2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 2
40 static const u16 mgmt_commands
[] = {
41 MGMT_OP_READ_INDEX_LIST
,
44 MGMT_OP_SET_DISCOVERABLE
,
45 MGMT_OP_SET_CONNECTABLE
,
46 MGMT_OP_SET_FAST_CONNECTABLE
,
48 MGMT_OP_SET_LINK_SECURITY
,
52 MGMT_OP_SET_DEV_CLASS
,
53 MGMT_OP_SET_LOCAL_NAME
,
56 MGMT_OP_LOAD_LINK_KEYS
,
57 MGMT_OP_LOAD_LONG_TERM_KEYS
,
59 MGMT_OP_GET_CONNECTIONS
,
60 MGMT_OP_PIN_CODE_REPLY
,
61 MGMT_OP_PIN_CODE_NEG_REPLY
,
62 MGMT_OP_SET_IO_CAPABILITY
,
64 MGMT_OP_CANCEL_PAIR_DEVICE
,
65 MGMT_OP_UNPAIR_DEVICE
,
66 MGMT_OP_USER_CONFIRM_REPLY
,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
68 MGMT_OP_USER_PASSKEY_REPLY
,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
70 MGMT_OP_READ_LOCAL_OOB_DATA
,
71 MGMT_OP_ADD_REMOTE_OOB_DATA
,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
73 MGMT_OP_START_DISCOVERY
,
74 MGMT_OP_STOP_DISCOVERY
,
77 MGMT_OP_UNBLOCK_DEVICE
,
78 MGMT_OP_SET_DEVICE_ID
,
81 static const u16 mgmt_events
[] = {
82 MGMT_EV_CONTROLLER_ERROR
,
84 MGMT_EV_INDEX_REMOVED
,
86 MGMT_EV_CLASS_OF_DEV_CHANGED
,
87 MGMT_EV_LOCAL_NAME_CHANGED
,
89 MGMT_EV_NEW_LONG_TERM_KEY
,
90 MGMT_EV_DEVICE_CONNECTED
,
91 MGMT_EV_DEVICE_DISCONNECTED
,
92 MGMT_EV_CONNECT_FAILED
,
93 MGMT_EV_PIN_CODE_REQUEST
,
94 MGMT_EV_USER_CONFIRM_REQUEST
,
95 MGMT_EV_USER_PASSKEY_REQUEST
,
99 MGMT_EV_DEVICE_BLOCKED
,
100 MGMT_EV_DEVICE_UNBLOCKED
,
101 MGMT_EV_DEVICE_UNPAIRED
,
102 MGMT_EV_PASSKEY_NOTIFY
,
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
109 #define LE_SCAN_TYPE 0x01
110 #define LE_SCAN_WIN 0x12
111 #define LE_SCAN_INT 0x12
112 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
113 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
115 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
118 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
120 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124 struct list_head list
;
132 /* HCI to MGMT error code conversion table */
133 static u8 mgmt_status_table
[] = {
135 MGMT_STATUS_UNKNOWN_COMMAND
, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED
, /* No Connection */
137 MGMT_STATUS_FAILED
, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED
, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED
, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED
, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES
, /* Memory Full */
142 MGMT_STATUS_TIMEOUT
, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES
, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES
, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED
, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY
, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES
, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED
, /* Rejected Security */
149 MGMT_STATUS_REJECTED
, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT
, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS
, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED
, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES
, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED
, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED
, /* Connection Terminated */
157 MGMT_STATUS_BUSY
, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED
, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED
, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED
, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED
, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED
, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS
, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED
, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED
, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT
, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED
, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED
, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED
, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED
, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED
, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT
, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED
, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED
, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS
, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED
, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED
, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED
, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS
, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY
, /* Role Switch Pending */
183 MGMT_STATUS_FAILED
, /* Slot Violation */
184 MGMT_STATUS_FAILED
, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS
, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED
, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY
, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED
, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY
, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS
, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT
, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED
, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED
, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED
, /* MAC Connection Failed */
197 bool mgmt_valid_hdev(struct hci_dev
*hdev
)
199 return hdev
->dev_type
== HCI_BREDR
;
202 static u8
mgmt_status(u8 hci_status
)
204 if (hci_status
< ARRAY_SIZE(mgmt_status_table
))
205 return mgmt_status_table
[hci_status
];
207 return MGMT_STATUS_FAILED
;
210 static int cmd_status(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
)
213 struct mgmt_hdr
*hdr
;
214 struct mgmt_ev_cmd_status
*ev
;
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk
, index
, cmd
, status
);
219 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
), GFP_KERNEL
);
223 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
225 hdr
->opcode
= __constant_cpu_to_le16(MGMT_EV_CMD_STATUS
);
226 hdr
->index
= cpu_to_le16(index
);
227 hdr
->len
= cpu_to_le16(sizeof(*ev
));
229 ev
= (void *) skb_put(skb
, sizeof(*ev
));
231 ev
->opcode
= cpu_to_le16(cmd
);
233 err
= sock_queue_rcv_skb(sk
, skb
);
240 static int cmd_complete(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
,
241 void *rp
, size_t rp_len
)
244 struct mgmt_hdr
*hdr
;
245 struct mgmt_ev_cmd_complete
*ev
;
248 BT_DBG("sock %p", sk
);
250 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
) + rp_len
, GFP_KERNEL
);
254 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
256 hdr
->opcode
= __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE
);
257 hdr
->index
= cpu_to_le16(index
);
258 hdr
->len
= cpu_to_le16(sizeof(*ev
) + rp_len
);
260 ev
= (void *) skb_put(skb
, sizeof(*ev
) + rp_len
);
261 ev
->opcode
= cpu_to_le16(cmd
);
265 memcpy(ev
->data
, rp
, rp_len
);
267 err
= sock_queue_rcv_skb(sk
, skb
);
274 static int read_version(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
277 struct mgmt_rp_read_version rp
;
279 BT_DBG("sock %p", sk
);
281 rp
.version
= MGMT_VERSION
;
282 rp
.revision
= __constant_cpu_to_le16(MGMT_REVISION
);
284 return cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_VERSION
, 0, &rp
,
288 static int read_commands(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
291 struct mgmt_rp_read_commands
*rp
;
292 const u16 num_commands
= ARRAY_SIZE(mgmt_commands
);
293 const u16 num_events
= ARRAY_SIZE(mgmt_events
);
298 BT_DBG("sock %p", sk
);
300 rp_size
= sizeof(*rp
) + ((num_commands
+ num_events
) * sizeof(u16
));
302 rp
= kmalloc(rp_size
, GFP_KERNEL
);
306 rp
->num_commands
= __constant_cpu_to_le16(num_commands
);
307 rp
->num_events
= __constant_cpu_to_le16(num_events
);
309 for (i
= 0, opcode
= rp
->opcodes
; i
< num_commands
; i
++, opcode
++)
310 put_unaligned_le16(mgmt_commands
[i
], opcode
);
312 for (i
= 0; i
< num_events
; i
++, opcode
++)
313 put_unaligned_le16(mgmt_events
[i
], opcode
);
315 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_COMMANDS
, 0, rp
,
322 static int read_index_list(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
325 struct mgmt_rp_read_index_list
*rp
;
331 BT_DBG("sock %p", sk
);
333 read_lock(&hci_dev_list_lock
);
336 list_for_each_entry(d
, &hci_dev_list
, list
) {
337 if (!mgmt_valid_hdev(d
))
343 rp_len
= sizeof(*rp
) + (2 * count
);
344 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
346 read_unlock(&hci_dev_list_lock
);
351 list_for_each_entry(d
, &hci_dev_list
, list
) {
352 if (test_bit(HCI_SETUP
, &d
->dev_flags
))
355 if (!mgmt_valid_hdev(d
))
358 rp
->index
[count
++] = cpu_to_le16(d
->id
);
359 BT_DBG("Added hci%u", d
->id
);
362 rp
->num_controllers
= cpu_to_le16(count
);
363 rp_len
= sizeof(*rp
) + (2 * count
);
365 read_unlock(&hci_dev_list_lock
);
367 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_INDEX_LIST
, 0, rp
,
375 static u32
get_supported_settings(struct hci_dev
*hdev
)
379 settings
|= MGMT_SETTING_POWERED
;
380 settings
|= MGMT_SETTING_PAIRABLE
;
382 if (lmp_ssp_capable(hdev
))
383 settings
|= MGMT_SETTING_SSP
;
385 if (lmp_bredr_capable(hdev
)) {
386 settings
|= MGMT_SETTING_CONNECTABLE
;
387 settings
|= MGMT_SETTING_FAST_CONNECTABLE
;
388 settings
|= MGMT_SETTING_DISCOVERABLE
;
389 settings
|= MGMT_SETTING_BREDR
;
390 settings
|= MGMT_SETTING_LINK_SECURITY
;
394 settings
|= MGMT_SETTING_HS
;
396 if (lmp_le_capable(hdev
))
397 settings
|= MGMT_SETTING_LE
;
402 static u32
get_current_settings(struct hci_dev
*hdev
)
406 if (hdev_is_powered(hdev
))
407 settings
|= MGMT_SETTING_POWERED
;
409 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
410 settings
|= MGMT_SETTING_CONNECTABLE
;
412 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
413 settings
|= MGMT_SETTING_DISCOVERABLE
;
415 if (test_bit(HCI_PAIRABLE
, &hdev
->dev_flags
))
416 settings
|= MGMT_SETTING_PAIRABLE
;
418 if (lmp_bredr_capable(hdev
))
419 settings
|= MGMT_SETTING_BREDR
;
421 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
422 settings
|= MGMT_SETTING_LE
;
