2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/kernel.h>
28 #include <linux/uaccess.h>
29 #include <linux/module.h>
30 #include <asm/unaligned.h>
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/mgmt.h>
35 #include <net/bluetooth/smp.h>
39 #define MGMT_VERSION 1
40 #define MGMT_REVISION 1
42 static const u16 mgmt_commands
[] = {
43 MGMT_OP_READ_INDEX_LIST
,
46 MGMT_OP_SET_DISCOVERABLE
,
47 MGMT_OP_SET_CONNECTABLE
,
48 MGMT_OP_SET_FAST_CONNECTABLE
,
50 MGMT_OP_SET_LINK_SECURITY
,
54 MGMT_OP_SET_DEV_CLASS
,
55 MGMT_OP_SET_LOCAL_NAME
,
58 MGMT_OP_LOAD_LINK_KEYS
,
59 MGMT_OP_LOAD_LONG_TERM_KEYS
,
61 MGMT_OP_GET_CONNECTIONS
,
62 MGMT_OP_PIN_CODE_REPLY
,
63 MGMT_OP_PIN_CODE_NEG_REPLY
,
64 MGMT_OP_SET_IO_CAPABILITY
,
66 MGMT_OP_CANCEL_PAIR_DEVICE
,
67 MGMT_OP_UNPAIR_DEVICE
,
68 MGMT_OP_USER_CONFIRM_REPLY
,
69 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
70 MGMT_OP_USER_PASSKEY_REPLY
,
71 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
72 MGMT_OP_READ_LOCAL_OOB_DATA
,
73 MGMT_OP_ADD_REMOTE_OOB_DATA
,
74 MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
75 MGMT_OP_START_DISCOVERY
,
76 MGMT_OP_STOP_DISCOVERY
,
79 MGMT_OP_UNBLOCK_DEVICE
,
80 MGMT_OP_SET_DEVICE_ID
,
83 static const u16 mgmt_events
[] = {
84 MGMT_EV_CONTROLLER_ERROR
,
86 MGMT_EV_INDEX_REMOVED
,
88 MGMT_EV_CLASS_OF_DEV_CHANGED
,
89 MGMT_EV_LOCAL_NAME_CHANGED
,
91 MGMT_EV_NEW_LONG_TERM_KEY
,
92 MGMT_EV_DEVICE_CONNECTED
,
93 MGMT_EV_DEVICE_DISCONNECTED
,
94 MGMT_EV_CONNECT_FAILED
,
95 MGMT_EV_PIN_CODE_REQUEST
,
96 MGMT_EV_USER_CONFIRM_REQUEST
,
97 MGMT_EV_USER_PASSKEY_REQUEST
,
101 MGMT_EV_DEVICE_BLOCKED
,
102 MGMT_EV_DEVICE_UNBLOCKED
,
103 MGMT_EV_DEVICE_UNPAIRED
,
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
110 #define LE_SCAN_TYPE 0x01
111 #define LE_SCAN_WIN 0x12
112 #define LE_SCAN_INT 0x12
113 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
114 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
116 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
117 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
119 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
121 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
125 struct list_head list
;
133 /* HCI to MGMT error code conversion table */
134 static u8 mgmt_status_table
[] = {
136 MGMT_STATUS_UNKNOWN_COMMAND
, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED
, /* No Connection */
138 MGMT_STATUS_FAILED
, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED
, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED
, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED
, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES
, /* Memory Full */
143 MGMT_STATUS_TIMEOUT
, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES
, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES
, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED
, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY
, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES
, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED
, /* Rejected Security */
150 MGMT_STATUS_REJECTED
, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT
, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS
, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED
, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES
, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED
, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED
, /* Connection Terminated */
158 MGMT_STATUS_BUSY
, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED
, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED
, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED
, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED
, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED
, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS
, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED
, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED
, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT
, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED
, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED
, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED
, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED
, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED
, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT
, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED
, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED
, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS
, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED
, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED
, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED
, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS
, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY
, /* Role Switch Pending */
184 MGMT_STATUS_FAILED
, /* Slot Violation */
185 MGMT_STATUS_FAILED
, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS
, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED
, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY
, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED
, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY
, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS
, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT
, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED
, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED
, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED
, /* MAC Connection Failed */
198 static u8
mgmt_status(u8 hci_status
)
200 if (hci_status
< ARRAY_SIZE(mgmt_status_table
))
201 return mgmt_status_table
[hci_status
];
203 return MGMT_STATUS_FAILED
;
206 static int cmd_status(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
)
209 struct mgmt_hdr
*hdr
;
210 struct mgmt_ev_cmd_status
*ev
;
213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk
, index
, cmd
, status
);
215 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
), GFP_ATOMIC
);
219 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
221 hdr
->opcode
= cpu_to_le16(MGMT_EV_CMD_STATUS
);
222 hdr
->index
= cpu_to_le16(index
);
223 hdr
->len
= cpu_to_le16(sizeof(*ev
));
225 ev
= (void *) skb_put(skb
, sizeof(*ev
));
227 ev
->opcode
= cpu_to_le16(cmd
);
229 err
= sock_queue_rcv_skb(sk
, skb
);
236 static int cmd_complete(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
,
237 void *rp
, size_t rp_len
)
240 struct mgmt_hdr
*hdr
;
241 struct mgmt_ev_cmd_complete
*ev
;
244 BT_DBG("sock %p", sk
);
246 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
) + rp_len
, GFP_ATOMIC
);
250 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
252 hdr
->opcode
= cpu_to_le16(MGMT_EV_CMD_COMPLETE
);
253 hdr
->index
= cpu_to_le16(index
);
254 hdr
->len
= cpu_to_le16(sizeof(*ev
) + rp_len
);
256 ev
= (void *) skb_put(skb
, sizeof(*ev
) + rp_len
);
257 ev
->opcode
= cpu_to_le16(cmd
);
261 memcpy(ev
->data
, rp
, rp_len
);
263 err
= sock_queue_rcv_skb(sk
, skb
);
270 static int read_version(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
273 struct mgmt_rp_read_version rp
;
275 BT_DBG("sock %p", sk
);
277 rp
.version
= MGMT_VERSION
;
278 rp
.revision
= __constant_cpu_to_le16(MGMT_REVISION
);
280 return cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_VERSION
, 0, &rp
,
284 static int read_commands(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
287 struct mgmt_rp_read_commands
*rp
;
288 const u16 num_commands
= ARRAY_SIZE(mgmt_commands
);
289 const u16 num_events
= ARRAY_SIZE(mgmt_events
);
294 BT_DBG("sock %p", sk
);
296 rp_size
= sizeof(*rp
) + ((num_commands
+ num_events
) * sizeof(u16
));
298 rp
= kmalloc(rp_size
, GFP_KERNEL
);
302 rp
->num_commands
= __constant_cpu_to_le16(num_commands
);
303 rp
->num_events
= __constant_cpu_to_le16(num_events
);
305 for (i
= 0, opcode
= rp
->opcodes
; i
< num_commands
; i
++, opcode
++)
306 put_unaligned_le16(mgmt_commands
[i
], opcode
);
308 for (i
= 0; i
< num_events
; i
++, opcode
++)
309 put_unaligned_le16(mgmt_events
[i
], opcode
);
311 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_COMMANDS
, 0, rp
,
318 static int read_index_list(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
321 struct mgmt_rp_read_index_list
*rp
;
328 BT_DBG("sock %p", sk
);
330 read_lock(&hci_dev_list_lock
);
333 list_for_each(p
, &hci_dev_list
) {
337 rp_len
= sizeof(*rp
) + (2 * count
);
338 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
340 read_unlock(&hci_dev_list_lock
);
344 rp
->num_controllers
= cpu_to_le16(count
);
347 list_for_each_entry(d
, &hci_dev_list
, list
) {
348 if (test_bit(HCI_SETUP
, &d
->dev_flags
))
351 rp
->index
[i
++] = cpu_to_le16(d
->id
);
352 BT_DBG("Added hci%u", d
->id
);
355 read_unlock(&hci_dev_list_lock
);
357 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_INDEX_LIST
, 0, rp
,
365 static u32
get_supported_settings(struct hci_dev
*hdev
)
369 settings
|= MGMT_SETTING_POWERED
;
370 settings
|= MGMT_SETTING_CONNECTABLE
;
371 settings
|= MGMT_SETTING_FAST_CONNECTABLE
;
372 settings
|= MGMT_SETTING_DISCOVERABLE
;
373 settings
|= MGMT_SETTING_PAIRABLE
;
375 if (hdev
->features
[6] & LMP_SIMPLE_PAIR
)
376 settings
|= MGMT_SETTING_SSP
;
378 if (!(hdev
->features
[4] & LMP_NO_BREDR
)) {
379 settings
|= MGMT_SETTING_BREDR
;
380 settings
|= MGMT_SETTING_LINK_SECURITY
;
384 settings
|= MGMT_SETTING_HS
;
386 if (hdev
->features
[4] & LMP_LE
)
387 settings
|= MGMT_SETTING_LE
;
392 static u32
get_current_settings(struct hci_dev
*hdev
)
396 if (hdev_is_powered(hdev
))
397 settings
|= MGMT_SETTING_POWERED
;
399 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
400 settings
|= MGMT_SETTING_CONNECTABLE
;
402 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
