp.name));
2156 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2159 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2162 struct mgmt_cp_set_local_name *cp = data;
2163 struct pending_cmd *cmd;
2170 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2172 if (!hdev_is_powered(hdev)) {
2173 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2175 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2180 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2186 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2192 err = update_name(hdev, cp->name);
2194 mgmt_pending_remove(cmd);
2197 hci_dev_unlock(hdev);
2201 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2202 void *data, u16 data_len)
2204 struct pending_cmd *cmd;
2207 BT_DBG("%s", hdev->name);
2211 if (!hdev_is_powered(hdev)) {
2212 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2213 MGMT_STATUS_NOT_POWERED);
2217 if (!lmp_ssp_capable(hdev)) {
2218 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2219 MGMT_STATUS_NOT_SUPPORTED);
2223 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2224 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2229 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2235 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2237 mgmt_pending_remove(cmd);
2240 hci_dev_unlock(hdev);
2244 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2245 void *data, u16 len)
2247 struct mgmt_cp_add_remote_oob_data *cp = data;
2251 BT_DBG("%s ", hdev->name);
2255 if (!hdev_is_powered(hdev)) {
2256 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
2257 MGMT_STATUS_NOT_POWERED, &cp->addr,
2262 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2265 status = MGMT_STATUS_FAILED;
2269 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2270 &cp->addr, sizeof(cp->addr));
2273 hci_dev_unlock(hdev);
2277 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2278 void *data, u16 len)
2280 struct mgmt_cp_remove_remote_oob_data *cp = data;
2284 BT_DBG("%s", hdev->name);
2288 if (!hdev_is_powered(hdev)) {
2289 err = cmd_complete(sk, hdev->id,
2290 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2291 MGMT_STATUS_NOT_POWERED, &cp->addr,
2296 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2298 status = MGMT_STATUS_INVALID_PARAMS;
2302 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2303 status, &cp->addr, sizeof(cp->addr));
2306 hci_dev_unlock(hdev);
2310 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2314 BT_DBG("%s", hdev->name);
2318 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2320 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2322 hci_dev_unlock(hdev);
2327 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2328 void *data, u16 len)
2330 struct mgmt_cp_start_discovery *cp = data;
2331 struct pending_cmd *cmd;
2334 BT_DBG("%s", hdev->name);
2338 if (!hdev_is_powered(hdev)) {
2339 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2340 MGMT_STATUS_NOT_POWERED);
2344 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2345 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2350 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2351 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2356 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2362 hdev->discovery.type = cp->type;
2364 switch (hdev->discovery.type) {
2365 case DISCOV_TYPE_BREDR:
2366 if (lmp_bredr_capable(hdev))
2367 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2372 case DISCOV_TYPE_LE:
2373 if (lmp_host_le_capable(hdev))
2374 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2375 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2380 case DISCOV_TYPE_INTERLEAVED:
2381 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2382 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2384 LE_SCAN_TIMEOUT_BREDR_LE);
2394 mgmt_pending_remove(cmd);
2396 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2399 hci_dev_unlock(hdev);
2403 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2406 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2407 struct pending_cmd *cmd;
2408 struct hci_cp_remote_name_req_cancel cp;
2409 struct inquiry_entry *e;
2412 BT_DBG("%s", hdev->name);
2416 if (!hci_discovery_active(hdev)) {
2417 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2418 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2419 sizeof(mgmt_cp->type));
2423 if (hdev->discovery.type != mgmt_cp->type) {
2424 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2425 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2426 sizeof(mgmt_cp->type));
2430 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2436 switch (hdev->discovery.state) {
2437 case DISCOVERY_FINDING:
2438 if (test_bit(HCI_INQUIRY, &hdev->flags))
2439 err = hci_cancel_inquiry(hdev);
2441 err = hci_cancel_le_scan(hdev);
2445 case DISCOVERY_RESOLVING:
2446 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2449 mgmt_pending_remove(cmd);
2450 err = cmd_complete(sk, hdev->id,
2451 MGMT_OP_STOP_DISCOVERY, 0,
2453 sizeof(mgmt_cp->type));
2454 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2458 bacpy(&cp.bdaddr, &e->data.bdaddr);
2459 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2465 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2470 mgmt_pending_remove(cmd);
2472 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2475 hci_dev_unlock(hdev);