424 if (test_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
425 settings
|= MGMT_SETTING_LINK_SECURITY
;
427 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
428 settings
|= MGMT_SETTING_SSP
;
430 if (test_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
))
431 settings
|= MGMT_SETTING_HS
;
436 #define PNP_INFO_SVCLASS_ID 0x1200
438 static u8 bluetooth_base_uuid
[] = {
439 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
440 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
443 static u16
get_uuid16(u8
*uuid128
)
448 for (i
= 0; i
< 12; i
++) {
449 if (bluetooth_base_uuid
[i
] != uuid128
[i
])
453 val
= get_unaligned_le32(&uuid128
[12]);
460 static void create_eir(struct hci_dev
*hdev
, u8
*data
)
464 u16 uuid16_list
[HCI_MAX_EIR_LENGTH
/ sizeof(u16
)];
465 int i
, truncated
= 0;
466 struct bt_uuid
*uuid
;
469 name_len
= strlen(hdev
->dev_name
);
475 ptr
[1] = EIR_NAME_SHORT
;
477 ptr
[1] = EIR_NAME_COMPLETE
;
479 /* EIR Data length */
480 ptr
[0] = name_len
+ 1;
482 memcpy(ptr
+ 2, hdev
->dev_name
, name_len
);
484 eir_len
+= (name_len
+ 2);
485 ptr
+= (name_len
+ 2);
488 if (hdev
->inq_tx_power
!= HCI_TX_POWER_INVALID
) {
490 ptr
[1] = EIR_TX_POWER
;
491 ptr
[2] = (u8
) hdev
->inq_tx_power
;
497 if (hdev
->devid_source
> 0) {
499 ptr
[1] = EIR_DEVICE_ID
;
501 put_unaligned_le16(hdev
->devid_source
, ptr
+ 2);
502 put_unaligned_le16(hdev
->devid_vendor
, ptr
+ 4);
503 put_unaligned_le16(hdev
->devid_product
, ptr
+ 6);
504 put_unaligned_le16(hdev
->devid_version
, ptr
+ 8);
510 memset(uuid16_list
, 0, sizeof(uuid16_list
));
512 /* Group all UUID16 types */
513 list_for_each_entry(uuid
, &hdev
->uuids
, list
) {
516 uuid16
= get_uuid16(uuid
->uuid
);
523 if (uuid16
== PNP_INFO_SVCLASS_ID
)
526 /* Stop if not enough space to put next UUID */
527 if (eir_len
+ 2 + sizeof(u16
) > HCI_MAX_EIR_LENGTH
) {
532 /* Check for duplicates */
533 for (i
= 0; uuid16_list
[i
] != 0; i
++)
534 if (uuid16_list
[i
] == uuid16
)
537 if (uuid16_list
[i
] == 0) {
538 uuid16_list
[i
] = uuid16
;
539 eir_len
+= sizeof(u16
);
543 if (uuid16_list
[0] != 0) {
547 ptr
[1] = truncated
? EIR_UUID16_SOME
: EIR_UUID16_ALL
;
552 for (i
= 0; uuid16_list
[i
] != 0; i
++) {
553 *ptr
++ = (uuid16_list
[i
] & 0x00ff);
554 *ptr
++ = (uuid16_list
[i
] & 0xff00) >> 8;
557 /* EIR Data length */
558 *length
= (i
* sizeof(u16
)) + 1;
562 static int update_eir(struct hci_dev
*hdev
)
564 struct hci_cp_write_eir cp
;
566 if (!hdev_is_powered(hdev
))
569 if (!lmp_ext_inq_capable(hdev
))
572 if (!test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
575 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
578 memset(&cp
, 0, sizeof(cp
));
580 create_eir(hdev
, cp
.data
);
582 if (memcmp(cp
.data
, hdev
->eir
, sizeof(cp
.data
)) == 0)
585 memcpy(hdev
->eir
, cp
.data
, sizeof(cp
.data
));
587 return hci_send_cmd(hdev
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
590 static u8
get_service_classes(struct hci_dev
*hdev
)
592 struct bt_uuid
*uuid
;
595 list_for_each_entry(uuid
, &hdev
->uuids
, list
)
596 val
|= uuid
->svc_hint
;
601 static int update_class(struct hci_dev
*hdev
)
606 BT_DBG("%s", hdev
->name
);
608 if (!hdev_is_powered(hdev
))
611 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
614 cod
[0] = hdev
->minor_class
;
615 cod
[1] = hdev
->major_class
;
616 cod
[2] = get_service_classes(hdev
);
618 if (memcmp(cod
, hdev
->dev_class
, 3) == 0)
621 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_CLASS_OF_DEV
, sizeof(cod
), cod
);
623 set_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
);
628 static void service_cache_off(struct work_struct
*work
)
630 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
633 if (!test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
641 hci_dev_unlock(hdev
);
644 static void mgmt_init_hdev(struct sock
*sk
, struct hci_dev
*hdev
)
646 if (test_and_set_bit(HCI_MGMT
, &hdev
->dev_flags
))
649 INIT_DELAYED_WORK(&hdev
->service_cache
, service_cache_off
);
651 /* Non-mgmt controlled devices get this bit set
652 * implicitly so that pairing works for them, however
653 * for mgmt we require user-space to explicitly enable
656 clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
659 static int read_controller_info(struct sock
*sk
, struct hci_dev
*hdev
,
660 void *data
, u16 data_len
)
662 struct mgmt_rp_read_info rp
;
664 BT_DBG("sock %p %s", sk
, hdev
->name
);
668 memset(&rp
, 0, sizeof(rp
));
670 bacpy(&rp
.bdaddr
, &hdev
->bdaddr
);
672 rp
.version
= hdev
->hci_ver
;
673 rp
.manufacturer
= cpu_to_le16(hdev
->manufacturer
);
675 rp
.supported_settings
= cpu_to_le32(get_supported_settings(hdev
));
676 rp
.current_settings
= cpu_to_le32(get_current_settings(hdev
));
678 memcpy(rp
.dev_class
, hdev
->dev_class
, 3);
680 memcpy(rp
.name
, hdev
->dev_name
, sizeof(hdev
->dev_name
));
681 memcpy(rp
.short_name
, hdev
->short_name
, sizeof(hdev
->short_name
));
683 hci_dev_unlock(hdev
);
685 return cmd_complete(sk
, hdev
->id
, MGMT_OP_READ_INFO
, 0, &rp
,
689 static void mgmt_pending_free(struct pending_cmd
*cmd
)
696 static struct pending_cmd
*mgmt_pending_add(struct sock
*sk
, u16 opcode
,
697 struct hci_dev
*hdev
, void *data
,
700 struct pending_cmd
*cmd
;
702 cmd
= kmalloc(sizeof(*cmd
), GFP_KERNEL
);
706 cmd
->opcode
= opcode
;
707 cmd
->index
= hdev
->id
;
709 cmd
->param
= kmalloc(len
, GFP_KERNEL
);
716 memcpy(cmd
->param
, data
, len
);
721 list_add(&cmd
->list
, &hdev
->mgmt_pending
);
726 static void mgmt_pending_foreach(u16 opcode
, struct hci_dev
*hdev
,
727 void (*cb
)(struct pending_cmd
*cmd
,
731 struct list_head
*p
, *n
;
733 list_for_each_safe(p
, n
, &hdev
->mgmt_pending
) {
734 struct pending_cmd
*cmd
;
736 cmd
= list_entry(p
, struct pending_cmd
, list
);
738 if (opcode
> 0 && cmd
->opcode
!= opcode
)
745 static struct pending_cmd
*mgmt_pending_find(u16 opcode
, struct hci_dev
*hdev
)
747 struct pending_cmd
*cmd
;
749 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
750 if (cmd
->opcode
== opcode
)
757 static void mgmt_pending_remove(struct pending_cmd
*cmd
)
759 list_del(&cmd
->list
);
760 mgmt_pending_free(cmd
);
763 static int send_settings_rsp(struct sock
*sk
, u16 opcode
, struct hci_dev
*hdev
)
765 __le32 settings
= cpu_to_le32(get_current_settings(hdev
));
767 return cmd_complete(sk
, hdev
->id
, opcode
, 0, &settings
,
771 static int set_powered(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
774 struct mgmt_mode
*cp
= data
;
775 struct pending_cmd
*cmd
;
778 BT_DBG("request for %s", hdev
->name
);
782 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
)) {
783 cancel_delayed_work(&hdev
->power_off
);
786 err
= send_settings_rsp(sk
, MGMT_OP_SET_POWERED
, hdev
);
787 mgmt_powered(hdev
, 1);
792 if (!!cp
->val
== hdev_is_powered(hdev
)) {
793 err
= send_settings_rsp(sk
, MGMT_OP_SET_POWERED
, hdev
);
797 if (mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
)) {
798 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_POWERED
,
803 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_POWERED
, hdev
, data
, len
);
810 schedule_work(&hdev
->power_on
);
812 schedule_work(&hdev
->power_off
.work
);
817 hci_dev_unlock(hdev
);
821 static int mgmt_event(u16 event
, struct hci_dev
*hdev
, void *data
, u16 data_len
,
822 struct sock
*skip_sk
)
825 struct mgmt_hdr
*hdr
;
827 skb
= alloc_skb(sizeof(*hdr
) + data_len
, GFP_KERNEL
);
831 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
832 hdr
->opcode
= cpu_to_le16(event
);
834 hdr
->index
= cpu_to_le16(hdev
->id
);
836 hdr
->index
= __constant_cpu_to_le16(MGMT_INDEX_NONE
);
837 hdr
->len
= cpu_to_le16(data_len
);
840 memcpy(skb_put(skb
, data_len
), data
, data_len
);
843 __net_timestamp(skb
);
845 hci_send_to_control(skb
, skip_sk
);
851 static int new_settings(struct hci_dev
*hdev
, struct sock
*skip
)
855 ev
= cpu_to_le32(get_current_settings(hdev
));
857 return mgmt_event(MGMT_EV_NEW_SETTINGS
, hdev
, &ev
, sizeof(ev
), skip
);
860 static int set_discoverable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
863 struct mgmt_cp_set_discoverable
*cp
= data
;
864 struct pending_cmd
*cmd
;
869 BT_DBG("request for %s", hdev
->name
);
871 if (!lmp_bredr_capable(hdev
))
872 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
873 MGMT_STATUS_NOT_SUPPORTED
);
875 timeout
= __le16_to_cpu(cp
->timeout
);
876 if (!cp
->val
&& timeout
> 0)
877 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
878 MGMT_STATUS_INVALID_PARAMS
);
882 if (!hdev_is_powered(hdev
) && timeout
> 0) {
883 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
884 MGMT_STATUS_NOT_POWERED
);
888 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
889 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
890 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
895 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
)) {
896 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
897 MGMT_STATUS_REJECTED
);
901 if (!hdev_is_powered(hdev
)) {
902 bool changed
= false;
904 if (!!cp
->val
!= test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
)) {
905 change_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
909 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
914 err
= new_settings(hdev
, sk
);
919 if (!!cp
->val
== test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
)) {
920 if (hdev
->discov_timeout
> 0) {
921 cancel_delayed_work(&hdev
->discov_off
);
922 hdev
->discov_timeout
= 0;
925 if (cp
->val
&& timeout
> 0) {
926 hdev
->discov_timeout
= timeout
;
927 queue_delayed_work(hdev
->workqueue
, &hdev
->discov_off
,
928 msecs_to_jiffies(hdev
->discov_timeout
* 1000));
931 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
935 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
, data
, len
);
944 scan
|= SCAN_INQUIRY
;
946 cancel_delayed_work(&hdev
->discov_off
);
948 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
950 mgmt_pending_remove(cmd
);
953 hdev
->discov_timeout
= timeout
;
956 hci_dev_unlock(hdev