403 settings
|= MGMT_SETTING_DISCOVERABLE
;
405 if (test_bit(HCI_PAIRABLE
, &hdev
->dev_flags
))
406 settings
|= MGMT_SETTING_PAIRABLE
;
408 if (!(hdev
->features
[4] & LMP_NO_BREDR
))
409 settings
|= MGMT_SETTING_BREDR
;
411 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
412 settings
|= MGMT_SETTING_LE
;
414 if (test_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
415 settings
|= MGMT_SETTING_LINK_SECURITY
;
417 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
418 settings
|= MGMT_SETTING_SSP
;
420 if (test_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
))
421 settings
|= MGMT_SETTING_HS
;
426 #define PNP_INFO_SVCLASS_ID 0x1200
428 static u8 bluetooth_base_uuid
[] = {
429 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
430 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
433 static u16
get_uuid16(u8
*uuid128
)
438 for (i
= 0; i
< 12; i
++) {
439 if (bluetooth_base_uuid
[i
] != uuid128
[i
])
443 val
= get_unaligned_le32(&uuid128
[12]);
450 static void create_eir(struct hci_dev
*hdev
, u8
*data
)
454 u16 uuid16_list
[HCI_MAX_EIR_LENGTH
/ sizeof(u16
)];
455 int i
, truncated
= 0;
456 struct bt_uuid
*uuid
;
459 name_len
= strlen(hdev
->dev_name
);
465 ptr
[1] = EIR_NAME_SHORT
;
467 ptr
[1] = EIR_NAME_COMPLETE
;
469 /* EIR Data length */
470 ptr
[0] = name_len
+ 1;
472 memcpy(ptr
+ 2, hdev
->dev_name
, name_len
);
474 eir_len
+= (name_len
+ 2);
475 ptr
+= (name_len
+ 2);
478 if (hdev
->inq_tx_power
) {
480 ptr
[1] = EIR_TX_POWER
;
481 ptr
[2] = (u8
) hdev
->inq_tx_power
;
487 if (hdev
->devid_source
> 0) {
489 ptr
[1] = EIR_DEVICE_ID
;
491 put_unaligned_le16(hdev
->devid_source
, ptr
+ 2);
492 put_unaligned_le16(hdev
->devid_vendor
, ptr
+ 4);
493 put_unaligned_le16(hdev
->devid_product
, ptr
+ 6);
494 put_unaligned_le16(hdev
->devid_version
, ptr
+ 8);
500 memset(uuid16_list
, 0, sizeof(uuid16_list
));
502 /* Group all UUID16 types */
503 list_for_each_entry(uuid
, &hdev
->uuids
, list
) {
506 uuid16
= get_uuid16(uuid
->uuid
);
513 if (uuid16
== PNP_INFO_SVCLASS_ID
)
516 /* Stop if not enough space to put next UUID */
517 if (eir_len
+ 2 + sizeof(u16
) > HCI_MAX_EIR_LENGTH
) {
522 /* Check for duplicates */
523 for (i
= 0; uuid16_list
[i
] != 0; i
++)
524 if (uuid16_list
[i
] == uuid16
)
527 if (uuid16_list
[i
] == 0) {
528 uuid16_list
[i
] = uuid16
;
529 eir_len
+= sizeof(u16
);
533 if (uuid16_list
[0] != 0) {
537 ptr
[1] = truncated
? EIR_UUID16_SOME
: EIR_UUID16_ALL
;
542 for (i
= 0; uuid16_list
[i
] != 0; i
++) {
543 *ptr
++ = (uuid16_list
[i
] & 0x00ff);
544 *ptr
++ = (uuid16_list
[i
] & 0xff00) >> 8;
547 /* EIR Data length */
548 *length
= (i
* sizeof(u16
)) + 1;
552 static int update_eir(struct hci_dev
*hdev
)
554 struct hci_cp_write_eir cp
;
556 if (!hdev_is_powered(hdev
))
559 if (!(hdev
->features
[6] & LMP_EXT_INQ
))
562 if (!test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
565 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
568 memset(&cp
, 0, sizeof(cp
));
570 create_eir(hdev
, cp
.data
);
572 if (memcmp(cp
.data
, hdev
->eir
, sizeof(cp
.data
)) == 0)
575 memcpy(hdev
->eir
, cp
.data
, sizeof(cp
.data
));
577 return hci_send_cmd(hdev
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
580 static u8
get_service_classes(struct hci_dev
*hdev
)
582 struct bt_uuid
*uuid
;
585 list_for_each_entry(uuid
, &hdev
->uuids
, list
)
586 val
|= uuid
->svc_hint
;
591 static int update_class(struct hci_dev
*hdev
)
596 BT_DBG("%s", hdev
->name
);
598 if (!hdev_is_powered(hdev
))
601 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
604 cod
[0] = hdev
->minor_class
;
605 cod
[1] = hdev
->major_class
;
606 cod
[2] = get_service_classes(hdev
);
608 if (memcmp(cod
, hdev
->dev_class
, 3) == 0)
611 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_CLASS_OF_DEV
, sizeof(cod
), cod
);
613 set_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
);
618 static void service_cache_off(struct work_struct
*work
)
620 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
623 if (!test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
631 hci_dev_unlock(hdev
);
634 static void mgmt_init_hdev(struct sock
*sk
, struct hci_dev
*hdev
)
636 if (test_and_set_bit(HCI_MGMT
, &hdev
->dev_flags
))
639 INIT_DELAYED_WORK(&hdev
->service_cache
, service_cache_off
);
641 /* Non-mgmt controlled devices get this bit set
642 * implicitly so that pairing works for them, however
643 * for mgmt we require user-space to explicitly enable
646 clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
649 static int read_controller_info(struct sock
*sk
, struct hci_dev
*hdev
,
650 void *data
, u16 data_len
)
652 struct mgmt_rp_read_info rp
;
654 BT_DBG("sock %p %s", sk
, hdev
->name
);
658 memset(&rp
, 0, sizeof(rp
));
660 bacpy(&rp
.bdaddr
, &hdev
->bdaddr
);
662 rp
.version
= hdev
->hci_ver
;
663 rp
.manufacturer
= cpu_to_le16(hdev
->manufacturer
);
665 rp
.supported_settings
= cpu_to_le32(get_supported_settings(hdev
));
666 rp
.current_settings
= cpu_to_le32(get_current_settings(hdev
));
668 memcpy(rp
.dev_class
, hdev
->dev_class
, 3);
670 memcpy(rp
.name
, hdev
->dev_name
, sizeof(hdev
->dev_name
));
671 memcpy(rp
.short_name
, hdev
->short_name
, sizeof(hdev
->short_name
));
673 hci_dev_unlock(hdev
);
675 return cmd_complete(sk
, hdev
->id
, MGMT_OP_READ_INFO
, 0, &rp
,
679 static void mgmt_pending_free(struct pending_cmd
*cmd
)
686 static struct pending_cmd
*mgmt_pending_add(struct sock
*sk
, u16 opcode
,
687 struct hci_dev
*hdev
, void *data
,
690 struct pending_cmd
*cmd
;
692 cmd
= kmalloc(sizeof(*cmd
), GFP_ATOMIC
);
696 cmd
->opcode
= opcode
;
697 cmd
->index
= hdev
->id
;
699 cmd
->param
= kmalloc(len
, GFP_ATOMIC
);
706 memcpy(cmd
->param
, data
, len
);
711 list_add(&cmd
->list
, &hdev
->mgmt_pending
);
716 static void mgmt_pending_foreach(u16 opcode
, struct hci_dev
*hdev
,
717 void (*cb
)(struct pending_cmd
*cmd
, void *data
),
720 struct list_head
*p
, *n
;
722 list_for_each_safe(p
, n
, &hdev
->mgmt_pending
) {
723 struct pending_cmd
*cmd
;
725 cmd
= list_entry(p
, struct pending_cmd
, list
);
727 if (opcode
> 0 && cmd
->opcode
!= opcode
)
734 static struct pending_cmd
*mgmt_pending_find(u16 opcode
, struct hci_dev
*hdev
)
736 struct pending_cmd
*cmd
;
738 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
739 if (cmd
->opcode
== opcode
)
746 static void mgmt_pending_remove(struct pending_cmd
*cmd
)
748 list_del(&cmd
->list
);
749 mgmt_pending_free(cmd
);
752 static int send_settings_rsp(struct sock
*sk
, u16 opcode
, struct hci_dev
*hdev
)
754 __le32 settings
= cpu_to_le32(get_current_settings(hdev
));
756 return cmd_complete(sk
, hdev
->id
, opcode
, 0, &settings
,
760 static int set_powered(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
763 struct mgmt_mode
*cp
= data
;
764 struct pending_cmd
*cmd
;
767 BT_DBG("request for %s", hdev
->name
);
771 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
)) {
772 cancel_delayed_work(&hdev
->power_off
);
775 err
= send_settings_rsp(sk
, MGMT_OP_SET_POWERED
, hdev
);
776 mgmt_powered(hdev
, 1);
781 if (!!cp
->val
== hdev_is_powered(hdev
)) {
782 err
= send_settings_rsp(sk
, MGMT_OP_SET_POWERED
, hdev
);
786 if (mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
)) {
787 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_POWERED
,
792 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_POWERED
, hdev
, data
, len
);
799 schedule_work(&hdev
->power_on
);
801 schedule_work(&hdev
->power_off
.work
);
806 hci_dev_unlock(hdev
);
810 static int mgmt_event(u16 event
, struct hci_dev
*hdev
, void *data
, u16 data_len
,
811 struct sock
*skip_sk
)
814 struct mgmt_hdr
*hdr
;
816 skb
= alloc_skb(sizeof(*hdr
) + data_len
, GFP_ATOMIC
);
820 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
821 hdr
->opcode
= cpu_to_le16(event
);
823 hdr
->index
= cpu_to_le16(hdev
->id
);
825 hdr
->index
= cpu_to_le16(MGMT_INDEX_NONE
);
826 hdr
->len
= cpu_to_le16(data_len
);
829 memcpy(skb_put(skb
, data_len
), data
, data_len
);
832 __net_timestamp(skb
);
834 hci_send_to_control(skb
, skip_sk
);
840 static int new_settings(struct hci_dev
*hdev
, struct sock
*skip
)
844 ev
= cpu_to_le32(get_current_settings(hdev
));
846 return mgmt_event(MGMT_EV_NEW_SETTINGS
, hdev
, &ev
, sizeof(ev
), skip
);
849 static int set_discoverable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
852 struct mgmt_cp_set_discoverable
*cp
= data
;
853 struct pending_cmd
*cmd
;
858 BT_DBG("request for %s", hdev
->name
);
860 timeout
= __le16_to_cpu(cp
->timeout
);
861 if (!cp
->val
&& timeout
> 0)
862 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
863 MGMT_STATUS_INVALID_PARAMS
);
867 if (!hdev_is_powered(hdev
) && timeout
> 0) {
868 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
869 MGMT_STATUS_NOT_POWERED
);
873 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
874 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
875 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
880 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
)) {
881 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
882 MGMT_STATUS_REJECTED
);
886 if (!hdev_is_powered(hdev
)) {
887 bool changed
= false;
889 if (!!cp
->val
!= test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
)) {
890 change_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
894 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
899 err
= new_settings(hdev
, sk
);
904 if (!!cp
->val
== test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
)) {
905 if (hdev
->discov_timeout
> 0) {
906 cancel_delayed_work(&hdev
->discov_off
);
907 hdev
->discov_timeout
= 0;
910 if (cp
->val
&& timeout
> 0) {
911 hdev
->discov_timeout
