2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 1
40 static const u16 mgmt_commands
[] = {
41 MGMT_OP_READ_INDEX_LIST
,
44 MGMT_OP_SET_DISCOVERABLE
,
45 MGMT_OP_SET_CONNECTABLE
,
46 MGMT_OP_SET_FAST_CONNECTABLE
,
48 MGMT_OP_SET_LINK_SECURITY
,
52 MGMT_OP_SET_DEV_CLASS
,
53 MGMT_OP_SET_LOCAL_NAME
,
56 MGMT_OP_LOAD_LINK_KEYS
,
57 MGMT_OP_LOAD_LONG_TERM_KEYS
,
59 MGMT_OP_GET_CONNECTIONS
,
60 MGMT_OP_PIN_CODE_REPLY
,
61 MGMT_OP_PIN_CODE_NEG_REPLY
,
62 MGMT_OP_SET_IO_CAPABILITY
,
64 MGMT_OP_CANCEL_PAIR_DEVICE
,
65 MGMT_OP_UNPAIR_DEVICE
,
66 MGMT_OP_USER_CONFIRM_REPLY
,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
68 MGMT_OP_USER_PASSKEY_REPLY
,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
70 MGMT_OP_READ_LOCAL_OOB_DATA
,
71 MGMT_OP_ADD_REMOTE_OOB_DATA
,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
73 MGMT_OP_START_DISCOVERY
,
74 MGMT_OP_STOP_DISCOVERY
,
77 MGMT_OP_UNBLOCK_DEVICE
,
78 MGMT_OP_SET_DEVICE_ID
,
81 static const u16 mgmt_events
[] = {
82 MGMT_EV_CONTROLLER_ERROR
,
84 MGMT_EV_INDEX_REMOVED
,
86 MGMT_EV_CLASS_OF_DEV_CHANGED
,
87 MGMT_EV_LOCAL_NAME_CHANGED
,
89 MGMT_EV_NEW_LONG_TERM_KEY
,
90 MGMT_EV_DEVICE_CONNECTED
,
91 MGMT_EV_DEVICE_DISCONNECTED
,
92 MGMT_EV_CONNECT_FAILED
,
93 MGMT_EV_PIN_CODE_REQUEST
,
94 MGMT_EV_USER_CONFIRM_REQUEST
,
95 MGMT_EV_USER_PASSKEY_REQUEST
,
99 MGMT_EV_DEVICE_BLOCKED
,
100 MGMT_EV_DEVICE_UNBLOCKED
,
101 MGMT_EV_DEVICE_UNPAIRED
,
105 * These LE scan and inquiry parameters were chosen according to LE General
106 * Discovery Procedure specification.
108 #define LE_SCAN_TYPE 0x01
109 #define LE_SCAN_WIN 0x12
110 #define LE_SCAN_INT 0x12
111 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
112 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
114 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
115 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
117 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
119 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
120 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123 struct list_head list
;
131 /* HCI to MGMT error code conversion table */
132 static u8 mgmt_status_table
[] = {
134 MGMT_STATUS_UNKNOWN_COMMAND
, /* Unknown Command */
135 MGMT_STATUS_NOT_CONNECTED
, /* No Connection */
136 MGMT_STATUS_FAILED
, /* Hardware Failure */
137 MGMT_STATUS_CONNECT_FAILED
, /* Page Timeout */
138 MGMT_STATUS_AUTH_FAILED
, /* Authentication Failed */
139 MGMT_STATUS_NOT_PAIRED
, /* PIN or Key Missing */
140 MGMT_STATUS_NO_RESOURCES
, /* Memory Full */
141 MGMT_STATUS_TIMEOUT
, /* Connection Timeout */
142 MGMT_STATUS_NO_RESOURCES
, /* Max Number of Connections */
143 MGMT_STATUS_NO_RESOURCES
, /* Max Number of SCO Connections */
144 MGMT_STATUS_ALREADY_CONNECTED
, /* ACL Connection Exists */
145 MGMT_STATUS_BUSY
, /* Command Disallowed */
146 MGMT_STATUS_NO_RESOURCES
, /* Rejected Limited Resources */
147 MGMT_STATUS_REJECTED
, /* Rejected Security */
148 MGMT_STATUS_REJECTED
, /* Rejected Personal */
149 MGMT_STATUS_TIMEOUT
, /* Host Timeout */
150 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Feature */
151 MGMT_STATUS_INVALID_PARAMS
, /* Invalid Parameters */
152 MGMT_STATUS_DISCONNECTED
, /* OE User Ended Connection */
153 MGMT_STATUS_NO_RESOURCES
, /* OE Low Resources */
154 MGMT_STATUS_DISCONNECTED
, /* OE Power Off */
155 MGMT_STATUS_DISCONNECTED
, /* Connection Terminated */
156 MGMT_STATUS_BUSY
, /* Repeated Attempts */
157 MGMT_STATUS_REJECTED
, /* Pairing Not Allowed */
158 MGMT_STATUS_FAILED
, /* Unknown LMP PDU */