);
960 static int set_connectable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
963 struct mgmt_mode
*cp
= data
;
964 struct pending_cmd
*cmd
;
968 BT_DBG("request for %s", hdev
->name
);
970 if (!lmp_bredr_capable(hdev
))
971 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
972 MGMT_STATUS_NOT_SUPPORTED
);
976 if (!hdev_is_powered(hdev
)) {
977 bool changed
= false;
979 if (!!cp
->val
!= test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
983 set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
985 clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
986 clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
989 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
994 err
= new_settings(hdev
, sk
);
999 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
1000 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
1001 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
1006 if (!!cp
->val
== test_bit(HCI_PSCAN
, &hdev
->flags
)) {
1007 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
1011 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
, data
, len
);
1022 if (test_bit(HCI_ISCAN
, &hdev
->flags
) &&
1023 hdev
->discov_timeout
> 0)
1024 cancel_delayed_work(&hdev
->discov_off
);
1027 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
1029 mgmt_pending_remove(cmd
);
1032 hci_dev_unlock(hdev
);
1036 static int set_pairable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1039 struct mgmt_mode
*cp
= data
;
1042 BT_DBG("request for %s", hdev
->name
);
1047 set_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1049 clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1051 err
= send_settings_rsp(sk
, MGMT_OP_SET_PAIRABLE
, hdev
);
1055 err
= new_settings(hdev
, sk
);
1058 hci_dev_unlock(hdev
);
1062 static int set_link_security(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1065 struct mgmt_mode
*cp
= data
;
1066 struct pending_cmd
*cmd
;
1070 BT_DBG("request for %s", hdev
->name
);
1072 if (!lmp_bredr_capable(hdev
))
1073 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1074 MGMT_STATUS_NOT_SUPPORTED
);
1078 if (!hdev_is_powered(hdev
)) {
1079 bool changed
= false;
1081 if (!!cp
->val
!= test_bit(HCI_LINK_SECURITY
,
1082 &hdev
->dev_flags
)) {
1083 change_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
);
1087 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1092 err
= new_settings(hdev
, sk
);
1097 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY
, hdev
)) {
1098 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1105 if (test_bit(HCI_AUTH
, &hdev
->flags
) == val
) {
1106 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1110 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
, data
, len
);
1116 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, sizeof(val
), &val
);
1118 mgmt_pending_remove(cmd
);
1123 hci_dev_unlock(hdev
);
1127 static int set_ssp(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1129 struct mgmt_mode
*cp
= data
;
1130 struct pending_cmd
*cmd
;
1134 BT_DBG("request for %s", hdev
->name
);
1138 if (!lmp_ssp_capable(hdev
)) {
1139 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1140 MGMT_STATUS_NOT_SUPPORTED
);
1146 if (!hdev_is_powered(hdev
)) {
1147 bool changed
= false;
1149 if (val
!= test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
1150 change_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
1154 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1159 err
= new_settings(hdev
, sk
);
1164 if (mgmt_pending_find(MGMT_OP_SET_SSP
, hdev
)) {
1165 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1170 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
) == val
) {
1171 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1175 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_SSP
, hdev
, data
, len
);
1181 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_MODE
, sizeof(val
), &val
);
1183 mgmt_pending_remove(cmd
);
1188 hci_dev_unlock(hdev
);
1192 static int set_hs(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1194 struct mgmt_mode
*cp
= data
;
1196 BT_DBG("request for %s", hdev
->name
);
1199 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1200 MGMT_STATUS_NOT_SUPPORTED
);
1203 set_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1205 clear_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1207 return send_settings_rsp(sk
, MGMT_OP_SET_HS
, hdev
);
1210 static int set_le(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1212 struct mgmt_mode
*cp
= data
;
1213 struct hci_cp_write_le_host_supported hci_cp
;
1214 struct pending_cmd
*cmd
;
1218 BT_DBG("request for %s", hdev
->name
);
1222 if (!lmp_le_capable(hdev
)) {
1223 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1224 MGMT_STATUS_NOT_SUPPORTED
);
1229 enabled
= lmp_host_le_capable(hdev
);
1231 if (!hdev_is_powered(hdev
) || val
== enabled
) {
1232 bool changed
= false;
1234 if (val
!= test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
1235 change_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
);
1239 err
= send_settings_rsp(sk
, MGMT_OP_SET_LE
, hdev
);
1244 err
= new_settings(hdev
, sk
);
1249 if (mgmt_pending_find(MGMT_OP_SET_LE
, hdev
)) {
1250 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1255 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LE
, hdev
, data
, len
);
1261 memset(&hci_cp
, 0, sizeof(hci_cp
));
1265 hci_cp
.simul
= lmp_le_br_capable(hdev
);
1268 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_LE_HOST_SUPPORTED
, sizeof(hci_cp
),
1271 mgmt_pending_remove(cmd
);
1274 hci_dev_unlock(hdev
);
1278 static int add_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1280 struct mgmt_cp_add_uuid
*cp
= data
;
1281 struct pending_cmd
*cmd
;
1282 struct bt_uuid
*uuid
;
1285 BT_DBG("request for %s", hdev
->name
);
1289 if (test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1290 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_UUID
,
1295 uuid
= kmalloc(sizeof(*uuid
), GFP_KERNEL
);
1301 memcpy(uuid
->uuid
, cp
->uuid
, 16);
1302 uuid
->svc_hint
= cp
->svc_hint
;
1304 list_add(&uuid
->list
, &hdev
->uuids
);
1306 err
= update_class(hdev
);
1310 err
= update_eir(hdev
);
1314 if (!test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1315 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_UUID
, 0,
1316 hdev
->dev_class
, 3);
1320 cmd
= mgmt_pending_add(sk
, MGMT_OP_ADD_UUID
, hdev
, data
, len
);
1325 hci_dev_unlock(hdev
);
1329 static bool enable_service_cache(struct hci_dev
*hdev
)
1331 if (!hdev_is_powered(hdev
))
1334 if (!test_and_set_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
1335 schedule_delayed_work(&hdev
->service_cache
, CACHE_TIMEOUT
);
1342 static int remove_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1345 struct mgmt_cp_remove_uuid
*cp
= data
;
1346 struct pending_cmd
*cmd
;
1347 struct list_head
*p
, *n
;
1348 u8 bt_uuid_any
[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1351 BT_DBG("request for %s", hdev
->name
);
1355 if (test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1356 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1361 if (memcmp(cp
->uuid
, bt_uuid_any
, 16) == 0) {
1362 err
= hci_uuids_clear(hdev
);
1364 if (enable_service_cache(hdev
)) {
1365 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1366 0, hdev
->dev_class
, 3);
1375 list_for_each_safe(p
, n
, &hdev
->uuids
) {
1376 struct bt_uuid
*match
= list_entry(p
, struct bt_uuid
, list
);
1378 if (memcmp(match
->uuid
, cp
->uuid
, 16) != 0)
1381 list_del(&match
->list
);
1387 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1388 MGMT_STATUS_INVALID_PARAMS
);
1393 err
= update_class(hdev
);
1397 err
= update_eir(hdev
);
1401 if (!test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1402 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
, 0,
1403 hdev
->dev_class
, 3);
1407 cmd
= mgmt_pending_add(sk
, MGMT_OP_REMOVE_UUID
, hdev
, data
, len
);
1412 hci_dev_unlock(hdev
);
1416 static int set_dev_class(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1419 struct mgmt_cp_set_dev_class
*cp
= data
;
1420 struct pending_cmd
*cmd
;
1423 BT_DBG("request for %s", hdev
->name
);
1427 if (!lmp_bredr_capable(hdev
)) {
1428 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
1429 MGMT_STATUS_NOT_SUPPORTED
);
1433 if (test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1434 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
1439 if ((cp
->minor
& 0x03) != 0 || (cp
->major
& 0xe0) != 0) {
1440 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
1441 MGMT_STATUS_INVALID_PARAMS
);
1445 hdev
->major_class
= cp
->major
;
1446 hdev
->minor_class
= cp
->minor
;
1448 if (!hdev_is_powered(hdev
)) {
1449 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
1450 hdev
->dev_class
, 3);
1454 if (test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
1455 hci_dev_unlock(hdev
);
1456 cancel_delayed_work_sync(&hdev
->service_cache
);
1461 err
= update_class(hdev
);
1465 if (!test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1466 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
1467 hdev
->dev_class
, 3);
1471 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DEV_CLASS
, hdev
, data
, len
);
1476 hci_dev_unlock(hdev
);
1480 static int load_link_keys(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1483 struct mgmt_cp_load_link_keys
*cp
= data
;
1484 u16 key_count
, expected_len
;
1487 key_count
= __le16_to_cpu(cp
->key_count
);
1489 expected_len
= sizeof(*cp
) + key_count
*
1490 sizeof(struct mgmt_link_key_info
);
1491 if (expected_len
!= len
) {
1492 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1494 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
1495 MGMT_STATUS_INVALID_PARAMS
);
1498 BT_DBG("%s debug_keys %u key_count %u", hdev
->name
, cp
->debug_keys
,
1503 hci_link_keys_clear(hdev
);
1505 set_bit(HCI_LINK_KEYS
, &hdev
->dev_flags
);
1508 set_bit(HCI_DEBUG_KEYS
, &hdev
->dev_flags
);
