2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 2
40 static const u16 mgmt_commands
[] = {
41 MGMT_OP_READ_INDEX_LIST
,
44 MGMT_OP_SET_DISCOVERABLE
,
45 MGMT_OP_SET_CONNECTABLE
,
46 MGMT_OP_SET_FAST_CONNECTABLE
,
48 MGMT_OP_SET_LINK_SECURITY
,
52 MGMT_OP_SET_DEV_CLASS
,
53 MGMT_OP_SET_LOCAL_NAME
,
56 MGMT_OP_LOAD_LINK_KEYS
,
57 MGMT_OP_LOAD_LONG_TERM_KEYS
,
59 MGMT_OP_GET_CONNECTIONS
,
60 MGMT_OP_PIN_CODE_REPLY
,
61 MGMT_OP_PIN_CODE_NEG_REPLY
,
62 MGMT_OP_SET_IO_CAPABILITY
,
64 MGMT_OP_CANCEL_PAIR_DEVICE
,
65 MGMT_OP_UNPAIR_DEVICE
,
66 MGMT_OP_USER_CONFIRM_REPLY
,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
68 MGMT_OP_USER_PASSKEY_REPLY
,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
70 MGMT_OP_READ_LOCAL_OOB_DATA
,
71 MGMT_OP_ADD_REMOTE_OOB_DATA
,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
73 MGMT_OP_START_DISCOVERY
,
74 MGMT_OP_STOP_DISCOVERY
,
77 MGMT_OP_UNBLOCK_DEVICE
,
78 MGMT_OP_SET_DEVICE_ID
,
81 static const u16 mgmt_events
[] = {
82 MGMT_EV_CONTROLLER_ERROR
,
84 MGMT_EV_INDEX_REMOVED
,
86 MGMT_EV_CLASS_OF_DEV_CHANGED
,
87 MGMT_EV_LOCAL_NAME_CHANGED
,
89 MGMT_EV_NEW_LONG_TERM_KEY
,
90 MGMT_EV_DEVICE_CONNECTED
,
91 MGMT_EV_DEVICE_DISCONNECTED
,
92 MGMT_EV_CONNECT_FAILED
,
93 MGMT_EV_PIN_CODE_REQUEST
,
94 MGMT_EV_USER_CONFIRM_REQUEST
,
95 MGMT_EV_USER_PASSKEY_REQUEST
,
99 MGMT_EV_DEVICE_BLOCKED
,
100 MGMT_EV_DEVICE_UNBLOCKED
,
101 MGMT_EV_DEVICE_UNPAIRED
,
102 MGMT_EV_PASSKEY_NOTIFY
,
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
109 #define LE_SCAN_TYPE 0x01
110 #define LE_SCAN_WIN 0x12
111 #define LE_SCAN_INT 0x12
112 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
113 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
115 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
118 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
120 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124 struct list_head list
;
132 /* HCI to MGMT error code conversion table */
133 static u8 mgmt_status_table
[] = {
135 MGMT_STATUS_UNKNOWN_COMMAND
, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED
, /* No Connection */
137 MGMT_STATUS_FAILED
, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED
, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED
, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED
, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES
, /* Memory Full */
142 MGMT_STATUS_TIMEOUT
, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES
, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES
, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED
, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY
, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES
, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED
, /* Rejected Security */
149 MGMT_STATUS_REJECTED
, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT
, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS
, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED
, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES
, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED
, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED
, /* Connection Terminated */
157 MGMT_STATUS_BUSY
, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED
, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED
, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED
, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED
, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED
, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS
, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED
, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED
, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT
, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED
, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED
, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED
, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED
, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED
, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT
, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED
, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED
, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS
, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED
, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED
, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED
, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS
, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY
, /* Role Switch Pending */
183 MGMT_STATUS_FAILED
, /* Slot Violation */
184 MGMT_STATUS_FAILED
, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS
, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED
, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY
, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED
, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY
, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS
, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT
, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED
, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED
, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED
, /* MAC Connection Failed */
197 bool mgmt_valid_hdev(struct hci_dev
*hdev
)
199 return hdev
->dev_type
== HCI_BREDR
;
202 static u8
mgmt_status(u8 hci_status
)
204 if (hci_status
< ARRAY_SIZE(mgmt_status_table
))
205 return mgmt_status_table
[hci_status
];
207 return MGMT_STATUS_FAILED
;
210 static int cmd_status(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
)
213 struct mgmt_hdr
*hdr
;
214 struct mgmt_ev_cmd_status
*ev
;
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk
, index
, cmd
, status
);
219 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
), GFP_KERNEL
);
223 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
225 hdr
->opcode
= __constant_cpu_to_le16(MGMT_EV_CMD_STATUS
);
226 hdr
->index
= cpu_to_le16(index
);
227 hdr
->len
= cpu_to_le16(sizeof(*ev
));
229 ev
= (void *) skb_put(skb
, sizeof(*ev
));
231 ev
->opcode
= cpu_to_le16(cmd
);
233 err
= sock_queue_rcv_skb(sk
, skb
);
240 static int cmd_complete(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
,
241 void *rp
, size_t rp_len
)
244 struct mgmt_hdr
*hdr
;
245 struct mgmt_ev_cmd_complete
*ev
;
248 BT_DBG("sock %p", sk
);
250 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
) + rp_len
, GFP_KERNEL
);
254 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
256 hdr
->opcode
= __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE
);
257 hdr
->index
= cpu_to_le16(index
);
258 hdr
->len
= cpu_to_le16(sizeof(*ev
) + rp_len
);
260 ev
= (void *) skb_put(skb
, sizeof(*ev
) + rp_len
);
261 ev
->opcode
= cpu_to_le16(cmd
);
265 memcpy(ev
->data
, rp
, rp_len
);
267 err
= sock_queue_rcv_skb(sk
, skb
);
274 static int read_version(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
277 struct mgmt_rp_read_version rp
;
279 BT_DBG("sock %p", sk
);
281 rp
.version
= MGMT_VERSION
;
282 rp
.revision
= __constant_cpu_to_le16(MGMT_REVISION
);
284 return cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_VERSION
, 0, &rp
,
288 static int read_commands(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
291 struct mgmt_rp_read_commands
*rp
;
292 const u16 num_commands
= ARRAY_SIZE(mgmt_commands
);
293 const u16 num_events
= ARRAY_SIZE(mgmt_events
);
298 BT_DBG("sock %p", sk
);
300 rp_size
= sizeof(*rp
) + ((num_commands
+ num_events
) * sizeof(u16
));
302 rp
= kmalloc(rp_size
, GFP_KERNEL
);
306 rp
->num_commands
= __constant_cpu_to_le16(num_commands
);
307 rp
->num_events
= __constant_cpu_to_le16(num_events
);
309 for (i
= 0, opcode
= rp
->opcodes
; i
< num_commands
; i
++, opcode
++)
310 put_unaligned_le16(mgmt_commands
[i
], opcode
);
312 for (i
= 0; i
< num_events
; i
++, opcode
++)
313 put_unaligned_le16(mgmt_events
[i
], opcode
);
315 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_COMMANDS
, 0, rp
,
322 static int read_index_list(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
325 struct mgmt_rp_read_index_list
*rp
;
331 BT_DBG("sock %p", sk
);
333 read_lock(&hci_dev_list_lock
);
336 list_for_each_entry(d
, &hci_dev_list
, list
) {
337 if (!mgmt_valid_hdev(d
))
343 rp_len
= sizeof(*rp
) + (2 * count
);
344 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
346 read_unlock(&hci_dev_list_lock
);
351 list_for_each_entry(d
, &hci_dev_list
, list
) {
352 if (test_bit(HCI_SETUP
, &d
->dev_flags
))
355 if (!mgmt_valid_hdev(d
))
358 rp
->index
[count
++] = cpu_to_le16(d
->id
);
359 BT_DBG("Added hci%u", d
->id
);
362 rp
->num_controllers
= cpu_to_le16(count
);
363 rp_len
= sizeof(*rp
) + (2 * count
);
365 read_unlock(&hci_dev_list_lock
);
367 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_INDEX_LIST
, 0, rp
,
375 static u32
get_supported_settings(struct hci_dev
*hdev
)
379 settings
|= MGMT_SETTING_POWERED
;
380 settings
|= MGMT_SETTING_PAIRABLE
;
382 if (lmp_ssp_capable(hdev
))
383 settings
|= MGMT_SETTING_SSP
;
385 if (lmp_bredr_capable(hdev
)) {
386 settings
|= MGMT_SETTING_CONNECTABLE
;
387 settings
|= MGMT_SETTING_FAST_CONNECTABLE
;
388 settings
|= MGMT_SETTING_DISCOVERABLE
;
389 settings
|= MGMT_SETTING_BREDR
;
390 settings
|= MGMT_SETTING_LINK_SECURITY
;
394 settings
|= MGMT_SETTING_HS
;
396 if (lmp_le_capable(hdev
))
397 settings
|= MGMT_SETTING_LE
;
402 static u32
get_current_settings(struct hci_dev
*hdev
)
406 if (hdev_is_powered(hdev
))
407 settings
|= MGMT_SETTING_POWERED
;
409 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
410 settings
|= MGMT_SETTING_CONNECTABLE
;
412 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
413 settings
|= MGMT_SETTING_DISCOVERABLE
;
415 if (test_bit(HCI_PAIRABLE
, &hdev
->dev_flags
))
416 settings
|= MGMT_SETTING_PAIRABLE
;
418 if (lmp_bredr_capable(hdev
))
419 settings
|= MGMT_SETTING_BREDR
;
421 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
422 settings
|= MGMT_SETTING_LE
;
