2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/kernel.h>
28 #include <linux/uaccess.h>
29 #include <linux/module.h>
30 #include <asm/unaligned.h>
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/mgmt.h>
35 #include <net/bluetooth/smp.h>
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 0
43 static const u16 mgmt_commands
[] = {
44 MGMT_OP_READ_INDEX_LIST
,
47 MGMT_OP_SET_DISCOVERABLE
,
48 MGMT_OP_SET_CONNECTABLE
,
49 MGMT_OP_SET_FAST_CONNECTABLE
,
51 MGMT_OP_SET_LINK_SECURITY
,
55 MGMT_OP_SET_DEV_CLASS
,
56 MGMT_OP_SET_LOCAL_NAME
,
59 MGMT_OP_LOAD_LINK_KEYS
,
60 MGMT_OP_LOAD_LONG_TERM_KEYS
,
62 MGMT_OP_GET_CONNECTIONS
,
63 MGMT_OP_PIN_CODE_REPLY
,
64 MGMT_OP_PIN_CODE_NEG_REPLY
,
65 MGMT_OP_SET_IO_CAPABILITY
,
67 MGMT_OP_CANCEL_PAIR_DEVICE
,
68 MGMT_OP_UNPAIR_DEVICE
,
69 MGMT_OP_USER_CONFIRM_REPLY
,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
71 MGMT_OP_USER_PASSKEY_REPLY
,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
73 MGMT_OP_READ_LOCAL_OOB_DATA
,
74 MGMT_OP_ADD_REMOTE_OOB_DATA
,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
76 MGMT_OP_START_DISCOVERY
,
77 MGMT_OP_STOP_DISCOVERY
,
80 MGMT_OP_UNBLOCK_DEVICE
,
83 static const u16 mgmt_events
[] = {
84 MGMT_EV_CONTROLLER_ERROR
,
86 MGMT_EV_INDEX_REMOVED
,
88 MGMT_EV_CLASS_OF_DEV_CHANGED
,
89 MGMT_EV_LOCAL_NAME_CHANGED
,
91 MGMT_EV_NEW_LONG_TERM_KEY
,
92 MGMT_EV_DEVICE_CONNECTED
,
93 MGMT_EV_DEVICE_DISCONNECTED
,
94 MGMT_EV_CONNECT_FAILED
,
95 MGMT_EV_PIN_CODE_REQUEST
,
96 MGMT_EV_USER_CONFIRM_REQUEST
,
97 MGMT_EV_USER_PASSKEY_REQUEST
,
101 MGMT_EV_DEVICE_BLOCKED
,
102 MGMT_EV_DEVICE_UNBLOCKED
,
103 MGMT_EV_DEVICE_UNPAIRED
,
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
110 #define LE_SCAN_TYPE 0x01
111 #define LE_SCAN_WIN 0x12
112 #define LE_SCAN_INT 0x12
113 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
114 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
116 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
117 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
119 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
121 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
125 struct list_head list
;
133 /* HCI to MGMT error code conversion table */
134 static u8 mgmt_status_table
[] = {
136 MGMT_STATUS_UNKNOWN_COMMAND
, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED
, /* No Connection */
138 MGMT_STATUS_FAILED
, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED
, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED
, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED
, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES
, /* Memory Full */
143 MGMT_STATUS_TIMEOUT
, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES
, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES
, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED
, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY
, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES
, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED
, /* Rejected Security */
150 MGMT_STATUS_REJECTED
, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT
, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS
, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED
, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES
, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED
, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED
, /* Connection Terminated */
158 MGMT_STATUS_BUSY
, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED
, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED
, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED
, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED
, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED
, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS
, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED
, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED
, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT
, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED
, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED
, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED
, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED
, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED
, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT
, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED
, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED
, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS
, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED
, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED
, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED
, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS
, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY
, /* Role Switch Pending */
184 MGMT_STATUS_FAILED
, /* Slot Violation */
185 MGMT_STATUS_FAILED
, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS
, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED
, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY
, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED
, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY
, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS
, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT
, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED
, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED
, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED
, /* MAC Connection Failed */
198 static u8
mgmt_status(u8 hci_status
)
200 if (hci_status
< ARRAY_SIZE(mgmt_status_table
))
201 return mgmt_status_table
[hci_status
];
203 return MGMT_STATUS_FAILED
;
206 static int cmd_status(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
)
209 struct mgmt_hdr
*hdr
;
210 struct mgmt_ev_cmd_status
*ev
;
213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk
, index
, cmd
, status
);
215 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
), GFP_ATOMIC
);
219 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
221 hdr
->opcode
= cpu_to_le16(MGMT_EV_CMD_STATUS
);
222 hdr
->index
= cpu_to_le16(index
);
223 hdr
->len
= cpu_to_le16(sizeof(*ev
));
225 ev
= (void *) skb_put(skb
, sizeof(*ev
));
227 put_unaligned_le16(cmd
, &ev
->opcode
);
229 err
= sock_queue_rcv_skb(sk
, skb
);
236 static int cmd_complete(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
,
237 void *rp
, size_t rp_len
)
240 struct mgmt_hdr
*hdr
;
241 struct mgmt_ev_cmd_complete
*ev
;
244 BT_DBG("sock %p", sk
);
246 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
) + rp_len
, GFP_ATOMIC
);
250 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
252 hdr
->opcode
= cpu_to_le16(MGMT_EV_CMD_COMPLETE
);
253 hdr
->index
= cpu_to_le16(index
);
254 hdr
->len
= cpu_to_le16(sizeof(*ev
) + rp_len
);
256 ev
= (void *) skb_put(skb
, sizeof(*ev
) + rp_len
);
257 put_unaligned_le16(cmd
, &ev
->opcode
);
261 memcpy(ev
->data
, rp
, rp_len
);
263 err
= sock_queue_rcv_skb(sk
, skb
);
270 static int read_version(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
273 struct mgmt_rp_read_version rp
;
275 BT_DBG("sock %p", sk
);
277 rp
.version
= MGMT_VERSION
;
278 put_unaligned_le16(MGMT_REVISION
, &rp
.revision
);
280 return cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_VERSION
, 0, &rp
,
284 static int read_commands(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
287 struct mgmt_rp_read_commands
*rp
;
288 u16 num_commands
= ARRAY_SIZE(mgmt_commands
);
289 u16 num_events
= ARRAY_SIZE(mgmt_events
);
294 BT_DBG("sock %p", sk
);
296 rp_size
= sizeof(*rp
) + ((num_commands
+ num_events
) * sizeof(u16
));
298 rp
= kmalloc(rp_size
, GFP_KERNEL
);
302 put_unaligned_le16(num_commands
, &rp
->num_commands
);
303 put_unaligned_le16(num_events
, &rp
->num_events
);
305 for (i
= 0, opcode
= rp
->opcodes
; i
< num_commands
; i
++, opcode
++)
306 put_unaligned_le16(mgmt_commands
[i
], opcode
);
308 for (i
= 0; i
< num_events
; i
++, opcode
++)
309 put_unaligned_le16(mgmt_events
[i
], opcode
);
311 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_COMMANDS
, 0, rp
,
318 static int read_index_list(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
321 struct mgmt_rp_read_index_list
*rp
;
328 BT_DBG("sock %p", sk
);
330 read_lock(&hci_dev_list_lock
);
333 list_for_each(p
, &hci_dev_list
) {
337 rp_len
= sizeof(*rp
) + (2 * count
);
338 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
340 read_unlock(&hci_dev_list_lock
);
344 put_unaligned_le16(count
, &rp
->num_controllers
);
347 list_for_each_entry(d
, &hci_dev_list
, list
) {
348 if (test_bit(HCI_SETUP
, &d
->dev_flags
))
351 put_unaligned_le16(d
->id
, &rp
->index
[i
++]);
352 BT_DBG("Added hci%u", d
->id
);
355 read_unlock(&hci_dev_list_lock
);
357 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_INDEX_LIST
, 0, rp
,
365 static u32
get_supported_settings(struct hci_dev
*hdev
)
369 settings
|= MGMT_SETTING_POWERED
;
370 settings
|= MGMT_SETTING_CONNECTABLE
;
371 settings
|= MGMT_SETTING_FAST_CONNECTABLE
;
372 settings
|= MGMT_SETTING_DISCOVERABLE
;
373 settings
|= MGMT_SETTING_PAIRABLE
;
375 if (hdev
->features
[6] & LMP_SIMPLE_PAIR
)
376 settings
|= MGMT_SETTING_SSP
;
378 if (!(hdev
->features
[4] & LMP_NO_BREDR
)) {
379 settings
|= MGMT_SETTING_BREDR
;
380 settings
|= MGMT_SETTING_LINK_SECURITY
;
384 settings
|= MGMT_SETTING_HS
;
387 if (hdev
->features
[4] & LMP_LE
)
388 settings
|= MGMT_SETTING_LE
;
394 static u32
get_current_settings(struct hci_dev
*hdev
)
398 if (hdev_is_powered(hdev
))
399 settings