= timeout
;
912 queue_delayed_work(hdev
->workqueue
, &hdev
->discov_off
,
913 msecs_to_jiffies(hdev
->discov_timeout
* 1000));
916 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
920 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
, data
, len
);
929 scan
|= SCAN_INQUIRY
;
931 cancel_delayed_work(&hdev
->discov_off
);
933 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
935 mgmt_pending_remove(cmd
);
938 hdev
->discov_timeout
= timeout
;
941 hci_dev_unlock(hdev
);
945 static int set_connectable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
948 struct mgmt_mode
*cp
= data
;
949 struct pending_cmd
*cmd
;
953 BT_DBG("request for %s", hdev
->name
);
957 if (!hdev_is_powered(hdev
)) {
958 bool changed
= false;
960 if (!!cp
->val
!= test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
964 set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
966 clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
967 clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
970 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
975 err
= new_settings(hdev
, sk
);
980 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
981 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
982 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
987 if (!!cp
->val
== test_bit(HCI_PSCAN
, &hdev
->flags
)) {
988 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
992 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
, data
, len
);
1003 if (test_bit(HCI_ISCAN
, &hdev
->flags
) &&
1004 hdev
->discov_timeout
> 0)
1005 cancel_delayed_work(&hdev
->discov_off
);
1008 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
1010 mgmt_pending_remove(cmd
);
1013 hci_dev_unlock(hdev
);
1017 static int set_pairable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1020 struct mgmt_mode
*cp
= data
;
1023 BT_DBG("request for %s", hdev
->name
);
1028 set_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1030 clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1032 err
= send_settings_rsp(sk
, MGMT_OP_SET_PAIRABLE
, hdev
);
1036 err
= new_settings(hdev
, sk
);
1039 hci_dev_unlock(hdev
);
1043 static int set_link_security(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1046 struct mgmt_mode
*cp
= data
;
1047 struct pending_cmd
*cmd
;
1051 BT_DBG("request for %s", hdev
->name
);
1055 if (!hdev_is_powered(hdev
)) {
1056 bool changed
= false;
1058 if (!!cp
->val
!= test_bit(HCI_LINK_SECURITY
,
1059 &hdev
->dev_flags
)) {
1060 change_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
);
1064 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1069 err
= new_settings(hdev
, sk
);
1074 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY
, hdev
)) {
1075 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1082 if (test_bit(HCI_AUTH
, &hdev
->flags
) == val
) {
1083 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1087 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
, data
, len
);
1093 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, sizeof(val
), &val
);
1095 mgmt_pending_remove(cmd
);
1100 hci_dev_unlock(hdev
);
1104 static int set_ssp(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1106 struct mgmt_mode
*cp
= data
;
1107 struct pending_cmd
*cmd
;
1111 BT_DBG("request for %s", hdev
->name
);
1115 if (!(hdev
->features
[6] & LMP_SIMPLE_PAIR
)) {
1116 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1117 MGMT_STATUS_NOT_SUPPORTED
);
1123 if (!hdev_is_powered(hdev
)) {
1124 bool changed
= false;
1126 if (val
!= test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
1127 change_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
1131 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1136 err
= new_settings(hdev
, sk
);
1141 if (mgmt_pending_find(MGMT_OP_SET_SSP
, hdev
)) {
1142 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1147 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
) == val
) {
1148 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1152 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_SSP
, hdev
, data
, len
);
1158 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_MODE
, sizeof(val
), &val
);
1160 mgmt_pending_remove(cmd
);
1165 hci_dev_unlock(hdev
);
1169 static int set_hs(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1171 struct mgmt_mode
*cp
= data
;
1173 BT_DBG("request for %s", hdev
->name
);
1176 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1177 MGMT_STATUS_NOT_SUPPORTED
);
1180 set_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1182 clear_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1184 return send_settings_rsp(sk
, MGMT_OP_SET_HS
, hdev
);
1187 static int set_le(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1189 struct mgmt_mode
*cp
= data
;
1190 struct hci_cp_write_le_host_supported hci_cp
;
1191 struct pending_cmd
*cmd
;
1195 BT_DBG("request for %s", hdev
->name
);
1199 if (!(hdev
->features
[4] & LMP_LE
)) {
1200 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1201 MGMT_STATUS_NOT_SUPPORTED
);
1206 enabled
= !!(hdev
->host_features
[0] & LMP_HOST_LE
);
1208 if (!hdev_is_powered(hdev
) || val
== enabled
) {
1209 bool changed
= false;
1211 if (val
!= test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
1212 change_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
);
1216 err
= send_settings_rsp(sk
, MGMT_OP_SET_LE
, hdev
);
1221 err
= new_settings(hdev
, sk
);
1226 if (mgmt_pending_find(MGMT_OP_SET_LE
, hdev
)) {
1227 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1232 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LE
, hdev
, data
, len
);
1238 memset(&hci_cp
, 0, sizeof(hci_cp
));
1242 hci_cp
.simul
= !!(hdev
->features
[6] & LMP_SIMUL_LE_BR
);
1245 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_LE_HOST_SUPPORTED
, sizeof(hci_cp
),
1248 mgmt_pending_remove(cmd
);
1251 hci_dev_unlock(hdev
);
1255 static int add_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1257 struct mgmt_cp_add_uuid
*cp
= data
;
1258 struct pending_cmd
*cmd
;
1259 struct bt_uuid
*uuid
;
1262 BT_DBG("request for %s", hdev
->name
);
1266 if (test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1267 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_UUID
,
1272 uuid
= kmalloc(sizeof(*uuid
), GFP_ATOMIC
);
1278 memcpy(uuid
->uuid
, cp
->uuid
, 16);
1279 uuid
->svc_hint
= cp
->svc_hint
;
1281 list_add(&uuid
->list
, &hdev
->uuids
);
1283 err
= update_class(hdev
);
1287 err
= update_eir(hdev
);
1291 if (!test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1292 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_UUID
, 0,
1293 hdev
->dev_class
, 3);
1297 cmd
= mgmt_pending_add(sk
, MGMT_OP_ADD_UUID
, hdev
, data
, len
);
1302 hci_dev_unlock(hdev
);
1306 static bool enable_service_cache(struct hci_dev
*hdev
)
1308 if (!hdev_is_powered(hdev
))
1311 if (!test_and_set_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
1312 schedule_delayed_work(&hdev
->service_cache
, CACHE_TIMEOUT
);
1319 static int remove_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1322 struct mgmt_cp_remove_uuid
*cp
= data
;
1323 struct pending_cmd
*cmd
;
1324 struct list_head
*p
, *n
;
1325 u8 bt_uuid_any
[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1328 BT_DBG("request for %s", hdev
->name
);
1332 if (test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1333 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1338 if (memcmp(cp
->uuid
, bt_uuid_any
, 16) == 0) {
1339 err
= hci_uuids_clear(hdev
);
1341 if (enable_service_cache(hdev
)) {
1342 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1343 0, hdev
->dev_class
, 3);
1352 list_for_each_safe(p
, n
, &hdev
->uuids
) {
1353 struct bt_uuid
*match
= list_entry(p
, struct bt_uuid
, list
);
1355 if (memcmp(match
->uuid
, cp
->uuid
, 16) != 0)
1358 list_del(&match
->list
);
1363 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1364 MGMT_STATUS_INVALID_PARAMS
);
1369 err
= update_class(hdev
);
1373 err
= update_eir(hdev
);
1377 if (!test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1378 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
, 0,
1379 hdev
->dev_class
, 3);
1383 cmd
= mgmt_pending_add(sk
, MGMT_OP_REMOVE_UUID
, hdev
, data
, len
);
1388 hci_dev_unlock(hdev
);
1392 static int set_dev_class(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1395 struct mgmt_cp_set_dev_class
*cp
= data
;
1396 struct pending_cmd
*cmd
;
1399 BT_DBG("request for %s", hdev
->name
);
1403 if (test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1404 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
1409 hdev
->major_class
= cp
->major
;
1410 hdev
->minor_class
= cp
->minor
;
1412 if (!hdev_is_powered(hdev
)) {
1413 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
1414 hdev
->dev_class
, 3);
1418 if (test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
1419 hci_dev_unlock(hdev
);
1420 cancel_delayed_work_sync(&hdev
->service_cache
);
1425 err
= update_class(hdev
);
1429 if (!test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1430 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
1431 hdev
->dev_class
, 3);
1435 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DEV_CLASS
, hdev
, data
, len
);
1440 hci_dev_unlock(hdev
);
1444 static int load_link_keys(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1447 struct mgmt_cp_load_link_keys
*cp
= data
;
1448 u16 key_count
, expected_len
;
1451 key_count
= __le16_to_cpu(cp
->key_count
);
1453 expected_len
= sizeof(*cp
) + key_count
*
1454 sizeof(struct mgmt_link_key_info
);
1455 if (expected_len
!= len
) {
1456 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1458 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