2479 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2482 struct mgmt_cp_confirm_name *cp = data;
2483 struct inquiry_entry *e;
2486 BT_DBG("%s", hdev->name);
2490 if (!hci_discovery_active(hdev)) {
2491 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2492 MGMT_STATUS_FAILED);
2496 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2498 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2499 MGMT_STATUS_INVALID_PARAMS);
2503 if (cp->name_known) {
2504 e->name_state = NAME_KNOWN;
2507 e->name_state = NAME_NEEDED;
2508 hci_inquiry_cache_update_resolve(hdev, e);
2514 hci_dev_unlock(hdev);
2518 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2521 struct mgmt_cp_block_device *cp = data;
2525 BT_DBG("%s", hdev->name);
2529 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2531 status = MGMT_STATUS_FAILED;
2535 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2536 &cp->addr, sizeof(cp->addr));
2538 hci_dev_unlock(hdev);
2543 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2546 struct mgmt_cp_unblock_device *cp = data;
2550 BT_DBG("%s", hdev->name);
2554 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2556 status = MGMT_STATUS_INVALID_PARAMS;
2560 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2561 &cp->addr, sizeof(cp->addr));
2563 hci_dev_unlock(hdev);
2568 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2571 struct mgmt_cp_set_device_id *cp = data;
2575 BT_DBG("%s", hdev->name);
2577 source = __le16_to_cpu(cp->source);
2579 if (source > 0x0002)
2580 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2581 MGMT_STATUS_INVALID_PARAMS);
2585 hdev->devid_source = source;
2586 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2587 hdev->devid_product = __le16_to_cpu(cp->product);
2588 hdev->devid_version = __le16_to_cpu(cp->version);
2590 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2594 hci_dev_unlock(hdev);
2599 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2600 void *data, u16 len)
2602 struct mgmt_mode *cp = data;
2603 struct hci_cp_write_page_scan_activity acp;
2607 BT_DBG("%s", hdev->name);
2609 if (!lmp_bredr_capable(hdev))
2610 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2611 MGMT_STATUS_NOT_SUPPORTED);
2613 if (!hdev_is_powered(hdev))
2614 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2615 MGMT_STATUS_NOT_POWERED);
2617 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2618 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2619 MGMT_STATUS_REJECTED);
2624 type = PAGE_SCAN_TYPE_INTERLACED;
2626 /* 160 msec page scan interval */
2627 acp.interval = __constant_cpu_to_le16(0x0100);
2629 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2631 /* default 1.28 sec page scan */
2632 acp.interval = __constant_cpu_to_le16(0x0800);
2635 /* default 11.25 msec page scan window */
2636 acp.window = __constant_cpu_to_le16(0x0012);
2638 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2641 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2642 MGMT_STATUS_FAILED);
2646 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2648 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2649 MGMT_STATUS_FAILED);
2653 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2656 hci_dev_unlock(hdev);
2660 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2661 void *cp_data, u16 len)
2663 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2664 u16 key_count, expected_len;
2667 key_count = __le16_to_cpu(cp->key_count);
2669 expected_len = sizeof(*cp) + key_count *
2670 sizeof(struct mgmt_ltk_info);
2671 if (expected_len != len) {
2672 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2674 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2678 BT_DBG("%s key_count %u", hdev->name, key_count);
2682 hci_smp_ltks_clear(hdev);
2684 for (i = 0; i < key_count; i++) {
2685 struct mgmt_ltk_info *key = &cp->keys[i];
2691 type = HCI_SMP_LTK_SLAVE;
2693 hci_add_ltk(hdev, &key->addr.bdaddr,
2694 bdaddr_to_le(key->addr.type),
2695 type, 0, key->authenticated, key->val,
2696 key->enc_size, key->ediv, key->rand);
2699 hci_dev_unlock(hdev);
2704 static const struct mgmt_handler {
2705 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2709 } mgmt_handlers[] = {
2710 { NULL }, /* 0x0000 (no command) */
2711 { read_version, false, MGMT_READ_VERSION_SIZE },
2712 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2713 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2714 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2715 { set_powered, false, MGMT_SETTING_SIZE },
2716 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2717 { set_connectable, false, MGMT_SETTING_SIZE },
2718 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2719 { set_pairable, false, MGMT_SETTING_SIZE },
2720 { set_link_security, false, MGMT_SETTING_SIZE },
2721 { set_ssp, false, MGMT_SETTING_SIZE },
2722 { set_hs, false, MGMT_SETTING_SIZE },
2723 { set_le, false, MGMT_SETTING_SIZE },
2724 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2725 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2726 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2727 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2728 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2729 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2730 { disconnect, false, MGMT_DISCONNECT_SIZE },