|= MGMT_SETTING_POWERED
;
401 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
402 settings
|= MGMT_SETTING_CONNECTABLE
;
404 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
405 settings
|= MGMT_SETTING_DISCOVERABLE
;
407 if (test_bit(HCI_PAIRABLE
, &hdev
->dev_flags
))
408 settings
|= MGMT_SETTING_PAIRABLE
;
410 if (!(hdev
->features
[4] & LMP_NO_BREDR
))
411 settings
|= MGMT_SETTING_BREDR
;
413 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
414 settings
|= MGMT_SETTING_LE
;
416 if (test_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
417 settings
|= MGMT_SETTING_LINK_SECURITY
;
419 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
420 settings
|= MGMT_SETTING_SSP
;
422 if (test_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
))
423 settings
|= MGMT_SETTING_HS
;
428 #define PNP_INFO_SVCLASS_ID 0x1200
430 static u8 bluetooth_base_uuid
[] = {
431 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
432 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
435 static u16
get_uuid16(u8
*uuid128
)
440 for (i
= 0; i
< 12; i
++) {
441 if (bluetooth_base_uuid
[i
] != uuid128
[i
])
445 memcpy(&val
, &uuid128
[12], 4);
447 val
= le32_to_cpu(val
);
454 static void create_eir(struct hci_dev
*hdev
, u8
*data
)
458 u16 uuid16_list
[HCI_MAX_EIR_LENGTH
/ sizeof(u16
)];
459 int i
, truncated
= 0;
460 struct bt_uuid
*uuid
;
463 name_len
= strlen(hdev
->dev_name
);
469 ptr
[1] = EIR_NAME_SHORT
;
471 ptr
[1] = EIR_NAME_COMPLETE
;
473 /* EIR Data length */
474 ptr
[0] = name_len
+ 1;
476 memcpy(ptr
+ 2, hdev
->dev_name
, name_len
);
478 eir_len
+= (name_len
+ 2);
479 ptr
+= (name_len
+ 2);
482 memset(uuid16_list
, 0, sizeof(uuid16_list
));
484 /* Group all UUID16 types */
485 list_for_each_entry(uuid
, &hdev
->uuids
, list
) {
488 uuid16
= get_uuid16(uuid
->uuid
);
495 if (uuid16
== PNP_INFO_SVCLASS_ID
)
498 /* Stop if not enough space to put next UUID */
499 if (eir_len
+ 2 + sizeof(u16
) > HCI_MAX_EIR_LENGTH
) {
504 /* Check for duplicates */
505 for (i
= 0; uuid16_list
[i
] != 0; i
++)
506 if (uuid16_list
[i
] == uuid16
)
509 if (uuid16_list
[i
] == 0) {
510 uuid16_list
[i
] = uuid16
;
511 eir_len
+= sizeof(u16
);
515 if (uuid16_list
[0] != 0) {
519 ptr
[1] = truncated
? EIR_UUID16_SOME
: EIR_UUID16_ALL
;
524 for (i
= 0; uuid16_list
[i
] != 0; i
++) {
525 *ptr
++ = (uuid16_list
[i
] & 0x00ff);
526 *ptr
++ = (uuid16_list
[i
] & 0xff00) >> 8;
529 /* EIR Data length */
530 *length
= (i
* sizeof(u16
)) + 1;
534 static int update_eir(struct hci_dev
*hdev
)
536 struct hci_cp_write_eir cp
;
538 if (!hdev_is_powered(hdev
))
541 if (!(hdev
->features
[6] & LMP_EXT_INQ
))
544 if (!test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
547 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
550 memset(&cp
, 0, sizeof(cp
));
552 create_eir(hdev
, cp
.data
);
554 if (memcmp(cp
.data
, hdev
->eir
, sizeof(cp
.data
)) == 0)
557 memcpy(hdev
->eir
, cp
.data
, sizeof(cp
.data
));
559 return hci_send_cmd(hdev
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
562 static u8
get_service_classes(struct hci_dev
*hdev
)
564 struct bt_uuid
*uuid
;
567 list_for_each_entry(uuid
, &hdev
->uuids
, list
)
568 val
|= uuid
->svc_hint
;
573 static int update_class(struct hci_dev
*hdev
)
578 BT_DBG("%s", hdev
->name
);
580 if (!hdev_is_powered(hdev
))
583 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
586 cod
[0] = hdev
->minor_class
;
587 cod
[1] = hdev
->major_class
;
588 cod
[2] = get_service_classes(hdev
);
590 if (memcmp(cod
, hdev
->dev_class
, 3) == 0)
593 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_CLASS_OF_DEV
, sizeof(cod
), cod
);
595 set_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
);
600 static void service_cache_off(struct work_struct
*work
)
602 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
605 if (!test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
613 hci_dev_unlock(hdev
);
616 static void mgmt_init_hdev(struct sock
*sk
, struct hci_dev
*hdev
)
618 if (test_and_set_bit(HCI_MGMT
, &hdev
->dev_flags
))
621 INIT_DELAYED_WORK(&hdev
->service_cache
, service_cache_off
);
623 /* Non-mgmt controlled devices get this bit set
624 * implicitly so that pairing works for them, however
625 * for mgmt we require user-space to explicitly enable
628 clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
631 static int read_controller_info(struct sock
*sk
, struct hci_dev
*hdev
,
632 void *data
, u16 data_len
)
634 struct mgmt_rp_read_info rp
;
636 BT_DBG("sock %p %s", sk
, hdev
->name
);
640 memset(&rp
, 0, sizeof(rp
));
642 bacpy(&rp
.bdaddr
, &hdev
->bdaddr
);
644 rp
.version
= hdev
->hci_ver
;
646 put_unaligned_le16(hdev
->manufacturer
, &rp
.manufacturer
);
648 rp
.supported_settings
= cpu_to_le32(get_supported_settings(hdev
));
649 rp
.current_settings
= cpu_to_le32(get_current_settings(hdev
));
651 memcpy(rp
.dev_class
, hdev
->dev_class
, 3);
653 memcpy(rp
.name
, hdev
->dev_name
, sizeof(hdev
->dev_name
));
654 memcpy(rp
.short_name
, hdev
->short_name
, sizeof(hdev
->short_name
));
656 hci_dev_unlock(hdev
);
658 return cmd_complete(sk
, hdev
->id
, MGMT_OP_READ_INFO
, 0, &rp
,
662 static void mgmt_pending_free(struct pending_cmd
*cmd
)
669 static struct pending_cmd
*mgmt_pending_add(struct sock
*sk
, u16 opcode
,
670 struct hci_dev
*hdev
, void *data
,
673 struct pending_cmd
*cmd
;
675 cmd
= kmalloc(sizeof(*cmd
), GFP_ATOMIC
);
679 cmd
->opcode
= opcode
;
680 cmd
->index
= hdev
->id
;
682 cmd
->param
= kmalloc(len
, GFP_ATOMIC
);
689 memcpy(cmd
->param
, data
, len
);
694 list_add(&cmd
->list
, &hdev
->mgmt_pending
);
699 static void mgmt_pending_foreach(u16 opcode
, struct hci_dev
*hdev
,
700 void (*cb
)(struct pending_cmd
*cmd
, void *data
),
703 struct list_head
*p
, *n
;
705 list_for_each_safe(p
, n
, &hdev
->mgmt_pending
) {
706 struct pending_cmd
*cmd
;
708 cmd
= list_entry(p
, struct pending_cmd
, list
);
710 if (opcode
> 0 && cmd
->opcode
!= opcode
)
717 static struct pending_cmd
*mgmt_pending_find(u16 opcode
, struct hci_dev
*hdev
)
719 struct pending_cmd
*cmd
;
721 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
722 if (cmd
->opcode
== opcode
)
729 static void mgmt_pending_remove(struct pending_cmd
*cmd
)
731 list_del(&cmd
->list
);
732 mgmt_pending_free(cmd
);
735 static int send_settings_rsp(struct sock
*sk
, u16 opcode
, struct hci_dev
*hdev
)
737 __le32 settings
= cpu_to_le32(get_current_settings(hdev
));
739 return cmd_complete(sk
, hdev
->id
, opcode
, 0, &settings
,
743 static int set_powered(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
746 struct mgmt_mode
*cp
= data
;
747 struct pending_cmd
*cmd
;
750 BT_DBG("request for %s", hdev
->name
);
754 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
)) {
755 cancel_delayed_work(&hdev
->power_off
);
758 err
= send_settings_rsp(sk
, MGMT_OP_SET_POWERED
, hdev
);
759 mgmt_powered(hdev
, 1);
764 if (!!cp
->val
== hdev_is_powered(hdev
)) {
765 err
= send_settings_rsp(sk
, MGMT_OP_SET_POWERED
, hdev
);
769 if (mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
)) {
770 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_POWERED
,
775 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_POWERED
, hdev
, data
, len
);
782 schedule_work(&hdev
->power_on
);
784 schedule_work(&hdev
->power_off
.work
);
789 hci_dev_unlock(hdev
);
793 static int mgmt_event(u16 event
, struct hci_dev
*hdev
, void *data
, u16 data_len
,
794 struct sock
*skip_sk
)
797 struct mgmt_hdr
*hdr
;
799 skb
= alloc_skb(sizeof(*hdr
) + data_len
, GFP_ATOMIC
);
803 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
804 hdr
->opcode
= cpu_to_le16(event
);
806 hdr
->index
= cpu_to_le16(hdev
->id
);
808 hdr
->index
= cpu_to_le16(MGMT_INDEX_NONE
);
809 hdr
->len
= cpu_to_le16(data_len
);
812 memcpy(skb_put(skb
, data_len
), data
, data_len
);
815 __net_timestamp(skb
);
817 hci_send_to_control(skb
, skip_sk
);
823 static int new_settings(struct hci_dev
*hdev
, struct sock
*skip
)
827 ev
= cpu_to_le32(get_current_settings(hdev
));
829 return mgmt_event(MGMT_EV_NEW_SETTINGS
, hdev
, &ev
, sizeof(ev
), skip
);
832 static int set_discoverable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
835 struct mgmt_cp_set_discoverable
*cp
= data
;
836 struct pending_cmd
*cmd
;
841 BT_DBG("request for %s", hdev
->name
);
843 timeout
= get_unaligned_le16(&cp
->timeout
);
844 if (!cp
->val
&& timeout
> 0)
845 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
846 MGMT_STATUS_INVALID_PARAMS
);
850 if (!hdev_is_powered(hdev
) && timeout
> 0) {
851 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
852 MGMT_STATUS_NOT_POWERED
);
856 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
857 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
858 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
863 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
)) {
864 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
865 MGMT_STATUS_REJECTED
);
869 if (!hdev_is_powered(hdev
)) {
870 bool changed
= false;
872 if (!!cp
->val
!= test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
)) {
873 change_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
877 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
882 err
= new_settings(hdev
, sk
);
887 if (!!cp
->val
== test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
)) {
888 if (hdev
->discov_timeout
> 0) {
889 cancel_delayed_work(&hdev
->discov_off
);
890 hdev
->discov_timeout
= 0;
893 if (cp
->val
&& timeout
> 0) {
894 hdev
->discov_timeout