1459 MGMT_STATUS_INVALID_PARAMS
);
1462 BT_DBG("%s debug_keys %u key_count %u", hdev
->name
, cp
->debug_keys
,
1467 hci_link_keys_clear(hdev
);
1469 set_bit(HCI_LINK_KEYS
, &hdev
->dev_flags
);
1472 set_bit(HCI_DEBUG_KEYS
, &hdev
->dev_flags
);
1474 clear_bit(HCI_DEBUG_KEYS
, &hdev
->dev_flags
);
1476 for (i
= 0; i
< key_count
; i
++) {
1477 struct mgmt_link_key_info
*key
= &cp
->keys
[i
];
1479 hci_add_link_key(hdev
, NULL
, 0, &key
->addr
.bdaddr
, key
->val
,
1480 key
->type
, key
->pin_len
);
1483 cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
, 0, NULL
, 0);
1485 hci_dev_unlock(hdev
);
1490 static int device_unpaired(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
1491 u8 addr_type
, struct sock
*skip_sk
)
1493 struct mgmt_ev_device_unpaired ev
;
1495 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
1496 ev
.addr
.type
= addr_type
;
1498 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED
, hdev
, &ev
, sizeof(ev
),
1502 static int unpair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1505 struct mgmt_cp_unpair_device
*cp
= data
;
1506 struct mgmt_rp_unpair_device rp
;
1507 struct hci_cp_disconnect dc
;
1508 struct pending_cmd
*cmd
;
1509 struct hci_conn
*conn
;
1514 memset(&rp
, 0, sizeof(rp
));
1515 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
1516 rp
.addr
.type
= cp
->addr
.type
;
1518 if (!hdev_is_powered(hdev
)) {
1519 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1520 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
1524 if (cp
->addr
.type
== BDADDR_BREDR
)
1525 err
= hci_remove_link_key(hdev
, &cp
->addr
.bdaddr
);
1527 err
= hci_remove_ltk(hdev
, &cp
->addr
.bdaddr
);
1530 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1531 MGMT_STATUS_NOT_PAIRED
, &rp
, sizeof(rp
));
1535 if (cp
->disconnect
) {
1536 if (cp
->addr
.type
== BDADDR_BREDR
)
1537 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
1540 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
,
1547 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
, 0,
1549 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, sk
);
1553 cmd
= mgmt_pending_add(sk
, MGMT_OP_UNPAIR_DEVICE
, hdev
, cp
,
1560 dc
.handle
= cpu_to_le16(conn
->handle
);
1561 dc
.reason
= 0x13; /* Remote User Terminated Connection */
1562 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
1564 mgmt_pending_remove(cmd
);
1567 hci_dev_unlock(hdev
);
1571 static int disconnect(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1574 struct mgmt_cp_disconnect
*cp
= data
;
1575 struct hci_cp_disconnect dc
;
1576 struct pending_cmd
*cmd
;
1577 struct hci_conn
*conn
;
1584 if (!test_bit(HCI_UP
, &hdev
->flags
)) {
1585 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1586 MGMT_STATUS_NOT_POWERED
);
1590 if (mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
)) {
1591 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1596 if (cp
->addr
.type
== BDADDR_BREDR
)
1597 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
);
1599 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->addr
.bdaddr
);
1601 if (!conn
|| conn
->state
== BT_OPEN
|| conn
->state
== BT_CLOSED
) {
1602 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1603 MGMT_STATUS_NOT_CONNECTED
);
1607 cmd
= mgmt_pending_add(sk
, MGMT_OP_DISCONNECT
, hdev
, data
, len
);
1613 dc
.handle
= cpu_to_le16(conn
->handle
);
1614 dc
.reason
= 0x13; /* Remote User Terminated Connection */
1616 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
1618 mgmt_pending_remove(cmd
);
1621 hci_dev_unlock(hdev
);
1625 static u8
link_to_bdaddr(u8 link_type
, u8 addr_type
)
1627 switch (link_type
) {
1629 switch (addr_type
) {
1630 case ADDR_LE_DEV_PUBLIC
:
1631 return BDADDR_LE_PUBLIC
;
1634 /* Fallback to LE Random address type */
1635 return BDADDR_LE_RANDOM
;
1639 /* Fallback to BR/EDR type */
1640 return BDADDR_BREDR
;
1644 static int get_connections(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1647 struct mgmt_rp_get_connections
*rp
;
1657 if (!hdev_is_powered(hdev
)) {
1658 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
,
1659 MGMT_STATUS_NOT_POWERED
);
1664 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
1665 if (test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
1669 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
1670 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
1677 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
1678 if (!test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
1680 bacpy(&rp
->addr
[i
].bdaddr
, &c
->dst
);
1681 rp
->addr
[i
].type
= link_to_bdaddr(c
->type
, c
->dst_type
);
1682 if (c
->type
== SCO_LINK
|| c
->type
== ESCO_LINK
)
1687 rp
->conn_count
= cpu_to_le16(i
);
1689 /* Recalculate length in case of filtered SCO connections, etc */
1690 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
1692 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
, 0, rp
,
1698 hci_dev_unlock(hdev
);
1702 static int send_pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
1703 struct mgmt_cp_pin_code_neg_reply
*cp
)
1705 struct pending_cmd
*cmd
;
1708 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
, cp
,
1713 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
1714 sizeof(cp
->addr
.bdaddr
), &cp
->addr
.bdaddr
);
1716 mgmt_pending_remove(cmd
);
1721 static int pin_code_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1724 struct hci_conn
*conn
;
1725 struct mgmt_cp_pin_code_reply
*cp
= data
;
1726 struct hci_cp_pin_code_reply reply
;
1727 struct pending_cmd
*cmd
;
1734 if (!hdev_is_powered(hdev
)) {
1735 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
1736 MGMT_STATUS_NOT_POWERED
);
1740 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
);
1742 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
1743 MGMT_STATUS_NOT_CONNECTED
);
1747 if (conn
->pending_sec_level
== BT_SECURITY_HIGH
&& cp
->pin_len
!= 16) {
1748 struct mgmt_cp_pin_code_neg_reply ncp
;
1750 memcpy(&ncp
.addr
, &cp
->addr
, sizeof(ncp
.addr
));
1752 BT_ERR("PIN code is not 16 bytes long");
1754 err
= send_pin_code_neg_reply(sk
, hdev
, &ncp
);
1756 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
1757 MGMT_STATUS_INVALID_PARAMS
);
1762 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_REPLY
, hdev
, data
, len
);
1768 bacpy(&reply
.bdaddr
, &cp
->addr
.bdaddr
);
1769 reply
.pin_len
= cp
->pin_len
;
1770 memcpy(reply
.pin_code
, cp
->pin_code
, sizeof(reply
.pin_code
));
1772 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_REPLY
, sizeof(reply
), &reply
);
1774 mgmt_pending_remove(cmd
);
1777 hci_dev_unlock(hdev
);
1781 static int pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
1782 void *data
, u16 len
)
1784 struct mgmt_cp_pin_code_neg_reply
*cp
= data
;
1791 if (!hdev_is_powered(hdev
)) {
1792 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_NEG_REPLY
,
1793 MGMT_STATUS_NOT_POWERED
);
1797 err
= send_pin_code_neg_reply(sk
, hdev
, cp
);
1800 hci_dev_unlock(hdev
);
1804 static int set_io_capability(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1807 struct mgmt_cp_set_io_capability
*cp
= data
;
1813 hdev
->io_capability
= cp
->io_capability
;
1815 BT_DBG("%s IO capability set to 0x%02x", hdev
->name
,
1816 hdev
->io_capability
);
1818 hci_dev_unlock(hdev
);
1820 return cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_IO_CAPABILITY
, 0, NULL
,
1824 static inline struct pending_cmd
*find_pairing(struct hci_conn
*conn
)
1826 struct hci_dev
*hdev
= conn
->hdev
;
1827 struct pending_cmd
*cmd
;
1829 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
1830 if (cmd
->opcode
!= MGMT_OP_PAIR_DEVICE
)
1833 if (cmd
->user_data
!= conn
)
1842 static void pairing_complete(struct pending_cmd
*cmd
, u8 status
)
1844 struct mgmt_rp_pair_device rp
;
1845 struct hci_conn
*conn
= cmd
->user_data
;
1847 bacpy(&rp
.addr
.bdaddr
, &conn
->dst
);
1848 rp
.addr
.type
= link_to_bdaddr(conn
->type
, conn
->dst_type
);
1850 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_PAIR_DEVICE
, status
,
1853 /* So we don't get further callbacks for this connection */
1854 conn
->connect_cfm_cb
= NULL
;
1855 conn
->security_cfm_cb
= NULL
;
1856 conn
->disconn_cfm_cb
= NULL
;
1860 mgmt_pending_remove(cmd
);
1863 static void pairing_complete_cb(struct hci_conn
*conn
, u8 status
)
1865 struct pending_cmd
*cmd
;
1867 BT_DBG("status %u", status
);
1869 cmd
= find_pairing(conn
);
1871 BT_DBG("Unable to find a pending command");
1873 pairing_complete(cmd
, mgmt_status(status
));
1876 static void le_connect_complete_cb(struct hci_conn
*conn
, u8 status
)
1878 struct pending_cmd
*cmd
;
1880 BT_DBG("status %u", status
);
1885 cmd
= find_pairing(conn
);
1887 BT_DBG("Unable to find a pending command");
1889 pairing_complete(cmd
, mgmt_status(status
));
1892 static int pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1895 struct mgmt_cp_pair_device
*cp
= data
;
1896 struct mgmt_rp_pair_device rp
;
1897 struct pending_cmd
*cmd
;
1898 u8 sec_level
, auth_type
;
1899 struct hci_conn
*conn
;
1906 if (!hdev_is_powered(hdev
)) {
1907 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
1908 MGMT_STATUS_NOT_POWERED
);
1912 sec_level
= BT_SECURITY_MEDIUM
;
1913 if (cp
->io_cap
== 0x03)
1914 auth_type
= HCI_AT_DEDICATED_BONDING
;
1916 auth_type
= HCI_AT_DEDICATED_BONDING_MITM
;
1918 if (cp
->addr
.type
== BDADDR_BREDR
)
1919 conn
= hci_connect(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
,
1920 cp
->addr
.type
, sec_level
, auth_type
);
1922 conn
= hci_connect(hdev
, LE_LINK
, &cp
->addr
.bdaddr
,
1923 cp
->addr
.type
, sec_level
, auth_type
);
1925 memset(&rp
, 0, sizeof(rp
));
1926 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
1927 rp