424 if (test_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
425 settings
|= MGMT_SETTING_LINK_SECURITY
;
427 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
428 settings
|= MGMT_SETTING_SSP
;
430 if (test_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
))
431 settings
|= MGMT_SETTING_HS
;
436 #define PNP_INFO_SVCLASS_ID 0x1200
438 static u8 bluetooth_base_uuid
[] = {
439 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
440 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
443 static u16
get_uuid16(u8
*uuid128
)
448 for (i
= 0; i
< 12; i
++) {
449 if (bluetooth_base_uuid
[i
] != uuid128
[i
])
453 val
= get_unaligned_le32(&uuid128
[12]);
460 static void create_eir(struct hci_dev
*hdev
, u8
*data
)
464 u16 uuid16_list
[HCI_MAX_EIR_LENGTH
/ sizeof(u16
)];
465 int i
, truncated
= 0;
466 struct bt_uuid
*uuid
;
469 name_len
= strlen(hdev
->dev_name
);
475 ptr
[1] = EIR_NAME_SHORT
;
477 ptr
[1] = EIR_NAME_COMPLETE
;
479 /* EIR Data length */
480 ptr
[0] = name_len
+ 1;
482 memcpy(ptr
+ 2, hdev
->dev_name
, name_len
);
484 eir_len
+= (name_len
+ 2);
485 ptr
+= (name_len
+ 2);
488 if (hdev
->inq_tx_power
!= HCI_TX_POWER_INVALID
) {
490 ptr
[1] = EIR_TX_POWER
;
491 ptr
[2] = (u8
) hdev
->inq_tx_power
;
497 if (hdev
->devid_source
> 0) {
499 ptr
[1] = EIR_DEVICE_ID
;
501 put_unaligned_le16(hdev
->devid_source
, ptr
+ 2);
502 put_unaligned_le16(hdev
->devid_vendor
, ptr
+ 4);
503 put_unaligned_le16(hdev
->devid_product
, ptr
+ 6);
504 put_unaligned_le16(hdev
->devid_version
, ptr
+ 8);
510 memset(uuid16_list
, 0, sizeof(uuid16_list
));
512 /* Group all UUID16 types */
513 list_for_each_entry(uuid
, &hdev
->uuids
, list
) {
516 uuid16
= get_uuid16(uuid
->uuid
);
523 if (uuid16
== PNP_INFO_SVCLASS_ID
)
526 /* Stop if not enough space to put next UUID */
527 if (eir_len
+ 2 + sizeof(u16
) > HCI_MAX_EIR_LENGTH
) {
532 /* Check for duplicates */
533 for (i
= 0; uuid16_list
[i
] != 0; i
++)
534 if (uuid16_list
[i
] == uuid16
)
537 if (uuid16_list
[i
] == 0) {
538 uuid16_list
[i
] = uuid16
;
539 eir_len
+= sizeof(u16
);
543 if (uuid16_list
[0] != 0) {
547 ptr
[1] = truncated
? EIR_UUID16_SOME
: EIR_UUID16_ALL
;
552 for (i
= 0; uuid16_list
[i
] != 0; i
++) {
553 *ptr
++ = (uuid16_list
[i
] & 0x00ff);
554 *ptr
++ = (uuid16_list
[i
] & 0xff00) >> 8;
557 /* EIR Data length */
558 *length
= (i
* sizeof(u16
)) + 1;
562 static int update_eir(struct hci_dev
*hdev
)
564 struct hci_cp_write_eir cp
;
566 if (!hdev_is_powered(hdev
))
569 if (!lmp_ext_inq_capable(hdev
))
572 if (!test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
575 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
578 memset(&cp
, 0, sizeof(cp
));
580 create_eir(hdev
, cp
.data
);
582 if (memcmp(cp
.data
, hdev
->eir
, sizeof(cp
.data
)) == 0)
585 memcpy(hdev
->eir
, cp
.data
, sizeof(cp
.data
));
587 return hci_send_cmd(hdev
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
590 static u8
get_service_classes(struct hci_dev
*hdev
)
592 struct bt_uuid
*uuid
;
595 list_for_each_entry(uuid
, &hdev
->uuids
, list
)
596 val
|= uuid
->svc_hint
;
601 static int update_class(struct hci_dev
*hdev
)
606 BT_DBG("%s", hdev
->name
);
608 if (!hdev_is_powered(hdev
))
611 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
614 cod
[0] = hdev
->minor_class
;
615 cod
[1] = hdev
->major_class
;
616 cod
[2] = get_service_classes(hdev
);
618 if (memcmp(cod
, hdev
->dev_class
, 3) == 0)
621 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_CLASS_OF_DEV
, sizeof(cod
), cod
);
623 set_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
);
628 static void service_cache_off(struct work_struct
*work
)
630 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
633 if (!test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
641 hci_dev_unlock(hdev
);
644 static void mgmt_init_hdev(struct sock
*sk
, struct hci_dev
*hdev
)
646 if (test_and_set_bit(HCI_MGMT
, &hdev
->dev_flags
))
649 INIT_DELAYED_WORK(&hdev
->service_cache
, service_cache_off
);
651 /* Non-mgmt controlled devices get this bit set
652 * implicitly so that pairing works for them, however
653 * for mgmt we require user-space to explicitly enable
656 clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
659 static int read_controller_info(struct sock
*sk
, struct hci_dev
*hdev
,
660 void *data
, u16 data_len
)
662 struct mgmt_rp_read_info rp
;
664 BT_DBG("sock %p %s", sk
, hdev
->name
);
668 memset(&rp
, 0, sizeof(rp
));
670 bacpy(&rp
.bdaddr
, &hdev
->bdaddr
);
672 rp
.version
= hdev
->hci_ver
;
673 rp
.manufacturer
= cpu_to_le16(hdev
->manufacturer
);
675 rp
.supported_settings
= cpu_to_le32(get_supported_settings(hdev
));
676 rp
.current_settings
= cpu_to_le32(get_current_settings(hdev
));
678 memcpy(rp
.dev_class
, hdev
->dev_class
, 3);
680 memcpy(rp
.name
, hdev
->dev_name
, sizeof(hdev
->dev_name
));
681 memcpy(rp
.short_name
, hdev
->short_name
, sizeof(hdev
->short_name
));
683 hci_dev_unlock(hdev
);
685 return cmd_complete(sk
, hdev
->id
, MGMT_OP_READ_INFO
, 0, &rp
,
689 static void mgmt_pending_free(struct pending_cmd
*cmd
)
696 static struct pending_cmd
*mgmt_pending_add(struct sock
*sk
, u16 opcode
,
697 struct hci_dev
*hdev
, void *data
,
700 struct pending_cmd
*cmd
;
702 cmd
= kmalloc(sizeof(*cmd
), GFP_KERNEL
);
706 cmd
->opcode
= opcode
;
707 cmd
->index
= hdev
->id
;
709 cmd
->param
= kmalloc(len
, GFP_KERNEL
);
716 memcpy(cmd
->param
, data
, len
);
721 list_add(&cmd
->list
, &hdev
->mgmt_pending
);
726 static void mgmt_pending_foreach(u16 opcode
, struct hci_dev
*hdev
,
727 void (*cb
)(struct pending_cmd
*cmd
,
731 struct list_head
*p
, *n
;
733 list_for_each_safe(p
, n
, &hdev
->mgmt_pending
) {
734 struct pending_cmd
*cmd
;
736 cmd
= list_entry(p
, struct pending_cmd
, list
);
738 if (opcode
> 0 && cmd
->opcode
!= opcode
)
745 static struct pending_cmd
*mgmt_pending_find(u16 opcode
, struct hci_dev
*hdev
)
747 struct pending_cmd
*cmd
;
749 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
750 if (cmd
->opcode
== opcode
)
757 static void mgmt_pending_remove(struct pending_cmd
*cmd
)
759 list_del(&cmd
->list
);
760 mgmt_pending_free(cmd
);
763 static int send_settings_rsp(struct sock
*sk
, u16 opcode
, struct hci_dev
*hdev
)
765 __le32 settings
= cpu_to_le32(get_current_settings(hdev
));
767 return cmd_complete(sk
, hdev
->id
, opcode
, 0, &settings
,
771 static int set_powered(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
774 struct mgmt_mode
*cp
= data
;
775 struct pending_cmd
*cmd
;
778 BT_DBG("request for %s", hdev
->name
);
782 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
)) {
783 cancel_delayed_work(&hdev
->power_off
);
786 err
= send_settings_rsp(sk
, MGMT_OP_SET_POWERED
, hdev
);
787 mgmt_powered(hdev
, 1);
792 if (!!cp
->val
== hdev_is_powered(hdev
)) {
793 err
= send_settings_rsp(sk
, MGMT_OP_SET_POWERED
, hdev
);
797 if (mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
)) {
798 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_POWERED
,
803 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_POWERED
, hdev
, data
, len
);
810 schedule_work(&hdev
->power_on
);
812 schedule_work(&hdev
->power_off
.work
);
817 hci_dev_unlock(hdev
);
821 static int mgmt_event(u16 event
, struct hci_dev
*hdev
, void *data
, u16 data_len
,
822 struct sock
*skip_sk
)
825 struct mgmt_hdr
*hdr
;
827 skb
= alloc_skb(sizeof(*hdr
) + data_len
, GFP_KERNEL
);
831 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
832 hdr
->opcode
= cpu_to_le16(event
);
834 hdr
->index
= cpu_to_le16(hdev
->id
);
836 hdr
->index
= __constant_cpu_to_le16(MGMT_INDEX_NONE
);
837 hdr
->len
= cpu_to_le16(data_len
);
840 memcpy(skb_put(skb
, data_len
), data
, data_len
);
843 __net_timestamp(skb
);
845 hci_send_to_control(skb
, skip_sk
);
851 static int new_settings(struct hci_dev
*hdev
, struct sock
*skip
)
855 ev
= cpu_to_le32(get_current_settings(hdev
));
857 return mgmt_event(MGMT_EV_NEW_SETTINGS
, hdev
, &ev
, sizeof(ev
), skip
);
860 static int set_discoverable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
863 struct mgmt_cp_set_discoverable
*cp
= data
;
864 struct pending_cmd
*cmd
;
869 BT_DBG("request for %s", hdev
->name
);
871 if (!lmp_bredr_capable(hdev
))
872 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
873 MGMT_STATUS_NOT_SUPPORTED
);
875 timeout
= __le16_to_cpu(cp
->timeout
);
876 if (!cp
->val
&& timeout
> 0)
877 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
878 MGMT_STATUS_INVALID_PARAMS
);
882 if (!hdev_is_powered(hdev
) && timeout
> 0) {
883 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
884 MGMT_STATUS_NOT_POWERED
);
888 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
889 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
890 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
895 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
)) {
896 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
897 MGMT_STATUS_REJECTED
);
901 if (!hdev_is_powered(hdev
)) {
902 bool changed
= false;
904 if (!!cp
->val
!= test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
)) {
905 change_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
909 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
914 err
= new_settings(hdev
, sk
);
919 if (!!cp
->val
== test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
)) {
920 if (hdev
->discov_timeout
> 0) {
921 cancel_delayed_work(&hdev
->discov_off
);
922 hdev
->discov_timeout
= 0;
925 if (cp
->val
&& timeout
> 0) {
926 hdev
->discov_timeout
= timeout
;
927 queue_delayed_work(hdev
->workqueue
, &hdev
->discov_off
,
928 msecs_to_jiffies(hdev
->discov_timeout
* 1000));
931 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
935 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
, data
, len
);
944 scan
|= SCAN_INQUIRY
;
946 cancel_delayed_work(&hdev
->discov_off
);
948 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
950 mgmt_pending_remove(cmd
);
953 hdev
->discov_timeout