159 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Remote Feature */
160 MGMT_STATUS_REJECTED
, /* SCO Offset Rejected */
161 MGMT_STATUS_REJECTED
, /* SCO Interval Rejected */
162 MGMT_STATUS_REJECTED
, /* Air Mode Rejected */
163 MGMT_STATUS_INVALID_PARAMS
, /* Invalid LMP Parameters */
164 MGMT_STATUS_FAILED
, /* Unspecified Error */
165 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported LMP Parameter Value */
166 MGMT_STATUS_FAILED
, /* Role Change Not Allowed */
167 MGMT_STATUS_TIMEOUT
, /* LMP Response Timeout */
168 MGMT_STATUS_FAILED
, /* LMP Error Transaction Collision */
169 MGMT_STATUS_FAILED
, /* LMP PDU Not Allowed */
170 MGMT_STATUS_REJECTED
, /* Encryption Mode Not Accepted */
171 MGMT_STATUS_FAILED
, /* Unit Link Key Used */
172 MGMT_STATUS_NOT_SUPPORTED
, /* QoS Not Supported */
173 MGMT_STATUS_TIMEOUT
, /* Instant Passed */
174 MGMT_STATUS_NOT_SUPPORTED
, /* Pairing Not Supported */
175 MGMT_STATUS_FAILED
, /* Transaction Collision */
176 MGMT_STATUS_INVALID_PARAMS
, /* Unacceptable Parameter */
177 MGMT_STATUS_REJECTED
, /* QoS Rejected */
178 MGMT_STATUS_NOT_SUPPORTED
, /* Classification Not Supported */
179 MGMT_STATUS_REJECTED
, /* Insufficient Security */
180 MGMT_STATUS_INVALID_PARAMS
, /* Parameter Out Of Range */
181 MGMT_STATUS_BUSY
, /* Role Switch Pending */
182 MGMT_STATUS_FAILED
, /* Slot Violation */
183 MGMT_STATUS_FAILED
, /* Role Switch Failed */
184 MGMT_STATUS_INVALID_PARAMS
, /* EIR Too Large */
185 MGMT_STATUS_NOT_SUPPORTED
, /* Simple Pairing Not Supported */
186 MGMT_STATUS_BUSY
, /* Host Busy Pairing */
187 MGMT_STATUS_REJECTED
, /* Rejected, No Suitable Channel */
188 MGMT_STATUS_BUSY
, /* Controller Busy */
189 MGMT_STATUS_INVALID_PARAMS
, /* Unsuitable Connection Interval */
190 MGMT_STATUS_TIMEOUT
, /* Directed Advertising Timeout */
191 MGMT_STATUS_AUTH_FAILED
, /* Terminated Due to MIC Failure */
192 MGMT_STATUS_CONNECT_FAILED
, /* Connection Establishment Failed */
193 MGMT_STATUS_CONNECT_FAILED
, /* MAC Connection Failed */
196 bool mgmt_valid_hdev(struct hci_dev
*hdev
)
198 return hdev
->dev_type
== HCI_BREDR
;
201 static u8
mgmt_status(u8 hci_status
)
203 if (hci_status
< ARRAY_SIZE(mgmt_status_table
))
204 return mgmt_status_table
[hci_status
];
206 return MGMT_STATUS_FAILED
;
209 static int cmd_status(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
)
212 struct mgmt_hdr
*hdr
;
213 struct mgmt_ev_cmd_status
*ev
;
216 BT_DBG("sock %p, index %u, cmd %u, status %u", sk
, index
, cmd
, status
);
218 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
), GFP_KERNEL
);
222 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
224 hdr
->opcode
= cpu_to_le16(MGMT_EV_CMD_STATUS
);
225 hdr
->index
= cpu_to_le16(index
);
226 hdr
->len
= cpu_to_le16(sizeof(*ev
));
228 ev
= (void *) skb_put(skb
, sizeof(*ev
));
230 ev
->opcode
= cpu_to_le16(cmd
);
232 err
= sock_queue_rcv_skb(sk
, skb
);
239 static int cmd_complete(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
,
240 void *rp
, size_t rp_len
)
243 struct mgmt_hdr
*hdr
;
244 struct mgmt_ev_cmd_complete
*ev
;
247 BT_DBG("sock %p", sk
);
249 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
) + rp_len
, GFP_KERNEL
);
253 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
255 hdr
->opcode
= cpu_to_le16(MGMT_EV_CMD_COMPLETE
);
256 hdr
->index
= cpu_to_le16(index
);
257 hdr
->len
= cpu_to_le16(sizeof(*ev
) + rp_len
);
259 ev
= (void *) skb_put(skb
, sizeof(*ev
) + rp_len
);
260 ev
->opcode
= cpu_to_le16(cmd
);
264 memcpy(ev
->data
, rp
, rp_len
);
266 err