.addr
.type
= cp
->addr
.type
;
1930 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
1931 MGMT_STATUS_CONNECT_FAILED
, &rp
,
1936 if (conn
->connect_cfm_cb
) {
1938 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
1939 MGMT_STATUS_BUSY
, &rp
, sizeof(rp
));
1943 cmd
= mgmt_pending_add(sk
, MGMT_OP_PAIR_DEVICE
, hdev
, data
, len
);
1950 /* For LE, just connecting isn't a proof that the pairing finished */
1951 if (cp
->addr
.type
== BDADDR_BREDR
)
1952 conn
->connect_cfm_cb
= pairing_complete_cb
;
1954 conn
->connect_cfm_cb
= le_connect_complete_cb
;
1956 conn
->security_cfm_cb
= pairing_complete_cb
;
1957 conn
->disconn_cfm_cb
= pairing_complete_cb
;
1958 conn
->io_capability
= cp
->io_cap
;
1959 cmd
->user_data
= conn
;
1961 if (conn
->state
== BT_CONNECTED
&&
1962 hci_conn_security(conn
, sec_level
, auth_type
))
1963 pairing_complete(cmd
, 0);
1968 hci_dev_unlock(hdev
);
1972 static int cancel_pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1975 struct mgmt_addr_info
*addr
= data
;
1976 struct pending_cmd
*cmd
;
1977 struct hci_conn
*conn
;
1984 if (!hdev_is_powered(hdev
)) {
1985 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
1986 MGMT_STATUS_NOT_POWERED
);
1990 cmd
= mgmt_pending_find(MGMT_OP_PAIR_DEVICE
, hdev
);
1992 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
1993 MGMT_STATUS_INVALID_PARAMS
);
1997 conn
= cmd
->user_data
;
1999 if (bacmp(&addr
->bdaddr
, &conn
->dst
) != 0) {
2000 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
2001 MGMT_STATUS_INVALID_PARAMS
);
2005 pairing_complete(cmd
, MGMT_STATUS_CANCELLED
);
2007 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
, 0,
2008 addr
, sizeof(*addr
));
2010 hci_dev_unlock(hdev
);
2014 static int user_pairing_resp(struct sock
*sk
, struct hci_dev
*hdev
,
2015 bdaddr_t
*bdaddr
, u8 type
, u16 mgmt_op
,
2016 u16 hci_op
, __le32 passkey
)
2018 struct pending_cmd
*cmd
;
2019 struct hci_conn
*conn
;
2024 if (!hdev_is_powered(hdev
)) {
2025 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2026 MGMT_STATUS_NOT_POWERED
);
2030 if (type
== BDADDR_BREDR
)
2031 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, bdaddr
);
2033 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, bdaddr
);
2036 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2037 MGMT_STATUS_NOT_CONNECTED
);
2041 if (type
== BDADDR_LE_PUBLIC
|| type
== BDADDR_LE_RANDOM
) {
2042 /* Continue with pairing via SMP */
2043 err
= smp_user_confirm_reply(conn
, mgmt_op
, passkey
);
2046 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2047 MGMT_STATUS_SUCCESS
);
2049 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2050 MGMT_STATUS_FAILED
);
2055 cmd
= mgmt_pending_add(sk
, mgmt_op
, hdev
, bdaddr
, sizeof(*bdaddr
));
2061 /* Continue with pairing via HCI */
2062 if (hci_op
== HCI_OP_USER_PASSKEY_REPLY
) {
2063 struct hci_cp_user_passkey_reply cp
;
2065 bacpy(&cp
.bdaddr
, bdaddr
);
2066 cp
.passkey
= passkey
;
2067 err
= hci_send_cmd(hdev
, hci_op
, sizeof(cp
), &cp
);
2069 err
= hci_send_cmd(hdev
, hci_op
, sizeof(*bdaddr
), bdaddr
);
2072 mgmt_pending_remove(cmd
);
2075 hci_dev_unlock(hdev
);
2079 static int user_confirm_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2082 struct mgmt_cp_user_confirm_reply
*cp
= data
;
2086 if (len
!= sizeof(*cp
))
2087 return cmd_status(sk
, hdev
->id
, MGMT_OP_USER_CONFIRM_REPLY
,
2088 MGMT_STATUS_INVALID_PARAMS
);
2090 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2091 MGMT_OP_USER_CONFIRM_REPLY
,
2092 HCI_OP_USER_CONFIRM_REPLY
, 0);
2095 static int user_confirm_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2096 void *data
, u16 len
)
2098 struct mgmt_cp_user_confirm_neg_reply
*cp
= data
;
2102 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2103 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
2104 HCI_OP_USER_CONFIRM_NEG_REPLY
, 0);
2107 static int user_passkey_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2110 struct mgmt_cp_user_passkey_reply
*cp
= data
;
2114 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2115 MGMT_OP_USER_PASSKEY_REPLY
,
2116 HCI_OP_USER_PASSKEY_REPLY
, cp
->passkey
);
2119 static int user_passkey_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2120 void *data
, u16 len
)
2122 struct mgmt_cp_user_passkey_neg_reply
*cp
= data
;
2126 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2127 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
2128 HCI_OP_USER_PASSKEY_NEG_REPLY
, 0);
2131 static int update_name(struct hci_dev
*hdev
, const char *name
)
2133 struct hci_cp_write_local_name cp
;
2135 memcpy(cp
.name
, name
, sizeof(cp
.name
));
2137 return hci_send_cmd(hdev
, HCI_OP_WRITE_LOCAL_NAME
, sizeof(cp
), &cp
);
2140 static int set_local_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2143 struct mgmt_cp_set_local_name
*cp
= data
;
2144 struct pending_cmd
*cmd
;
2151 memcpy(hdev
->short_name
, cp
->short_name
, sizeof(hdev
->short_name
));
2153 if (!hdev_is_powered(hdev
)) {
2154 memcpy(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
));
2156 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
2161 err
= mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, data
, len
,
2167 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LOCAL_NAME
, hdev
, data
, len
);
2173 err
= update_name(hdev
, cp
->name
);
2175 mgmt_pending_remove(cmd
);
2178 hci_dev_unlock(hdev
);
2182 static int read_local_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2183 void *data
, u16 data_len
)
2185 struct pending_cmd
*cmd
;
2188 BT_DBG("%s", hdev
->name
);
2192 if (!hdev_is_powered(hdev
)) {
2193 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2194 MGMT_STATUS_NOT_POWERED
);
2198 if (!(hdev
->features
[6] & LMP_SIMPLE_PAIR
)) {
2199 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2200 MGMT_STATUS_NOT_SUPPORTED
);
2204 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
)) {
2205 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2210 cmd
= mgmt_pending_add(sk
, MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
, NULL
, 0);
2216 err
= hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_OOB_DATA
, 0, NULL
);
2218 mgmt_pending_remove(cmd
);
2221 hci_dev_unlock(hdev
);
2225 static int add_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2226 void *data
, u16 len
)
2228 struct mgmt_cp_add_remote_oob_data
*cp
= data
;
2232 BT_DBG("%s ", hdev
->name
);
2236 if (!hdev_is_powered(hdev
)) {
2237 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
,
2238 MGMT_STATUS_NOT_POWERED
, &cp
->addr
,
2243 err
= hci_add_remote_oob_data(hdev
, &cp
->addr
.bdaddr
, cp
->hash
,
2246 status
= MGMT_STATUS_FAILED
;
2250 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
, status
,
2251 &cp
->addr
, sizeof(cp
->addr
));
2254 hci_dev_unlock(hdev
);
2258 static int remove_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2259 void *data
, u16 len
)
2261 struct mgmt_cp_remove_remote_oob_data
*cp
= data
;
2265 BT_DBG("%s", hdev
->name
);
2269 if (!hdev_is_powered(hdev
)) {
2270 err
= cmd_complete(sk
, hdev
->id
,
2271 MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
2272 MGMT_STATUS_NOT_POWERED
, &cp
->addr
,
2277 err
= hci_remove_remote_oob_data(hdev
, &cp
->addr
.bdaddr
);
2279 status
= MGMT_STATUS_INVALID_PARAMS
;
2283 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
2284 status
, &cp
->addr
, sizeof(cp
->addr
));
2287 hci_dev_unlock(hdev
);
2291 int mgmt_interleaved_discovery(struct hci_dev
*hdev
)
2295 BT_DBG("%s", hdev
->name
);
2299 err
= hci_do_inquiry(hdev
, INQUIRY_LEN_BREDR_LE
);
2301 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2303 hci_dev_unlock(hdev
);
2308 static int start_discovery(struct sock
*sk
, struct hci_dev
*hdev
,
2309 void *data
, u16 len
)
2311 struct mgmt_cp_start_discovery
*cp
= data
;
2312 struct pending_cmd
*cmd
;
2315 BT_DBG("%s", hdev
->name
);
2319 if (!hdev_is_powered(hdev
)) {
2320 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2321 MGMT_STATUS_NOT_POWERED
);
2325 if (test_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
)) {
2326 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2331 if (hdev
->discovery
.state
!= DISCOVERY_STOPPED
) {
2332 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2337 cmd
= mgmt_pending_add(sk
, MGMT_OP_START_DISCOVERY
, hdev
, NULL
, 0);
2343 hdev
->discovery
.type
= cp
->type
;
2345 switch (hdev
->discovery
.type
) {
2346 case DISCOV_TYPE_BREDR
:
2347 if (lmp_bredr_capable(hdev
))
2348 err
= hci_do_inquiry(hdev
, INQUIRY_LEN_BREDR
);
2353 case DISCOV_TYPE_LE
:
2354 if (lmp_host_le_capable(hdev
))
2355 err
= hci_le_scan(hdev
, LE_SCAN_TYPE
, LE_SCAN_INT
,
2356 LE_SCAN_WIN
, LE_SCAN_TIMEOUT_LE_ONLY
);
2361 case DISCOV_TYPE_INTERLEAVED
:
2362 if (lmp_host_le_capable(hdev
) && lmp_bredr_capable(hdev
))
2363 err
= hci_le_scan(hdev
, LE_SCAN_TYPE
, LE_SCAN_INT
,
2365 LE_SCAN_TIMEOUT_BREDR_LE
);
2375 mgmt_pending_remove(cmd
);
2377 hci_discovery_set_state(hdev
, DISCOVERY_STARTING
);
2380 hci_dev_unlock(hdev
);
2384 static int stop_discovery(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2387 struct mgmt_cp_stop_discovery
*mgmt_cp
= data
;
2388 struct pending_cmd
*cmd
;
2389 struct hci_cp_remote_name_req_cancel cp
;
2390 struct inquiry_entry
*e
;
2393 BT_DBG("%s", hdev
->name
);
2397 if (!hci_discovery_active(hdev
)) {
2398 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
2399 MGMT_STATUS_REJECTED
, &mgmt_cp
->type
,
2400 sizeof(mgmt_cp
->type
));
2404 if (hdev
->discovery
.type
!= mgmt_cp
->type
) {
2405 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
2406 MGMT_STATUS_INVALID_PARAMS
, &mgmt_cp
->type
,
2407 sizeof(mgmt_cp
->type
));
2411 cmd
= mgmt_pending_add(sk