2731 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2732 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2733 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2734 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2735 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2736 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2737 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2738 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2739 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2740 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2741 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2742 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2743 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2744 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2745 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2746 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2747 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2748 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2749 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2750 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2754 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2758 struct mgmt_hdr *hdr;
2759 u16 opcode, index, len;
2760 struct hci_dev *hdev = NULL;
2761 const struct mgmt_handler *handler;
2764 BT_DBG("got %zu bytes", msglen);
2766 if (msglen < sizeof(*hdr))
2769 buf = kmalloc(msglen, GFP_KERNEL);
2773 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2779 opcode = __le16_to_cpu(hdr->opcode);
2780 index = __le16_to_cpu(hdr->index);
2781 len = __le16_to_cpu(hdr->len);
2783 if (len != msglen - sizeof(*hdr)) {
2788 if (index != MGMT_INDEX_NONE) {
2789 hdev = hci_dev_get(index);
2791 err = cmd_status(sk, index, opcode,
2792 MGMT_STATUS_INVALID_INDEX);
2797 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2798 mgmt_handlers[opcode].func == NULL) {
2799 BT_DBG("Unknown op %u", opcode);
2800 err = cmd_status(sk, index, opcode,
2801 MGMT_STATUS_UNKNOWN_COMMAND);
2805 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2806 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2807 err = cmd_status(sk, index, opcode,
2808 MGMT_STATUS_INVALID_INDEX);
2812 handler = &mgmt_handlers[opcode];
2814 if ((handler->var_len && len < handler->data_len) ||
2815 (!handler->var_len && len != handler->data_len)) {
2816 err = cmd_status(sk, index, opcode,
2817 MGMT_STATUS_INVALID_PARAMS);
2822 mgmt_init_hdev(sk, hdev);
2824 cp = buf + sizeof(*hdr);
2826 err = handler->func(sk, hdev, cp, len);
2840 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2844 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2845 mgmt_pending_remove(cmd);
2848 int mgmt_index_added(struct hci_dev *hdev)
2850 if (!mgmt_valid_hdev(hdev))
2853 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2856 int mgmt_index_removed(struct hci_dev *hdev)
2858 u8 status = MGMT_STATUS_INVALID_INDEX;
2860 if (!mgmt_valid_hdev(hdev))
2863 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2865 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2870 struct hci_dev *hdev;
2874 static void settings_rsp(struct pending_cmd *cmd, void *data)
2876 struct cmd_lookup *match = data;
2878 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2880 list_del(&cmd->list);
2882 if (match->sk == NULL) {
2883 match->sk = cmd->sk;
2884 sock_hold(match->sk);
2887 mgmt_pending_free(cmd);
2890 static int set_bredr_scan(struct hci_dev *hdev)
2894 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2896 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2897 scan |= SCAN_INQUIRY;
2902 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2905 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2907 struct cmd_lookup match = { NULL, hdev };
2910 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2913 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2916 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
2917 !lmp_host_ssp_capable(hdev)) {
2920 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2923 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2924 struct hci_cp_write_le_host_supported cp;
2927 cp.simul = !!lmp_le_br_capable(hdev);
2929 /* Check first if we already have the right
2930 * host state (host features set)
2932 if (cp.le != !!lmp_host_le_capable(hdev) ||
2933 cp.simul != !!lmp_host_le_br_capable(hdev))
2935 HCI_OP_WRITE_LE_HOST_SUPPORTED,
2939 if (lmp_bredr_capable(hdev)) {
2940 set_bredr_scan(hdev);
2942 update_name(hdev, hdev->dev_name);
2946 u8 status = MGMT_STATUS_NOT_POWERED;
2947 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2950 err = new_settings(hdev, match.sk);
2958 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2960 struct cmd_lookup match = { NULL, hdev };
2961 bool changed = false;
2965 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2968 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2972 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2976 err = new_settings(hdev, match.sk);
2984 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2986 struct cmd_lookup match = { NULL, hdev };
2987 bool changed = false;
2991 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2994 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2998 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3002 err = new_settings(hdev, match.sk);
3010 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3012 u8 mgmt_err = mgmt_status(status);
3014 if (scan & SCAN_PAGE)