= timeout
;
956 hci_dev_unlock(hdev
);
960 static int set_connectable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
963 struct mgmt_mode
*cp
= data
;
964 struct pending_cmd
*cmd
;
968 BT_DBG("request for %s", hdev
->name
);
970 if (!lmp_bredr_capable(hdev
))
971 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
972 MGMT_STATUS_NOT_SUPPORTED
);
976 if (!hdev_is_powered(hdev
)) {
977 bool changed
= false;
979 if (!!cp
->val
!= test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
983 set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
985 clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
986 clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
989 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
994 err
= new_settings(hdev
, sk
);
999 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
1000 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
1001 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
1006 if (!!cp
->val
== test_bit(HCI_PSCAN
, &hdev
->flags
)) {
1007 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
1011 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
, data
, len
);
1022 if (test_bit(HCI_ISCAN
, &hdev
->flags
) &&
1023 hdev
->discov_timeout
> 0)
1024 cancel_delayed_work(&hdev
->discov_off
);
1027 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
1029 mgmt_pending_remove(cmd
);
1032 hci_dev_unlock(hdev
);
1036 static int set_pairable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1039 struct mgmt_mode
*cp
= data
;
1042 BT_DBG("request for %s", hdev
->name
);
1047 set_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1049 clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1051 err
= send_settings_rsp(sk
, MGMT_OP_SET_PAIRABLE
, hdev
);
1055 err
= new_settings(hdev
, sk
);
1058 hci_dev_unlock(hdev
);
1062 static int set_link_security(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1065 struct mgmt_mode
*cp
= data
;
1066 struct pending_cmd
*cmd
;
1070 BT_DBG("request for %s", hdev
->name
);
1072 if (!lmp_bredr_capable(hdev
))
1073 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1074 MGMT_STATUS_NOT_SUPPORTED
);
1078 if (!hdev_is_powered(hdev
)) {
1079 bool changed
= false;
1081 if (!!cp
->val
!= test_bit(HCI_LINK_SECURITY
,
1082 &hdev
->dev_flags
)) {
1083 change_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
);
1087 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1092 err
= new_settings(hdev
, sk
);
1097 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY
, hdev
)) {
1098 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1105 if (test_bit(HCI_AUTH
, &hdev
->flags
) == val
) {
1106 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1110 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
, data
, len
);
1116 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, sizeof(val
), &val
);
1118 mgmt_pending_remove(cmd
);
1123 hci_dev_unlock(hdev
);
1127 static int set_ssp(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1129 struct mgmt_mode
*cp
= data
;
1130 struct pending_cmd
*cmd
;
1134 BT_DBG("request for %s", hdev
->name
);
1138 if (!lmp_ssp_capable(hdev
)) {
1139 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1140 MGMT_STATUS_NOT_SUPPORTED
);
1146 if (!hdev_is_powered(hdev
)) {
1147 bool changed
= false;
1149 if (val
!= test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
1150 change_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
1154 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1159 err
= new_settings(hdev
, sk
);
1164 if (mgmt_pending_find(MGMT_OP_SET_SSP
, hdev
)) {
1165 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1170 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
) == val
) {
1171 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1175 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_SSP
, hdev
, data
, len
);
1181 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_MODE
, sizeof(val
), &val
);
1183 mgmt_pending_remove(cmd
);
1188 hci_dev_unlock(hdev
);
1192 static int set_hs(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1194 struct mgmt_mode
*cp
= data
;
1196 BT_DBG("request for %s", hdev
->name
);
1199 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1200 MGMT_STATUS_NOT_SUPPORTED
);
1203 set_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1205 clear_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1207 return send_settings_rsp(sk
, MGMT_OP_SET_HS
, hdev
);
1210 static int set_le(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1212 struct mgmt_mode
*cp
= data
;
1213 struct hci_cp_write_le_host_supported hci_cp
;
1214 struct pending_cmd
*cmd
;
1218 BT_DBG("request for %s", hdev
->name
);
1222 if (!lmp_le_capable(hdev
)) {
1223 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1224 MGMT_STATUS_NOT_SUPPORTED
);
1229 enabled
= lmp_host_le_capable(hdev
);
1231 if (!hdev_is_powered(hdev
) || val
== enabled
) {
1232 bool changed
= false;
1234 if (val
!= test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
1235 change_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
);
1239 err
= send_settings_rsp(sk
, MGMT_OP_SET_LE
, hdev
);
1244 err
= new_settings(hdev
, sk
);
1249 if (mgmt_pending_find(MGMT_OP_SET_LE
, hdev
)) {
1250 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1255 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LE
, hdev
, data
, len
);
1261 memset(&hci_cp
, 0, sizeof(hci_cp
));
1265 hci_cp
.simul
= lmp_le_br_capable(hdev
);
1268 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_LE_HOST_SUPPORTED
, sizeof(hci_cp
),
1271 mgmt_pending_remove(cmd
);
1274 hci_dev_unlock(hdev
);
1278 static int add_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1280 struct mgmt_cp_add_uuid
*cp
= data
;
1281 struct pending_cmd
*cmd
;
1282 struct bt_uuid
*uuid
;
1285 BT_DBG("request for %s", hdev
->name
);
1289 if (test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1290 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_UUID
,
1295 uuid
= kmalloc(sizeof(*uuid
), GFP_KERNEL
);
1301 memcpy(uuid
->uuid
, cp
->uuid
, 16);
1302 uuid
->svc_hint
= cp
->svc_hint
;
1304 list_add(&uuid
->list
, &hdev
->uuids
);
1306 err
= update_class(hdev
);
1310 err
= update_eir(hdev
);
1314 if (!test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1315 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_UUID
, 0,
1316 hdev
->dev_class
, 3);
1320 cmd
= mgmt_pending_add(sk
, MGMT_OP_ADD_UUID
, hdev
, data
, len
);
1325 hci_dev_unlock(hdev
);
1329 static bool enable_service_cache(struct hci_dev
*hdev
)
1331 if (!hdev_is_powered(hdev
))
1334 if (!test_and_set_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
1335 schedule_delayed_work(&hdev
->service_cache
, CACHE_TIMEOUT
);
1342 static int remove_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1345 struct mgmt_cp_remove_uuid
*cp
= data
;
1346 struct pending_cmd
*cmd
;
1347 struct list_head
*p
, *n
;
1348 u8 bt_uuid_any
[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1351 BT_DBG("request for %s", hdev
->name
);
1355 if (test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1356 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1361 if (memcmp(cp
->uuid
, bt_uuid_any
, 16) == 0) {
1362 err
= hci_uuids_clear(hdev
);
1364 if (enable_service_cache(hdev
)) {
1365 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1366 0, hdev
->dev_class
, 3);
1375 list_for_each_safe(p
, n
, &hdev
->uuids
) {
1376 struct bt_uuid
*match
= list_entry(p
, struct bt_uuid
, list
);
1378 if (memcmp(match
->uuid
, cp
->uuid
, 16) != 0)
1381 list_del(&match
->list
);
1387 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1388 MGMT_STATUS_INVALID_PARAMS
);
1393 err
= update_class(hdev
);
1397 err
= update_eir(hdev
);
1401 if (!test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1402 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
, 0,
1403 hdev
->dev_class
, 3);
1407 cmd
= mgmt_pending_add(sk
, MGMT_OP_REMOVE_UUID
, hdev
, data
, len
);
1412 hci_dev_unlock(hdev
);
1416 static int set_dev_class(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1419 struct mgmt_cp_set_dev_class
*cp
= data
;
1420 struct pending_cmd
*cmd
;
1423 BT_DBG("request for %s", hdev
->name
);
1427 if (test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1428 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
1433 if ((cp
->minor
& 0x03) != 0 || (cp
->major
& 0xe0) != 0) {
1434 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
1435 MGMT_STATUS_INVALID_PARAMS
);
1439 hdev
->major_class
= cp
->major
;
1440 hdev
->minor_class
= cp
->minor
;
1442 if (!hdev_is_powered(hdev
)) {
1443 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
1444 hdev
->dev_class
, 3);
1448 if (test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
1449 hci_dev_unlock(hdev
);
1450 cancel_delayed_work_sync(&hdev
->service_cache
);
1455 err
= update_class(hdev
);
1459 if (!test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1460 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
1461 hdev
->dev_class
, 3);
1465 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DEV_CLASS
, hdev
, data
, len
);
1470 hci_dev_unlock(hdev
);
1474 static int load_link_keys(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1477 struct mgmt_cp_load_link_keys
*cp
= data
;
1478 u16 key_count
, expected_len
;
1481 key_count
= __le16_to_cpu(cp
->key_count
);
1483 expected_len
= sizeof(*cp
) + key_count
*
1484 sizeof(struct mgmt_link_key_info
);
1485 if (expected_len
!= len
) {
1486 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1488 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
1489 MGMT_STATUS_INVALID_PARAMS
);
1492 BT_DBG("%s debug_keys %u key_count %u", hdev
->name
, cp
->debug_keys
,
1497 hci_link_keys_clear(hdev
);
1499 set_bit(HCI_LINK_KEYS
, &hdev
->dev_flags
);
1502 set_bit(HCI_DEBUG_KEYS
, &hdev
->dev_flags
);
1504 clear_bit(HCI_DEBUG_KEYS
, &hdev
->dev_flags
);
1506 for (i
= 0; i
< key_count
; i