= sock_queue_rcv_skb(sk
, skb
);
273 static int read_version(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
276 struct mgmt_rp_read_version rp
;
278 BT_DBG("sock %p", sk
);
280 rp
.version
= MGMT_VERSION
;
281 rp
.revision
= __constant_cpu_to_le16(MGMT_REVISION
);
283 return cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_VERSION
, 0, &rp
,
287 static int read_commands(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
290 struct mgmt_rp_read_commands
*rp
;
291 const u16 num_commands
= ARRAY_SIZE(mgmt_commands
);
292 const u16 num_events
= ARRAY_SIZE(mgmt_events
);
297 BT_DBG("sock %p", sk
);
299 rp_size
= sizeof(*rp
) + ((num_commands
+ num_events
) * sizeof(u16
));
301 rp
= kmalloc(rp_size
, GFP_KERNEL
);
305 rp
->num_commands
= __constant_cpu_to_le16(num_commands
);
306 rp
->num_events
= __constant_cpu_to_le16(num_events
);
308 for (i
= 0, opcode
= rp
->opcodes
; i
< num_commands
; i
++, opcode
++)
309 put_unaligned_le16(mgmt_commands
[i
], opcode
);
311 for (i
= 0; i
< num_events
; i
++, opcode
++)
312 put_unaligned_le16(mgmt_events
[i
], opcode
);
314 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_COMMANDS
, 0, rp
,
321 static int read_index_list(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
324 struct mgmt_rp_read_index_list
*rp
;
330 BT_DBG("sock %p", sk
);
332 read_lock(&hci_dev_list_lock
);
335 list_for_each_entry(d
, &hci_dev_list
, list
) {
336 if (!mgmt_valid_hdev(d
))
342 rp_len
= sizeof(*rp
) + (2 * count
);
343 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
345 read_unlock(&hci_dev_list_lock
);
349 rp
->num_controllers
= cpu_to_le16(count
);
352 list_for_each_entry(d
, &hci_dev_list
, list
) {
353 if (test_bit(HCI_SETUP
, &d
->dev_flags
))
356 if (!mgmt_valid_hdev(d
))
359 rp
->index
[i
++] = cpu_to_le16(d
->id
);
360 BT_DBG("Added hci%u", d
->id
);
363 read_unlock(&hci_dev_list_lock
);
365 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_INDEX_LIST
, 0, rp
,
373 static u32
get_supported_settings(struct hci_dev
*hdev
)
377 settings
|= MGMT_SETTING_POWERED
;
378 settings
|= MGMT_SETTING_CONNECTABLE
;
379 settings
|= MGMT_SETTING_FAST_CONNECTABLE
;
380 settings
|= MGMT_SETTING_DISCOVERABLE
;
381 settings
|= MGMT_SETTING_PAIRABLE
;
383 if (lmp_ssp_capable(hdev
))
384 settings
|= MGMT_SETTING_SSP
;
386 if (lmp_bredr_capable(hdev
)) {
387 settings
|= MGMT_SETTING_BREDR
;
388 settings
|= MGMT_SETTING_LINK_SECURITY
;
392 settings
|= MGMT_SETTING_HS
;
394 if (lmp_le_capable(hdev
))
395 settings
|= MGMT_SETTING_LE
;
400 static u32
get_current_settings(struct hci_dev
*hdev
)
404 if (hdev_is_powered(hdev
))
405 settings
|= MGMT_SETTING_POWERED
;
407 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
408 settings
|= MGMT_SETTING_CONNECTABLE
;
410 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
411 settings
|= MGMT_SETTING_DISCOVERABLE
;
413 if (test_bit(HCI_PAIRABLE
, &hdev
->dev_flags
))
414 settings
|= MGMT_SETTING_PAIRABLE
;
416 if (lmp_bredr_capable(hdev
))
417 settings
|= MGMT_SETTING_BREDR
;
419 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
420 settings
|= MGMT_SETTING_LE
;
422 if (test_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
423 settings
|= MGMT_SETTING_LINK_SECURITY
;
425 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
426 settings
|= MGMT_SETTING_SSP
;
428 if (test_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
))
429 settings
|= MGMT_SETTING_HS
;
434 #define PNP_INFO_SVCLASS_ID 0x1200
436 static u8 bluetooth_base_uuid
[] = {
437 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