3015 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3016 cmd_status_rsp, &mgmt_err);
3018 if (scan & SCAN_INQUIRY)
3019 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3020 cmd_status_rsp, &mgmt_err);
3025 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3028 struct mgmt_ev_new_link_key ev;
3030 memset(&ev, 0, sizeof(ev));
3032 ev.store_hint = persistent;
3033 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3034 ev.key.addr.type = BDADDR_BREDR;
3035 ev.key.type = key->type;
3036 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
3037 ev.key.pin_len = key->pin_len;
3039 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3042 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3044 struct mgmt_ev_new_long_term_key ev;
3046 memset(&ev, 0, sizeof(ev));
3048 ev.store_hint = persistent;
3049 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3050 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3051 ev.key.authenticated = key->authenticated;
3052 ev.key.enc_size = key->enc_size;
3053 ev.key.ediv = key->ediv;
3055 if (key->type == HCI_SMP_LTK)
3058 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3059 memcpy(ev.key.val, key->val, sizeof(key->val));
3061 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3065 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3066 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3070 struct mgmt_ev_device_connected *ev = (void *) buf;
3073 bacpy(&ev->addr.bdaddr, bdaddr);
3074 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3076 ev->flags = __cpu_to_le32(flags);
3079 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3082 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3083 eir_len = eir_append_data(ev->eir, eir_len,
3084 EIR_CLASS_OF_DEV, dev_class, 3);
3086 ev->eir_len = cpu_to_le16(eir_len);
3088 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3089 sizeof(*ev) + eir_len, NULL);
3092 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3094 struct mgmt_cp_disconnect *cp = cmd->param;
3095 struct sock **sk = data;
3096 struct mgmt_rp_disconnect rp;
3098 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3099 rp.addr.type = cp->addr.type;
3101 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3107 mgmt_pending_remove(cmd);
3110 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3112 struct hci_dev *hdev = data;
3113 struct mgmt_cp_unpair_device *cp = cmd->param;
3114 struct mgmt_rp_unpair_device rp;
3116 memset(&rp, 0, sizeof(rp));
3117 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3118 rp.addr.type = cp->addr.type;
3120 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3122 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3124 mgmt_pending_remove(cmd);
3127 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3128 u8 link_type, u8 addr_type, u8 reason)
3130 struct mgmt_ev_device_disconnected ev;
3131 struct sock *sk = NULL;
3134 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3136 bacpy(&ev.addr.bdaddr, bdaddr);
3137 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3140 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3146 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3152 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3153 u8 link_type, u8 addr_type, u8 status)
3155 struct mgmt_rp_disconnect rp;
3156 struct pending_cmd *cmd;
3159 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3162 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3166 bacpy(&rp.addr.bdaddr, bdaddr);
3167 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3169 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3170 mgmt_status(status), &rp, sizeof(rp));
3172 mgmt_pending_remove(cmd);
3177 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3178 u8 addr_type, u8 status)
3180 struct mgmt_ev_connect_failed ev;
3182 bacpy(&ev.addr.bdaddr, bdaddr);
3183 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3184 ev.status = mgmt_status(status);
3186 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3189 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3191 struct mgmt_ev_pin_code_request ev;
3193 bacpy(&ev.addr.bdaddr, bdaddr);
3194 ev.addr.type = BDADDR_BREDR;
3197 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3201 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3204 struct pending_cmd *cmd;
3205 struct mgmt_rp_pin_code_reply rp;
3208 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3212 bacpy(&rp.addr.bdaddr, bdaddr);
3213 rp.addr.type = BDADDR_BREDR;
3215 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3216 mgmt_status(status), &rp, sizeof(rp));
3218 mgmt_pending_remove(cmd);
3223 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3226 struct pending_cmd *cmd;
3227 struct mgmt_rp_pin_code_reply rp;
3230 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3234 bacpy(&rp.addr.bdaddr, bdaddr);
3235 rp.addr.type = BDADDR_BREDR;
3237 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3238 mgmt_status(status), &rp, sizeof(rp));
3240 mgmt_pending_remove(cmd);
3245 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3246 u8 link_type, u8 addr_type, __le32 value,
3249 struct mgmt_ev_user_confirm_request ev;
3251 BT_DBG("%s", hdev->name);
3253 bacpy(&ev.addr.bdaddr, bdaddr);
3254 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3255 ev.confirm_hint = confirm_hint;