, MGMT_OP_STOP_DISCOVERY
, hdev
, NULL
, 0);
2417 switch (hdev
->discovery
.state
) {
2418 case DISCOVERY_FINDING
:
2419 if (test_bit(HCI_INQUIRY
, &hdev
->flags
))
2420 err
= hci_cancel_inquiry(hdev
);
2422 err
= hci_cancel_le_scan(hdev
);
2426 case DISCOVERY_RESOLVING
:
2427 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
,
2430 mgmt_pending_remove(cmd
);
2431 err
= cmd_complete(sk
, hdev
->id
,
2432 MGMT_OP_STOP_DISCOVERY
, 0,
2434 sizeof(mgmt_cp
->type
));
2435 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2439 bacpy(&cp
.bdaddr
, &e
->data
.bdaddr
);
2440 err
= hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ_CANCEL
,
2446 BT_DBG("unknown discovery state %u", hdev
->discovery
.state
);
2451 mgmt_pending_remove(cmd
);
2453 hci_discovery_set_state(hdev
, DISCOVERY_STOPPING
);
2456 hci_dev_unlock(hdev
);
2460 static int confirm_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2463 struct mgmt_cp_confirm_name
*cp
= data
;
2464 struct inquiry_entry
*e
;
2467 BT_DBG("%s", hdev
->name
);
2471 if (!hci_discovery_active(hdev
)) {
2472 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
2473 MGMT_STATUS_FAILED
);
2477 e
= hci_inquiry_cache_lookup_unknown(hdev
, &cp
->addr
.bdaddr
);
2479 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
2480 MGMT_STATUS_INVALID_PARAMS
);
2484 if (cp
->name_known
) {
2485 e
->name_state
= NAME_KNOWN
;
2488 e
->name_state
= NAME_NEEDED
;
2489 hci_inquiry_cache_update_resolve(hdev
, e
);
2495 hci_dev_unlock(hdev
);
2499 static int block_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2502 struct mgmt_cp_block_device
*cp
= data
;
2506 BT_DBG("%s", hdev
->name
);
2510 err
= hci_blacklist_add(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
2512 status
= MGMT_STATUS_FAILED
;
2516 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_BLOCK_DEVICE
, status
,
2517 &cp
->addr
, sizeof(cp
->addr
));
2519 hci_dev_unlock(hdev
);
2524 static int unblock_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2527 struct mgmt_cp_unblock_device
*cp
= data
;
2531 BT_DBG("%s", hdev
->name
);
2535 err
= hci_blacklist_del(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
2537 status
= MGMT_STATUS_INVALID_PARAMS
;
2541 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNBLOCK_DEVICE
, status
,
2542 &cp
->addr
, sizeof(cp
->addr
));
2544 hci_dev_unlock(hdev
);
2549 static int set_device_id(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2552 struct mgmt_cp_set_device_id
*cp
= data
;
2556 BT_DBG("%s", hdev
->name
);
2558 source
= __le16_to_cpu(cp
->source
);
2560 if (source
> 0x0002)
2561 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEVICE_ID
,
2562 MGMT_STATUS_INVALID_PARAMS
);
2566 hdev
->devid_source
= source
;
2567 hdev
->devid_vendor
= __le16_to_cpu(cp
->vendor
);
2568 hdev
->devid_product
= __le16_to_cpu(cp
->product
);
2569 hdev
->devid_version
= __le16_to_cpu(cp
->version
);
2571 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEVICE_ID
, 0, NULL
, 0);
2575 hci_dev_unlock(hdev
);
2580 static int set_fast_connectable(struct sock
*sk
, struct hci_dev
*hdev
,
2581 void *data
, u16 len
)
2583 struct mgmt_mode
*cp
= data
;
2584 struct hci_cp_write_page_scan_activity acp
;
2588 BT_DBG("%s", hdev
->name
);
2590 if (!hdev_is_powered(hdev
))
2591 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2592 MGMT_STATUS_NOT_POWERED
);
2594 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2595 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2596 MGMT_STATUS_REJECTED
);
2601 type
= PAGE_SCAN_TYPE_INTERLACED
;
2603 /* 22.5 msec page scan interval */
2604 acp
.interval
= __constant_cpu_to_le16(0x0024);
2606 type
= PAGE_SCAN_TYPE_STANDARD
; /* default */
2608 /* default 1.28 sec page scan */
2609 acp
.interval
= __constant_cpu_to_le16(0x0800);
2612 /* default 11.25 msec page scan window */
2613 acp
.window
= __constant_cpu_to_le16(0x0012);
2615 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY
, sizeof(acp
),
2618 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2619 MGMT_STATUS_FAILED
);
2623 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_PAGE_SCAN_TYPE
, 1, &type
);
2625 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2626 MGMT_STATUS_FAILED
);
2630 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
, 0,
2633 hci_dev_unlock(hdev
);
2637 static int load_long_term_keys(struct sock
*sk
, struct hci_dev
*hdev
,
2638 void *cp_data
, u16 len
)
2640 struct mgmt_cp_load_long_term_keys
*cp
= cp_data
;
2641 u16 key_count
, expected_len
;
2644 key_count
= __le16_to_cpu(cp
->key_count
);
2646 expected_len
= sizeof(*cp
) + key_count
*
2647 sizeof(struct mgmt_ltk_info
);
2648 if (expected_len
!= len
) {
2649 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2651 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
,
2655 BT_DBG("%s key_count %u", hdev
->name
, key_count
);
2659 hci_smp_ltks_clear(hdev
);
2661 for (i
= 0; i
< key_count
; i
++) {
2662 struct mgmt_ltk_info
*key
= &cp
->keys
[i
];
2668 type
= HCI_SMP_LTK_SLAVE
;
2670 hci_add_ltk(hdev
, &key
->addr
.bdaddr
,
2671 bdaddr_to_le(key
->addr
.type
),
2672 type
, 0, key
->authenticated
, key
->val
,
2673 key
->enc_size
, key
->ediv
, key
->rand
);
2676 hci_dev_unlock(hdev
);
2681 static const struct mgmt_handler
{
2682 int (*func
) (struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2686 } mgmt_handlers
[] = {
2687 { NULL
}, /* 0x0000 (no command) */
2688 { read_version
, false, MGMT_READ_VERSION_SIZE
},
2689 { read_commands
, false, MGMT_READ_COMMANDS_SIZE
},
2690 { read_index_list
, false, MGMT_READ_INDEX_LIST_SIZE
},
2691 { read_controller_info
, false, MGMT_READ_INFO_SIZE
},
2692 { set_powered
, false, MGMT_SETTING_SIZE
},
2693 { set_discoverable
, false, MGMT_SET_DISCOVERABLE_SIZE
},
2694 { set_connectable
, false, MGMT_SETTING_SIZE
},
2695 { set_fast_connectable
, false, MGMT_SETTING_SIZE
},
2696 { set_pairable
, false, MGMT_SETTING_SIZE
},
2697 { set_link_security
, false, MGMT_SETTING_SIZE
},
2698 { set_ssp
, false, MGMT_SETTING_SIZE
},
2699 { set_hs
, false, MGMT_SETTING_SIZE
},
2700 { set_le
, false, MGMT_SETTING_SIZE
},
2701 { set_dev_class
, false, MGMT_SET_DEV_CLASS_SIZE
},
2702 { set_local_name
, false, MGMT_SET_LOCAL_NAME_SIZE
},
2703 { add_uuid
, false, MGMT_ADD_UUID_SIZE
},
2704 { remove_uuid
, false, MGMT_REMOVE_UUID_SIZE
},
2705 { load_link_keys
, true, MGMT_LOAD_LINK_KEYS_SIZE
},
2706 { load_long_term_keys
, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE
},
2707 { disconnect
, false, MGMT_DISCONNECT_SIZE
},
2708 { get_connections
, false, MGMT_GET_CONNECTIONS_SIZE
},
2709 { pin_code_reply
, false, MGMT_PIN_CODE_REPLY_SIZE
},
2710 { pin_code_neg_reply
, false, MGMT_PIN_CODE_NEG_REPLY_SIZE
},
2711 { set_io_capability
, false, MGMT_SET_IO_CAPABILITY_SIZE
},
2712 { pair_device
, false, MGMT_PAIR_DEVICE_SIZE
},
2713 { cancel_pair_device
, false, MGMT_CANCEL_PAIR_DEVICE_SIZE
},
2714 { unpair_device
, false, MGMT_UNPAIR_DEVICE_SIZE
},
2715 { user_confirm_reply
, false, MGMT_USER_CONFIRM_REPLY_SIZE
},
2716 { user_confirm_neg_reply
, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE
},
2717 { user_passkey_reply
, false, MGMT_USER_PASSKEY_REPLY_SIZE
},
2718 { user_passkey_neg_reply
, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE
},
2719 { read_local_oob_data
, false, MGMT_READ_LOCAL_OOB_DATA_SIZE
},
2720 { add_remote_oob_data
, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE
},
2721 { remove_remote_oob_data
, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE
},
2722 { start_discovery
, false, MGMT_START_DISCOVERY_SIZE
},
2723 { stop_discovery
, false, MGMT_STOP_DISCOVERY_SIZE
},
2724 { confirm_name
, false, MGMT_CONFIRM_NAME_SIZE
},
2725 { block_device
, false, MGMT_BLOCK_DEVICE_SIZE
},
2726 { unblock_device
, false, MGMT_UNBLOCK_DEVICE_SIZE
},
2727 { set_device_id
, false, MGMT_SET_DEVICE_ID_SIZE
},
2731 int mgmt_control(struct sock
*sk
, struct msghdr
*msg
, size_t msglen
)
2735 struct mgmt_hdr
*hdr
;
2736 u16 opcode
, index
, len
;
2737 struct hci_dev
*hdev
= NULL
;
2738 const struct mgmt_handler
*handler
;
2741 BT_DBG("got %zu bytes", msglen
);
2743 if (msglen
< sizeof(*hdr
))
2746 buf
= kmalloc(msglen
, GFP_KERNEL
);
2750 if (memcpy_fromiovec(buf
, msg
->msg_iov
, msglen
)) {
2756 opcode
= __le16_to_cpu(hdr
->opcode
);
2757 index
= __le16_to_cpu(hdr
->index
);
2758 len
= __le16_to_cpu(hdr
->len
);
2760 if (len
!= msglen
- sizeof(*hdr
)) {
2765 if (index
!= MGMT_INDEX_NONE
) {
2766 hdev
= hci_dev_get(index
);
2768 err
= cmd_status(sk
, index
, opcode
,
2769 MGMT_STATUS_INVALID_INDEX
);
2774 if (opcode
>= ARRAY_SIZE(mgmt_handlers
) ||
2775 mgmt_handlers
[opcode
].func
== NULL
) {
2776 BT_DBG("Unknown op %u", opcode
);
2777 err
= cmd_status(sk
, index
, opcode
,
2778 MGMT_STATUS_UNKNOWN_COMMAND
);
2782 if ((hdev
&& opcode
< MGMT_OP_READ_INFO
) ||
2783 (!hdev
&& opcode
>= MGMT_OP_READ_INFO
)) {
2784 err
= cmd_status(sk
, index
, opcode
,
2785 MGMT_STATUS_INVALID_INDEX
);
2789 handler
= &mgmt_handlers
[opcode
];
2791 if ((handler
->var_len
&& len
< handler
->data_len
) ||
2792 (!handler
->var_len
&& len
!= handler
->data_len
)) {
2793 err
= cmd_status(sk
, index
, opcode
,
2794 MGMT_STATUS_INVALID_PARAMS
);
2799 mgmt_init_hdev(sk
, hdev
);
2801 cp
= buf
+ sizeof(*hdr
);
2803 err
= handler
->func(sk
, hdev
, cp
, len
);
2817 static void cmd_status_rsp(struct pending_cmd
*cmd
, void *data
)
2821 cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, *status
);
2822 mgmt_pending_remove(cmd
);
2825 int mgmt_index_added(struct hci_dev
*hdev
)
2827 return mgmt_event(MGMT_EV_INDEX_ADDED
, hdev
, NULL
, 0, NULL
);
2830 int mgmt_index_removed(struct hci_dev
*hdev
)
2832 u8 status
= MGMT_STATUS_INVALID_INDEX