1510 clear_bit(HCI_DEBUG_KEYS
, &hdev
->dev_flags
);
1512 for (i
= 0; i
< key_count
; i
++) {
1513 struct mgmt_link_key_info
*key
= &cp
->keys
[i
];
1515 hci_add_link_key(hdev
, NULL
, 0, &key
->addr
.bdaddr
, key
->val
,
1516 key
->type
, key
->pin_len
);
1519 cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
, 0, NULL
, 0);
1521 hci_dev_unlock(hdev
);
1526 static int device_unpaired(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
1527 u8 addr_type
, struct sock
*skip_sk
)
1529 struct mgmt_ev_device_unpaired ev
;
1531 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
1532 ev
.addr
.type
= addr_type
;
1534 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED
, hdev
, &ev
, sizeof(ev
),
1538 static int unpair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1541 struct mgmt_cp_unpair_device
*cp
= data
;
1542 struct mgmt_rp_unpair_device rp
;
1543 struct hci_cp_disconnect dc
;
1544 struct pending_cmd
*cmd
;
1545 struct hci_conn
*conn
;
1550 memset(&rp
, 0, sizeof(rp
));
1551 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
1552 rp
.addr
.type
= cp
->addr
.type
;
1554 if (!hdev_is_powered(hdev
)) {
1555 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1556 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
1560 if (cp
->addr
.type
== BDADDR_BREDR
)
1561 err
= hci_remove_link_key(hdev
, &cp
->addr
.bdaddr
);
1563 err
= hci_remove_ltk(hdev
, &cp
->addr
.bdaddr
);
1566 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1567 MGMT_STATUS_NOT_PAIRED
, &rp
, sizeof(rp
));
1571 if (cp
->disconnect
) {
1572 if (cp
->addr
.type
== BDADDR_BREDR
)
1573 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
1576 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
,
1583 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
, 0,
1585 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, sk
);
1589 cmd
= mgmt_pending_add(sk
, MGMT_OP_UNPAIR_DEVICE
, hdev
, cp
,
1596 dc
.handle
= cpu_to_le16(conn
->handle
);
1597 dc
.reason
= 0x13; /* Remote User Terminated Connection */
1598 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
1600 mgmt_pending_remove(cmd
);
1603 hci_dev_unlock(hdev
);
1607 static int disconnect(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1610 struct mgmt_cp_disconnect
*cp
= data
;
1611 struct hci_cp_disconnect dc
;
1612 struct pending_cmd
*cmd
;
1613 struct hci_conn
*conn
;
1620 if (!test_bit(HCI_UP
, &hdev
->flags
)) {
1621 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1622 MGMT_STATUS_NOT_POWERED
);
1626 if (mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
)) {
1627 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1632 if (cp
->addr
.type
== BDADDR_BREDR
)
1633 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
1636 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->addr
.bdaddr
);
1638 if (!conn
|| conn
->state
== BT_OPEN
|| conn
->state
== BT_CLOSED
) {
1639 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1640 MGMT_STATUS_NOT_CONNECTED
);
1644 cmd
= mgmt_pending_add(sk
, MGMT_OP_DISCONNECT
, hdev
, data
, len
);
1650 dc
.handle
= cpu_to_le16(conn
->handle
);
1651 dc
.reason
= HCI_ERROR_REMOTE_USER_TERM
;
1653 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
1655 mgmt_pending_remove(cmd
);
1658 hci_dev_unlock(hdev
);
1662 static u8
link_to_bdaddr(u8 link_type
, u8 addr_type
)
1664 switch (link_type
) {
1666 switch (addr_type
) {
1667 case ADDR_LE_DEV_PUBLIC
:
1668 return BDADDR_LE_PUBLIC
;
1671 /* Fallback to LE Random address type */
1672 return BDADDR_LE_RANDOM
;
1676 /* Fallback to BR/EDR type */
1677 return BDADDR_BREDR
;
1681 static int get_connections(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1684 struct mgmt_rp_get_connections
*rp
;
1694 if (!hdev_is_powered(hdev
)) {
1695 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
,
1696 MGMT_STATUS_NOT_POWERED
);
1701 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
1702 if (test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
1706 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
1707 rp
= kmalloc(rp_len
, GFP_KERNEL
);
1714 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
1715 if (!test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
1717 bacpy(&rp
->addr
[i
].bdaddr
, &c
->dst
);
1718 rp
->addr
[i
].type
= link_to_bdaddr(c
->type
, c
->dst_type
);
1719 if (c
->type
== SCO_LINK
|| c
->type
== ESCO_LINK
)
1724 rp
->conn_count
= cpu_to_le16(i
);
1726 /* Recalculate length in case of filtered SCO connections, etc */
1727 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
1729 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
, 0, rp
,
1735 hci_dev_unlock(hdev
);
1739 static int send_pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
1740 struct mgmt_cp_pin_code_neg_reply
*cp
)
1742 struct pending_cmd
*cmd
;
1745 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
, cp
,
1750 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
1751 sizeof(cp
->addr
.bdaddr
), &cp
->addr
.bdaddr
);
1753 mgmt_pending_remove(cmd
);
1758 static int pin_code_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1761 struct hci_conn
*conn
;
1762 struct mgmt_cp_pin_code_reply
*cp
= data
;
1763 struct hci_cp_pin_code_reply reply
;
1764 struct pending_cmd
*cmd
;
1771 if (!hdev_is_powered(hdev
)) {
1772 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
1773 MGMT_STATUS_NOT_POWERED
);
1777 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
);
1779 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
1780 MGMT_STATUS_NOT_CONNECTED
);
1784 if (conn
->pending_sec_level
== BT_SECURITY_HIGH
&& cp
->pin_len
!= 16) {
1785 struct mgmt_cp_pin_code_neg_reply ncp
;
1787 memcpy(&ncp
.addr
, &cp
->addr
, sizeof(ncp
.addr
));
1789 BT_ERR("PIN code is not 16 bytes long");
1791 err
= send_pin_code_neg_reply(sk
, hdev
, &ncp
);
1793 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
1794 MGMT_STATUS_INVALID_PARAMS
);
1799 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_REPLY
, hdev
, data
, len
);
1805 bacpy(&reply
.bdaddr
, &cp
->addr
.bdaddr
);
1806 reply
.pin_len
= cp
->pin_len
;
1807 memcpy(reply
.pin_code
, cp
->pin_code
, sizeof(reply
.pin_code
));
1809 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_REPLY
, sizeof(reply
), &reply
);
1811 mgmt_pending_remove(cmd
);
1814 hci_dev_unlock(hdev
);
1818 static int set_io_capability(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1821 struct mgmt_cp_set_io_capability
*cp
= data
;
1827 hdev
->io_capability
= cp
->io_capability
;
1829 BT_DBG("%s IO capability set to 0x%02x", hdev
->name
,
1830 hdev
->io_capability
);
1832 hci_dev_unlock(hdev
);
1834 return cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_IO_CAPABILITY
, 0, NULL
,
1838 static struct pending_cmd
*find_pairing(struct hci_conn
*conn
)
1840 struct hci_dev
*hdev
= conn
->hdev
;
1841 struct pending_cmd
*cmd
;
1843 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
1844 if (cmd
->opcode
!= MGMT_OP_PAIR_DEVICE
)
1847 if (cmd
->user_data
!= conn
)
1856 static void pairing_complete(struct pending_cmd
*cmd
, u8 status
)
1858 struct mgmt_rp_pair_device rp
;
1859 struct hci_conn
*conn
= cmd
->user_data
;
1861 bacpy(&rp
.addr
.bdaddr
, &conn
->dst
);
1862 rp
.addr
.type
= link_to_bdaddr(conn
->type
, conn
->dst_type
);
1864 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_PAIR_DEVICE
, status
,
1867 /* So we don't get further callbacks for this connection */
1868 conn
->connect_cfm_cb
= NULL
;
1869 conn
->security_cfm_cb
= NULL
;
1870 conn
->disconn_cfm_cb
= NULL
;
1874 mgmt_pending_remove(cmd
);
1877 static void pairing_complete_cb(struct hci_conn
*conn
, u8 status
)
1879 struct pending_cmd
*cmd
;
1881 BT_DBG("status %u", status
);
1883 cmd
= find_pairing(conn
);
1885 BT_DBG("Unable to find a pending command");
1887 pairing_complete(cmd
, mgmt_status(status
));
1890 static void le_connect_complete_cb(struct hci_conn
*conn
, u8 status
)
1892 struct pending_cmd
*cmd
;
1894 BT_DBG("status %u", status
);
1899 cmd
= find_pairing(conn
);
1901 BT_DBG("Unable to find a pending command");
1903 pairing_complete(cmd
, mgmt_status(status
));
1906 static int pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1909 struct mgmt_cp_pair_device
*cp
= data
;
1910 struct mgmt_rp_pair_device rp
;
1911 struct pending_cmd
*cmd
;
1912 u8 sec_level
, auth_type
;
1913 struct hci_conn
*conn
;
1920 if (!hdev_is_powered(hdev
)) {
1921 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
1922 MGMT_STATUS_NOT_POWERED
);
1926 sec_level
= BT_SECURITY_MEDIUM
;
1927 if (cp
->io_cap
== 0x03)
1928 auth_type
= HCI_AT_DEDICATED_BONDING
;
1930 auth_type
= HCI_AT_DEDICATED_BONDING_MITM
;
1932 if (cp
->addr
.type
== BDADDR_BREDR
)
1933 conn
= hci_connect(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
,
1934 cp
->addr
.type
, sec_level
, auth_type
);
1936 conn
= hci_connect(hdev
, LE_LINK
, &cp
->addr
.bdaddr
,
1937 cp
->addr
.type
, sec_level
, auth_type
);
1939 memset(&rp
, 0, sizeof(rp
));
1940 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
1941 rp
.addr
.type
= cp
->addr
.type
;
1946 if (PTR_ERR(conn
) == -EBUSY
)
1947 status
= MGMT_STATUS_BUSY
;
1949 status
= MGMT_STATUS_CONNECT_FAILED
;
1951 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
1957 if (conn
->connect_cfm_cb
) {
1959 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
1960 MGMT_STATUS_BUSY
, &rp
, sizeof(rp
));
1964 cmd
= mgmt_pending_add(sk
, MGMT_OP_PAIR_DEVICE
, hdev
, data
, len
);
1971 /* For LE, just connecting isn't a proof that the pairing finished */
1972 if (cp
->addr
.type
== BDADDR_BREDR
)
1973 conn
->connect_cfm_cb
= pairing_complete_cb
;
1975 conn
->connect_cfm_cb
= le_connect_complete_cb
;
1977 conn
->security_cfm_cb
= pairing_complete_cb
;
1978 conn
->disconn_cfm_cb
= pairing_complete_cb
;
1979 conn
->io_capability
= cp
->io_cap
;
1980 cmd
->user_data
= conn
;
1982 if (conn
->state
== BT_CONNECTED
&&
1983 hci_conn_security(conn
, sec_level
, auth_type
))
1984 pairing_complete(cmd