++) {
1507 struct mgmt_link_key_info
*key
= &cp
->keys
[i
];
1509 hci_add_link_key(hdev
, NULL
, 0, &key
->addr
.bdaddr
, key
->val
,
1510 key
->type
, key
->pin_len
);
1513 cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
, 0, NULL
, 0);
1515 hci_dev_unlock(hdev
);
1520 static int device_unpaired(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
1521 u8 addr_type
, struct sock
*skip_sk
)
1523 struct mgmt_ev_device_unpaired ev
;
1525 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
1526 ev
.addr
.type
= addr_type
;
1528 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED
, hdev
, &ev
, sizeof(ev
),
1532 static int unpair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1535 struct mgmt_cp_unpair_device
*cp
= data
;
1536 struct mgmt_rp_unpair_device rp
;
1537 struct hci_cp_disconnect dc
;
1538 struct pending_cmd
*cmd
;
1539 struct hci_conn
*conn
;
1544 memset(&rp
, 0, sizeof(rp
));
1545 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
1546 rp
.addr
.type
= cp
->addr
.type
;
1548 if (!hdev_is_powered(hdev
)) {
1549 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1550 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
1554 if (cp
->addr
.type
== BDADDR_BREDR
)
1555 err
= hci_remove_link_key(hdev
, &cp
->addr
.bdaddr
);
1557 err
= hci_remove_ltk(hdev
, &cp
->addr
.bdaddr
);
1560 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1561 MGMT_STATUS_NOT_PAIRED
, &rp
, sizeof(rp
));
1565 if (cp
->disconnect
) {
1566 if (cp
->addr
.type
== BDADDR_BREDR
)
1567 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
1570 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
,
1577 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
, 0,
1579 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, sk
);
1583 cmd
= mgmt_pending_add(sk
, MGMT_OP_UNPAIR_DEVICE
, hdev
, cp
,
1590 dc
.handle
= cpu_to_le16(conn
->handle
);
1591 dc
.reason
= 0x13; /* Remote User Terminated Connection */
1592 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
1594 mgmt_pending_remove(cmd
);
1597 hci_dev_unlock(hdev
);
1601 static int disconnect(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1604 struct mgmt_cp_disconnect
*cp
= data
;
1605 struct hci_cp_disconnect dc
;
1606 struct pending_cmd
*cmd
;
1607 struct hci_conn
*conn
;
1614 if (!test_bit(HCI_UP
, &hdev
->flags
)) {
1615 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1616 MGMT_STATUS_NOT_POWERED
);
1620 if (mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
)) {
1621 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1626 if (cp
->addr
.type
== BDADDR_BREDR
)
1627 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
1630 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->addr
.bdaddr
);
1632 if (!conn
|| conn
->state
== BT_OPEN
|| conn
->state
== BT_CLOSED
) {
1633 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1634 MGMT_STATUS_NOT_CONNECTED
);
1638 cmd
= mgmt_pending_add(sk
, MGMT_OP_DISCONNECT
, hdev
, data
, len
);
1644 dc
.handle
= cpu_to_le16(conn
->handle
);
1645 dc
.reason
= HCI_ERROR_REMOTE_USER_TERM
;
1647 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
1649 mgmt_pending_remove(cmd
);
1652 hci_dev_unlock(hdev
);
1656 static u8
link_to_bdaddr(u8 link_type
, u8 addr_type
)
1658 switch (link_type
) {
1660 switch (addr_type
) {
1661 case ADDR_LE_DEV_PUBLIC
:
1662 return BDADDR_LE_PUBLIC
;
1665 /* Fallback to LE Random address type */
1666 return BDADDR_LE_RANDOM
;
1670 /* Fallback to BR/EDR type */
1671 return BDADDR_BREDR
;
1675 static int get_connections(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1678 struct mgmt_rp_get_connections
*rp
;
1688 if (!hdev_is_powered(hdev
)) {
1689 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
,
1690 MGMT_STATUS_NOT_POWERED
);
1695 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
1696 if (test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
1700 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
1701 rp
= kmalloc(rp_len
, GFP_KERNEL
);
1708 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
1709 if (!test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
1711 bacpy(&rp
->addr
[i
].bdaddr
, &c
->dst
);
1712 rp
->addr
[i
].type
= link_to_bdaddr(c
->type
, c
->dst_type
);
1713 if (c
->type
== SCO_LINK
|| c
->type
== ESCO_LINK
)
1718 rp
->conn_count
= cpu_to_le16(i
);
1720 /* Recalculate length in case of filtered SCO connections, etc */
1721 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
1723 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
, 0, rp
,
1729 hci_dev_unlock(hdev
);
1733 static int send_pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
1734 struct mgmt_cp_pin_code_neg_reply
*cp
)
1736 struct pending_cmd
*cmd
;
1739 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
, cp
,
1744 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
1745 sizeof(cp
->addr
.bdaddr
), &cp
->addr
.bdaddr
);
1747 mgmt_pending_remove(cmd
);
1752 static int pin_code_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1755 struct hci_conn
*conn
;
1756 struct mgmt_cp_pin_code_reply
*cp
= data
;
1757 struct hci_cp_pin_code_reply reply
;
1758 struct pending_cmd
*cmd
;
1765 if (!hdev_is_powered(hdev
)) {
1766 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
1767 MGMT_STATUS_NOT_POWERED
);
1771 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
);
1773 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
1774 MGMT_STATUS_NOT_CONNECTED
);
1778 if (conn
->pending_sec_level
== BT_SECURITY_HIGH
&& cp
->pin_len
!= 16) {
1779 struct mgmt_cp_pin_code_neg_reply ncp
;
1781 memcpy(&ncp
.addr
, &cp
->addr
, sizeof(ncp
.addr
));
1783 BT_ERR("PIN code is not 16 bytes long");
1785 err
= send_pin_code_neg_reply(sk
, hdev
, &ncp
);
1787 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
1788 MGMT_STATUS_INVALID_PARAMS
);
1793 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_REPLY
, hdev
, data
, len
);
1799 bacpy(&reply
.bdaddr
, &cp
->addr
.bdaddr
);
1800 reply
.pin_len
= cp
->pin_len
;
1801 memcpy(reply
.pin_code
, cp
->pin_code
, sizeof(reply
.pin_code
));
1803 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_REPLY
, sizeof(reply
), &reply
);
1805 mgmt_pending_remove(cmd
);
1808 hci_dev_unlock(hdev
);
1812 static int set_io_capability(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1815 struct mgmt_cp_set_io_capability
*cp
= data
;
1821 hdev
->io_capability
= cp
->io_capability
;
1823 BT_DBG("%s IO capability set to 0x%02x", hdev
->name
,
1824 hdev
->io_capability
);
1826 hci_dev_unlock(hdev
);
1828 return cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_IO_CAPABILITY
, 0, NULL
,
1832 static struct pending_cmd
*find_pairing(struct hci_conn
*conn
)
1834 struct hci_dev
*hdev
= conn
->hdev
;
1835 struct pending_cmd
*cmd
;
1837 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
1838 if (cmd
->opcode
!= MGMT_OP_PAIR_DEVICE
)
1841 if (cmd
->user_data
!= conn
)
1850 static void pairing_complete(struct pending_cmd
*cmd
, u8 status
)
1852 struct mgmt_rp_pair_device rp
;
1853 struct hci_conn
*conn
= cmd
->user_data
;
1855 bacpy(&rp
.addr
.bdaddr
, &conn
->dst
);
1856 rp
.addr
.type
= link_to_bdaddr(conn
->type
, conn
->dst_type
);
1858 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_PAIR_DEVICE
, status
,
1861 /* So we don't get further callbacks for this connection */
1862 conn
->connect_cfm_cb
= NULL
;
1863 conn
->security_cfm_cb
= NULL
;
1864 conn
->disconn_cfm_cb
= NULL
;
1868 mgmt_pending_remove(cmd
);
1871 static void pairing_complete_cb(struct hci_conn
*conn
, u8 status
)
1873 struct pending_cmd
*cmd
;
1875 BT_DBG("status %u", status
);
1877 cmd
= find_pairing(conn
);
1879 BT_DBG("Unable to find a pending command");
1881 pairing_complete(cmd
, mgmt_status(status
));
1884 static void le_connect_complete_cb(struct hci_conn
*conn
, u8 status
)
1886 struct pending_cmd
*cmd
;
1888 BT_DBG("status %u", status
);
1893 cmd
= find_pairing(conn
);
1895 BT_DBG("Unable to find a pending command");
1897 pairing_complete(cmd
, mgmt_status(status
));
1900 static int pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1903 struct mgmt_cp_pair_device
*cp
= data
;
1904 struct mgmt_rp_pair_device rp
;
1905 struct pending_cmd
*cmd
;
1906 u8 sec_level
, auth_type
;
1907 struct hci_conn
*conn
;
1914 if (!hdev_is_powered(hdev
)) {
1915 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
1916 MGMT_STATUS_NOT_POWERED
);
1920 sec_level
= BT_SECURITY_MEDIUM
;
1921 if (cp
->io_cap
== 0x03)
1922 auth_type
= HCI_AT_DEDICATED_BONDING
;
1924 auth_type
= HCI_AT_DEDICATED_BONDING_MITM
;
1926 if (cp
->addr
.type
== BDADDR_BREDR
)
1927 conn
= hci_connect(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
,
1928 cp
->addr
.type
, sec_level
, auth_type
);
1930 conn
= hci_connect(hdev
, LE_LINK
, &cp
->addr
.bdaddr
,
1931 cp
->addr
.type
, sec_level
, auth_type
);
1933 memset(&rp
, 0, sizeof(rp
));
1934 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
1935 rp
.addr
.type
= cp
->addr
.type
;
1940 if (PTR_ERR(conn
) == -EBUSY
)
1941 status
= MGMT_STATUS_BUSY
;
1943 status
= MGMT_STATUS_CONNECT_FAILED
;
1945 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
1951 if (conn
->connect_cfm_cb
) {
1953 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
1954 MGMT_STATUS_BUSY
, &rp
, sizeof(rp
));
1958 cmd
= mgmt_pending_add(sk
, MGMT_OP_PAIR_DEVICE
, hdev
, data
, len
);
1965 /* For LE, just connecting isn't a proof that the pairing finished */
1966 if (cp
->addr
.type
== BDADDR_BREDR
)
1967 conn
->connect_cfm_cb
= pairing_complete_cb
;
1969 conn
->connect_cfm_cb
= le_connect_complete_cb
;
1971 conn
->security_cfm_cb
= pairing_complete_cb
;
1972 conn
->disconn_cfm_cb
= pairing_complete_cb
;
1973 conn
->io_capability
= cp
->io_cap
;
1974 cmd
->user_data
= conn
;
1976 if (conn
->state
== BT_CONNECTED
&&
1977 hci_conn_security(conn
, sec_level
, auth_type
))
1978 pairing_complete(cmd
, 0);
1983 hci_dev_unlock(hdev
);