;
2834 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status
);
2836 return mgmt_event(MGMT_EV_INDEX_REMOVED
, hdev
, NULL
, 0, NULL
);
2841 struct hci_dev
*hdev
;
2845 static void settings_rsp(struct pending_cmd
*cmd
, void *data
)
2847 struct cmd_lookup
*match
= data
;
2849 send_settings_rsp(cmd
->sk
, cmd
->opcode
, match
->hdev
);
2851 list_del(&cmd
->list
);
2853 if (match
->sk
== NULL
) {
2854 match
->sk
= cmd
->sk
;
2855 sock_hold(match
->sk
);
2858 mgmt_pending_free(cmd
);
2861 int mgmt_powered(struct hci_dev
*hdev
, u8 powered
)
2863 struct cmd_lookup match
= { NULL
, hdev
};
2866 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
2869 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
, &match
);
2874 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2876 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
2877 scan
|= SCAN_INQUIRY
;
2880 hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
2883 update_name(hdev
, hdev
->dev_name
);
2886 u8 status
= MGMT_STATUS_NOT_POWERED
;
2887 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status
);
2890 err
= new_settings(hdev
, match
.sk
);
2898 int mgmt_discoverable(struct hci_dev
*hdev
, u8 discoverable
)
2900 struct cmd_lookup match
= { NULL
, hdev
};
2901 bool changed
= false;
2905 if (!test_and_set_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
2908 if (test_and_clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
2912 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE
, hdev
, settings_rsp
,
2916 err
= new_settings(hdev
, match
.sk
);
2924 int mgmt_connectable(struct hci_dev
*hdev
, u8 connectable
)
2926 struct cmd_lookup match
= { NULL
, hdev
};
2927 bool changed
= false;
2931 if (!test_and_set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2934 if (test_and_clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2938 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE
, hdev
, settings_rsp
,
2942 err
= new_settings(hdev
, match
.sk
);
2950 int mgmt_write_scan_failed(struct hci_dev
*hdev
, u8 scan
, u8 status
)
2952 u8 mgmt_err
= mgmt_status(status
);
2954 if (scan
& SCAN_PAGE
)
2955 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE
, hdev
,
2956 cmd_status_rsp
, &mgmt_err
);
2958 if (scan
& SCAN_INQUIRY
)
2959 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE
, hdev
,
2960 cmd_status_rsp
, &mgmt_err
);
2965 int mgmt_new_link_key(struct hci_dev
*hdev
, struct link_key
*key
,
2968 struct mgmt_ev_new_link_key ev
;
2970 memset(&ev
, 0, sizeof(ev
));
2972 ev
.store_hint
= persistent
;
2973 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
2974 ev
.key
.addr
.type
= BDADDR_BREDR
;
2975 ev
.key
.type
= key
->type
;
2976 memcpy(ev
.key
.val
, key
->val
, 16);
2977 ev
.key
.pin_len
= key
->pin_len
;
2979 return mgmt_event(MGMT_EV_NEW_LINK_KEY
, hdev
, &ev
, sizeof(ev
), NULL
);
2982 int mgmt_new_ltk(struct hci_dev
*hdev
, struct smp_ltk
*key
, u8 persistent
)
2984 struct mgmt_ev_new_long_term_key ev
;
2986 memset(&ev
, 0, sizeof(ev
));
2988 ev
.store_hint
= persistent
;
2989 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
2990 ev
.key
.addr
.type
= link_to_bdaddr(LE_LINK
, key
->bdaddr_type
);
2991 ev
.key
.authenticated
= key
->authenticated
;
2992 ev
.key
.enc_size
= key
->enc_size
;
2993 ev
.key
.ediv
= key
->ediv
;
2995 if (key
->type
== HCI_SMP_LTK
)
2998 memcpy(ev
.key
.rand
, key
->rand
, sizeof(key
->rand
));
2999 memcpy(ev
.key
.val
, key
->val
, sizeof(key
->val
));
3001 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY
, hdev
, &ev
, sizeof(ev
),
3005 int mgmt_device_connected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3006 u8 addr_type
, u32 flags
, u8
*name
, u8 name_len
,
3010 struct mgmt_ev_device_connected
*ev
= (void *) buf
;
3013 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
3014 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3016 ev
->flags
= __cpu_to_le32(flags
);
3019 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
,
3022 if (dev_class
&& memcmp(dev_class
, "\0\0\0", 3) != 0)
3023 eir_len
= eir_append_data(ev
->eir
, eir_len
,
3024 EIR_CLASS_OF_DEV
, dev_class
, 3);
3026 ev
->eir_len
= cpu_to_le16(eir_len
);
3028 return mgmt_event(MGMT_EV_DEVICE_CONNECTED
, hdev
, buf
,
3029 sizeof(*ev
) + eir_len
, NULL
);
3032 static void disconnect_rsp(struct pending_cmd
*cmd
, void *data
)
3034 struct mgmt_cp_disconnect
*cp
= cmd
->param
;
3035 struct sock
**sk
= data
;
3036 struct mgmt_rp_disconnect rp
;
3038 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
3039 rp
.addr
.type
= cp
->addr
.type
;
3041 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
, 0, &rp
,
3047 mgmt_pending_remove(cmd
);
3050 static void unpair_device_rsp(struct pending_cmd
*cmd
, void *data
)
3052 struct hci_dev
*hdev
= data
;
3053 struct mgmt_cp_unpair_device
*cp
= cmd
->param
;
3054 struct mgmt_rp_unpair_device rp
;
3056 memset(&rp
, 0, sizeof(rp
));
3057 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
3058 rp
.addr
.type
= cp
->addr
.type
;
3060 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, cmd
->sk
);
3062 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, 0, &rp
, sizeof(rp
));
3064 mgmt_pending_remove(cmd
);
3067 int mgmt_device_disconnected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3068 u8 link_type
, u8 addr_type
)
3070 struct mgmt_addr_info ev
;
3071 struct sock
*sk
= NULL
;
3074 mgmt_pending_foreach(MGMT_OP_DISCONNECT
, hdev
, disconnect_rsp
, &sk
);
3076 bacpy(&ev
.bdaddr
, bdaddr
);
3077 ev
.type
= link_to_bdaddr(link_type
, addr_type
);
3079 err
= mgmt_event(MGMT_EV_DEVICE_DISCONNECTED
, hdev
, &ev
, sizeof(ev
),
3085 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
3091 int mgmt_disconnect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3092 u8 link_type
, u8 addr_type
, u8 status
)
3094 struct mgmt_rp_disconnect rp
;
3095 struct pending_cmd
*cmd
;
3098 cmd
= mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
);
3102 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3103 rp
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3105 err
= cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
,
3106 mgmt_status(status
), &rp
, sizeof(rp
));
3108 mgmt_pending_remove(cmd
);
3110 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
3115 int mgmt_connect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3116 u8 addr_type
, u8 status
)
3118 struct mgmt_ev_connect_failed ev
;
3120 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3121 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3122 ev
.status
= mgmt_status(status
);
3124 return mgmt_event(MGMT_EV_CONNECT_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
3127 int mgmt_pin_code_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 secure
)
3129 struct mgmt_ev_pin_code_request ev
;
3131 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3132 ev
.addr
.type
= BDADDR_BREDR
;
3135 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST
, hdev
, &ev
, sizeof(ev
),
3139 int mgmt_pin_code_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3142 struct pending_cmd
*cmd
;
3143 struct mgmt_rp_pin_code_reply rp
;
3146 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY
, hdev
);
3150 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3151 rp
.addr
.type
= BDADDR_BREDR
;
3153 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
3154 mgmt_status(status
), &rp
, sizeof(rp
));
3156 mgmt_pending_remove(cmd
);
3161 int mgmt_pin_code_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3164 struct pending_cmd
*cmd
;
3165 struct mgmt_rp_pin_code_reply rp
;
3168 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
);
3172 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3173 rp
.addr
.type
= BDADDR_BREDR
;
3175 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_NEG_REPLY
,
3176 mgmt_status(status
), &rp
, sizeof(rp
));
3178 mgmt_pending_remove(cmd
);
3183 int mgmt_user_confirm_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3184 u8 link_type
, u8 addr_type
, __le32 value
,
3187 struct mgmt_ev_user_confirm_request ev
;
3189 BT_DBG("%s", hdev
->name
);
3191 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3192 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3193 ev
.confirm_hint
= confirm_hint
;
3196 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST
, hdev
, &ev
, sizeof(ev
),
3200 int mgmt_user_passkey_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3201 u8 link_type
, u8 addr_type
)
3203 struct mgmt_ev_user_passkey_request ev
;
3205 BT_DBG("%s", hdev
->name
);
3207 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3208 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3210 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST
, hdev
, &ev
, sizeof(ev
),
3214 static int user_pairing_resp_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3215 u8 link_type
, u8 addr_type
, u8 status
,
3218 struct pending_cmd
*cmd
;
3219 struct mgmt_rp_user_confirm_reply rp
;
3222 cmd
= mgmt_pending_find(opcode
, hdev
);
3226 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3227 rp
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3228 err
= cmd_complete(cmd
->sk
, hdev
->id
, opcode
, mgmt_status(status
),
3231 mgmt_pending_remove(cmd
);
3236 int mgmt_user_confirm_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3237 u8 link_type
, u8 addr_type
, u8 status
)
3239 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3240 status
, MGMT_OP_USER_CONFIRM_REPLY
);
3243 int mgmt_user_confirm_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3244 u8 link_type
, u8 addr_type
, u8 status
)
3246 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3247 status
, MGMT_OP_USER_CONFIRM_NEG_REPLY