438 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
441 static u16
get_uuid16(u8
*uuid128
)
446 for (i
= 0; i
< 12; i
++) {
447 if (bluetooth_base_uuid
[i
] != uuid128
[i
])
451 val
= get_unaligned_le32(&uuid128
[12]);
458 static void create_eir(struct hci_dev
*hdev
, u8
*data
)
462 u16 uuid16_list
[HCI_MAX_EIR_LENGTH
/ sizeof(u16
)];
463 int i
, truncated
= 0;
464 struct bt_uuid
*uuid
;
467 name_len
= strlen(hdev
->dev_name
);
473 ptr
[1] = EIR_NAME_SHORT
;
475 ptr
[1] = EIR_NAME_COMPLETE
;
477 /* EIR Data length */
478 ptr
[0] = name_len
+ 1;
480 memcpy(ptr
+ 2, hdev
->dev_name
, name_len
);
482 eir_len
+= (name_len
+ 2);
483 ptr
+= (name_len
+ 2);
486 if (hdev
->inq_tx_power
) {
488 ptr
[1] = EIR_TX_POWER
;
489 ptr
[2] = (u8
) hdev
->inq_tx_power
;
495 if (hdev
->devid_source
> 0) {
497 ptr
[1] = EIR_DEVICE_ID
;
499 put_unaligned_le16(hdev
->devid_source
, ptr
+ 2);
500 put_unaligned_le16(hdev
->devid_vendor
, ptr
+ 4);
501 put_unaligned_le16(hdev
->devid_product
, ptr
+ 6);
502 put_unaligned_le16(hdev
->devid_version
, ptr
+ 8);
508 memset(uuid16_list
, 0, sizeof(uuid16_list
));
510 /* Group all UUID16 types */
511 list_for_each_entry(uuid
, &hdev
->uuids
, list
) {
514 uuid16
= get_uuid16(uuid
->uuid
);
521 if (uuid16
== PNP_INFO_SVCLASS_ID
)
524 /* Stop if not enough space to put next UUID */
525 if (eir_len
+ 2 + sizeof(u16
) > HCI_MAX_EIR_LENGTH
) {
530 /* Check for duplicates */
531 for (i
= 0; uuid16_list
[i
] != 0; i
++)
532 if (uuid16_list
[i
] == uuid16
)
535 if (uuid16_list
[i
] == 0) {
536 uuid16_list
[i
] = uuid16
;
537 eir_len
+= sizeof(u16
);
541 if (uuid16_list
[0] != 0) {
545 ptr
[1] = truncated
? EIR_UUID16_SOME
: EIR_UUID16_ALL
;
550 for (i
= 0; uuid16_list
[i
] != 0; i
++) {
551 *ptr
++ = (uuid16_list
[i
] & 0x00ff);
552 *ptr
++ = (uuid16_list
[i
] & 0xff00) >> 8;
555 /* EIR Data length */
556 *length
= (i
* sizeof(u16
)) + 1;
560 static int update_eir(struct hci_dev
*hdev
)
562 struct hci_cp_write_eir cp
;
564 if (!hdev_is_powered(hdev
))
567 if (!(hdev
->features
[6] & LMP_EXT_INQ
))
570 if (!test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
573 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
576 memset(&cp
, 0, sizeof(cp
));
578 create_eir(hdev
, cp
.data
);
580 if (memcmp(cp
.data
, hdev
->eir
, sizeof(cp
.data
)) == 0)
583 memcpy(hdev
->eir
, cp
.data
, sizeof(cp
.data
));
585 return hci_send_cmd(hdev
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
588 static u8
get_service_classes(struct hci_dev
*hdev
)
590 struct bt_uuid
*uuid
;
593 list_for_each_entry(uuid
, &hdev
->uuids
, list
)
594 val
|= uuid
->svc_hint
;
599 static int update_class(struct hci_dev
*hdev
)
604 BT_DBG("%s", hdev
->name
);
606 if (!hdev_is_powered(hdev
))
609 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
612 cod
[0] = hdev
->minor_class
;
613 cod
[1] = hdev
->major_class
;
614 cod
[2] = get_service_classes(hdev
);
616 if (memcmp(cod
, hdev
->dev_class
, 3) == 0)
619 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_CLASS_OF_DEV
, sizeof(cod
), cod
);
621 set_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
);
626 static void service_cache_off(struct work_struct
*work
)
628 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
631 if (!test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
639 hci_dev_unlock(hdev
);
642 static void mgmt_init_hdev(struct sock
*sk
, struct hci_dev
*hdev
)
644 if (test_and_set_bit(HCI_MGMT
, &hdev
->dev_flags
))
647 INIT_DELAYED_WORK(&hdev
->service_cache
, service_cache_off
);