1987 static int cancel_pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1990 struct mgmt_addr_info
*addr
= data
;
1991 struct pending_cmd
*cmd
;
1992 struct hci_conn
*conn
;
1999 if (!hdev_is_powered(hdev
)) {
2000 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
2001 MGMT_STATUS_NOT_POWERED
);
2005 cmd
= mgmt_pending_find(MGMT_OP_PAIR_DEVICE
, hdev
);
2007 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
2008 MGMT_STATUS_INVALID_PARAMS
);
2012 conn
= cmd
->user_data
;
2014 if (bacmp(&addr
->bdaddr
, &conn
->dst
) != 0) {
2015 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
2016 MGMT_STATUS_INVALID_PARAMS
);
2020 pairing_complete(cmd
, MGMT_STATUS_CANCELLED
);
2022 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
, 0,
2023 addr
, sizeof(*addr
));
2025 hci_dev_unlock(hdev
);
2029 static int user_pairing_resp(struct sock
*sk
, struct hci_dev
*hdev
,
2030 bdaddr_t
*bdaddr
, u8 type
, u16 mgmt_op
,
2031 u16 hci_op
, __le32 passkey
)
2033 struct pending_cmd
*cmd
;
2034 struct hci_conn
*conn
;
2039 if (!hdev_is_powered(hdev
)) {
2040 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2041 MGMT_STATUS_NOT_POWERED
);
2045 if (type
== BDADDR_BREDR
)
2046 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, bdaddr
);
2048 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, bdaddr
);
2051 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2052 MGMT_STATUS_NOT_CONNECTED
);
2056 if (type
== BDADDR_LE_PUBLIC
|| type
== BDADDR_LE_RANDOM
) {
2057 /* Continue with pairing via SMP */
2058 err
= smp_user_confirm_reply(conn
, mgmt_op
, passkey
);
2061 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2062 MGMT_STATUS_SUCCESS
);
2064 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2065 MGMT_STATUS_FAILED
);
2070 cmd
= mgmt_pending_add(sk
, mgmt_op
, hdev
, bdaddr
, sizeof(*bdaddr
));
2076 /* Continue with pairing via HCI */
2077 if (hci_op
== HCI_OP_USER_PASSKEY_REPLY
) {
2078 struct hci_cp_user_passkey_reply cp
;
2080 bacpy(&cp
.bdaddr
, bdaddr
);
2081 cp
.passkey
= passkey
;
2082 err
= hci_send_cmd(hdev
, hci_op
, sizeof(cp
), &cp
);
2084 err
= hci_send_cmd(hdev
, hci_op
, sizeof(*bdaddr
), bdaddr
);
2087 mgmt_pending_remove(cmd
);
2090 hci_dev_unlock(hdev
);
2094 static int pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2095 void *data
, u16 len
)
2097 struct mgmt_cp_pin_code_neg_reply
*cp
= data
;
2101 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2102 MGMT_OP_PIN_CODE_NEG_REPLY
,
2103 HCI_OP_PIN_CODE_NEG_REPLY
, 0);
2106 static int user_confirm_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2109 struct mgmt_cp_user_confirm_reply
*cp
= data
;
2113 if (len
!= sizeof(*cp
))
2114 return cmd_status(sk
, hdev
->id
, MGMT_OP_USER_CONFIRM_REPLY
,
2115 MGMT_STATUS_INVALID_PARAMS
);
2117 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2118 MGMT_OP_USER_CONFIRM_REPLY
,
2119 HCI_OP_USER_CONFIRM_REPLY
, 0);
2122 static int user_confirm_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2123 void *data
, u16 len
)
2125 struct mgmt_cp_user_confirm_neg_reply
*cp
= data
;
2129 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2130 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
2131 HCI_OP_USER_CONFIRM_NEG_REPLY
, 0);
2134 static int user_passkey_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2137 struct mgmt_cp_user_passkey_reply
*cp
= data
;
2141 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2142 MGMT_OP_USER_PASSKEY_REPLY
,
2143 HCI_OP_USER_PASSKEY_REPLY
, cp
->passkey
);
2146 static int user_passkey_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2147 void *data
, u16 len
)
2149 struct mgmt_cp_user_passkey_neg_reply
*cp
= data
;
2153 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2154 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
2155 HCI_OP_USER_PASSKEY_NEG_REPLY
, 0);
2158 static int update_name(struct hci_dev
*hdev
, const char *name
)
2160 struct hci_cp_write_local_name cp
;
2162 memcpy(cp
.name
, name
, sizeof(cp
.name
));
2164 return hci_send_cmd(hdev
, HCI_OP_WRITE_LOCAL_NAME
, sizeof(cp
), &cp
);
2167 static int set_local_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2170 struct mgmt_cp_set_local_name
*cp
= data
;
2171 struct pending_cmd
*cmd
;
2178 memcpy(hdev
->short_name
, cp
->short_name
, sizeof(hdev
->short_name
));
2180 if (!hdev_is_powered(hdev
)) {
2181 memcpy(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
));
2183 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
2188 err
= mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, data
, len
,
2194 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LOCAL_NAME
, hdev
, data
, len
);
2200 err
= update_name(hdev
, cp
->name
);
2202 mgmt_pending_remove(cmd
);
2205 hci_dev_unlock(hdev
);
2209 static int read_local_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2210 void *data
, u16 data_len
)
2212 struct pending_cmd
*cmd
;
2215 BT_DBG("%s", hdev
->name
);
2219 if (!hdev_is_powered(hdev
)) {
2220 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2221 MGMT_STATUS_NOT_POWERED
);
2225 if (!lmp_ssp_capable(hdev
)) {
2226 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2227 MGMT_STATUS_NOT_SUPPORTED
);
2231 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
)) {
2232 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2237 cmd
= mgmt_pending_add(sk
, MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
, NULL
, 0);
2243 err
= hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_OOB_DATA
, 0, NULL
);
2245 mgmt_pending_remove(cmd
);
2248 hci_dev_unlock(hdev
);
2252 static int add_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2253 void *data
, u16 len
)
2255 struct mgmt_cp_add_remote_oob_data
*cp
= data
;
2259 BT_DBG("%s ", hdev
->name
);
2263 err
= hci_add_remote_oob_data(hdev
, &cp
->addr
.bdaddr
, cp
->hash
,
2266 status
= MGMT_STATUS_FAILED
;
2268 status
= MGMT_STATUS_SUCCESS
;
2270 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
, status
,
2271 &cp
->addr
, sizeof(cp
->addr
));
2273 hci_dev_unlock(hdev
);
2277 static int remove_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2278 void *data
, u16 len
)
2280 struct mgmt_cp_remove_remote_oob_data
*cp
= data
;
2284 BT_DBG("%s", hdev
->name
);
2288 err
= hci_remove_remote_oob_data(hdev
, &cp
->addr
.bdaddr
);
2290 status
= MGMT_STATUS_INVALID_PARAMS
;
2292 status
= MGMT_STATUS_SUCCESS
;
2294 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
2295 status
, &cp
->addr
, sizeof(cp
->addr
));
2297 hci_dev_unlock(hdev
);
2301 int mgmt_interleaved_discovery(struct hci_dev
*hdev
)
2305 BT_DBG("%s", hdev
->name
);
2309 err
= hci_do_inquiry(hdev
, INQUIRY_LEN_BREDR_LE
);
2311 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2313 hci_dev_unlock(hdev
);
2318 static int start_discovery(struct sock
*sk
, struct hci_dev
*hdev
,
2319 void *data
, u16 len
)
2321 struct mgmt_cp_start_discovery
*cp
= data
;
2322 struct pending_cmd
*cmd
;
2325 BT_DBG("%s", hdev
->name
);
2329 if (!hdev_is_powered(hdev
)) {
2330 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2331 MGMT_STATUS_NOT_POWERED
);
2335 if (test_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
)) {
2336 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2341 if (hdev
->discovery
.state
!= DISCOVERY_STOPPED
) {
2342 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2347 cmd
= mgmt_pending_add(sk
, MGMT_OP_START_DISCOVERY
, hdev
, NULL
, 0);
2353 hdev
->discovery
.type
= cp
->type
;
2355 switch (hdev
->discovery
.type
) {
2356 case DISCOV_TYPE_BREDR
:
2357 if (lmp_bredr_capable(hdev
))
2358 err
= hci_do_inquiry(hdev
, INQUIRY_LEN_BREDR
);
2363 case DISCOV_TYPE_LE
:
2364 if (lmp_host_le_capable(hdev
))
2365 err
= hci_le_scan(hdev
, LE_SCAN_TYPE
, LE_SCAN_INT
,
2366 LE_SCAN_WIN
, LE_SCAN_TIMEOUT_LE_ONLY
);
2371 case DISCOV_TYPE_INTERLEAVED
:
2372 if (lmp_host_le_capable(hdev
) && lmp_bredr_capable(hdev
))
2373 err
= hci_le_scan(hdev
, LE_SCAN_TYPE
, LE_SCAN_INT
,
2375 LE_SCAN_TIMEOUT_BREDR_LE
);
2385 mgmt_pending_remove(cmd
);
2387 hci_discovery_set_state(hdev
, DISCOVERY_STARTING
);
2390 hci_dev_unlock(hdev
);
2394 static int stop_discovery(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2397 struct mgmt_cp_stop_discovery
*mgmt_cp
= data
;
2398 struct pending_cmd
*cmd
;
2399 struct hci_cp_remote_name_req_cancel cp
;
2400 struct inquiry_entry
*e
;
2403 BT_DBG("%s", hdev
->name
);
2407 if (!hci_discovery_active(hdev
)) {
2408 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
2409 MGMT_STATUS_REJECTED
, &mgmt_cp
->type
,
2410 sizeof(mgmt_cp
->type
));
2414 if (hdev
->discovery
.type
!= mgmt_cp
->type
) {
2415 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
2416 MGMT_STATUS_INVALID_PARAMS
, &mgmt_cp
->type
,
2417 sizeof(mgmt_cp
->type
));
2421 cmd
= mgmt_pending_add(sk
, MGMT_OP_STOP_DISCOVERY
, hdev
, NULL
, 0);
2427 switch (hdev
->discovery
.state
) {
2428 case DISCOVERY_FINDING
:
2429 if (test_bit(HCI_INQUIRY
, &hdev
->flags
))
2430 err
= hci_cancel_inquiry(hdev
);
2432 err
= hci_cancel_le_scan(hdev
);
2436 case DISCOVERY_RESOLVING
:
2437 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
,
2440 mgmt_pending_remove(cmd
);
2441 err
= cmd_complete(sk
, hdev
->id
,
2442 MGMT_OP_STOP_DISCOVERY
, 0,
2444 sizeof(mgmt_cp
->type
));
2445 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2449 bacpy(&cp
.bdaddr
, &e
->data
.bdaddr
);
2450 err
= hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ_CANCEL
,
2456 BT_DBG("unknown discovery state %u", hdev
->discovery
.state
);
2461 mgmt_pending_remove(cmd
);
2463 hci_discovery_set_state(hdev
, DISCOVERY_STOPPING
);
2466 hci_dev_unlock(hdev
);
2470 static int confirm_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2473 struct mgmt_cp_confirm_name
*cp
= data
;
2474 struct inquiry_entry
*e
;
2477 BT_DBG("%s", hdev
->name
);
2481 if (!hci_discovery_active(hdev
)) {
2482 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
2483 MGMT_STATUS_FAILED
);
2487 e