);
3250 int mgmt_user_passkey_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3251 u8 link_type
, u8 addr_type
, u8 status
)
3253 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3254 status
, MGMT_OP_USER_PASSKEY_REPLY
);
3257 int mgmt_user_passkey_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3258 u8 link_type
, u8 addr_type
, u8 status
)
3260 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3261 status
, MGMT_OP_USER_PASSKEY_NEG_REPLY
);
3264 int mgmt_auth_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3265 u8 addr_type
, u8 status
)
3267 struct mgmt_ev_auth_failed ev
;
3269 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3270 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3271 ev
.status
= mgmt_status(status
);
3273 return mgmt_event(MGMT_EV_AUTH_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
3276 int mgmt_auth_enable_complete(struct hci_dev
*hdev
, u8 status
)
3278 struct cmd_lookup match
= { NULL
, hdev
};
3279 bool changed
= false;
3283 u8 mgmt_err
= mgmt_status(status
);
3284 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
,
3285 cmd_status_rsp
, &mgmt_err
);
3289 if (test_bit(HCI_AUTH
, &hdev
->flags
)) {
3290 if (!test_and_set_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
3293 if (test_and_clear_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
3297 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
, settings_rsp
,
3301 err
= new_settings(hdev
, match
.sk
);
3309 static int clear_eir(struct hci_dev
*hdev
)
3311 struct hci_cp_write_eir cp
;
3313 if (!(hdev
->features
[6] & LMP_EXT_INQ
))
3316 memset(hdev
->eir
, 0, sizeof(hdev
->eir
));
3318 memset(&cp
, 0, sizeof(cp
));
3320 return hci_send_cmd(hdev
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
3323 int mgmt_ssp_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
3325 struct cmd_lookup match
= { NULL
, hdev
};
3326 bool changed
= false;
3330 u8 mgmt_err
= mgmt_status(status
);
3332 if (enable
&& test_and_clear_bit(HCI_SSP_ENABLED
,
3334 err
= new_settings(hdev
, NULL
);
3336 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, cmd_status_rsp
,
3343 if (!test_and_set_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3346 if (test_and_clear_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3350 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, settings_rsp
, &match
);
3353 err
= new_settings(hdev
, match
.sk
);
3358 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3366 static void class_rsp(struct pending_cmd
*cmd
, void *data
)
3368 struct cmd_lookup
*match
= data
;
3370 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, match
->mgmt_status
,
3371 match
->hdev
->dev_class
, 3);
3373 list_del(&cmd
->list
);
3375 if (match
->sk
== NULL
) {
3376 match
->sk
= cmd
->sk
;
3377 sock_hold(match
->sk
);
3380 mgmt_pending_free(cmd
);
3383 int mgmt_set_class_of_dev_complete(struct hci_dev
*hdev
, u8
*dev_class
,
3386 struct cmd_lookup match
= { NULL
, hdev
, mgmt_status(status
) };
3389 clear_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
);
3391 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS
, hdev
, class_rsp
, &match
);
3392 mgmt_pending_foreach(MGMT_OP_ADD_UUID
, hdev
, class_rsp
, &match
);
3393 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID
, hdev
, class_rsp
, &match
);
3396 err
= mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED
, hdev
, dev_class
,
3405 int mgmt_set_local_name_complete(struct hci_dev
*hdev
, u8
*name
, u8 status
)
3407 struct pending_cmd
*cmd
;
3408 struct mgmt_cp_set_local_name ev
;
3409 bool changed
= false;
3412 if (memcmp(name
, hdev
->dev_name
, sizeof(hdev
->dev_name
)) != 0) {
3413 memcpy(hdev
->dev_name
, name
, sizeof(hdev
->dev_name
));
3417 memset(&ev
, 0, sizeof(ev
));
3418 memcpy(ev
.name
, name
, HCI_MAX_NAME_LENGTH
);
3419 memcpy(ev
.short_name
, hdev
->short_name
, HCI_MAX_SHORT_NAME_LENGTH
);
3421 cmd
= mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME
, hdev
);
3425 /* Always assume that either the short or the complete name has
3426 * changed if there was a pending mgmt command */
3430 err
= cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
,
3431 mgmt_status(status
));
3435 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0, &ev
,
3442 err
= mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, &ev
,
3443 sizeof(ev
), cmd
? cmd
->sk
: NULL
);
3449 mgmt_pending_remove(cmd
);
3453 int mgmt_read_local_oob_data_reply_complete(struct hci_dev
*hdev
, u8
*hash
,
3454 u8
*randomizer
, u8 status
)
3456 struct pending_cmd
*cmd
;
3459 BT_DBG("%s status %u", hdev
->name
, status
);
3461 cmd
= mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
);
3466 err
= cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
3467 mgmt_status(status
));
3469 struct mgmt_rp_read_local_oob_data rp
;
3471 memcpy(rp
.hash
, hash
, sizeof(rp
.hash
));
3472 memcpy(rp
.randomizer
, randomizer
, sizeof(rp
.randomizer
));
3474 err
= cmd_complete(cmd
->sk
, hdev
->id
,
3475 MGMT_OP_READ_LOCAL_OOB_DATA
, 0, &rp
,
3479 mgmt_pending_remove(cmd
);
3484 int mgmt_le_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
3486 struct cmd_lookup match
= { NULL
, hdev
};
3487 bool changed
= false;
3491 u8 mgmt_err
= mgmt_status(status
);
3493 if (enable
&& test_and_clear_bit(HCI_LE_ENABLED
,
3495 err
= new_settings(hdev
, NULL
);
3497 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, cmd_status_rsp
,
3504 if (!test_and_set_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
3507 if (test_and_clear_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
3511 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, settings_rsp
, &match
);
3514 err
= new_settings(hdev
, match
.sk
);
3522 int mgmt_device_found(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3523 u8 addr_type
, u8
*dev_class
, s8 rssi
, u8 cfm_name
, u8
3524 ssp
, u8
*eir
, u16 eir_len
)
3527 struct mgmt_ev_device_found
*ev
= (void *) buf
;
3530 /* Leave 5 bytes for a potential CoD field */
3531 if (sizeof(*ev
) + eir_len
+ 5 > sizeof(buf
))
3534 memset(buf
, 0, sizeof(buf
));
3536 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
3537 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3540 ev
->flags
[0] |= MGMT_DEV_FOUND_CONFIRM_NAME
;
3542 ev
->flags
[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING
;
3545 memcpy(ev
->eir
, eir
, eir_len
);
3547 if (dev_class
&& !eir_has_data_type(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
))
3548 eir_len
= eir_append_data(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
,
3551 ev
->eir_len
= cpu_to_le16(eir_len
);
3553 ev_size
= sizeof(*ev
) + eir_len
;
3555 return mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
, ev_size
, NULL
);
3558 int mgmt_remote_name(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3559 u8 addr_type
, s8 rssi
, u8
*name
, u8 name_len
)
3561 struct mgmt_ev_device_found
*ev
;
3562 char buf
[sizeof(*ev
) + HCI_MAX_NAME_LENGTH
+ 2];
3565 ev
= (struct mgmt_ev_device_found
*) buf
;
3567 memset(buf
, 0, sizeof(buf
));
3569 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
3570 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3573 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
, name
,
3576 ev
->eir_len
= cpu_to_le16(eir_len
);
3578 return mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
,
3579 sizeof(*ev
) + eir_len
, NULL
);
3582 int mgmt_start_discovery_failed(struct hci_dev
*hdev
, u8 status
)
3584 struct pending_cmd
*cmd
;
3588 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
3590 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
3594 type
= hdev
->discovery
.type
;
3596 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
3597 &type
, sizeof(type
));
3598 mgmt_pending_remove(cmd
);
3603 int mgmt_stop_discovery_failed(struct hci_dev
*hdev
, u8 status
)
3605 struct pending_cmd
*cmd
;
3608 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
3612 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
3613 &hdev
->discovery
.type
, sizeof(hdev
->discovery
.type
));
3614 mgmt_pending_remove(cmd
);
3619 int mgmt_discovering(struct hci_dev
*hdev
, u8 discovering
)
3621 struct mgmt_ev_discovering ev
;
3622 struct pending_cmd
*cmd
;
3624 BT_DBG("%s discovering %u", hdev
->name
, discovering
);
3627 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
3629 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
3632 u8 type
= hdev
->discovery
.type
;
3634 cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, 0, &type
,
3636 mgmt_pending_remove(cmd
);
3639 memset(&ev
, 0, sizeof(ev
));
3640 ev
.type
= hdev
->discovery
.type
;
3641 ev
.discovering
= discovering
;
3643 return mgmt_event(MGMT_EV_DISCOVERING
, hdev
, &ev
, sizeof(ev
), NULL
);
3646 int mgmt_device_blocked(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
3648 struct pending_cmd
*cmd
;
3649 struct mgmt_ev_device_blocked ev
;
3651 cmd
= mgmt_pending_find(MGMT_OP_BLOCK_DEVICE
, hdev
);
3653 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3654 ev
.addr
.type
= type
;
3656 return mgmt_event(MGMT_EV_DEVICE_BLOCKED
, hdev
, &ev
, sizeof(ev
),
3657 cmd
? cmd
->sk
: NULL
);
3660 int mgmt_device_unblocked(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
3662 struct pending_cmd
*cmd
;
3663 struct mgmt_ev_device_unblocked ev
;
3665 cmd
= mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE
, hdev
);
3667 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3668 ev
.addr
.type
= type
;
3670 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED
, hdev
, &ev
, sizeof(ev
),
3671 cmd
? cmd
->sk
: NULL
);
3674 module_param(enable_hs
, bool, 0644);
3675 MODULE_PARM_DESC(enable_hs
, "Enable High Speed support");