= timeout
;
895 queue_delayed_work(hdev
->workqueue
, &hdev
->discov_off
,
896 msecs_to_jiffies(hdev
->discov_timeout
* 1000));
899 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
903 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
, data
, len
);
912 scan
|= SCAN_INQUIRY
;
914 cancel_delayed_work(&hdev
->discov_off
);
916 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
918 mgmt_pending_remove(cmd
);
921 hdev
->discov_timeout
= timeout
;
924 hci_dev_unlock(hdev
);
928 static int set_connectable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
931 struct mgmt_mode
*cp
= data
;
932 struct pending_cmd
*cmd
;
936 BT_DBG("request for %s", hdev
->name
);
940 if (!hdev_is_powered(hdev
)) {
941 bool changed
= false;
943 if (!!cp
->val
!= test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
947 set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
949 clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
950 clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
953 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
958 err
= new_settings(hdev
, sk
);
963 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
964 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
965 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
970 if (!!cp
->val
== test_bit(HCI_PSCAN
, &hdev
->flags
)) {
971 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
975 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
, data
, len
);
986 if (test_bit(HCI_ISCAN
, &hdev
->flags
) &&
987 hdev
->discov_timeout
> 0)
988 cancel_delayed_work(&hdev
->discov_off
);
991 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
993 mgmt_pending_remove(cmd
);
996 hci_dev_unlock(hdev
);
1000 static int set_pairable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1003 struct mgmt_mode
*cp
= data
;
1006 BT_DBG("request for %s", hdev
->name
);
1011 set_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1013 clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1015 err
= send_settings_rsp(sk
, MGMT_OP_SET_PAIRABLE
, hdev
);
1019 err
= new_settings(hdev
, sk
);
1022 hci_dev_unlock(hdev
);
1026 static int set_link_security(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1029 struct mgmt_mode
*cp
= data
;
1030 struct pending_cmd
*cmd
;
1034 BT_DBG("request for %s", hdev
->name
);
1038 if (!hdev_is_powered(hdev
)) {
1039 bool changed
= false;
1041 if (!!cp
->val
!= test_bit(HCI_LINK_SECURITY
,
1042 &hdev
->dev_flags
)) {
1043 change_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
);
1047 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1052 err
= new_settings(hdev
, sk
);
1057 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY
, hdev
)) {
1058 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1065 if (test_bit(HCI_AUTH
, &hdev
->flags
) == val
) {
1066 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1070 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
, data
, len
);
1076 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, sizeof(val
), &val
);
1078 mgmt_pending_remove(cmd
);
1083 hci_dev_unlock(hdev
);
1087 static int set_ssp(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1089 struct mgmt_mode
*cp
= data
;
1090 struct pending_cmd
*cmd
;
1094 BT_DBG("request for %s", hdev
->name
);
1098 if (!(hdev
->features
[6] & LMP_SIMPLE_PAIR
)) {
1099 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1100 MGMT_STATUS_NOT_SUPPORTED
);
1106 if (!hdev_is_powered(hdev
)) {
1107 bool changed
= false;
1109 if (val
!= test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
1110 change_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
1114 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1119 err
= new_settings(hdev
, sk
);
1124 if (mgmt_pending_find(MGMT_OP_SET_SSP
, hdev
)) {
1125 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1130 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
) == val
) {
1131 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1135 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_SSP
, hdev
, data
, len
);
1141 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_MODE
, sizeof(val
), &val
);
1143 mgmt_pending_remove(cmd
);
1148 hci_dev_unlock(hdev
);
1152 static int set_hs(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1154 struct mgmt_mode
*cp
= data
;
1156 BT_DBG("request for %s", hdev
->name
);
1159 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1160 MGMT_STATUS_NOT_SUPPORTED
);
1163 set_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1165 clear_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1167 return send_settings_rsp(sk
, MGMT_OP_SET_HS
, hdev
);
1170 static int set_le(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1172 struct mgmt_mode
*cp
= data
;
1173 struct hci_cp_write_le_host_supported hci_cp
;
1174 struct pending_cmd
*cmd
;
1178 BT_DBG("request for %s", hdev
->name
);
1182 if (!enable_le
|| !(hdev
->features
[4] & LMP_LE
)) {
1183 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1184 MGMT_STATUS_NOT_SUPPORTED
);
1189 enabled
= !!(hdev
->host_features
[0] & LMP_HOST_LE
);
1191 if (!hdev_is_powered(hdev
) || val
== enabled
) {
1192 bool changed
= false;
1194 if (val
!= test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
1195 change_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
);
1199 err
= send_settings_rsp(sk
, MGMT_OP_SET_LE
, hdev
);
1204 err
= new_settings(hdev
, sk
);
1209 if (mgmt_pending_find(MGMT_OP_SET_LE
, hdev
)) {
1210 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1215 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LE
, hdev
, data
, len
);
1221 memset(&hci_cp
, 0, sizeof(hci_cp
));
1225 hci_cp
.simul
= !!(hdev
->features
[6] & LMP_SIMUL_LE_BR
);
1228 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_LE_HOST_SUPPORTED
, sizeof(hci_cp
),
1231 mgmt_pending_remove(cmd
);
1236 hci_dev_unlock(hdev
);
1240 static int add_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1242 struct mgmt_cp_add_uuid
*cp
= data
;
1243 struct pending_cmd
*cmd
;
1244 struct bt_uuid
*uuid
;
1247 BT_DBG("request for %s", hdev
->name
);
1251 if (test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1252 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_UUID
,
1257 uuid
= kmalloc(sizeof(*uuid
), GFP_ATOMIC
);
1263 memcpy(uuid
->uuid
, cp
->uuid
, 16);
1264 uuid
->svc_hint
= cp
->svc_hint
;
1266 list_add(&uuid
->list
, &hdev
->uuids
);
1268 err
= update_class(hdev
);
1272 err
= update_eir(hdev
);
1276 if (!test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1277 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_UUID
, 0,
1278 hdev
->dev_class
, 3);
1282 cmd
= mgmt_pending_add(sk
, MGMT_OP_ADD_UUID
, hdev
, data
, len
);
1289 hci_dev_unlock(hdev
);
1293 static bool enable_service_cache(struct hci_dev
*hdev
)
1295 if (!hdev_is_powered(hdev
))
1298 if (!test_and_set_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
1299 schedule_delayed_work(&hdev
->service_cache
, CACHE_TIMEOUT
);
1306 static int remove_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1309 struct mgmt_cp_remove_uuid
*cp
= data
;
1310 struct pending_cmd
*cmd
;
1311 struct list_head
*p
, *n
;
1312 u8 bt_uuid_any
[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1315 BT_DBG("request for %s", hdev
->name
);
1319 if (test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1320 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1325 if (memcmp(cp
->uuid
, bt_uuid_any
, 16) == 0) {
1326 err
= hci_uuids_clear(hdev
);
1328 if (enable_service_cache(hdev
)) {
1329 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1330 0, hdev
->dev_class
, 3);
1339 list_for_each_safe(p
, n
, &hdev
->uuids
) {
1340 struct bt_uuid
*match
= list_entry(p
, struct bt_uuid
, list
);
1342 if (memcmp(match
->uuid
, cp
->uuid
, 16) != 0)
1345 list_del(&match
->list
);
1350 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1351 MGMT_STATUS_INVALID_PARAMS
);
1356 err
= update_class(hdev
);
1360 err
= update_eir(hdev
);
1364 if (!test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1365 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
, 0,
1366 hdev
->dev_class
, 3);
1370 cmd
= mgmt_pending_add(sk
, MGMT_OP_REMOVE_UUID
, hdev
, data
, len
);
1377 hci_dev_unlock(hdev
);
1381 static int set_dev_class(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1384 struct mgmt_cp_set_dev_class
*cp
= data
;
1385 struct pending_cmd
*cmd
;
1388 BT_DBG("request for %s", hdev
->name
);
1392 if (test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1393 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
1398 hdev
->major_class
= cp
->major
;
1399 hdev
->minor_class
= cp
->minor
;
1401 if (!hdev_is_powered(hdev
)) {
1402 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
1403 hdev
->dev_class
, 3);
1407 if (test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
1408 hci_dev_unlock(hdev
);
1409 cancel_delayed_work_sync(&hdev
->service_cache
);
1414 err
= update_class(hdev
);
1418 if (!test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1419 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
1420 hdev
->dev_class
, 3);
1424 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DEV_CLASS
, hdev
, data
, len
);
1431 hci_dev_unlock(hdev
);
1435 static int load_link_keys(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1438 struct mgmt_cp_load_link_keys
*cp
= data
;
1439 u16 key_count
, expected_len
;
1442 key_count
= get_unaligned_le16(&cp
->key_count
);
1444 expected_len
= sizeof(*cp