= hci_inquiry_cache_lookup_unknown(hdev
, &cp
->addr
.bdaddr
);
2489 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
2490 MGMT_STATUS_INVALID_PARAMS
);
2494 if (cp
->name_known
) {
2495 e
->name_state
= NAME_KNOWN
;
2498 e
->name_state
= NAME_NEEDED
;
2499 hci_inquiry_cache_update_resolve(hdev
, e
);
2502 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
, 0, &cp
->addr
,
2506 hci_dev_unlock(hdev
);
2510 static int block_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2513 struct mgmt_cp_block_device
*cp
= data
;
2517 BT_DBG("%s", hdev
->name
);
2521 err
= hci_blacklist_add(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
2523 status
= MGMT_STATUS_FAILED
;
2525 status
= MGMT_STATUS_SUCCESS
;
2527 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_BLOCK_DEVICE
, status
,
2528 &cp
->addr
, sizeof(cp
->addr
));
2530 hci_dev_unlock(hdev
);
2535 static int unblock_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2538 struct mgmt_cp_unblock_device
*cp
= data
;
2542 BT_DBG("%s", hdev
->name
);
2546 err
= hci_blacklist_del(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
2548 status
= MGMT_STATUS_INVALID_PARAMS
;
2550 status
= MGMT_STATUS_SUCCESS
;
2552 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNBLOCK_DEVICE
, status
,
2553 &cp
->addr
, sizeof(cp
->addr
));
2555 hci_dev_unlock(hdev
);
2560 static int set_device_id(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2563 struct mgmt_cp_set_device_id
*cp
= data
;
2567 BT_DBG("%s", hdev
->name
);
2569 source
= __le16_to_cpu(cp
->source
);
2571 if (source
> 0x0002)
2572 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEVICE_ID
,
2573 MGMT_STATUS_INVALID_PARAMS
);
2577 hdev
->devid_source
= source
;
2578 hdev
->devid_vendor
= __le16_to_cpu(cp
->vendor
);
2579 hdev
->devid_product
= __le16_to_cpu(cp
->product
);
2580 hdev
->devid_version
= __le16_to_cpu(cp
->version
);
2582 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEVICE_ID
, 0, NULL
, 0);
2586 hci_dev_unlock(hdev
);
2591 static int set_fast_connectable(struct sock
*sk
, struct hci_dev
*hdev
,
2592 void *data
, u16 len
)
2594 struct mgmt_mode
*cp
= data
;
2595 struct hci_cp_write_page_scan_activity acp
;
2599 BT_DBG("%s", hdev
->name
);
2601 if (!lmp_bredr_capable(hdev
))
2602 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2603 MGMT_STATUS_NOT_SUPPORTED
);
2605 if (!hdev_is_powered(hdev
))
2606 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2607 MGMT_STATUS_NOT_POWERED
);
2609 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2610 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2611 MGMT_STATUS_REJECTED
);
2616 type
= PAGE_SCAN_TYPE_INTERLACED
;
2618 /* 160 msec page scan interval */
2619 acp
.interval
= __constant_cpu_to_le16(0x0100);
2621 type
= PAGE_SCAN_TYPE_STANDARD
; /* default */
2623 /* default 1.28 sec page scan */
2624 acp
.interval
= __constant_cpu_to_le16(0x0800);
2627 /* default 11.25 msec page scan window */
2628 acp
.window
= __constant_cpu_to_le16(0x0012);
2630 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY
, sizeof(acp
),
2633 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2634 MGMT_STATUS_FAILED
);
2638 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_PAGE_SCAN_TYPE
, 1, &type
);
2640 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2641 MGMT_STATUS_FAILED
);
2645 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
, 0,
2648 hci_dev_unlock(hdev
);
2652 static int load_long_term_keys(struct sock
*sk
, struct hci_dev
*hdev
,
2653 void *cp_data
, u16 len
)
2655 struct mgmt_cp_load_long_term_keys
*cp
= cp_data
;
2656 u16 key_count
, expected_len
;
2659 key_count
= __le16_to_cpu(cp
->key_count
);
2661 expected_len
= sizeof(*cp
) + key_count
*
2662 sizeof(struct mgmt_ltk_info
);
2663 if (expected_len
!= len
) {
2664 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2666 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
,
2670 BT_DBG("%s key_count %u", hdev
->name
, key_count
);
2674 hci_smp_ltks_clear(hdev
);
2676 for (i
= 0; i
< key_count
; i
++) {
2677 struct mgmt_ltk_info
*key
= &cp
->keys
[i
];
2683 type
= HCI_SMP_LTK_SLAVE
;
2685 hci_add_ltk(hdev
, &key
->addr
.bdaddr
,
2686 bdaddr_to_le(key
->addr
.type
),
2687 type
, 0, key
->authenticated
, key
->val
,
2688 key
->enc_size
, key
->ediv
, key
->rand
);
2691 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
, 0,
2694 hci_dev_unlock(hdev
);
2699 static const struct mgmt_handler
{
2700 int (*func
) (struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2704 } mgmt_handlers
[] = {
2705 { NULL
}, /* 0x0000 (no command) */
2706 { read_version
, false, MGMT_READ_VERSION_SIZE
},
2707 { read_commands
, false, MGMT_READ_COMMANDS_SIZE
},
2708 { read_index_list
, false, MGMT_READ_INDEX_LIST_SIZE
},
2709 { read_controller_info
, false, MGMT_READ_INFO_SIZE
},
2710 { set_powered
, false, MGMT_SETTING_SIZE
},
2711 { set_discoverable
, false, MGMT_SET_DISCOVERABLE_SIZE
},
2712 { set_connectable
, false, MGMT_SETTING_SIZE
},
2713 { set_fast_connectable
, false, MGMT_SETTING_SIZE
},
2714 { set_pairable
, false, MGMT_SETTING_SIZE
},
2715 { set_link_security
, false, MGMT_SETTING_SIZE
},
2716 { set_ssp
, false, MGMT_SETTING_SIZE
},
2717 { set_hs
, false, MGMT_SETTING_SIZE
},
2718 { set_le
, false, MGMT_SETTING_SIZE
},
2719 { set_dev_class
, false, MGMT_SET_DEV_CLASS_SIZE
},
2720 { set_local_name
, false, MGMT_SET_LOCAL_NAME_SIZE
},
2721 { add_uuid
, false, MGMT_ADD_UUID_SIZE
},
2722 { remove_uuid
, false, MGMT_REMOVE_UUID_SIZE
},
2723 { load_link_keys
, true, MGMT_LOAD_LINK_KEYS_SIZE
},
2724 { load_long_term_keys
, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE
},
2725 { disconnect
, false, MGMT_DISCONNECT_SIZE
},
2726 { get_connections
, false, MGMT_GET_CONNECTIONS_SIZE
},
2727 { pin_code_reply
, false, MGMT_PIN_CODE_REPLY_SIZE
},
2728 { pin_code_neg_reply
, false, MGMT_PIN_CODE_NEG_REPLY_SIZE
},
2729 { set_io_capability
, false, MGMT_SET_IO_CAPABILITY_SIZE
},
2730 { pair_device
, false, MGMT_PAIR_DEVICE_SIZE
},
2731 { cancel_pair_device
, false, MGMT_CANCEL_PAIR_DEVICE_SIZE
},
2732 { unpair_device
, false, MGMT_UNPAIR_DEVICE_SIZE
},
2733 { user_confirm_reply
, false, MGMT_USER_CONFIRM_REPLY_SIZE
},
2734 { user_confirm_neg_reply
, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE
},
2735 { user_passkey_reply
, false, MGMT_USER_PASSKEY_REPLY_SIZE
},
2736 { user_passkey_neg_reply
, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE
},
2737 { read_local_oob_data
, false, MGMT_READ_LOCAL_OOB_DATA_SIZE
},
2738 { add_remote_oob_data
, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE
},
2739 { remove_remote_oob_data
, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE
},
2740 { start_discovery
, false, MGMT_START_DISCOVERY_SIZE
},
2741 { stop_discovery
, false, MGMT_STOP_DISCOVERY_SIZE
},
2742 { confirm_name
, false, MGMT_CONFIRM_NAME_SIZE
},
2743 { block_device
, false, MGMT_BLOCK_DEVICE_SIZE
},
2744 { unblock_device
, false, MGMT_UNBLOCK_DEVICE_SIZE
},
2745 { set_device_id
, false, MGMT_SET_DEVICE_ID_SIZE
},
2749 int mgmt_control(struct sock
*sk
, struct msghdr
*msg
, size_t msglen
)
2753 struct mgmt_hdr
*hdr
;
2754 u16 opcode
, index
, len
;
2755 struct hci_dev
*hdev
= NULL
;
2756 const struct mgmt_handler
*handler
;
2759 BT_DBG("got %zu bytes", msglen
);
2761 if (msglen
< sizeof(*hdr
))
2764 buf
= kmalloc(msglen
, GFP_KERNEL
);
2768 if (memcpy_fromiovec(buf
, msg
->msg_iov
, msglen
)) {
2774 opcode
= __le16_to_cpu(hdr
->opcode
);
2775 index
= __le16_to_cpu(hdr
->index
);
2776 len
= __le16_to_cpu(hdr
->len
);
2778 if (len
!= msglen
- sizeof(*hdr
)) {
2783 if (index
!= MGMT_INDEX_NONE
) {
2784 hdev
= hci_dev_get(index
);
2786 err
= cmd_status(sk
, index
, opcode
,
2787 MGMT_STATUS_INVALID_INDEX
);
2792 if (opcode
>= ARRAY_SIZE(mgmt_handlers
) ||
2793 mgmt_handlers
[opcode
].func
== NULL
) {
2794 BT_DBG("Unknown op %u", opcode
);
2795 err
= cmd_status(sk
, index
, opcode
,
2796 MGMT_STATUS_UNKNOWN_COMMAND
);
2800 if ((hdev
&& opcode
< MGMT_OP_READ_INFO
) ||
2801 (!hdev
&& opcode
>= MGMT_OP_READ_INFO
)) {
2802 err
= cmd_status(sk
, index
, opcode
,
2803 MGMT_STATUS_INVALID_INDEX
);
2807 handler
= &mgmt_handlers
[opcode
];
2809 if ((handler
->var_len
&& len
< handler
->data_len
) ||
2810 (!handler
->var_len
&& len
!= handler
->data_len
)) {
2811 err
= cmd_status(sk
, index
, opcode
,
2812 MGMT_STATUS_INVALID_PARAMS
);
2817 mgmt_init_hdev(sk
, hdev
);
2819 cp
= buf
+ sizeof(*hdr
);
2821 err
= handler
->func(sk
, hdev
, cp
, len
);
2835 static void cmd_status_rsp(struct pending_cmd
*cmd
, void *data
)
2839 cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, *status
);
2840 mgmt_pending_remove(cmd
);
2843 int mgmt_index_added(struct hci_dev
*hdev
)
2845 if (!mgmt_valid_hdev(hdev
))
2848 return mgmt_event(MGMT_EV_INDEX_ADDED
, hdev
, NULL
, 0, NULL
);
2851 int mgmt_index_removed(struct hci_dev
*hdev
)
2853 u8 status
= MGMT_STATUS_INVALID_INDEX
;
2855 if (!mgmt_valid_hdev(hdev
))
2858 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status
);
2860 return mgmt_event(MGMT_EV_INDEX_REMOVED
, hdev
, NULL
, 0, NULL
);
2865 struct hci_dev
*hdev
;
2869 static void settings_rsp(struct pending_cmd
*cmd
, void *data
)
2871 struct cmd_lookup
*match
= data
;
2873 send_settings_rsp(cmd
->sk
, cmd
->opcode
, match
->hdev
);
2875 list_del(&cmd
->list
);
2877 if (match
->sk
== NULL
) {
2878 match
->sk
= cmd
->sk
;
2879 sock_hold(match
->sk
);
2882 mgmt_pending_free(cmd
);
2885 static int set_bredr_scan(struct hci_dev
*hdev
)
2889 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2891 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
2892 scan
|= SCAN_INQUIRY
;
2897 return hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
2900 int mgmt_powered(struct hci_dev
*hdev
, u8 powered
)
2902 struct cmd_lookup match
= { NULL
, hdev
};
2905 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
2908 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
, &match
);