649 /* Non-mgmt controlled devices get this bit set
650 * implicitly so that pairing works for them, however
651 * for mgmt we require user-space to explicitly enable
654 clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
657 static int read_controller_info(struct sock
*sk
, struct hci_dev
*hdev
,
658 void *data
, u16 data_len
)
660 struct mgmt_rp_read_info rp
;
662 BT_DBG("sock %p %s", sk
, hdev
->name
);
666 memset(&rp
, 0, sizeof(rp
));
668 bacpy(&rp
.bdaddr
, &hdev
->bdaddr
);
670 rp
.version
= hdev
->hci_ver
;
671 rp
.manufacturer
= cpu_to_le16(hdev
->manufacturer
);
673 rp
.supported_settings
= cpu_to_le32(get_supported_settings(hdev
));
674 rp
.current_settings
= cpu_to_le32(get_current_settings(hdev
));
676 memcpy(rp
.dev_class
, hdev
->dev_class
, 3);
678 memcpy(rp
.name
, hdev
->dev_name
, sizeof(hdev
->dev_name
));
679 memcpy(rp
.short_name
, hdev
->short_name
, sizeof(hdev
->short_name
));
681 hci_dev_unlock(hdev
);
683 return cmd_complete(sk
, hdev
->id
, MGMT_OP_READ_INFO
, 0, &rp
,
687 static void mgmt_pending_free(struct pending_cmd
*cmd
)
694 static struct pending_cmd
*mgmt_pending_add(struct sock
*sk
, u16 opcode
,
695 struct hci_dev
*hdev
, void *data
,
698 struct pending_cmd
*cmd
;
700 cmd
= kmalloc(sizeof(*cmd
), GFP_KERNEL
);
704 cmd
->opcode
= opcode
;
705 cmd
->index
= hdev
->id
;
707 cmd
->param
= kmalloc(len
, GFP_KERNEL
);
714 memcpy(cmd
->param
, data
, len
);
719 list_add(&cmd
->list
, &hdev
->mgmt_pending
);
724 static void mgmt_pending_foreach(u16 opcode
, struct hci_dev
*hdev
,
725 void (*cb
)(struct pending_cmd
*cmd
,
729 struct list_head
*p
, *n
;
731 list_for_each_safe(p
, n
, &hdev
->mgmt_pending
) {
732 struct pending_cmd
*cmd
;
734 cmd
= list_entry(p
, struct pending_cmd
, list
);
736 if (opcode
> 0 && cmd
->opcode
!= opcode
)
743 static struct pending_cmd
*mgmt_pending_find(u16 opcode
, struct hci_dev
*hdev
)
745 struct pending_cmd
*cmd
;
747 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
748 if (cmd
->opcode
== opcode
)
755 static void mgmt_pending_remove(struct pending_cmd
*cmd
)
757 list_del(&cmd
->list
);
758 mgmt_pending_free(cmd
);
761 static int send_settings_rsp(struct sock
*sk
, u16 opcode
, struct hci_dev
*hdev
)
763 __le32 settings
= cpu_to_le32(get_current_settings(hdev
));
765 return cmd_complete(sk
, hdev
->id
, opcode
, 0, &settings
,
769 static int set_powered(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
772 struct mgmt_mode
*cp
= data
;
773 struct pending_cmd
*cmd
;
776 BT_DBG("request for %s", hdev
->name
);
780 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
)) {
781 cancel_delayed_work(&hdev
->power_off
);
784 err
= send_settings_rsp(sk
, MGMT_OP_SET_POWERED
, hdev
);
785 mgmt_powered(hdev
, 1);
790 if (!!cp
->val
== hdev_is_powered(hdev
)) {
791 err
= send_settings_rsp(sk
, MGMT_OP_SET_POWERED
, hdev
);
795 if (mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
)) {
796 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_POWERED
,
801 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_POWERED
, hdev
, data
, len
);
808 schedule_work(&hdev
->power_on
);
810 schedule_work(&hdev
->power_off
.work
);
815 hci_dev_unlock(hdev
);
819 static int mgmt_event(u16 event
, struct hci_dev
*hdev
, void *data
, u16 data_len
,
820 struct sock
*skip_sk
)
823 struct mgmt_hdr
*hdr
;
825 skb
= alloc_skb(sizeof(*hdr
) + data_len
, GFP_KERNEL
);
829 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
830 hdr
->opcode
= cpu_to_le16(event
);
832 hdr
->index
= cpu_to_le16(hdev
->id
);
834 hdr
->index
= cpu_to_le16(MGMT_INDEX_NONE