) + key_count
*
1445 sizeof(struct mgmt_link_key_info
);
1446 if (expected_len
!= len
) {
1447 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1449 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
1450 MGMT_STATUS_INVALID_PARAMS
);
1453 BT_DBG("%s debug_keys %u key_count %u", hdev
->name
, cp
->debug_keys
,
1458 hci_link_keys_clear(hdev
);
1460 set_bit(HCI_LINK_KEYS
, &hdev
->dev_flags
);
1463 set_bit(HCI_DEBUG_KEYS
, &hdev
->dev_flags
);
1465 clear_bit(HCI_DEBUG_KEYS
, &hdev
->dev_flags
);
1467 for (i
= 0; i
< key_count
; i
++) {
1468 struct mgmt_link_key_info
*key
= &cp
->keys
[i
];
1470 hci_add_link_key(hdev
, NULL
, 0, &key
->addr
.bdaddr
, key
->val
,
1471 key
->type
, key
->pin_len
);
1474 cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
, 0, NULL
, 0);
1476 hci_dev_unlock(hdev
);
1481 static int device_unpaired(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
1482 u8 addr_type
, struct sock
*skip_sk
)
1484 struct mgmt_ev_device_unpaired ev
;
1486 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
1487 ev
.addr
.type
= addr_type
;
1489 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED
, hdev
, &ev
, sizeof(ev
),
1493 static int unpair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1496 struct mgmt_cp_unpair_device
*cp
= data
;
1497 struct mgmt_rp_unpair_device rp
;
1498 struct hci_cp_disconnect dc
;
1499 struct pending_cmd
*cmd
;
1500 struct hci_conn
*conn
;
1505 memset(&rp
, 0, sizeof(rp
));
1506 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
1507 rp
.addr
.type
= cp
->addr
.type
;
1509 if (!hdev_is_powered(hdev
)) {
1510 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1511 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
1515 if (cp
->addr
.type
== MGMT_ADDR_BREDR
)
1516 err
= hci_remove_link_key(hdev
, &cp
->addr
.bdaddr
);
1518 err
= hci_remove_ltk(hdev
, &cp
->addr
.bdaddr
);
1521 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1522 MGMT_STATUS_NOT_PAIRED
, &rp
, sizeof(rp
));
1526 if (cp
->disconnect
) {
1527 if (cp
->addr
.type
== MGMT_ADDR_BREDR
)
1528 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
1531 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
,
1538 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
, 0,
1540 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, sk
);
1544 cmd
= mgmt_pending_add(sk
, MGMT_OP_UNPAIR_DEVICE
, hdev
, cp
,
1551 put_unaligned_le16(conn
->handle
, &dc
.handle
);
1552 dc
.reason
= 0x13; /* Remote User Terminated Connection */
1553 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
1555 mgmt_pending_remove(cmd
);
1558 hci_dev_unlock(hdev
);
1562 static int disconnect(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1565 struct mgmt_cp_disconnect
*cp
= data
;
1566 struct hci_cp_disconnect dc
;
1567 struct pending_cmd
*cmd
;
1568 struct hci_conn
*conn
;
1575 if (!test_bit(HCI_UP
, &hdev
->flags
)) {
1576 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1577 MGMT_STATUS_NOT_POWERED
);
1581 if (mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
)) {
1582 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1587 if (cp
->addr
.type
== MGMT_ADDR_BREDR
)
1588 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
);
1590 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->addr
.bdaddr
);
1593 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1594 MGMT_STATUS_NOT_CONNECTED
);
1598 cmd
= mgmt_pending_add(sk
, MGMT_OP_DISCONNECT
, hdev
, data
, len
);
1604 put_unaligned_le16(conn
->handle
, &dc
.handle
);
1605 dc
.reason
= 0x13; /* Remote User Terminated Connection */
1607 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
1609 mgmt_pending_remove(cmd
);
1612 hci_dev_unlock(hdev
);
1616 static u8
link_to_mgmt(u8 link_type
, u8 addr_type
)
1618 switch (link_type
) {
1620 switch (addr_type
) {
1621 case ADDR_LE_DEV_PUBLIC
:
1622 return MGMT_ADDR_LE_PUBLIC
;
1623 case ADDR_LE_DEV_RANDOM
:
1624 return MGMT_ADDR_LE_RANDOM
;
1626 return MGMT_ADDR_INVALID
;
1629 return MGMT_ADDR_BREDR
;
1631 return MGMT_ADDR_INVALID
;
1635 static int get_connections(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1638 struct mgmt_rp_get_connections
*rp
;
1648 if (!hdev_is_powered(hdev
)) {
1649 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
,
1650 MGMT_STATUS_NOT_POWERED
);
1655 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
1656 if (test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
1660 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
1661 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
1668 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
1669 if (!test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
1671 bacpy(&rp
->addr
[i
].bdaddr
, &c
->dst
);
1672 rp
->addr
[i
].type
= link_to_mgmt(c
->type
, c
->dst_type
);
1673 if (rp
->addr
[i
].type
== MGMT_ADDR_INVALID
)
1678 put_unaligned_le16(i
, &rp
->conn_count
);
1680 /* Recalculate length in case of filtered SCO connections, etc */
1681 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
1683 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
, 0, rp
,
1689 hci_dev_unlock(hdev
);
1693 static int send_pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
1694 struct mgmt_cp_pin_code_neg_reply
*cp
)
1696 struct pending_cmd
*cmd
;
1699 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
, cp
,
1704 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
1705 sizeof(cp
->addr
.bdaddr
), &cp
->addr
.bdaddr
);
1707 mgmt_pending_remove(cmd
);
1712 static int pin_code_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1715 struct hci_conn
*conn
;
1716 struct mgmt_cp_pin_code_reply
*cp
= data
;
1717 struct hci_cp_pin_code_reply reply
;
1718 struct pending_cmd
*cmd
;
1725 if (!hdev_is_powered(hdev
)) {
1726 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
1727 MGMT_STATUS_NOT_POWERED
);
1731 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
);
1733 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
1734 MGMT_STATUS_NOT_CONNECTED
);
1738 if (conn
->pending_sec_level
== BT_SECURITY_HIGH
&& cp
->pin_len
!= 16) {
1739 struct mgmt_cp_pin_code_neg_reply ncp
;
1741 memcpy(&ncp
.addr
, &cp
->addr
, sizeof(ncp
.addr
));
1743 BT_ERR("PIN code is not 16 bytes long");
1745 err
= send_pin_code_neg_reply(sk
, hdev
, &ncp
);
1747 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
1748 MGMT_STATUS_INVALID_PARAMS
);
1753 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_REPLY
, hdev
, data
, len
);
1759 bacpy(&reply
.bdaddr
, &cp
->addr
.bdaddr
);
1760 reply
.pin_len
= cp
->pin_len
;
1761 memcpy(reply
.pin_code
, cp
->pin_code
, sizeof(reply
.pin_code
));
1763 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_REPLY
, sizeof(reply
), &reply
);
1765 mgmt_pending_remove(cmd
);
1768 hci_dev_unlock(hdev
);
1772 static int pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
1773 void *data
, u16 len
)
1775 struct mgmt_cp_pin_code_neg_reply
*cp
= data
;
1782 if (!hdev_is_powered(hdev
)) {
1783 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_NEG_REPLY
,
1784 MGMT_STATUS_NOT_POWERED
);
1788 err
= send_pin_code_neg_reply(sk
, hdev
, cp
);
1791 hci_dev_unlock(hdev
);
1795 static int set_io_capability(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1798 struct mgmt_cp_set_io_capability
*cp
= data
;
1804 hdev
->io_capability
= cp
->io_capability
;
1806 BT_DBG("%s IO capability set to 0x%02x", hdev
->name
,
1807 hdev
->io_capability
);
1809 hci_dev_unlock(hdev
);
1811 return cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_IO_CAPABILITY
, 0, NULL
,
1815 static inline struct pending_cmd
*find_pairing(struct hci_conn
*conn
)
1817 struct hci_dev
*hdev
= conn
->hdev
;
1818 struct pending_cmd
*cmd
;
1820 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
1821 if (cmd
->opcode
!= MGMT_OP_PAIR_DEVICE
)
1824 if (cmd
->user_data
!= conn
)
1833 static void pairing_complete(struct pending_cmd
*cmd
, u8 status
)
1835 struct mgmt_rp_pair_device rp
;
1836 struct hci_conn
*conn
= cmd
->user_data
;
1838 bacpy(&rp
.addr
.bdaddr
, &conn
->dst
);
1839 rp
.addr
.type
= link_to_mgmt(conn
->type
, conn
->dst_type
);
1841 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_PAIR_DEVICE
, status
,
1844 /* So we don't get further callbacks for this connection */
1845 conn
->connect_cfm_cb
= NULL
;
1846 conn
->security_cfm_cb
= NULL
;
1847 conn
->disconn_cfm_cb
= NULL
;
1851 mgmt_pending_remove(cmd
);
1854 static void pairing_complete_cb(struct hci_conn
*conn
, u8 status
)
1856 struct pending_cmd
*cmd
;
1858 BT_DBG("status %u", status
);
1860 cmd
= find_pairing(conn
);
1862 BT_DBG("Unable to find a pending command");
1864 pairing_complete(cmd
, mgmt_status(status
));
1867 static int pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1870 struct mgmt_cp_pair_device
*cp
= data
;
1871 struct mgmt_rp_pair_device rp
;
1872 struct pending_cmd
*cmd
;
1873 u8 sec_level
, auth_type
;
1874 struct hci_conn
*conn
;
1881 if (!hdev_is_powered(hdev
)) {
1882 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
1883 MGMT_STATUS_NOT_POWERED
);
1887 sec_level
= BT_SECURITY_MEDIUM
;
1888 if (cp
->io_cap
== 0x03)
1889 auth_type
= HCI_AT_DEDICATED_BONDING
;
1891 auth_type
= HCI_AT_DEDICATED_BONDING_MITM
;
1893 if (cp
->addr
.type
== MGMT_ADDR_BREDR
)
1894 conn
= hci_connect(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
, sec_level
,
1897 conn
= hci_connect(hdev
, LE_LINK
, &cp
->addr
.bdaddr
, sec_level
,
1900 memset(&rp
, 0, sizeof(rp
));
1901 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