, 0);
1989 hci_dev_unlock(hdev
);
1993 static int cancel_pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1996 struct mgmt_addr_info
*addr
= data
;
1997 struct pending_cmd
*cmd
;
1998 struct hci_conn
*conn
;
2005 if (!hdev_is_powered(hdev
)) {
2006 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
2007 MGMT_STATUS_NOT_POWERED
);
2011 cmd
= mgmt_pending_find(MGMT_OP_PAIR_DEVICE
, hdev
);
2013 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
2014 MGMT_STATUS_INVALID_PARAMS
);
2018 conn
= cmd
->user_data
;
2020 if (bacmp(&addr
->bdaddr
, &conn
->dst
) != 0) {
2021 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
2022 MGMT_STATUS_INVALID_PARAMS
);
2026 pairing_complete(cmd
, MGMT_STATUS_CANCELLED
);
2028 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
, 0,
2029 addr
, sizeof(*addr
));
2031 hci_dev_unlock(hdev
);
2035 static int user_pairing_resp(struct sock
*sk
, struct hci_dev
*hdev
,
2036 bdaddr_t
*bdaddr
, u8 type
, u16 mgmt_op
,
2037 u16 hci_op
, __le32 passkey
)
2039 struct pending_cmd
*cmd
;
2040 struct hci_conn
*conn
;
2045 if (!hdev_is_powered(hdev
)) {
2046 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2047 MGMT_STATUS_NOT_POWERED
);
2051 if (type
== BDADDR_BREDR
)
2052 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, bdaddr
);
2054 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, bdaddr
);
2057 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2058 MGMT_STATUS_NOT_CONNECTED
);
2062 if (type
== BDADDR_LE_PUBLIC
|| type
== BDADDR_LE_RANDOM
) {
2063 /* Continue with pairing via SMP */
2064 err
= smp_user_confirm_reply(conn
, mgmt_op
, passkey
);
2067 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2068 MGMT_STATUS_SUCCESS
);
2070 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2071 MGMT_STATUS_FAILED
);
2076 cmd
= mgmt_pending_add(sk
, mgmt_op
, hdev
, bdaddr
, sizeof(*bdaddr
));
2082 /* Continue with pairing via HCI */
2083 if (hci_op
== HCI_OP_USER_PASSKEY_REPLY
) {
2084 struct hci_cp_user_passkey_reply cp
;
2086 bacpy(&cp
.bdaddr
, bdaddr
);
2087 cp
.passkey
= passkey
;
2088 err
= hci_send_cmd(hdev
, hci_op
, sizeof(cp
), &cp
);
2090 err
= hci_send_cmd(hdev
, hci_op
, sizeof(*bdaddr
), bdaddr
);
2093 mgmt_pending_remove(cmd
);
2096 hci_dev_unlock(hdev
);
2100 static int pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2101 void *data
, u16 len
)
2103 struct mgmt_cp_pin_code_neg_reply
*cp
= data
;
2107 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2108 MGMT_OP_PIN_CODE_NEG_REPLY
,
2109 HCI_OP_PIN_CODE_NEG_REPLY
, 0);
2112 static int user_confirm_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2115 struct mgmt_cp_user_confirm_reply
*cp
= data
;
2119 if (len
!= sizeof(*cp
))
2120 return cmd_status(sk
, hdev
->id
, MGMT_OP_USER_CONFIRM_REPLY
,
2121 MGMT_STATUS_INVALID_PARAMS
);
2123 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2124 MGMT_OP_USER_CONFIRM_REPLY
,
2125 HCI_OP_USER_CONFIRM_REPLY
, 0);
2128 static int user_confirm_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2129 void *data
, u16 len
)
2131 struct mgmt_cp_user_confirm_neg_reply
*cp
= data
;
2135 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2136 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
2137 HCI_OP_USER_CONFIRM_NEG_REPLY
, 0);
2140 static int user_passkey_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2143 struct mgmt_cp_user_passkey_reply
*cp
= data
;
2147 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2148 MGMT_OP_USER_PASSKEY_REPLY
,
2149 HCI_OP_USER_PASSKEY_REPLY
, cp
->passkey
);
2152 static int user_passkey_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2153 void *data
, u16 len
)
2155 struct mgmt_cp_user_passkey_neg_reply
*cp
= data
;
2159 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2160 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
2161 HCI_OP_USER_PASSKEY_NEG_REPLY
, 0);
2164 static int update_name(struct hci_dev
*hdev
, const char *name
)
2166 struct hci_cp_write_local_name cp
;
2168 memcpy(cp
.name
, name
, sizeof(cp
.name
));
2170 return hci_send_cmd(hdev
, HCI_OP_WRITE_LOCAL_NAME
, sizeof(cp
), &cp
);
2173 static int set_local_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2176 struct mgmt_cp_set_local_name
*cp
= data
;
2177 struct pending_cmd
*cmd
;
2184 memcpy(hdev
->short_name
, cp
->short_name
, sizeof(hdev
->short_name
));
2186 if (!hdev_is_powered(hdev
)) {
2187 memcpy(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
));
2189 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
2194 err
= mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, data
, len
,
2200 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LOCAL_NAME
, hdev
, data
, len
);
2206 err
= update_name(hdev
, cp
->name
);
2208 mgmt_pending_remove(cmd
);
2211 hci_dev_unlock(hdev
);
2215 static int read_local_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2216 void *data
, u16 data_len
)
2218 struct pending_cmd
*cmd
;
2221 BT_DBG("%s", hdev
->name
);
2225 if (!hdev_is_powered(hdev
)) {
2226 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2227 MGMT_STATUS_NOT_POWERED
);
2231 if (!lmp_ssp_capable(hdev
)) {
2232 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2233 MGMT_STATUS_NOT_SUPPORTED
);
2237 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
)) {
2238 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2243 cmd
= mgmt_pending_add(sk
, MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
, NULL
, 0);
2249 err
= hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_OOB_DATA
, 0, NULL
);
2251 mgmt_pending_remove(cmd
);
2254 hci_dev_unlock(hdev
);
2258 static int add_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2259 void *data
, u16 len
)
2261 struct mgmt_cp_add_remote_oob_data
*cp
= data
;
2265 BT_DBG("%s ", hdev
->name
);
2269 err
= hci_add_remote_oob_data(hdev
, &cp
->addr
.bdaddr
, cp
->hash
,
2272 status
= MGMT_STATUS_FAILED
;
2274 status
= MGMT_STATUS_SUCCESS
;
2276 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
, status
,
2277 &cp
->addr
, sizeof(cp
->addr
));
2279 hci_dev_unlock(hdev
);
2283 static int remove_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2284 void *data
, u16 len
)
2286 struct mgmt_cp_remove_remote_oob_data
*cp
= data
;
2290 BT_DBG("%s", hdev
->name
);
2294 err
= hci_remove_remote_oob_data(hdev
, &cp
->addr
.bdaddr
);
2296 status
= MGMT_STATUS_INVALID_PARAMS
;
2298 status
= MGMT_STATUS_SUCCESS
;
2300 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
2301 status
, &cp
->addr
, sizeof(cp
->addr
));
2303 hci_dev_unlock(hdev
);
2307 int mgmt_interleaved_discovery(struct hci_dev
*hdev
)
2311 BT_DBG("%s", hdev
->name
);
2315 err
= hci_do_inquiry(hdev
, INQUIRY_LEN_BREDR_LE
);
2317 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2319 hci_dev_unlock(hdev
);
2324 static int start_discovery(struct sock
*sk
, struct hci_dev
*hdev
,
2325 void *data
, u16 len
)
2327 struct mgmt_cp_start_discovery
*cp
= data
;
2328 struct pending_cmd
*cmd
;
2331 BT_DBG("%s", hdev
->name
);
2335 if (!hdev_is_powered(hdev
)) {
2336 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2337 MGMT_STATUS_NOT_POWERED
);
2341 if (test_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
)) {
2342 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2347 if (hdev
->discovery
.state
!= DISCOVERY_STOPPED
) {
2348 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2353 cmd
= mgmt_pending_add(sk
, MGMT_OP_START_DISCOVERY
, hdev
, NULL
, 0);
2359 hdev
->discovery
.type
= cp
->type
;
2361 switch (hdev
->discovery
.type
) {
2362 case DISCOV_TYPE_BREDR
:
2363 if (lmp_bredr_capable(hdev
))
2364 err
= hci_do_inquiry(hdev
, INQUIRY_LEN_BREDR
);
2369 case DISCOV_TYPE_LE
:
2370 if (lmp_host_le_capable(hdev
))
2371 err
= hci_le_scan(hdev
, LE_SCAN_TYPE
, LE_SCAN_INT
,
2372 LE_SCAN_WIN
, LE_SCAN_TIMEOUT_LE_ONLY
);
2377 case DISCOV_TYPE_INTERLEAVED
:
2378 if (lmp_host_le_capable(hdev
) && lmp_bredr_capable(hdev
))
2379 err
= hci_le_scan(hdev
, LE_SCAN_TYPE
, LE_SCAN_INT
,
2381 LE_SCAN_TIMEOUT_BREDR_LE
);
2391 mgmt_pending_remove(cmd
);
2393 hci_discovery_set_state(hdev
, DISCOVERY_STARTING
);
2396 hci_dev_unlock(hdev
);
2400 static int stop_discovery(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2403 struct mgmt_cp_stop_discovery
*mgmt_cp
= data
;
2404 struct pending_cmd
*cmd
;
2405 struct hci_cp_remote_name_req_cancel cp
;
2406 struct inquiry_entry
*e
;
2409 BT_DBG("%s", hdev
->name
);
2413 if (!hci_discovery_active(hdev
)) {
2414 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
2415 MGMT_STATUS_REJECTED
, &mgmt_cp
->type
,
2416 sizeof(mgmt_cp
->type
));
2420 if (hdev
->discovery
.type
!= mgmt_cp
->type
) {
2421 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
2422 MGMT_STATUS_INVALID_PARAMS
, &mgmt_cp
->type
,
2423 sizeof(mgmt_cp
->type
));
2427 cmd
= mgmt_pending_add(sk
, MGMT_OP_STOP_DISCOVERY
, hdev
, NULL
, 0);
2433 switch (hdev
->discovery
.state
) {
2434 case DISCOVERY_FINDING
:
2435 if (test_bit(HCI_INQUIRY
, &hdev
->flags
))
2436 err
= hci_cancel_inquiry(hdev
);
2438 err
= hci_cancel_le_scan(hdev
);
2442 case DISCOVERY_RESOLVING
:
2443 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
,
2446 mgmt_pending_remove(cmd
);
2447 err
= cmd_complete(sk
, hdev
->id
,
2448 MGMT_OP_STOP_DISCOVERY
, 0,
2450 sizeof(mgmt_cp
->type
));
2451 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2455 bacpy(&cp
.bdaddr
, &e
->data
.bdaddr
);
2456 err
= hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ_CANCEL
,
2462 BT_DBG("unknown discovery state %u", hdev
->discovery
.state
);
2467 mgmt_pending_remove(cmd
);
2469 hci_discovery_set_state(hdev
, DISCOVERY_STOPPING
);
2472 hci_dev_unlock(hdev
);
2476 static int confirm_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2479 struct mgmt_cp_confirm_name
*cp
= data
;
2480 struct inquiry_entry
*e
;
2483 BT_DBG("%s", hdev
->name
);
2487 if (!hci_discovery_active(hdev
)) {
2488 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