);
835 hdr
->len
= cpu_to_le16(data_len
);
838 memcpy(skb_put(skb
, data_len
), data
, data_len
);
841 __net_timestamp(skb
);
843 hci_send_to_control(skb
, skip_sk
);
849 static int new_settings(struct hci_dev
*hdev
, struct sock
*skip
)
853 ev
= cpu_to_le32(get_current_settings(hdev
));
855 return mgmt_event(MGMT_EV_NEW_SETTINGS
, hdev
, &ev
, sizeof(ev
), skip
);
858 static int set_discoverable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
861 struct mgmt_cp_set_discoverable
*cp
= data
;
862 struct pending_cmd
*cmd
;
867 BT_DBG("request for %s", hdev
->name
);
869 timeout
= __le16_to_cpu(cp
->timeout
);
870 if (!cp
->val
&& timeout
> 0)
871 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
872 MGMT_STATUS_INVALID_PARAMS
);
876 if (!hdev_is_powered(hdev
) && timeout
> 0) {
877 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
878 MGMT_STATUS_NOT_POWERED
);
882 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
883 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
884 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
889 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
)) {
890 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
891 MGMT_STATUS_REJECTED
);
895 if (!hdev_is_powered(hdev
)) {
896 bool changed
= false;
898 if (!!cp
->val
!= test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
)) {
899 change_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
903 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
908 err
= new_settings(hdev
, sk
);
913 if (!!cp
->val
== test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
)) {
914 if (hdev
->discov_timeout
> 0) {
915 cancel_delayed_work(&hdev
->discov_off
);
916 hdev
->discov_timeout
= 0;
919 if (cp
->val
&& timeout
> 0) {
920 hdev
->discov_timeout
= timeout
;
921 queue_delayed_work(hdev
->workqueue
, &hdev
->discov_off
,
922 msecs_to_jiffies(hdev
->discov_timeout
* 1000));
925 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
929 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
, data
, len
);
938 scan
|= SCAN_INQUIRY
;
940 cancel_delayed_work(&hdev
->discov_off
);
942 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
944 mgmt_pending_remove(cmd
);
947 hdev
->discov_timeout
= timeout
;
950 hci_dev_unlock(hdev
);
954 static int set_connectable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
957 struct mgmt_mode
*cp
= data
;
958 struct pending_cmd
*cmd
;
962 BT_DBG("request for %s", hdev
->name
);
966 if (!hdev_is_powered(hdev
)) {
967 bool changed
= false;
969 if (!!cp
->val
!= test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
973 set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
975 clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
976 clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
979 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
984 err
= new_settings(hdev
, sk
);
989 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
990 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
991 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
996 if (!!cp
->val
== test_bit(HCI_PSCAN
, &hdev
->flags
)) {
997 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
1001 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
, data
, len
);
1012 if (test_bit(HCI_ISCAN
, &hdev
->flags
) &&
1013 hdev
->discov_timeout
> 0)
1014 cancel_delayed_work(&hdev
->discov_off
);
1017 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
1019 mgmt_pending_remove(cmd
);
1022 hci_dev_unlock(hdev
);