1902 rp
.addr
.type
= cp
->addr
.type
;
1905 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
1906 MGMT_STATUS_CONNECT_FAILED
, &rp
,
1911 if (conn
->connect_cfm_cb
) {
1913 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
1914 MGMT_STATUS_BUSY
, &rp
, sizeof(rp
));
1918 cmd
= mgmt_pending_add(sk
, MGMT_OP_PAIR_DEVICE
, hdev
, data
, len
);
1925 /* For LE, just connecting isn't a proof that the pairing finished */
1926 if (cp
->addr
.type
== MGMT_ADDR_BREDR
)
1927 conn
->connect_cfm_cb
= pairing_complete_cb
;
1929 conn
->security_cfm_cb
= pairing_complete_cb
;
1930 conn
->disconn_cfm_cb
= pairing_complete_cb
;
1931 conn
->io_capability
= cp
->io_cap
;
1932 cmd
->user_data
= conn
;
1934 if (conn
->state
== BT_CONNECTED
&&
1935 hci_conn_security(conn
, sec_level
, auth_type
))
1936 pairing_complete(cmd
, 0);
1941 hci_dev_unlock(hdev
);
1945 static int cancel_pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1948 struct mgmt_addr_info
*addr
= data
;
1949 struct pending_cmd
*cmd
;
1950 struct hci_conn
*conn
;
1957 if (!hdev_is_powered(hdev
)) {
1958 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
1959 MGMT_STATUS_NOT_POWERED
);
1963 cmd
= mgmt_pending_find(MGMT_OP_PAIR_DEVICE
, hdev
);
1965 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
1966 MGMT_STATUS_INVALID_PARAMS
);
1970 conn
= cmd
->user_data
;
1972 if (bacmp(&addr
->bdaddr
, &conn
->dst
) != 0) {
1973 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
1974 MGMT_STATUS_INVALID_PARAMS
);
1978 pairing_complete(cmd
, MGMT_STATUS_CANCELLED
);
1980 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
, 0,
1981 addr
, sizeof(*addr
));
1983 hci_dev_unlock(hdev
);
1987 static int user_pairing_resp(struct sock
*sk
, struct hci_dev
*hdev
,
1988 bdaddr_t
*bdaddr
, u8 type
, u16 mgmt_op
,
1989 u16 hci_op
, __le32 passkey
)
1991 struct pending_cmd
*cmd
;
1992 struct hci_conn
*conn
;
1997 if (!hdev_is_powered(hdev
)) {
1998 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
1999 MGMT_STATUS_NOT_POWERED
);
2003 if (type
== MGMT_ADDR_BREDR
)
2004 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, bdaddr
);
2006 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, bdaddr
);
2009 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2010 MGMT_STATUS_NOT_CONNECTED
);
2014 if (type
== MGMT_ADDR_LE_PUBLIC
|| type
== MGMT_ADDR_LE_RANDOM
) {
2015 /* Continue with pairing via SMP */
2016 err
= smp_user_confirm_reply(conn
, mgmt_op
, passkey
);
2019 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2020 MGMT_STATUS_SUCCESS
);
2022 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2023 MGMT_STATUS_FAILED
);
2028 cmd
= mgmt_pending_add(sk
, mgmt_op
, hdev
, bdaddr
, sizeof(*bdaddr
));
2034 /* Continue with pairing via HCI */
2035 if (hci_op
== HCI_OP_USER_PASSKEY_REPLY
) {
2036 struct hci_cp_user_passkey_reply cp
;
2038 bacpy(&cp
.bdaddr
, bdaddr
);
2039 cp
.passkey
= passkey
;
2040 err
= hci_send_cmd(hdev
, hci_op
, sizeof(cp
), &cp
);
2042 err
= hci_send_cmd(hdev
, hci_op
, sizeof(*bdaddr
), bdaddr
);
2045 mgmt_pending_remove(cmd
);
2048 hci_dev_unlock(hdev
);
2052 static int user_confirm_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2055 struct mgmt_cp_user_confirm_reply
*cp
= data
;
2059 if (len
!= sizeof(*cp
))
2060 return cmd_status(sk
, hdev
->id
, MGMT_OP_USER_CONFIRM_REPLY
,
2061 MGMT_STATUS_INVALID_PARAMS
);
2063 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2064 MGMT_OP_USER_CONFIRM_REPLY
,
2065 HCI_OP_USER_CONFIRM_REPLY
, 0);
2068 static int user_confirm_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2069 void *data
, u16 len
)
2071 struct mgmt_cp_user_confirm_neg_reply
*cp
= data
;
2075 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2076 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
2077 HCI_OP_USER_CONFIRM_NEG_REPLY
, 0);
2080 static int user_passkey_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2083 struct mgmt_cp_user_passkey_reply
*cp
= data
;
2087 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2088 MGMT_OP_USER_PASSKEY_REPLY
,
2089 HCI_OP_USER_PASSKEY_REPLY
, cp
->passkey
);
2092 static int user_passkey_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2093 void *data
, u16 len
)
2095 struct mgmt_cp_user_passkey_neg_reply
*cp
= data
;
2099 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2100 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
2101 HCI_OP_USER_PASSKEY_NEG_REPLY
, 0);
2104 static int update_name(struct hci_dev
*hdev
, const char *name
)
2106 struct hci_cp_write_local_name cp
;
2108 memcpy(cp
.name
, name
, sizeof(cp
.name
));
2110 return hci_send_cmd(hdev
, HCI_OP_WRITE_LOCAL_NAME
, sizeof(cp
), &cp
);
2113 static int set_local_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2116 struct mgmt_cp_set_local_name
*cp
= data
;
2117 struct pending_cmd
*cmd
;
2124 memcpy(hdev
->short_name
, cp
->short_name
, sizeof(hdev
->short_name
));
2126 if (!hdev_is_powered(hdev
)) {
2127 memcpy(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
));
2129 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
2134 err
= mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, data
, len
,
2140 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LOCAL_NAME
, hdev
, data
, len
);
2146 err
= update_name(hdev
, cp
->name
);
2148 mgmt_pending_remove(cmd
);
2151 hci_dev_unlock(hdev
);
2155 static int read_local_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2156 void *data
, u16 data_len
)
2158 struct pending_cmd
*cmd
;
2161 BT_DBG("%s", hdev
->name
);
2165 if (!hdev_is_powered(hdev
)) {
2166 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2167 MGMT_STATUS_NOT_POWERED
);
2171 if (!(hdev
->features
[6] & LMP_SIMPLE_PAIR
)) {
2172 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2173 MGMT_STATUS_NOT_SUPPORTED
);
2177 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
)) {
2178 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2183 cmd
= mgmt_pending_add(sk
, MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
, NULL
, 0);
2189 err
= hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_OOB_DATA
, 0, NULL
);
2191 mgmt_pending_remove(cmd
);
2194 hci_dev_unlock(hdev
);
2198 static int add_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2199 void *data
, u16 len
)
2201 struct mgmt_cp_add_remote_oob_data
*cp
= data
;
2205 BT_DBG("%s ", hdev
->name
);
2209 if (!hdev_is_powered(hdev
)) {
2210 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
,
2211 MGMT_STATUS_NOT_POWERED
, &cp
->addr
,
2216 err
= hci_add_remote_oob_data(hdev
, &cp
->addr
.bdaddr
, cp
->hash
,
2219 status
= MGMT_STATUS_FAILED
;
2223 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
, status
,
2224 &cp
->addr
, sizeof(cp
->addr
));
2227 hci_dev_unlock(hdev
);
2231 static int remove_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2232 void *data
, u16 len
)
2234 struct mgmt_cp_remove_remote_oob_data
*cp
= data
;
2238 BT_DBG("%s", hdev
->name
);
2242 if (!hdev_is_powered(hdev
)) {
2243 err
= cmd_complete(sk
, hdev
->id
,
2244 MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
2245 MGMT_STATUS_NOT_POWERED
, &cp
->addr
,
2250 err
= hci_remove_remote_oob_data(hdev
, &cp
->addr
.bdaddr
);
2252 status
= MGMT_STATUS_INVALID_PARAMS
;
2256 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
2257 status
, &cp
->addr
, sizeof(cp
->addr
));
2260 hci_dev_unlock(hdev
);
2264 int mgmt_interleaved_discovery(struct hci_dev
*hdev
)
2268 BT_DBG("%s", hdev
->name
);
2272 err
= hci_do_inquiry(hdev
, INQUIRY_LEN_BREDR_LE
);
2274 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2276 hci_dev_unlock(hdev
);
2281 static int start_discovery(struct sock
*sk
, struct hci_dev
*hdev
,
2282 void *data
, u16 len
)
2284 struct mgmt_cp_start_discovery
*cp
= data
;
2285 struct pending_cmd
*cmd
;
2288 BT_DBG("%s", hdev
->name
);
2292 if (!hdev_is_powered(hdev
)) {
2293 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2294 MGMT_STATUS_NOT_POWERED
);
2298 if (hdev
->discovery
.state
!= DISCOVERY_STOPPED
) {
2299 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2304 cmd
= mgmt_pending_add(sk
, MGMT_OP_START_DISCOVERY
, hdev
, NULL
, 0);
2310 hdev
->discovery
.type
= cp
->type
;
2312 switch (hdev
->discovery
.type
) {
2313 case DISCOV_TYPE_BREDR
:
2314 if (lmp_bredr_capable(hdev
))
2315 err
= hci_do_inquiry(hdev
, INQUIRY_LEN_BREDR
);
2320 case DISCOV_TYPE_LE
:
2321 if (lmp_host_le_capable(hdev
))
2322 err
= hci_le_scan(hdev
, LE_SCAN_TYPE
, LE_SCAN_INT
,
2323 LE_SCAN_WIN
, LE_SCAN_TIMEOUT_LE_ONLY
);
2328 case DISCOV_TYPE_INTERLEAVED
:
2329 if (lmp_host_le_capable(hdev
) && lmp_bredr_capable(hdev
))
2330 err
= hci_le_scan(hdev
, LE_SCAN_TYPE
, LE_SCAN_INT
,
2332 LE_SCAN_TIMEOUT_BREDR_LE
);
2342 mgmt_pending_remove(cmd
);
2344 hci_discovery_set_state(hdev
, DISCOVERY_STARTING
);
2347 hci_dev_unlock(hdev
);
2351 static int stop_discovery(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2354 struct mgmt_cp_stop_discovery
*mgmt_cp
= data
;
2355 struct pending_cmd
*cmd
;
2356 struct hci_cp_remote_name_req_cancel cp
;
2357 struct inquiry_entry
*e
;
2360 BT_DBG("%s", hdev
->name
);
2364 if (!hci_discovery_active(hdev
)) {
2365 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
2366 MGMT_STATUS_REJECTED
, &mgmt_cp
->type
,
2367 sizeof(mgmt_cp
->type
));
2371 if (hdev
->discovery
.type
!= mgmt_cp
->type
) {
2372 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
2373 MGMT_STATUS_INVALID_PARAMS
, &mgmt_cp
->type
,
2374 sizeof(mgmt_cp
->type
));
2378 cmd