2911 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
) &&
2912 !lmp_host_ssp_capable(hdev
)) {
2915 hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_MODE
, 1, &ssp
);
2918 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
2919 struct hci_cp_write_le_host_supported cp
;
2922 cp
.simul
= lmp_le_br_capable(hdev
);
2924 /* Check first if we already have the right
2925 * host state (host features set)
2927 if (cp
.le
!= lmp_host_le_capable(hdev
) ||
2928 cp
.simul
!= lmp_host_le_br_capable(hdev
))
2930 HCI_OP_WRITE_LE_HOST_SUPPORTED
,
2934 if (lmp_bredr_capable(hdev
)) {
2935 set_bredr_scan(hdev
);
2937 update_name(hdev
, hdev
->dev_name
);
2941 u8 status
= MGMT_STATUS_NOT_POWERED
;
2942 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status
);
2945 err
= new_settings(hdev
, match
.sk
);
2953 int mgmt_discoverable(struct hci_dev
*hdev
, u8 discoverable
)
2955 struct cmd_lookup match
= { NULL
, hdev
};
2956 bool changed
= false;
2960 if (!test_and_set_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
2963 if (test_and_clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
2967 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE
, hdev
, settings_rsp
,
2971 err
= new_settings(hdev
, match
.sk
);
2979 int mgmt_connectable(struct hci_dev
*hdev
, u8 connectable
)
2981 struct cmd_lookup match
= { NULL
, hdev
};
2982 bool changed
= false;
2986 if (!test_and_set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2989 if (test_and_clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2993 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE
, hdev
, settings_rsp
,
2997 err
= new_settings(hdev
, match
.sk
);
3005 int mgmt_write_scan_failed(struct hci_dev
*hdev
, u8 scan
, u8 status
)
3007 u8 mgmt_err
= mgmt_status(status
);
3009 if (scan
& SCAN_PAGE
)
3010 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE
, hdev
,
3011 cmd_status_rsp
, &mgmt_err
);
3013 if (scan
& SCAN_INQUIRY
)
3014 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE
, hdev
,
3015 cmd_status_rsp
, &mgmt_err
);
3020 int mgmt_new_link_key(struct hci_dev
*hdev
, struct link_key
*key
,
3023 struct mgmt_ev_new_link_key ev
;
3025 memset(&ev
, 0, sizeof(ev
));
3027 ev
.store_hint
= persistent
;
3028 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
3029 ev
.key
.addr
.type
= BDADDR_BREDR
;
3030 ev
.key
.type
= key
->type
;
3031 memcpy(ev
.key
.val
, key
->val
, HCI_LINK_KEY_SIZE
);
3032 ev
.key
.pin_len
= key
->pin_len
;
3034 return mgmt_event(MGMT_EV_NEW_LINK_KEY
, hdev
, &ev
, sizeof(ev
), NULL
);
3037 int mgmt_new_ltk(struct hci_dev
*hdev
, struct smp_ltk
*key
, u8 persistent
)
3039 struct mgmt_ev_new_long_term_key ev
;
3041 memset(&ev
, 0, sizeof(ev
));
3043 ev
.store_hint
= persistent
;
3044 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
3045 ev
.key
.addr
.type
= link_to_bdaddr(LE_LINK
, key
->bdaddr_type
);
3046 ev
.key
.authenticated
= key
->authenticated
;
3047 ev
.key
.enc_size
= key
->enc_size
;
3048 ev
.key
.ediv
= key
->ediv
;
3050 if (key
->type
== HCI_SMP_LTK
)
3053 memcpy(ev
.key
.rand
, key
->rand
, sizeof(key
->rand
));
3054 memcpy(ev
.key
.val
, key
->val
, sizeof(key
->val
));
3056 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY
, hdev
, &ev
, sizeof(ev
),
3060 int mgmt_device_connected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3061 u8 addr_type
, u32 flags
, u8
*name
, u8 name_len
,
3065 struct mgmt_ev_device_connected
*ev
= (void *) buf
;
3068 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
3069 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3071 ev
->flags
= __cpu_to_le32(flags
);
3074 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
,
3077 if (dev_class
&& memcmp(dev_class
, "\0\0\0", 3) != 0)
3078 eir_len
= eir_append_data(ev
->eir
, eir_len
,
3079 EIR_CLASS_OF_DEV
, dev_class
, 3);
3081 ev
->eir_len
= cpu_to_le16(eir_len
);
3083 return mgmt_event(MGMT_EV_DEVICE_CONNECTED
, hdev
, buf
,
3084 sizeof(*ev
) + eir_len
, NULL
);
3087 static void disconnect_rsp(struct pending_cmd
*cmd
, void *data
)
3089 struct mgmt_cp_disconnect
*cp
= cmd
->param
;
3090 struct sock
**sk
= data
;
3091 struct mgmt_rp_disconnect rp
;
3093 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
3094 rp
.addr
.type
= cp
->addr
.type
;
3096 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
, 0, &rp
,
3102 mgmt_pending_remove(cmd
);
3105 static void unpair_device_rsp(struct pending_cmd
*cmd
, void *data
)
3107 struct hci_dev
*hdev
= data
;
3108 struct mgmt_cp_unpair_device
*cp
= cmd
->param
;
3109 struct mgmt_rp_unpair_device rp
;
3111 memset(&rp
, 0, sizeof(rp
));
3112 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
3113 rp
.addr
.type
= cp
->addr
.type
;
3115 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, cmd
->sk
);
3117 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, 0, &rp
, sizeof(rp
));
3119 mgmt_pending_remove(cmd
);
3122 int mgmt_device_disconnected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3123 u8 link_type
, u8 addr_type
, u8 reason
)
3125 struct mgmt_ev_device_disconnected ev
;
3126 struct sock
*sk
= NULL
;
3129 mgmt_pending_foreach(MGMT_OP_DISCONNECT
, hdev
, disconnect_rsp
, &sk
);
3131 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3132 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3135 err
= mgmt_event(MGMT_EV_DEVICE_DISCONNECTED
, hdev
, &ev
, sizeof(ev
),
3141 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
3147 int mgmt_disconnect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3148 u8 link_type
, u8 addr_type
, u8 status
)
3150 struct mgmt_rp_disconnect rp
;
3151 struct pending_cmd
*cmd
;
3154 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
3157 cmd
= mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
);
3161 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3162 rp
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3164 err
= cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
,
3165 mgmt_status(status
), &rp
, sizeof(rp
));
3167 mgmt_pending_remove(cmd
);
3172 int mgmt_connect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3173 u8 addr_type
, u8 status
)
3175 struct mgmt_ev_connect_failed ev
;
3177 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3178 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3179 ev
.status
= mgmt_status(status
);
3181 return mgmt_event(MGMT_EV_CONNECT_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
3184 int mgmt_pin_code_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 secure
)
3186 struct mgmt_ev_pin_code_request ev
;
3188 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3189 ev
.addr
.type
= BDADDR_BREDR
;
3192 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST
, hdev
, &ev
, sizeof(ev
),
3196 int mgmt_pin_code_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3199 struct pending_cmd
*cmd
;
3200 struct mgmt_rp_pin_code_reply rp
;
3203 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY
, hdev
);
3207 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3208 rp
.addr
.type
= BDADDR_BREDR
;
3210 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
3211 mgmt_status(status
), &rp
, sizeof(rp
));
3213 mgmt_pending_remove(cmd
);
3218 int mgmt_pin_code_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3221 struct pending_cmd
*cmd
;
3222 struct mgmt_rp_pin_code_reply rp
;
3225 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
);
3229 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3230 rp
.addr
.type
= BDADDR_BREDR
;
3232 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_NEG_REPLY
,
3233 mgmt_status(status
), &rp
, sizeof(rp
));
3235 mgmt_pending_remove(cmd
);
3240 int mgmt_user_confirm_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3241 u8 link_type
, u8 addr_type
, __le32 value
,
3244 struct mgmt_ev_user_confirm_request ev
;
3246 BT_DBG("%s", hdev
->name
);
3248 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3249 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3250 ev
.confirm_hint
= confirm_hint
;
3253 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST
, hdev
, &ev
, sizeof(ev
),
3257 int mgmt_user_passkey_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3258 u8 link_type
, u8 addr_type
)
3260 struct mgmt_ev_user_passkey_request ev
;
3262 BT_DBG("%s", hdev
->name
);
3264 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3265 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3267 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST
, hdev
, &ev
, sizeof(ev
),
3271 static int user_pairing_resp_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3272 u8 link_type
, u8 addr_type
, u8 status
,
3275 struct pending_cmd
*cmd
;
3276 struct mgmt_rp_user_confirm_reply rp
;
3279 cmd
= mgmt_pending_find(opcode
, hdev
);
3283 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3284 rp
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3285 err
= cmd_complete(cmd
->sk
, hdev
->id
, opcode
, mgmt_status(status
),
3288 mgmt_pending_remove(cmd
);
3293 int mgmt_user_confirm_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3294 u8 link_type
, u8 addr_type
, u8 status
)
3296 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3297 status
, MGMT_OP_USER_CONFIRM_REPLY
);
3300 int mgmt_user_confirm_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3301 u8 link_type
, u8 addr_type
, u8 status
)
3303 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3305 MGMT_OP_USER_CONFIRM_NEG_REPLY
);
3308 int mgmt_user_passkey_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3309 u8 link_type
, u8 addr_type
, u8 status
)
3311 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3312 status
, MGMT_OP_USER_PASSKEY_REPLY
);
3315 int mgmt_user_passkey_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3316 u8 link_type
, u8 addr_type
, u8 status
)
3318 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3320 MGMT_OP_USER_PASSKEY_NEG_REPLY
);