1026 static int set_pairable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1029 struct mgmt_mode
*cp
= data
;
1032 BT_DBG("request for %s", hdev
->name
);
1037 set_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1039 clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1041 err
= send_settings_rsp(sk
, MGMT_OP_SET_PAIRABLE
, hdev
);
1045 err
= new_settings(hdev
, sk
);
1048 hci_dev_unlock(hdev
);
1052 static int set_link_security(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1055 struct mgmt_mode
*cp
= data
;
1056 struct pending_cmd
*cmd
;
1060 BT_DBG("request for %s", hdev
->name
);
1064 if (!hdev_is_powered(hdev
)) {
1065 bool changed
= false;
1067 if (!!cp
->val
!= test_bit(HCI_LINK_SECURITY
,
1068 &hdev
->dev_flags
)) {
1069 change_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
);
1073 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1078 err
= new_settings(hdev
, sk
);
1083 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY
, hdev
)) {
1084 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1091 if (test_bit(HCI_AUTH
, &hdev
->flags
) == val
) {
1092 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1096 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
, data
, len
);
1102 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, sizeof(val
), &val
);
1104 mgmt_pending_remove(cmd
);
1109 hci_dev_unlock(hdev
);
1113 static int set_ssp(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1115 struct mgmt_mode
*cp
= data
;
1116 struct pending_cmd
*cmd
;
1120 BT_DBG("request for %s", hdev
->name
);
1124 if (!lmp_ssp_capable(hdev
)) {
1125 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1126 MGMT_STATUS_NOT_SUPPORTED
);
1132 if (!hdev_is_powered(hdev
)) {
1133 bool changed
= false;
1135 if (val
!= test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
1136 change_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
1140 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1145 err
= new_settings(hdev
, sk
);
1150 if (mgmt_pending_find(MGMT_OP_SET_SSP
, hdev
)) {
1151 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1156 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
) == val
) {
1157 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1161 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_SSP
, hdev
, data
, len
);
1167 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_MODE
, sizeof(val
), &val
);
1169 mgmt_pending_remove(cmd
);
1174 hci_dev_unlock(hdev
);
1178 static int set_hs(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1180 struct mgmt_mode
*cp
= data
;
1182 BT_DBG("request for %s", hdev
->name
);
1185 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1186 MGMT_STATUS_NOT_SUPPORTED
);
1189 set_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1191 clear_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1193 return send_settings_rsp(sk
, MGMT_OP_SET_HS
, hdev
);
1196 static int set_le(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1198 struct mgmt_mode
*cp
= data
;
1199 struct hci_cp_write_le_host_supported hci_cp
;
1200 struct pending_cmd
*cmd
;
1204 BT_DBG("request for %s", hdev
->name
);
1208 if (!lmp_le_capable(hdev
)) {
1209 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1210 MGMT_STATUS_NOT_SUPPORTED
);
1215 enabled
= !!(hdev
->host_features
[0] & LMP_HOST_LE
);
1217 if (!hdev_is_powered(hdev
) || val
== enabled
) {
1218 bool changed
= false;
1220 if (val
!= test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
1221 change_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
);
1225 err
= send_settings_rsp(sk