= mgmt_pending_add(sk
, MGMT_OP_STOP_DISCOVERY
, hdev
, NULL
, 0);
2384 if (hdev
->discovery
.state
== DISCOVERY_FINDING
) {
2385 err
= hci_cancel_inquiry(hdev
);
2387 mgmt_pending_remove(cmd
);
2389 hci_discovery_set_state(hdev
, DISCOVERY_STOPPING
);
2393 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
, NAME_PENDING
);
2395 mgmt_pending_remove(cmd
);
2396 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
, 0,
2397 &mgmt_cp
->type
, sizeof(mgmt_cp
->type
));
2398 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2402 bacpy(&cp
.bdaddr
, &e
->data
.bdaddr
);
2403 err
= hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ_CANCEL
, sizeof(cp
),
2406 mgmt_pending_remove(cmd
);
2408 hci_discovery_set_state(hdev
, DISCOVERY_STOPPING
);
2411 hci_dev_unlock(hdev
);
2415 static int confirm_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2418 struct mgmt_cp_confirm_name
*cp
= data
;
2419 struct inquiry_entry
*e
;
2422 BT_DBG("%s", hdev
->name
);
2426 if (!hci_discovery_active(hdev
)) {
2427 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
2428 MGMT_STATUS_FAILED
);
2432 e
= hci_inquiry_cache_lookup_unknown(hdev
, &cp
->addr
.bdaddr
);
2434 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
2435 MGMT_STATUS_INVALID_PARAMS
);
2439 if (cp
->name_known
) {
2440 e
->name_state
= NAME_KNOWN
;
2443 e
->name_state
= NAME_NEEDED
;
2444 hci_inquiry_cache_update_resolve(hdev
, e
);
2450 hci_dev_unlock(hdev
);
2454 static int block_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2457 struct mgmt_cp_block_device
*cp
= data
;
2461 BT_DBG("%s", hdev
->name
);
2465 err
= hci_blacklist_add(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
2467 status
= MGMT_STATUS_FAILED
;
2471 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_BLOCK_DEVICE
, status
,
2472 &cp
->addr
, sizeof(cp
->addr
));
2474 hci_dev_unlock(hdev
);
2479 static int unblock_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2482 struct mgmt_cp_unblock_device
*cp
= data
;
2486 BT_DBG("%s", hdev
->name
);
2490 err
= hci_blacklist_del(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
2492 status
= MGMT_STATUS_INVALID_PARAMS
;
2496 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNBLOCK_DEVICE
, status
,
2497 &cp
->addr
, sizeof(cp
->addr
));
2499 hci_dev_unlock(hdev
);
2504 static int set_fast_connectable(struct sock
*sk
, struct hci_dev
*hdev
,
2505 void *data
, u16 len
)
2507 struct mgmt_mode
*cp
= data
;
2508 struct hci_cp_write_page_scan_activity acp
;
2512 BT_DBG("%s", hdev
->name
);
2514 if (!hdev_is_powered(hdev
))
2515 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2516 MGMT_STATUS_NOT_POWERED
);
2518 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2519 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2520 MGMT_STATUS_REJECTED
);
2525 type
= PAGE_SCAN_TYPE_INTERLACED
;
2527 /* 22.5 msec page scan interval */
2528 acp
.interval
= __constant_cpu_to_le16(0x0024);
2530 type
= PAGE_SCAN_TYPE_STANDARD
; /* default */
2532 /* default 1.28 sec page scan */
2533 acp
.interval
= __constant_cpu_to_le16(0x0800);
2536 /* default 11.25 msec page scan window */
2537 acp
.window
= __constant_cpu_to_le16(0x0012);
2539 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY
, sizeof(acp
),
2542 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2543 MGMT_STATUS_FAILED
);
2547 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_PAGE_SCAN_TYPE
, 1, &type
);
2549 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2550 MGMT_STATUS_FAILED
);
2554 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
, 0,
2557 hci_dev_unlock(hdev
);
2561 static int load_long_term_keys(struct sock
*sk
, struct hci_dev
*hdev
,
2562 void *cp_data
, u16 len
)
2564 struct mgmt_cp_load_long_term_keys
*cp
= cp_data
;
2565 u16 key_count
, expected_len
;
2568 key_count
= get_unaligned_le16(&cp
->key_count
);
2570 expected_len
= sizeof(*cp
) + key_count
*
2571 sizeof(struct mgmt_ltk_info
);
2572 if (expected_len
!= len
) {
2573 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2575 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
,
2579 BT_DBG("%s key_count %u", hdev
->name
, key_count
);
2583 hci_smp_ltks_clear(hdev
);
2585 for (i
= 0; i
< key_count
; i
++) {
2586 struct mgmt_ltk_info
*key
= &cp
->keys
[i
];
2592 type
= HCI_SMP_LTK_SLAVE
;
2594 hci_add_ltk(hdev
, &key
->addr
.bdaddr
, key
->addr
.type
,
2595 type
, 0, key
->authenticated
, key
->val
,
2596 key
->enc_size
, key
->ediv
, key
->rand
);
2599 hci_dev_unlock(hdev
);
2604 struct mgmt_handler
{
2605 int (*func
) (struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2609 } mgmt_handlers
[] = {
2610 { NULL
}, /* 0x0000 (no command) */
2611 { read_version
, false, MGMT_READ_VERSION_SIZE
},
2612 { read_commands
, false, MGMT_READ_COMMANDS_SIZE
},
2613 { read_index_list
, false, MGMT_READ_INDEX_LIST_SIZE
},
2614 { read_controller_info
, false, MGMT_READ_INFO_SIZE
},
2615 { set_powered
, false, MGMT_SETTING_SIZE
},
2616 { set_discoverable
, false, MGMT_SET_DISCOVERABLE_SIZE
},
2617 { set_connectable
, false, MGMT_SETTING_SIZE
},
2618 { set_fast_connectable
, false, MGMT_SETTING_SIZE
},
2619 { set_pairable
, false, MGMT_SETTING_SIZE
},
2620 { set_link_security
, false, MGMT_SETTING_SIZE
},
2621 { set_ssp
, false, MGMT_SETTING_SIZE
},
2622 { set_hs
, false, MGMT_SETTING_SIZE
},
2623 { set_le
, false, MGMT_SETTING_SIZE
},
2624 { set_dev_class
, false, MGMT_SET_DEV_CLASS_SIZE
},
2625 { set_local_name
, false, MGMT_SET_LOCAL_NAME_SIZE
},
2626 { add_uuid
, false, MGMT_ADD_UUID_SIZE
},
2627 { remove_uuid
, false, MGMT_REMOVE_UUID_SIZE
},
2628 { load_link_keys
, true, MGMT_LOAD_LINK_KEYS_SIZE
},
2629 { load_long_term_keys
, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE
},
2630 { disconnect
, false, MGMT_DISCONNECT_SIZE
},
2631 { get_connections
, false, MGMT_GET_CONNECTIONS_SIZE
},
2632 { pin_code_reply
, false, MGMT_PIN_CODE_REPLY_SIZE
},
2633 { pin_code_neg_reply
, false, MGMT_PIN_CODE_NEG_REPLY_SIZE
},
2634 { set_io_capability
, false, MGMT_SET_IO_CAPABILITY_SIZE
},
2635 { pair_device
, false, MGMT_PAIR_DEVICE_SIZE
},
2636 { cancel_pair_device
, false, MGMT_CANCEL_PAIR_DEVICE_SIZE
},
2637 { unpair_device
, false, MGMT_UNPAIR_DEVICE_SIZE
},
2638 { user_confirm_reply
, false, MGMT_USER_CONFIRM_REPLY_SIZE
},
2639 { user_confirm_neg_reply
, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE
},
2640 { user_passkey_reply
, false, MGMT_USER_PASSKEY_REPLY_SIZE
},
2641 { user_passkey_neg_reply
, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE
},
2642 { read_local_oob_data
, false, MGMT_READ_LOCAL_OOB_DATA_SIZE
},
2643 { add_remote_oob_data
, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE
},
2644 { remove_remote_oob_data
, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE
},
2645 { start_discovery
, false, MGMT_START_DISCOVERY_SIZE
},
2646 { stop_discovery
, false, MGMT_STOP_DISCOVERY_SIZE
},
2647 { confirm_name
, false, MGMT_CONFIRM_NAME_SIZE
},
2648 { block_device
, false, MGMT_BLOCK_DEVICE_SIZE
},
2649 { unblock_device
, false, MGMT_UNBLOCK_DEVICE_SIZE
},
2653 int mgmt_control(struct sock
*sk
, struct msghdr
*msg
, size_t msglen
)
2657 struct mgmt_hdr
*hdr
;
2658 u16 opcode
, index
, len
;
2659 struct hci_dev
*hdev
= NULL
;
2660 struct mgmt_handler
*handler
;
2663 BT_DBG("got %zu bytes", msglen
);
2665 if (msglen
< sizeof(*hdr
))
2668 buf
= kmalloc(msglen
, GFP_KERNEL
);
2672 if (memcpy_fromiovec(buf
, msg
->msg_iov
, msglen
)) {
2678 opcode
= get_unaligned_le16(&hdr
->opcode
);
2679 index
= get_unaligned_le16(&hdr
->index
);
2680 len
= get_unaligned_le16(&hdr
->len
);
2682 if (len
!= msglen
- sizeof(*hdr
)) {
2687 if (index
!= MGMT_INDEX_NONE
) {
2688 hdev
= hci_dev_get(index
);
2690 err
= cmd_status(sk
, index
, opcode
,
2691 MGMT_STATUS_INVALID_INDEX
);
2696 if (opcode
>= ARRAY_SIZE(mgmt_handlers
) ||
2697 mgmt_handlers
[opcode
].func
== NULL
) {
2698 BT_DBG("Unknown op %u", opcode
);
2699 err
= cmd_status(sk
, index
, opcode
,
2700 MGMT_STATUS_UNKNOWN_COMMAND
);
2704 if ((hdev
&& opcode
< MGMT_OP_READ_INFO
) ||
2705 (!hdev
&& opcode
>= MGMT_OP_READ_INFO
)) {
2706 err
= cmd_status(sk
, index
, opcode
,
2707 MGMT_STATUS_INVALID_INDEX
);
2711 handler
= &mgmt_handlers
[opcode
];
2713 if ((handler
->var_len
&& len
< handler
->data_len
) ||
2714 (!handler
->var_len
&& len
!= handler
->data_len
)) {
2715 err
= cmd_status(sk
, index
, opcode
,
2716 MGMT_STATUS_INVALID_PARAMS
);
2721 mgmt_init_hdev(sk
, hdev
);
2723 cp
= buf
+ sizeof(*hdr
);
2725 err
= handler
->func(sk
, hdev
, cp
, len
);
2739 static void cmd_status_rsp(struct pending_cmd
*cmd
, void *data
)
2743 cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, *status
);
2744 mgmt_pending_remove(cmd
);
2747 int mgmt_index_added(struct hci_dev
*hdev
)
2749 return mgmt_event(MGMT_EV_INDEX_ADDED
, hdev
, NULL
, 0, NULL
);
2752 int mgmt_index_removed(struct hci_dev
*hdev
)
2754 u8 status
= MGMT_STATUS_INVALID_INDEX
;
2756 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status
);
2758 return mgmt_event(MGMT_EV_INDEX_REMOVED
, hdev
, NULL
, 0, NULL
);
2763 struct hci_dev
*hdev
;
2767 static void settings_rsp(struct pending_cmd
*cmd
, void *data
)
2769 struct cmd_lookup
*match
= data
;
2771 send_settings_rsp(cmd
->sk
, cmd
->opcode
, match
->hdev
);
2773 list_del(&cmd
->list
);
2775 if (match
->sk
== NULL
) {
2776 match
->sk
= cmd
->sk
;
2777 sock_hold(match
->sk
);
2780 mgmt_pending_free(cmd
);
2783 int mgmt_powered(struct hci_dev
*hdev
, u8 powered
)
2785 struct cmd_lookup match