2489 MGMT_STATUS_FAILED
);
2493 e
= hci_inquiry_cache_lookup_unknown(hdev
, &cp
->addr
.bdaddr
);
2495 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
2496 MGMT_STATUS_INVALID_PARAMS
);
2500 if (cp
->name_known
) {
2501 e
->name_state
= NAME_KNOWN
;
2504 e
->name_state
= NAME_NEEDED
;
2505 hci_inquiry_cache_update_resolve(hdev
, e
);
2508 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
, 0, &cp
->addr
,
2512 hci_dev_unlock(hdev
);
2516 static int block_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2519 struct mgmt_cp_block_device
*cp
= data
;
2523 BT_DBG("%s", hdev
->name
);
2527 err
= hci_blacklist_add(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
2529 status
= MGMT_STATUS_FAILED
;
2531 status
= MGMT_STATUS_SUCCESS
;
2533 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_BLOCK_DEVICE
, status
,
2534 &cp
->addr
, sizeof(cp
->addr
));
2536 hci_dev_unlock(hdev
);
2541 static int unblock_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2544 struct mgmt_cp_unblock_device
*cp
= data
;
2548 BT_DBG("%s", hdev
->name
);
2552 err
= hci_blacklist_del(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
2554 status
= MGMT_STATUS_INVALID_PARAMS
;
2556 status
= MGMT_STATUS_SUCCESS
;
2558 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNBLOCK_DEVICE
, status
,
2559 &cp
->addr
, sizeof(cp
->addr
));
2561 hci_dev_unlock(hdev
);
2566 static int set_device_id(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2569 struct mgmt_cp_set_device_id
*cp
= data
;
2573 BT_DBG("%s", hdev
->name
);
2575 source
= __le16_to_cpu(cp
->source
);
2577 if (source
> 0x0002)
2578 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEVICE_ID
,
2579 MGMT_STATUS_INVALID_PARAMS
);
2583 hdev
->devid_source
= source
;
2584 hdev
->devid_vendor
= __le16_to_cpu(cp
->vendor
);
2585 hdev
->devid_product
= __le16_to_cpu(cp
->product
);
2586 hdev
->devid_version
= __le16_to_cpu(cp
->version
);
2588 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEVICE_ID
, 0, NULL
, 0);
2592 hci_dev_unlock(hdev
);
2597 static int set_fast_connectable(struct sock
*sk
, struct hci_dev
*hdev
,
2598 void *data
, u16 len
)
2600 struct mgmt_mode
*cp
= data
;
2601 struct hci_cp_write_page_scan_activity acp
;
2605 BT_DBG("%s", hdev
->name
);
2607 if (!lmp_bredr_capable(hdev
))
2608 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2609 MGMT_STATUS_NOT_SUPPORTED
);
2611 if (!hdev_is_powered(hdev
))
2612 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2613 MGMT_STATUS_NOT_POWERED
);
2615 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2616 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2617 MGMT_STATUS_REJECTED
);
2622 type
= PAGE_SCAN_TYPE_INTERLACED
;
2624 /* 160 msec page scan interval */
2625 acp
.interval
= __constant_cpu_to_le16(0x0100);
2627 type
= PAGE_SCAN_TYPE_STANDARD
; /* default */
2629 /* default 1.28 sec page scan */
2630 acp
.interval
= __constant_cpu_to_le16(0x0800);
2633 /* default 11.25 msec page scan window */
2634 acp
.window
= __constant_cpu_to_le16(0x0012);
2636 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY
, sizeof(acp
),
2639 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2640 MGMT_STATUS_FAILED
);
2644 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_PAGE_SCAN_TYPE
, 1, &type
);
2646 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2647 MGMT_STATUS_FAILED
);
2651 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
, 0,
2654 hci_dev_unlock(hdev
);
2658 static int load_long_term_keys(struct sock
*sk
, struct hci_dev
*hdev
,
2659 void *cp_data
, u16 len
)
2661 struct mgmt_cp_load_long_term_keys
*cp
= cp_data
;
2662 u16 key_count
, expected_len
;
2665 key_count
= __le16_to_cpu(cp
->key_count
);
2667 expected_len
= sizeof(*cp
) + key_count
*
2668 sizeof(struct mgmt_ltk_info
);
2669 if (expected_len
!= len
) {
2670 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2672 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
,
2676 BT_DBG("%s key_count %u", hdev
->name
, key_count
);
2680 hci_smp_ltks_clear(hdev
);
2682 for (i
= 0; i
< key_count
; i
++) {
2683 struct mgmt_ltk_info
*key
= &cp
->keys
[i
];
2689 type
= HCI_SMP_LTK_SLAVE
;
2691 hci_add_ltk(hdev
, &key
->addr
.bdaddr
,
2692 bdaddr_to_le(key
->addr
.type
),
2693 type
, 0, key
->authenticated
, key
->val
,
2694 key
->enc_size
, key
->ediv
, key
->rand
);
2697 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
, 0,
2700 hci_dev_unlock(hdev
);
2705 static const struct mgmt_handler
{
2706 int (*func
) (struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2710 } mgmt_handlers
[] = {
2711 { NULL
}, /* 0x0000 (no command) */
2712 { read_version
, false, MGMT_READ_VERSION_SIZE
},
2713 { read_commands
, false, MGMT_READ_COMMANDS_SIZE
},
2714 { read_index_list
, false, MGMT_READ_INDEX_LIST_SIZE
},
2715 { read_controller_info
, false, MGMT_READ_INFO_SIZE
},
2716 { set_powered
, false, MGMT_SETTING_SIZE
},
2717 { set_discoverable
, false, MGMT_SET_DISCOVERABLE_SIZE
},
2718 { set_connectable
, false, MGMT_SETTING_SIZE
},
2719 { set_fast_connectable
, false, MGMT_SETTING_SIZE
},
2720 { set_pairable
, false, MGMT_SETTING_SIZE
},
2721 { set_link_security
, false, MGMT_SETTING_SIZE
},
2722 { set_ssp
, false, MGMT_SETTING_SIZE
},
2723 { set_hs
, false, MGMT_SETTING_SIZE
},
2724 { set_le
, false, MGMT_SETTING_SIZE
},
2725 { set_dev_class
, false, MGMT_SET_DEV_CLASS_SIZE
},
2726 { set_local_name
, false, MGMT_SET_LOCAL_NAME_SIZE
},
2727 { add_uuid
, false, MGMT_ADD_UUID_SIZE
},
2728 { remove_uuid
, false, MGMT_REMOVE_UUID_SIZE
},
2729 { load_link_keys
, true, MGMT_LOAD_LINK_KEYS_SIZE
},
2730 { load_long_term_keys
, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE
},
2731 { disconnect
, false, MGMT_DISCONNECT_SIZE
},
2732 { get_connections
, false, MGMT_GET_CONNECTIONS_SIZE
},
2733 { pin_code_reply
, false, MGMT_PIN_CODE_REPLY_SIZE
},
2734 { pin_code_neg_reply
, false, MGMT_PIN_CODE_NEG_REPLY_SIZE
},
2735 { set_io_capability
, false, MGMT_SET_IO_CAPABILITY_SIZE
},
2736 { pair_device
, false, MGMT_PAIR_DEVICE_SIZE
},
2737 { cancel_pair_device
, false, MGMT_CANCEL_PAIR_DEVICE_SIZE
},
2738 { unpair_device
, false, MGMT_UNPAIR_DEVICE_SIZE
},
2739 { user_confirm_reply
, false, MGMT_USER_CONFIRM_REPLY_SIZE
},
2740 { user_confirm_neg_reply
, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE
},
2741 { user_passkey_reply
, false, MGMT_USER_PASSKEY_REPLY_SIZE
},
2742 { user_passkey_neg_reply
, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE
},
2743 { read_local_oob_data
, false, MGMT_READ_LOCAL_OOB_DATA_SIZE
},
2744 { add_remote_oob_data
, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE
},
2745 { remove_remote_oob_data
, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE
},
2746 { start_discovery
, false, MGMT_START_DISCOVERY_SIZE
},
2747 { stop_discovery
, false, MGMT_STOP_DISCOVERY_SIZE
},
2748 { confirm_name
, false, MGMT_CONFIRM_NAME_SIZE
},
2749 { block_device
, false, MGMT_BLOCK_DEVICE_SIZE
},
2750 { unblock_device
, false, MGMT_UNBLOCK_DEVICE_SIZE
},
2751 { set_device_id
, false, MGMT_SET_DEVICE_ID_SIZE
},
2755 int mgmt_control(struct sock
*sk
, struct msghdr
*msg
, size_t msglen
)
2759 struct mgmt_hdr
*hdr
;
2760 u16 opcode
, index
, len
;
2761 struct hci_dev
*hdev
= NULL
;
2762 const struct mgmt_handler
*handler
;
2765 BT_DBG("got %zu bytes", msglen
);
2767 if (msglen
< sizeof(*hdr
))
2770 buf
= kmalloc(msglen
, GFP_KERNEL
);
2774 if (memcpy_fromiovec(buf
, msg
->msg_iov
, msglen
)) {
2780 opcode
= __le16_to_cpu(hdr
->opcode
);
2781 index
= __le16_to_cpu(hdr
->index
);
2782 len
= __le16_to_cpu(hdr
->len
);
2784 if (len
!= msglen
- sizeof(*hdr
)) {
2789 if (index
!= MGMT_INDEX_NONE
) {
2790 hdev
= hci_dev_get(index
);
2792 err
= cmd_status(sk
, index
, opcode
,
2793 MGMT_STATUS_INVALID_INDEX
);
2798 if (opcode
>= ARRAY_SIZE(mgmt_handlers
) ||
2799 mgmt_handlers
[opcode
].func
== NULL
) {
2800 BT_DBG("Unknown op %u", opcode
);
2801 err
= cmd_status(sk
, index
, opcode
,
2802 MGMT_STATUS_UNKNOWN_COMMAND
);
2806 if ((hdev
&& opcode
< MGMT_OP_READ_INFO
) ||
2807 (!hdev
&& opcode
>= MGMT_OP_READ_INFO
)) {
2808 err
= cmd_status(sk
, index
, opcode
,
2809 MGMT_STATUS_INVALID_INDEX
);
2813 handler
= &mgmt_handlers
[opcode
];
2815 if ((handler
->var_len
&& len
< handler
->data_len
) ||
2816 (!handler
->var_len
&& len
!= handler
->data_len
)) {
2817 err
= cmd_status(sk
, index
, opcode
,
2818 MGMT_STATUS_INVALID_PARAMS
);
2823 mgmt_init_hdev(sk
, hdev
);
2825 cp
= buf
+ sizeof(*hdr
);
2827 err
= handler
->func(sk
, hdev
, cp
, len
);
2841 static void cmd_status_rsp(struct pending_cmd
*cmd
, void *data
)
2845 cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, *status
);
2846 mgmt_pending_remove(cmd
);
2849 int mgmt_index_added(struct hci_dev
*hdev
)
2851 if (!mgmt_valid_hdev(hdev
))
2854 return mgmt_event(MGMT_EV_INDEX_ADDED
, hdev
, NULL
, 0, NULL
);
2857 int mgmt_index_removed(struct hci_dev
*hdev
)
2859 u8 status
= MGMT_STATUS_INVALID_INDEX
;
2861 if (!mgmt_valid_hdev(hdev
))
2864 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status
);
2866 return mgmt_event(MGMT_EV_INDEX_REMOVED
, hdev
, NULL
, 0, NULL
);
2871 struct hci_dev
*hdev
;
2875 static void settings_rsp(struct pending_cmd
*cmd
, void *data
)
2877 struct cmd_lookup
*match
= data
;
2879 send_settings_rsp(cmd
->sk
, cmd
->opcode
, match
->hdev
);
2881 list_del(&cmd
->list
);
2883 if (match
->sk
== NULL
) {
2884 match
->sk
= cmd
->sk
;
2885 sock_hold(match
->sk
);
2888 mgmt_pending_free(cmd
);
2891 static int set_bredr_scan(struct hci_dev
*hdev
)
2895 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2897 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
2898 scan
|= SCAN_INQUIRY
;
2903 return hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
2906 int mgmt_powered(struct hci_dev
*hdev
, u8 powered
)
2908 struct cmd_lookup match
= { NULL
, hdev
};
2911 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
2914 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