3323 int mgmt_user_passkey_notify(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3324 u8 link_type
, u8 addr_type
, u32 passkey
,
3327 struct mgmt_ev_passkey_notify ev
;
3329 BT_DBG("%s", hdev
->name
);
3331 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3332 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3333 ev
.passkey
= __cpu_to_le32(passkey
);
3334 ev
.entered
= entered
;
3336 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY
, hdev
, &ev
, sizeof(ev
), NULL
);
3339 int mgmt_auth_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3340 u8 addr_type
, u8 status
)
3342 struct mgmt_ev_auth_failed ev
;
3344 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3345 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3346 ev
.status
= mgmt_status(status
);
3348 return mgmt_event(MGMT_EV_AUTH_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
3351 int mgmt_auth_enable_complete(struct hci_dev
*hdev
, u8 status
)
3353 struct cmd_lookup match
= { NULL
, hdev
};
3354 bool changed
= false;
3358 u8 mgmt_err
= mgmt_status(status
);
3359 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
,
3360 cmd_status_rsp
, &mgmt_err
);
3364 if (test_bit(HCI_AUTH
, &hdev
->flags
)) {
3365 if (!test_and_set_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
3368 if (test_and_clear_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
3372 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
, settings_rsp
,
3376 err
= new_settings(hdev
, match
.sk
);
3384 static int clear_eir(struct hci_dev
*hdev
)
3386 struct hci_cp_write_eir cp
;
3388 if (!lmp_ext_inq_capable(hdev
))
3391 memset(hdev
->eir
, 0, sizeof(hdev
->eir
));
3393 memset(&cp
, 0, sizeof(cp
));
3395 return hci_send_cmd(hdev
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
3398 int mgmt_ssp_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
3400 struct cmd_lookup match
= { NULL
, hdev
};
3401 bool changed
= false;
3405 u8 mgmt_err
= mgmt_status(status
);
3407 if (enable
&& test_and_clear_bit(HCI_SSP_ENABLED
,
3409 err
= new_settings(hdev
, NULL
);
3411 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, cmd_status_rsp
,
3418 if (!test_and_set_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3421 if (test_and_clear_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3425 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, settings_rsp
, &match
);
3428 err
= new_settings(hdev
, match
.sk
);
3433 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3441 static void class_rsp(struct pending_cmd
*cmd
, void *data
)
3443 struct cmd_lookup
*match
= data
;
3445 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, match
->mgmt_status
,
3446 match
->hdev
->dev_class
, 3);
3448 list_del(&cmd
->list
);
3450 if (match
->sk
== NULL
) {
3451 match
->sk
= cmd
->sk
;
3452 sock_hold(match
->sk
);
3455 mgmt_pending_free(cmd
);
3458 int mgmt_set_class_of_dev_complete(struct hci_dev
*hdev
, u8
*dev_class
,
3461 struct cmd_lookup match
= { NULL
, hdev
, mgmt_status(status
) };
3464 clear_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
);
3466 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS
, hdev
, class_rsp
, &match
);
3467 mgmt_pending_foreach(MGMT_OP_ADD_UUID
, hdev
, class_rsp
, &match
);
3468 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID
, hdev
, class_rsp
, &match
);
3471 err
= mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED
, hdev
, dev_class
,
3480 int mgmt_set_local_name_complete(struct hci_dev
*hdev
, u8
*name
, u8 status
)
3482 struct pending_cmd
*cmd
;
3483 struct mgmt_cp_set_local_name ev
;
3484 bool changed
= false;
3487 if (memcmp(name
, hdev
->dev_name
, sizeof(hdev
->dev_name
)) != 0) {
3488 memcpy(hdev
->dev_name
, name
, sizeof(hdev
->dev_name
));
3492 memset(&ev
, 0, sizeof(ev
));
3493 memcpy(ev
.name
, name
, HCI_MAX_NAME_LENGTH
);
3494 memcpy(ev
.short_name
, hdev
->short_name
, HCI_MAX_SHORT_NAME_LENGTH
);
3496 cmd
= mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME
, hdev
);
3500 /* Always assume that either the short or the complete name has
3501 * changed if there was a pending mgmt command */
3505 err
= cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
,
3506 mgmt_status(status
));
3510 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0, &ev
,
3517 err
= mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, &ev
,
3518 sizeof(ev
), cmd
? cmd
->sk
: NULL
);
3520 /* EIR is taken care of separately when powering on the
3521 * adapter so only update them here if this is a name change
3522 * unrelated to power on.
3524 if (!test_bit(HCI_INIT
, &hdev
->flags
))
3529 mgmt_pending_remove(cmd
);
3533 int mgmt_read_local_oob_data_reply_complete(struct hci_dev
*hdev
, u8
*hash
,
3534 u8
*randomizer
, u8 status
)
3536 struct pending_cmd
*cmd
;
3539 BT_DBG("%s status %u", hdev
->name
, status
);
3541 cmd
= mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
);
3546 err
= cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
3547 mgmt_status(status
));
3549 struct mgmt_rp_read_local_oob_data rp
;
3551 memcpy(rp
.hash
, hash
, sizeof(rp
.hash
));
3552 memcpy(rp
.randomizer
, randomizer
, sizeof(rp
.randomizer
));
3554 err
= cmd_complete(cmd
->sk
, hdev
->id
,
3555 MGMT_OP_READ_LOCAL_OOB_DATA
, 0, &rp
,
3559 mgmt_pending_remove(cmd
);
3564 int mgmt_le_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
3566 struct cmd_lookup match
= { NULL
, hdev
};
3567 bool changed
= false;
3571 u8 mgmt_err
= mgmt_status(status
);
3573 if (enable
&& test_and_clear_bit(HCI_LE_ENABLED
,
3575 err
= new_settings(hdev
, NULL
);
3577 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, cmd_status_rsp
,
3584 if (!test_and_set_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
3587 if (test_and_clear_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
3591 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, settings_rsp
, &match
);
3594 err
= new_settings(hdev
, match
.sk
);
3602 int mgmt_device_found(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3603 u8 addr_type
, u8
*dev_class
, s8 rssi
, u8 cfm_name
, u8
3604 ssp
, u8
*eir
, u16 eir_len
)
3607 struct mgmt_ev_device_found
*ev
= (void *) buf
;
3610 /* Leave 5 bytes for a potential CoD field */
3611 if (sizeof(*ev
) + eir_len
+ 5 > sizeof(buf
))
3614 memset(buf
, 0, sizeof(buf
));
3616 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
3617 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3620 ev
->flags
|= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME
);
3622 ev
->flags
|= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING
);
3625 memcpy(ev
->eir
, eir
, eir_len
);
3627 if (dev_class
&& !eir_has_data_type(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
))
3628 eir_len
= eir_append_data(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
,
3631 ev
->eir_len
= cpu_to_le16(eir_len
);
3632 ev_size
= sizeof(*ev
) + eir_len
;
3634 return mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
, ev_size
, NULL
);
3637 int mgmt_remote_name(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3638 u8 addr_type
, s8 rssi
, u8
*name
, u8 name_len
)
3640 struct mgmt_ev_device_found
*ev
;
3641 char buf
[sizeof(*ev
) + HCI_MAX_NAME_LENGTH
+ 2];
3644 ev
= (struct mgmt_ev_device_found
*) buf
;
3646 memset(buf
, 0, sizeof(buf
));
3648 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
3649 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3652 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
, name
,
3655 ev
->eir_len
= cpu_to_le16(eir_len
);
3657 return mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
,
3658 sizeof(*ev
) + eir_len
, NULL
);
3661 int mgmt_start_discovery_failed(struct hci_dev
*hdev
, u8 status
)
3663 struct pending_cmd
*cmd
;
3667 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
3669 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
3673 type
= hdev
->discovery
.type
;
3675 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
3676 &type
, sizeof(type
));
3677 mgmt_pending_remove(cmd
);
3682 int mgmt_stop_discovery_failed(struct hci_dev
*hdev
, u8 status
)
3684 struct pending_cmd
*cmd
;
3687 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
3691 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
3692 &hdev
->discovery
.type
, sizeof(hdev
->discovery
.type
));
3693 mgmt_pending_remove(cmd
);
3698 int mgmt_discovering(struct hci_dev
*hdev
, u8 discovering
)
3700 struct mgmt_ev_discovering ev
;
3701 struct pending_cmd
*cmd
;
3703 BT_DBG("%s discovering %u", hdev
->name
, discovering
);
3706 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
3708 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
3711 u8 type
= hdev
->discovery
.type
;
3713 cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, 0, &type
,
3715 mgmt_pending_remove(cmd
);
3718 memset(&ev
, 0, sizeof(ev
));
3719 ev
.type
= hdev
->discovery
.type
;
3720 ev
.discovering
= discovering
;
3722 return mgmt_event(MGMT_EV_DISCOVERING
, hdev
, &ev
, sizeof(ev
), NULL
);
3725 int mgmt_device_blocked(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
3727 struct pending_cmd
*cmd
;
3728 struct mgmt_ev_device_blocked ev
;
3730 cmd
= mgmt_pending_find(MGMT_OP_BLOCK_DEVICE
, hdev
);
3732 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3733 ev
.addr
.type
= type
;
3735 return mgmt_event(MGMT_EV_DEVICE_BLOCKED
, hdev
, &ev
, sizeof(ev
),
3736 cmd
? cmd
->sk
: NULL
);
3739 int mgmt_device_unblocked(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
3741 struct pending_cmd
*cmd
;
3742 struct mgmt_ev_device_unblocked ev
;
3744 cmd
= mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE
, hdev
);
3746 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3747 ev
.addr
.type
= type
;
3749 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED
, hdev
, &ev
, sizeof(ev
),
3750 cmd
? cmd
->sk
: NULL
);
3753 module_param(enable_hs
, bool, 0644);
3754 MODULE_PARM_DESC(enable_hs
, "Enable High Speed support");
projects / mirror_ubuntu-bionic-kernel.git / blob