= { NULL
, hdev
};
2788 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
2791 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
, &match
);
2796 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2798 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
2799 scan
|= SCAN_INQUIRY
;
2802 hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
2805 update_name(hdev
, hdev
->dev_name
);
2808 u8 status
= MGMT_STATUS_NOT_POWERED
;
2809 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status
);
2812 err
= new_settings(hdev
, match
.sk
);
2820 int mgmt_discoverable(struct hci_dev
*hdev
, u8 discoverable
)
2822 struct cmd_lookup match
= { NULL
, hdev
};
2823 bool changed
= false;
2827 if (!test_and_set_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
2830 if (test_and_clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
2834 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE
, hdev
, settings_rsp
,
2838 err
= new_settings(hdev
, match
.sk
);
2846 int mgmt_connectable(struct hci_dev
*hdev
, u8 connectable
)
2848 struct cmd_lookup match
= { NULL
, hdev
};
2849 bool changed
= false;
2853 if (!test_and_set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2856 if (test_and_clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2860 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE
, hdev
, settings_rsp
,
2864 err
= new_settings(hdev
, match
.sk
);
2872 int mgmt_write_scan_failed(struct hci_dev
*hdev
, u8 scan
, u8 status
)
2874 u8 mgmt_err
= mgmt_status(status
);
2876 if (scan
& SCAN_PAGE
)
2877 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE
, hdev
,
2878 cmd_status_rsp
, &mgmt_err
);
2880 if (scan
& SCAN_INQUIRY
)
2881 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE
, hdev
,
2882 cmd_status_rsp
, &mgmt_err
);
2887 int mgmt_new_link_key(struct hci_dev
*hdev
, struct link_key
*key
, bool persistent
)
2889 struct mgmt_ev_new_link_key ev
;
2891 memset(&ev
, 0, sizeof(ev
));
2893 ev
.store_hint
= persistent
;
2894 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
2895 ev
.key
.addr
.type
= MGMT_ADDR_BREDR
;
2896 ev
.key
.type
= key
->type
;
2897 memcpy(ev
.key
.val
, key
->val
, 16);
2898 ev
.key
.pin_len
= key
->pin_len
;
2900 return mgmt_event(MGMT_EV_NEW_LINK_KEY
, hdev
, &ev
, sizeof(ev
), NULL
);
2903 int mgmt_new_ltk(struct hci_dev
*hdev
, struct smp_ltk
*key
, u8 persistent
)
2905 struct mgmt_ev_new_long_term_key ev
;
2907 memset(&ev
, 0, sizeof(ev
));
2909 ev
.store_hint
= persistent
;
2910 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
2911 ev
.key
.addr
.type
= key
->bdaddr_type
;
2912 ev
.key
.authenticated
= key
->authenticated
;
2913 ev
.key
.enc_size
= key
->enc_size
;
2914 ev
.key
.ediv
= key
->ediv
;
2916 if (key
->type
== HCI_SMP_LTK
)
2919 memcpy(ev
.key
.rand
, key
->rand
, sizeof(key
->rand
));
2920 memcpy(ev
.key
.val
, key
->val
, sizeof(key
->val
));
2922 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY
, hdev
, &ev
, sizeof(ev
),
2926 int mgmt_device_connected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
2927 u8 addr_type
, u32 flags
, u8
*name
, u8 name_len
,
2931 struct mgmt_ev_device_connected
*ev
= (void *) buf
;
2934 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
2935 ev
->addr
.type
= link_to_mgmt(link_type
, addr_type
);
2937 ev
->flags
= __cpu_to_le32(flags
);
2940 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
,
2943 if (dev_class
&& memcmp(dev_class
, "\0\0\0", 3) != 0)
2944 eir_len
= eir_append_data(ev
->eir
, eir_len
,
2945 EIR_CLASS_OF_DEV
, dev_class
, 3);
2947 put_unaligned_le16(eir_len
, &ev
->eir_len
);
2949 return mgmt_event(MGMT_EV_DEVICE_CONNECTED
, hdev
, buf
,
2950 sizeof(*ev
) + eir_len
, NULL
);
2953 static void disconnect_rsp(struct pending_cmd
*cmd
, void *data
)
2955 struct mgmt_cp_disconnect
*cp
= cmd
->param
;
2956 struct sock
**sk
= data
;
2957 struct mgmt_rp_disconnect rp
;
2959 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
2960 rp
.addr
.type
= cp
->addr
.type
;
2962 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
, 0, &rp
,
2968 mgmt_pending_remove(cmd
);
2971 static void unpair_device_rsp(struct pending_cmd
*cmd
, void *data
)
2973 struct hci_dev
*hdev
= data
;
2974 struct mgmt_cp_unpair_device
*cp
= cmd
->param
;
2975 struct mgmt_rp_unpair_device rp
;
2977 memset(&rp
, 0, sizeof(rp
));
2978 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
2979 rp
.addr
.type
= cp
->addr
.type
;
2981 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, cmd
->sk
);
2983 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, 0, &rp
, sizeof(rp
));
2985 mgmt_pending_remove(cmd
);
2988 int mgmt_device_disconnected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
2989 u8 link_type
, u8 addr_type
)
2991 struct mgmt_addr_info ev
;
2992 struct sock
*sk
= NULL
;
2995 mgmt_pending_foreach(MGMT_OP_DISCONNECT
, hdev
, disconnect_rsp
, &sk
);
2997 bacpy(&ev
.bdaddr
, bdaddr
);
2998 ev
.type
= link_to_mgmt(link_type
, addr_type
);
3000 err
= mgmt_event(MGMT_EV_DEVICE_DISCONNECTED
, hdev
, &ev
, sizeof(ev
),
3006 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
3012 int mgmt_disconnect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3013 u8 link_type
, u8 addr_type
, u8 status
)
3015 struct mgmt_rp_disconnect rp
;
3016 struct pending_cmd
*cmd
;
3019 cmd
= mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
);
3023 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3024 rp
.addr
.type
= link_to_mgmt(link_type
, addr_type
);
3026 err
= cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
,
3027 mgmt_status(status
), &rp
, sizeof(rp
));
3029 mgmt_pending_remove(cmd
);
3031 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
3036 int mgmt_connect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3037 u8 addr_type
, u8 status
)
3039 struct mgmt_ev_connect_failed ev
;
3041 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3042 ev
.addr
.type
= link_to_mgmt(link_type
, addr_type
);
3043 ev
.status
= mgmt_status(status
);
3045 return mgmt_event(MGMT_EV_CONNECT_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
3048 int mgmt_pin_code_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 secure
)
3050 struct mgmt_ev_pin_code_request ev
;
3052 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3053 ev
.addr
.type
= MGMT_ADDR_BREDR
;
3056 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST
, hdev
, &ev
, sizeof(ev
),
3060 int mgmt_pin_code_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3063 struct pending_cmd
*cmd
;
3064 struct mgmt_rp_pin_code_reply rp
;
3067 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY
, hdev
);
3071 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3072 rp
.addr
.type
= MGMT_ADDR_BREDR
;
3074 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
3075 mgmt_status(status
), &rp
, sizeof(rp
));
3077 mgmt_pending_remove(cmd
);
3082 int mgmt_pin_code_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3085 struct pending_cmd
*cmd
;
3086 struct mgmt_rp_pin_code_reply rp
;
3089 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
);
3093 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3094 rp
.addr
.type
= MGMT_ADDR_BREDR
;
3096 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_NEG_REPLY
,
3097 mgmt_status(status
), &rp
, sizeof(rp
));
3099 mgmt_pending_remove(cmd
);
3104 int mgmt_user_confirm_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3105 u8 link_type
, u8 addr_type
, __le32 value
,
3108 struct mgmt_ev_user_confirm_request ev
;
3110 BT_DBG("%s", hdev
->name
);
3112 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3113 ev
.addr
.type
= link_to_mgmt(link_type
, addr_type
);
3114 ev
.confirm_hint
= confirm_hint
;
3115 put_unaligned_le32(value
, &ev
.value
);
3117 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST
, hdev
, &ev
, sizeof(ev
),
3121 int mgmt_user_passkey_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3122 u8 link_type
, u8 addr_type
)
3124 struct mgmt_ev_user_passkey_request ev
;
3126 BT_DBG("%s", hdev
->name
);
3128 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3129 ev
.addr
.type
= link_to_mgmt(link_type
, addr_type
);
3131 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST
, hdev
, &ev
, sizeof(ev
),
3135 static int user_pairing_resp_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3136 u8 link_type
, u8 addr_type
, u8 status
,
3139 struct pending_cmd
*cmd
;
3140 struct mgmt_rp_user_confirm_reply rp
;
3143 cmd
= mgmt_pending_find(opcode
, hdev
);
3147 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3148 rp
.addr
.type
= link_to_mgmt(link_type
, addr_type
);
3149 err
= cmd_complete(cmd
->sk
, hdev
->id
, opcode
, mgmt_status(status
),
3152 mgmt_pending_remove(cmd
);
3157 int mgmt_user_confirm_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3158 u8 link_type
, u8 addr_type
, u8 status
)
3160 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3161 status
, MGMT_OP_USER_CONFIRM_REPLY
);
3164 int mgmt_user_confirm_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3165 u8 link_type
, u8 addr_type
, u8 status
)
3167 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3168 status
, MGMT_OP_USER_CONFIRM_NEG_REPLY
);
3171 int mgmt_user_passkey_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3172 u8 link_type
, u8 addr_type
, u8 status
)
3174 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3175 status
, MGMT_OP_USER_PASSKEY_REPLY
);
3178 int mgmt_user_passkey_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3179 u8 link_type