, &match
);
2917 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
) &&
2918 !lmp_host_ssp_capable(hdev
)) {
2921 hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_MODE
, 1, &ssp
);
2924 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
2925 struct hci_cp_write_le_host_supported cp
;
2928 cp
.simul
= lmp_le_br_capable(hdev
);
2930 /* Check first if we already have the right
2931 * host state (host features set)
2933 if (cp
.le
!= lmp_host_le_capable(hdev
) ||
2934 cp
.simul
!= lmp_host_le_br_capable(hdev
))
2936 HCI_OP_WRITE_LE_HOST_SUPPORTED
,
2940 if (lmp_bredr_capable(hdev
)) {
2941 set_bredr_scan(hdev
);
2943 update_name(hdev
, hdev
->dev_name
);
2947 u8 status
= MGMT_STATUS_NOT_POWERED
;
2948 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status
);
2951 err
= new_settings(hdev
, match
.sk
);
2959 int mgmt_discoverable(struct hci_dev
*hdev
, u8 discoverable
)
2961 struct cmd_lookup match
= { NULL
, hdev
};
2962 bool changed
= false;
2966 if (!test_and_set_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
2969 if (test_and_clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
2973 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE
, hdev
, settings_rsp
,
2977 err
= new_settings(hdev
, match
.sk
);
2985 int mgmt_connectable(struct hci_dev
*hdev
, u8 connectable
)
2987 struct cmd_lookup match
= { NULL
, hdev
};
2988 bool changed
= false;
2992 if (!test_and_set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2995 if (test_and_clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2999 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE
, hdev
, settings_rsp
,
3003 err
= new_settings(hdev
, match
.sk
);
3011 int mgmt_write_scan_failed(struct hci_dev
*hdev
, u8 scan
, u8 status
)
3013 u8 mgmt_err
= mgmt_status(status
);
3015 if (scan
& SCAN_PAGE
)
3016 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE
, hdev
,
3017 cmd_status_rsp
, &mgmt_err
);
3019 if (scan
& SCAN_INQUIRY
)
3020 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE
, hdev
,
3021 cmd_status_rsp
, &mgmt_err
);
3026 int mgmt_new_link_key(struct hci_dev
*hdev
, struct link_key
*key
,
3029 struct mgmt_ev_new_link_key ev
;
3031 memset(&ev
, 0, sizeof(ev
));
3033 ev
.store_hint
= persistent
;
3034 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
3035 ev
.key
.addr
.type
= BDADDR_BREDR
;
3036 ev
.key
.type
= key
->type
;
3037 memcpy(ev
.key
.val
, key
->val
, HCI_LINK_KEY_SIZE
);
3038 ev
.key
.pin_len
= key
->pin_len
;
3040 return mgmt_event(MGMT_EV_NEW_LINK_KEY
, hdev
, &ev
, sizeof(ev
), NULL
);
3043 int mgmt_new_ltk(struct hci_dev
*hdev
, struct smp_ltk
*key
, u8 persistent
)
3045 struct mgmt_ev_new_long_term_key ev
;
3047 memset(&ev
, 0, sizeof(ev
));
3049 ev
.store_hint
= persistent
;
3050 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
3051 ev
.key
.addr
.type
= link_to_bdaddr(LE_LINK
, key
->bdaddr_type
);
3052 ev
.key
.authenticated
= key
->authenticated
;
3053 ev
.key
.enc_size
= key
->enc_size
;
3054 ev
.key
.ediv
= key
->ediv
;
3056 if (key
->type
== HCI_SMP_LTK
)
3059 memcpy(ev
.key
.rand
, key
->rand
, sizeof(key
->rand
));
3060 memcpy(ev
.key
.val
, key
->val
, sizeof(key
->val
));
3062 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY
, hdev
, &ev
, sizeof(ev
),
3066 int mgmt_device_connected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3067 u8 addr_type
, u32 flags
, u8
*name
, u8 name_len
,
3071 struct mgmt_ev_device_connected
*ev
= (void *) buf
;
3074 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
3075 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3077 ev
->flags
= __cpu_to_le32(flags
);
3080 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
,
3083 if (dev_class
&& memcmp(dev_class
, "\0\0\0", 3) != 0)
3084 eir_len
= eir_append_data(ev
->eir
, eir_len
,
3085 EIR_CLASS_OF_DEV
, dev_class
, 3);
3087 ev
->eir_len
= cpu_to_le16(eir_len
);
3089 return mgmt_event(MGMT_EV_DEVICE_CONNECTED
, hdev
, buf
,
3090 sizeof(*ev
) + eir_len
, NULL
);
3093 static void disconnect_rsp(struct pending_cmd
*cmd
, void *data
)
3095 struct mgmt_cp_disconnect
*cp
= cmd
->param
;
3096 struct sock
**sk
= data
;
3097 struct mgmt_rp_disconnect rp
;
3099 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
3100 rp
.addr
.type
= cp
->addr
.type
;
3102 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
, 0, &rp
,
3108 mgmt_pending_remove(cmd
);
3111 static void unpair_device_rsp(struct pending_cmd
*cmd
, void *data
)
3113 struct hci_dev
*hdev
= data
;
3114 struct mgmt_cp_unpair_device
*cp
= cmd
->param
;
3115 struct mgmt_rp_unpair_device rp
;
3117 memset(&rp
, 0, sizeof(rp
));
3118 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
3119 rp
.addr
.type
= cp
->addr
.type
;
3121 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, cmd
->sk
);
3123 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, 0, &rp
, sizeof(rp
));
3125 mgmt_pending_remove(cmd
);
3128 int mgmt_device_disconnected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3129 u8 link_type
, u8 addr_type
, u8 reason
)
3131 struct mgmt_ev_device_disconnected ev
;
3132 struct sock
*sk
= NULL
;
3135 mgmt_pending_foreach(MGMT_OP_DISCONNECT
, hdev
, disconnect_rsp
, &sk
);
3137 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3138 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3141 err
= mgmt_event(MGMT_EV_DEVICE_DISCONNECTED
, hdev
, &ev
, sizeof(ev
),
3147 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
3153 int mgmt_disconnect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3154 u8 link_type
, u8 addr_type
, u8 status
)
3156 struct mgmt_rp_disconnect rp
;
3157 struct pending_cmd
*cmd
;
3160 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
3163 cmd
= mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
);
3167 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3168 rp
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3170 err
= cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
,
3171 mgmt_status(status
), &rp
, sizeof(rp
));
3173 mgmt_pending_remove(cmd
);
3178 int mgmt_connect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3179 u8 addr_type
, u8 status
)
3181 struct mgmt_ev_connect_failed ev
;
3183 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3184 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3185 ev
.status
= mgmt_status(status
);
3187 return mgmt_event(MGMT_EV_CONNECT_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
3190 int mgmt_pin_code_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 secure
)
3192 struct mgmt_ev_pin_code_request ev
;
3194 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3195 ev
.addr
.type
= BDADDR_BREDR
;
3198 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST
, hdev
, &ev
, sizeof(ev
),
3202 int mgmt_pin_code_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3205 struct pending_cmd
*cmd
;
3206 struct mgmt_rp_pin_code_reply rp
;
3209 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY
, hdev
);
3213 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3214 rp
.addr
.type
= BDADDR_BREDR
;
3216 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
3217 mgmt_status(status
), &rp
, sizeof(rp
));
3219 mgmt_pending_remove(cmd
);
3224 int mgmt_pin_code_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3227 struct pending_cmd
*cmd
;
3228 struct mgmt_rp_pin_code_reply rp
;
3231 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
);
3235 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3236 rp
.addr
.type
= BDADDR_BREDR
;
3238 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_NEG_REPLY
,
3239 mgmt_status(status
), &rp
, sizeof(rp
));
3241 mgmt_pending_remove(cmd
);
3246 int mgmt_user_confirm_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3247 u8 link_type
, u8 addr_type
, __le32 value
,
3250 struct mgmt_ev_user_confirm_request ev
;
3252 BT_DBG("%s", hdev
->name
);
3254 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3255 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3256 ev
.confirm_hint
= confirm_hint
;
3259 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST
, hdev
, &ev
, sizeof(ev
),
3263 int mgmt_user_passkey_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3264 u8 link_type
, u8 addr_type
)
3266 struct mgmt_ev_user_passkey_request ev
;
3268 BT_DBG("%s", hdev
->name
);
3270 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3271 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3273 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST
, hdev
, &ev
, sizeof(ev
),
3277 static int user_pairing_resp_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3278 u8 link_type
, u8 addr_type
, u8 status
,
3281 struct pending_cmd
*cmd
;
3282 struct mgmt_rp_user_confirm_reply rp
;
3285 cmd
= mgmt_pending_find(opcode
, hdev
);
3289 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3290 rp
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3291 err
= cmd_complete(cmd
->sk
, hdev
->id
, opcode
, mgmt_status(status
),
3294 mgmt_pending_remove(cmd
);
3299 int mgmt_user_confirm_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3300 u8 link_type
, u8 addr_type
, u8 status
)
3302 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3303 status
, MGMT_OP_USER_CONFIRM_REPLY
);
3306 int mgmt_user_confirm_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3307 u8 link_type
, u8 addr_type
, u8 status
)
3309 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3311 MGMT_OP_USER_CONFIRM_NEG_REPLY
);
3314 int mgmt_user_passkey_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3315 u8 link_type
, u8 addr_type
, u8 status
)
3317 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3318 status
, MGMT_OP_USER_PASSKEY_REPLY
);
3321 int mgmt_user_passkey_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3322 u8 link_type
, u8 addr_type
, u8 status
)
3324 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3326 MGMT_OP_USER_PASSKEY_NEG_REPLY
);