3258 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3262 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3263 u8 link_type, u8 addr_type)
3265 struct mgmt_ev_user_passkey_request ev;
3267 BT_DBG("%s", hdev->name);
3269 bacpy(&ev.addr.bdaddr, bdaddr);
3270 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3272 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3276 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3277 u8 link_type, u8 addr_type, u8 status,
3280 struct pending_cmd *cmd;
3281 struct mgmt_rp_user_confirm_reply rp;
3284 cmd = mgmt_pending_find(opcode, hdev);
3288 bacpy(&rp.addr.bdaddr, bdaddr);
3289 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3290 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3293 mgmt_pending_remove(cmd);
3298 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3299 u8 link_type, u8 addr_type, u8 status)
3301 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3302 status, MGMT_OP_USER_CONFIRM_REPLY);
3305 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3306 u8 link_type, u8 addr_type, u8 status)
3308 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3310 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3313 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3314 u8 link_type, u8 addr_type, u8 status)
3316 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3317 status, MGMT_OP_USER_PASSKEY_REPLY);
3320 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3321 u8 link_type, u8 addr_type, u8 status)
3323 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3325 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3328 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3329 u8 link_type, u8 addr_type, u32 passkey,
3332 struct mgmt_ev_passkey_notify ev;
3334 BT_DBG("%s", hdev->name);
3336 bacpy(&ev.addr.bdaddr, bdaddr);
3337 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3338 ev.passkey = __cpu_to_le32(passkey);
3339 ev.entered = entered;
3341 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3344 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3345 u8 addr_type, u8 status)
3347 struct mgmt_ev_auth_failed ev;
3349 bacpy(&ev.addr.bdaddr, bdaddr);
3350 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3351 ev.status = mgmt_status(status);
3353 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3356 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3358 struct cmd_lookup match = { NULL, hdev };
3359 bool changed = false;
3363 u8 mgmt_err = mgmt_status(status);
3364 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3365 cmd_status_rsp, &mgmt_err);
3369 if (test_bit(HCI_AUTH, &hdev->flags)) {
3370 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3373 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3377 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3381 err = new_settings(hdev, match.sk);
3389 static int clear_eir(struct hci_dev *hdev)
3391 struct hci_cp_write_eir cp;
3393 if (!lmp_ext_inq_capable(hdev))
3396 memset(hdev->eir, 0, sizeof(hdev->eir));
3398 memset(&cp, 0, sizeof(cp));
3400 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3403 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3405 struct cmd_lookup match = { NULL, hdev };
3406 bool changed = false;
3410 u8 mgmt_err = mgmt_status(status);
3412 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3414 err = new_settings(hdev, NULL);
3416 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3423 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3426 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3430 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3433 err = new_settings(hdev, match.sk);
3438 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3446 static void class_rsp(struct pending_cmd *cmd, void *data)
3448 struct cmd_lookup *match = data;
3450 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3451 match->hdev->dev_class, 3);
3453 list_del(&cmd->list);
3455 if (match->sk == NULL) {
3456 match->sk = cmd->sk;
3457 sock_hold(match->sk);
3460 mgmt_pending_free(cmd);
3463 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3466 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3469 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3471 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3472 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3473 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3476 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3485 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3487 struct pending_cmd *cmd;
3488 struct mgmt_cp_set_local_name ev;
3489 bool changed = false;
3492 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3493 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3497 memset(&ev, 0, sizeof(ev));
3498 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3499 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3501 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3505 /* Always assume that either the short or the complete name has
3506 * changed if there was a pending mgmt command */
3510 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3511 mgmt_status(status));
3515 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3522 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3523 sizeof(ev), cmd ? cmd->sk : NULL);
3525 /* EIR is taken care of separately when powering on the
3526 * adapter so only update them here if this is a name change
3527 * unrelated to power on.