, u8 addr_type
, u8 status
)
3181 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3182 status
, MGMT_OP_USER_PASSKEY_NEG_REPLY
);
3185 int mgmt_auth_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3186 u8 addr_type
, u8 status
)
3188 struct mgmt_ev_auth_failed ev
;
3190 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3191 ev
.addr
.type
= link_to_mgmt(link_type
, addr_type
);
3192 ev
.status
= mgmt_status(status
);
3194 return mgmt_event(MGMT_EV_AUTH_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
3197 int mgmt_auth_enable_complete(struct hci_dev
*hdev
, u8 status
)
3199 struct cmd_lookup match
= { NULL
, hdev
};
3200 bool changed
= false;
3204 u8 mgmt_err
= mgmt_status(status
);
3205 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
,
3206 cmd_status_rsp
, &mgmt_err
);
3210 if (test_bit(HCI_AUTH
, &hdev
->flags
)) {
3211 if (!test_and_set_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
3214 if (test_and_clear_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
3218 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
, settings_rsp
,
3222 err
= new_settings(hdev
, match
.sk
);
3230 static int clear_eir(struct hci_dev
*hdev
)
3232 struct hci_cp_write_eir cp
;
3234 if (!(hdev
->features
[6] & LMP_EXT_INQ
))
3237 memset(hdev
->eir
, 0, sizeof(hdev
->eir
));
3239 memset(&cp
, 0, sizeof(cp
));
3241 return hci_send_cmd(hdev
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
3244 int mgmt_ssp_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
3246 struct cmd_lookup match
= { NULL
, hdev
};
3247 bool changed
= false;
3251 u8 mgmt_err
= mgmt_status(status
);
3253 if (enable
&& test_and_clear_bit(HCI_SSP_ENABLED
,
3255 err
= new_settings(hdev
, NULL
);
3257 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, cmd_status_rsp
,
3264 if (!test_and_set_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3267 if (test_and_clear_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3271 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, settings_rsp
, &match
);
3274 err
= new_settings(hdev
, match
.sk
);
3279 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3287 static void class_rsp(struct pending_cmd
*cmd
, void *data
)
3289 struct cmd_lookup
*match
= data
;
3291 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, match
->mgmt_status
,
3292 match
->hdev
->dev_class
, 3);
3294 list_del(&cmd
->list
);
3296 if (match
->sk
== NULL
) {
3297 match
->sk
= cmd
->sk
;
3298 sock_hold(match
->sk
);
3301 mgmt_pending_free(cmd
);
3304 int mgmt_set_class_of_dev_complete(struct hci_dev
*hdev
, u8
*dev_class
,
3307 struct cmd_lookup match
= { NULL
, hdev
, mgmt_status(status
) };
3310 clear_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
);
3312 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS
, hdev
, class_rsp
, &match
);
3313 mgmt_pending_foreach(MGMT_OP_ADD_UUID
, hdev
, class_rsp
, &match
);
3314 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID
, hdev
, class_rsp
, &match
);
3317 err
= mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED
, hdev
, dev_class
,
3326 int mgmt_set_local_name_complete(struct hci_dev
*hdev
, u8
*name
, u8 status
)
3328 struct pending_cmd
*cmd
;
3329 struct mgmt_cp_set_local_name ev
;
3330 bool changed
= false;
3333 if (memcmp(name
, hdev
->dev_name
, sizeof(hdev
->dev_name
)) != 0) {
3334 memcpy(hdev
->dev_name
, name
, sizeof(hdev
->dev_name
));
3338 memset(&ev
, 0, sizeof(ev
));
3339 memcpy(ev
.name
, name
, HCI_MAX_NAME_LENGTH
);
3340 memcpy(ev
.short_name
, hdev
->short_name
, HCI_MAX_SHORT_NAME_LENGTH
);
3342 cmd
= mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME
, hdev
);
3346 /* Always assume that either the short or the complete name has
3347 * changed if there was a pending mgmt command */
3351 err
= cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
,
3352 mgmt_status(status
));
3356 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0, &ev
,
3363 err
= mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, &ev
,
3364 sizeof(ev
), cmd
? cmd
->sk
: NULL
);
3370 mgmt_pending_remove(cmd
);
3374 int mgmt_read_local_oob_data_reply_complete(struct hci_dev
*hdev
, u8
*hash
,
3375 u8
*randomizer
, u8 status
)
3377 struct pending_cmd
*cmd
;
3380 BT_DBG("%s status %u", hdev
->name
, status
);
3382 cmd
= mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
);
3387 err
= cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
3388 mgmt_status(status
));
3390 struct mgmt_rp_read_local_oob_data rp
;
3392 memcpy(rp
.hash
, hash
, sizeof(rp
.hash
));
3393 memcpy(rp
.randomizer
, randomizer
, sizeof(rp
.randomizer
));
3395 err
= cmd_complete(cmd
->sk
, hdev
->id
,
3396 MGMT_OP_READ_LOCAL_OOB_DATA
, 0, &rp
,
3400 mgmt_pending_remove(cmd
);
3405 int mgmt_le_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
3407 struct cmd_lookup match
= { NULL
, hdev
};
3408 bool changed
= false;
3412 u8 mgmt_err
= mgmt_status(status
);
3414 if (enable
&& test_and_clear_bit(HCI_LE_ENABLED
,
3416 err
= new_settings(hdev
, NULL
);
3418 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
,
3419 cmd_status_rsp
, &mgmt_err
);
3425 if (!test_and_set_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
3428 if (test_and_clear_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
3432 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, settings_rsp
, &match
);
3435 err
= new_settings(hdev
, match
.sk
);
3443 int mgmt_device_found(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3444 u8 addr_type
, u8
*dev_class
, s8 rssi
, u8 cfm_name
, u8
3445 ssp
, u8
*eir
, u16 eir_len
)
3448 struct mgmt_ev_device_found
*ev
= (void *) buf
;
3451 /* Leave 5 bytes for a potential CoD field */
3452 if (sizeof(*ev
) + eir_len
+ 5 > sizeof(buf
))
3455 memset(buf
, 0, sizeof(buf
));
3457 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
3458 ev
->addr
.type
= link_to_mgmt(link_type
, addr_type
);
3461 ev
->flags
[0] |= MGMT_DEV_FOUND_CONFIRM_NAME
;
3463 ev
->flags
[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING
;
3466 memcpy(ev
->eir
, eir
, eir_len
);
3468 if (dev_class
&& !eir_has_data_type(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
))
3469 eir_len
= eir_append_data(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
,
3472 put_unaligned_le16(eir_len
, &ev
->eir_len
);
3474 ev_size
= sizeof(*ev
) + eir_len
;
3476 return mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
, ev_size
, NULL
);
3479 int mgmt_remote_name(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3480 u8 addr_type
, s8 rssi
, u8
*name
, u8 name_len
)
3482 struct mgmt_ev_device_found
*ev
;
3483 char buf
[sizeof(*ev
) + HCI_MAX_NAME_LENGTH
+ 2];
3486 ev
= (struct mgmt_ev_device_found
*) buf
;
3488 memset(buf
, 0, sizeof(buf
));
3490 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
3491 ev
->addr
.type
= link_to_mgmt(link_type
, addr_type
);
3494 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
, name
,
3497 put_unaligned_le16(eir_len
, &ev
->eir_len
);
3499 return mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
,
3500 sizeof(*ev
) + eir_len
, NULL
);
3503 int mgmt_start_discovery_failed(struct hci_dev
*hdev
, u8 status
)
3505 struct pending_cmd
*cmd
;
3509 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
3511 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
3515 type
= hdev
->discovery
.type
;
3517 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
3518 &type
, sizeof(type
));
3519 mgmt_pending_remove(cmd
);
3524 int mgmt_stop_discovery_failed(struct hci_dev
*hdev
, u8 status
)
3526 struct pending_cmd
*cmd
;
3529 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
3533 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
3534 &hdev
->discovery
.type
, sizeof(hdev
->discovery
.type
));
3535 mgmt_pending_remove(cmd
);
3540 int mgmt_discovering(struct hci_dev
*hdev
, u8 discovering
)
3542 struct mgmt_ev_discovering ev
;
3543 struct pending_cmd
*cmd
;
3545 BT_DBG("%s discovering %u", hdev
->name
, discovering
);
3548 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
3550 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
3553 u8 type
= hdev
->discovery
.type
;
3555 cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, 0, &type
,
3557 mgmt_pending_remove(cmd
);
3560 memset(&ev
, 0, sizeof(ev
));
3561 ev
.type
= hdev
->discovery
.type
;
3562 ev
.discovering
= discovering
;
3564 return mgmt_event(MGMT_EV_DISCOVERING
, hdev
, &ev
, sizeof(ev
), NULL
);
3567 int mgmt_device_blocked(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
3569 struct pending_cmd
*cmd
;
3570 struct mgmt_ev_device_blocked ev
;
3572 cmd
= mgmt_pending_find(MGMT_OP_BLOCK_DEVICE
, hdev
);
3574 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3575 ev
.addr
.type
= type
;
3577 return mgmt_event(MGMT_EV_DEVICE_BLOCKED
, hdev
, &ev
, sizeof(ev
),
3578 cmd
? cmd
->sk
: NULL
);
3581 int mgmt_device_unblocked(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
3583 struct pending_cmd
*cmd
;
3584 struct mgmt_ev_device_unblocked ev
;
3586 cmd
= mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE
, hdev
);
3588 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3589 ev
.addr
.type
= type
;
3591 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED
, hdev
, &ev
, sizeof(ev
),
3592 cmd
? cmd
->sk
: NULL
);
3595 module_param(enable_hs
, bool, 0644);
3596 MODULE_PARM_DESC(enable_hs
, "Enable High Speed support");
3598 module_param(enable_le
, bool, 0644);
3599 MODULE_PARM_DESC(enable_le
, "Enable Low Energy support");