3329 int mgmt_user_passkey_notify(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3330 u8 link_type
, u8 addr_type
, u32 passkey
,
3333 struct mgmt_ev_passkey_notify ev
;
3335 BT_DBG("%s", hdev
->name
);
3337 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3338 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3339 ev
.passkey
= __cpu_to_le32(passkey
);
3340 ev
.entered
= entered
;
3342 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY
, hdev
, &ev
, sizeof(ev
), NULL
);
3345 int mgmt_auth_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3346 u8 addr_type
, u8 status
)
3348 struct mgmt_ev_auth_failed ev
;
3350 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3351 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3352 ev
.status
= mgmt_status(status
);
3354 return mgmt_event(MGMT_EV_AUTH_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
3357 int mgmt_auth_enable_complete(struct hci_dev
*hdev
, u8 status
)
3359 struct cmd_lookup match
= { NULL
, hdev
};
3360 bool changed
= false;
3364 u8 mgmt_err
= mgmt_status(status
);
3365 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
,
3366 cmd_status_rsp
, &mgmt_err
);
3370 if (test_bit(HCI_AUTH
, &hdev
->flags
)) {
3371 if (!test_and_set_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
3374 if (test_and_clear_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
3378 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
, settings_rsp
,
3382 err
= new_settings(hdev
, match
.sk
);
3390 static int clear_eir(struct hci_dev
*hdev
)
3392 struct hci_cp_write_eir cp
;
3394 if (!lmp_ext_inq_capable(hdev
))
3397 memset(hdev
->eir
, 0, sizeof(hdev
->eir
));
3399 memset(&cp
, 0, sizeof(cp
));
3401 return hci_send_cmd(hdev
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
3404 int mgmt_ssp_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
3406 struct cmd_lookup match
= { NULL
, hdev
};
3407 bool changed
= false;
3411 u8 mgmt_err
= mgmt_status(status
);
3413 if (enable
&& test_and_clear_bit(HCI_SSP_ENABLED
,
3415 err
= new_settings(hdev
, NULL
);
3417 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, cmd_status_rsp
,
3424 if (!test_and_set_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3427 if (test_and_clear_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3431 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, settings_rsp
, &match
);
3434 err
= new_settings(hdev
, match
.sk
);
3439 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3447 static void class_rsp(struct pending_cmd
*cmd
, void *data
)
3449 struct cmd_lookup
*match
= data
;
3451 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, match
->mgmt_status
,
3452 match
->hdev
->dev_class
, 3);
3454 list_del(&cmd
->list
);
3456 if (match
->sk
== NULL
) {
3457 match
->sk
= cmd
->sk
;
3458 sock_hold(match
->sk
);
3461 mgmt_pending_free(cmd
);
3464 int mgmt_set_class_of_dev_complete(struct hci_dev
*hdev
, u8
*dev_class
,
3467 struct cmd_lookup match
= { NULL
, hdev
, mgmt_status(status
) };
3470 clear_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
);
3472 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS
, hdev
, class_rsp
, &match
);
3473 mgmt_pending_foreach(MGMT_OP_ADD_UUID
, hdev
, class_rsp
, &match
);
3474 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID
, hdev
, class_rsp
, &match
);
3477 err
= mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED
, hdev
, dev_class
,
3486 int mgmt_set_local_name_complete(struct hci_dev
*hdev
, u8
*name
, u8 status
)
3488 struct pending_cmd
*cmd
;
3489 struct mgmt_cp_set_local_name ev
;
3490 bool changed
= false;
3493 if (memcmp(name
, hdev
->dev_name
, sizeof(hdev
->dev_name
)) != 0) {
3494 memcpy(hdev
->dev_name
, name
, sizeof(hdev
->dev_name
));
3498 memset(&ev
, 0, sizeof(ev
));
3499 memcpy(ev
.name
, name
, HCI_MAX_NAME_LENGTH
);
3500 memcpy(ev
.short_name
, hdev
->short_name
, HCI_MAX_SHORT_NAME_LENGTH
);
3502 cmd
= mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME
, hdev
);
3506 /* Always assume that either the short or the complete name has
3507 * changed if there was a pending mgmt command */
3511 err
= cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
,
3512 mgmt_status(status
));
3516 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0, &ev
,
3523 err
= mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, &ev
,
3524 sizeof(ev
), cmd
? cmd
->sk
: NULL
);
3526 /* EIR is taken care of separately when powering on the
3527 * adapter so only update them here if this is a name change
3528 * unrelated to power on.
3530 if (!test_bit(HCI_INIT
, &hdev
->flags
))
3535 mgmt_pending_remove(cmd
);
3539 int mgmt_read_local_oob_data_reply_complete(struct hci_dev
*hdev
, u8
*hash
,
3540 u8
*randomizer
, u8 status
)
3542 struct pending_cmd
*cmd
;
3545 BT_DBG("%s status %u", hdev
->name
, status
);
3547 cmd
= mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
);
3552 err
= cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
3553 mgmt_status(status
));
3555 struct mgmt_rp_read_local_oob_data rp
;
3557 memcpy(rp
.hash
, hash
, sizeof(rp
.hash
));
3558 memcpy(rp
.randomizer
, randomizer
, sizeof(rp
.randomizer
));
3560 err
= cmd_complete(cmd
->sk
, hdev
->id
,
3561 MGMT_OP_READ_LOCAL_OOB_DATA
, 0, &rp
,
3565 mgmt_pending_remove(cmd
);
3570 int mgmt_le_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
3572 struct cmd_lookup match
= { NULL
, hdev
};
3573 bool changed
= false;
3577 u8 mgmt_err
= mgmt_status(status
);
3579 if (enable
&& test_and_clear_bit(HCI_LE_ENABLED
,
3581 err
= new_settings(hdev
, NULL
);
3583 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, cmd_status_rsp
,
3590 if (!test_and_set_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
3593 if (test_and_clear_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
3597 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, settings_rsp
, &match
);
3600 err
= new_settings(hdev
, match
.sk
);
3608 int mgmt_device_found(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3609 u8 addr_type
, u8
*dev_class
, s8 rssi
, u8 cfm_name
, u8
3610 ssp
, u8
*eir
, u16 eir_len
)
3613 struct mgmt_ev_device_found
*ev
= (void *) buf
;
3616 /* Leave 5 bytes for a potential CoD field */
3617 if (sizeof(*ev
) + eir_len
+ 5 > sizeof(buf
))
3620 memset(buf
, 0, sizeof(buf
));
3622 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
3623 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3626 ev
->flags
|= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME
);
3628 ev
->flags
|= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING
);
3631 memcpy(ev
->eir
, eir
, eir_len
);
3633 if (dev_class
&& !eir_has_data_type(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
))
3634 eir_len
= eir_append_data(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
,
3637 ev
->eir_len
= cpu_to_le16(eir_len
);
3638 ev_size
= sizeof(*ev
) + eir_len
;
3640 return mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
, ev_size
, NULL
);
3643 int mgmt_remote_name(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3644 u8 addr_type
, s8 rssi
, u8
*name
, u8 name_len
)
3646 struct mgmt_ev_device_found
*ev
;
3647 char buf
[sizeof(*ev
) + HCI_MAX_NAME_LENGTH
+ 2];
3650 ev
= (struct mgmt_ev_device_found
*) buf
;
3652 memset(buf
, 0, sizeof(buf
));
3654 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
3655 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3658 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
, name
,
3661 ev
->eir_len
= cpu_to_le16(eir_len
);
3663 return mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
,
3664 sizeof(*ev
) + eir_len
, NULL
);
3667 int mgmt_start_discovery_failed(struct hci_dev
*hdev
, u8 status
)
3669 struct pending_cmd
*cmd
;
3673 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
3675 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
3679 type
= hdev
->discovery
.type
;
3681 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
3682 &type
, sizeof(type
));
3683 mgmt_pending_remove(cmd
);
3688 int mgmt_stop_discovery_failed(struct hci_dev
*hdev
, u8 status
)
3690 struct pending_cmd
*cmd
;
3693 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
3697 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
3698 &hdev
->discovery
.type
, sizeof(hdev
->discovery
.type
));
3699 mgmt_pending_remove(cmd
);
3704 int mgmt_discovering(struct hci_dev
*hdev
, u8 discovering
)
3706 struct mgmt_ev_discovering ev
;
3707 struct pending_cmd
*cmd
;
3709 BT_DBG("%s discovering %u", hdev
->name
, discovering
);
3712 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
3714 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
3717 u8 type
= hdev
->discovery
.type
;
3719 cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, 0, &type
,
3721 mgmt_pending_remove(cmd
);
3724 memset(&ev
, 0, sizeof(ev
));
3725 ev
.type
= hdev
->discovery
.type
;
3726 ev
.discovering
= discovering
;
3728 return mgmt_event(MGMT_EV_DISCOVERING
, hdev
, &ev
, sizeof(ev
), NULL
);
3731 int mgmt_device_blocked(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
3733 struct pending_cmd
*cmd
;
3734 struct mgmt_ev_device_blocked ev
;
3736 cmd
= mgmt_pending_find(MGMT_OP_BLOCK_DEVICE
, hdev
);
3738 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3739 ev
.addr
.type
= type
;
3741 return mgmt_event(MGMT_EV_DEVICE_BLOCKED
, hdev
, &ev
, sizeof(ev
),
3742 cmd
? cmd
->sk
: NULL
);
3745 int mgmt_device_unblocked(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
3747 struct pending_cmd
*cmd
;
3748 struct mgmt_ev_device_unblocked ev
;
3750 cmd
= mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE
, hdev
);
3752 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3753 ev
.addr
.type
= type
;
3755 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED
, hdev
, &ev
, sizeof(ev
),
3756 cmd
? cmd
->sk
: NULL
);
3759 module_param(enable_hs
, bool, 0644);
3760 MODULE_PARM_DESC(enable_hs
, "Enable High Speed support");
projects / mirror_ubuntu-bionic-kernel.git / blob