3529 if (!test_bit(HCI_INIT, &hdev->flags))
3534 mgmt_pending_remove(cmd);
3538 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3539 u8 *randomizer, u8 status)
3541 struct pending_cmd *cmd;
3544 BT_DBG("%s status %u", hdev->name, status);
3546 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3551 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3552 mgmt_status(status));
3554 struct mgmt_rp_read_local_oob_data rp;
3556 memcpy(rp.hash, hash, sizeof(rp.hash));
3557 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3559 err = cmd_complete(cmd->sk, hdev->id,
3560 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3564 mgmt_pending_remove(cmd);
3569 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3571 struct cmd_lookup match = { NULL, hdev };
3572 bool changed = false;
3576 u8 mgmt_err = mgmt_status(status);
3578 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3580 err = new_settings(hdev, NULL);
3582 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3589 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3592 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3596 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3599 err = new_settings(hdev, match.sk);
3607 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3608 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3609 ssp, u8 *eir, u16 eir_len)
3612 struct mgmt_ev_device_found *ev = (void *) buf;
3615 /* Leave 5 bytes for a potential CoD field */
3616 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3619 memset(buf, 0, sizeof(buf));
3621 bacpy(&ev->addr.bdaddr, bdaddr);
3622 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3625 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3627 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3630 memcpy(ev->eir, eir, eir_len);
3632 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3633 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3636 ev->eir_len = cpu_to_le16(eir_len);
3637 ev_size = sizeof(*ev) + eir_len;
3639 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3642 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3643 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3645 struct mgmt_ev_device_found *ev;
3646 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3649 ev = (struct mgmt_ev_device_found *) buf;
3651 memset(buf, 0, sizeof(buf));
3653 bacpy(&ev->addr.bdaddr, bdaddr);
3654 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3657 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3660 ev->eir_len = cpu_to_le16(eir_len);
3662 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3663 sizeof(*ev) + eir_len, NULL);
3666 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3668 struct pending_cmd *cmd;
3672 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3674 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3678 type = hdev->discovery.type;
3680 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3681 &type, sizeof(type));
3682 mgmt_pending_remove(cmd);
3687 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3689 struct pending_cmd *cmd;
3692 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3696 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3697 &hdev->discovery.type, sizeof(hdev->discovery.type));
3698 mgmt_pending_remove(cmd);
3703 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3705 struct mgmt_ev_discovering ev;
3706 struct pending_cmd *cmd;
3708 BT_DBG("%s discovering %u", hdev->name, discovering);
3711 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3713 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3716 u8 type = hdev->discovery.type;
3718 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3720 mgmt_pending_remove(cmd);
3723 memset(&ev, 0, sizeof(ev));
3724 ev.type = hdev->discovery.type;
3725 ev.discovering = discovering;
3727 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3730 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3732 struct pending_cmd *cmd;
3733 struct mgmt_ev_device_blocked ev;
3735 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3737 bacpy(&ev.addr.bdaddr, bdaddr);
3738 ev.addr.type = type;
3740 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3741 cmd ? cmd->sk : NULL);
3744 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3746 struct pending_cmd *cmd;
3747 struct mgmt_ev_device_unblocked ev;
3749 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3751 bacpy(&ev.addr.bdaddr, bdaddr);
3752 ev.addr.type = type;
3754 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3755 cmd ? cmd->sk : NULL);
3758 module_param(enable_hs, bool, 0644);
3759 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");