, MGMT_OP_SET_LE
, hdev
);
1230 err
= new_settings(hdev
, sk
);
1235 if (mgmt_pending_find(MGMT_OP_SET_LE
, hdev
)) {
1236 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1241 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LE
, hdev
, data
, len
);
1247 memset(&hci_cp
, 0, sizeof(hci_cp
));
1251 hci_cp
.simul
= !!(hdev
->features
[6] & LMP_SIMUL_LE_BR
);
1254 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_LE_HOST_SUPPORTED
, sizeof(hci_cp
),
1257 mgmt_pending_remove(cmd
);
1260 hci_dev_unlock(hdev
);
1264 static int add_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1266 struct mgmt_cp_add_uuid
*cp
= data
;
1267 struct pending_cmd
*cmd
;
1268 struct bt_uuid
*uuid
;
1271 BT_DBG("request for %s", hdev
->name
);
1275 if (test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1276 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_UUID
,
1281 uuid
= kmalloc(sizeof(*uuid
), GFP_KERNEL
);
1287 memcpy(uuid
->uuid
, cp
->uuid
, 16);
1288 uuid
->svc_hint
= cp
->svc_hint
;
1290 list_add(&uuid
->list
, &hdev
->uuids
);
1292 err
= update_class(hdev
);
1296 err
= update_eir(hdev
);
1300 if (!test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1301 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_UUID
, 0,
1302 hdev
->dev_class
, 3);
1306 cmd
= mgmt_pending_add(sk
, MGMT_OP_ADD_UUID
, hdev
, data
, len
);
1311 hci_dev_unlock(hdev
);
1315 static bool enable_service_cache(struct hci_dev
*hdev
)
1317 if (!hdev_is_powered(hdev
))
1320 if (!test_and_set_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
1321 schedule_delayed_work(&hdev
->service_cache
, CACHE_TIMEOUT
);
1328 static int remove_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1331 struct mgmt_cp_remove_uuid
*cp
= data
;
1332 struct pending_cmd
*cmd
;
1333 struct list_head
*p
, *n
;
1334 u8 bt_uuid_any
[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1337 BT_DBG("request for %s", hdev
->name
);
1341 if (test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1342 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1347 if (memcmp(cp
->uuid
, bt_uuid_any
, 16) == 0) {
1348 err
= hci_uuids_clear(hdev
);
1350 if (enable_service_cache(hdev
)) {
1351 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1352 0, hdev
->dev_class
, 3);
1361 list_for_each_safe(p
, n
, &hdev
->uuids
) {
1362 struct bt_uuid
*match
= list_entry(p
, struct bt_uuid
, list
);
1364 if (memcmp(match
->uuid
, cp
->uuid
, 16) != 0)
1367 list_del(&match
->list
);
1372 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1373 MGMT_STATUS_INVALID_PARAMS
);
1378 err
= update_class(hdev
);
1382 err
= update_eir(hdev
);
1386 if (!test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1387 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
, 0,
1388 hdev
->dev_class
, 3);
1392 cmd
= mgmt_pending_add(sk
, MGMT_OP_REMOVE_UUID
, hdev
, data
, len
);
1397 hci_dev_unlock(hdev
);
1401 static int set_dev_class(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1404 struct mgmt_cp_set_dev_class
*cp
= data
;
1405 struct pending_cmd
*cmd
;
1408 BT_DBG("request for %s", hdev
->name
);
1412 if (test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1413 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
1418 hdev
->major_class
= cp
->major
;
1419 hdev
->minor_class
= cp
->minor
;
1421 if (!hdev_is_powered(hdev
)) {
1422 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
1423 hdev
->dev_class
, 3);
1427 if (test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
1428 hci_dev_unlock(hdev
);
1429 cancel_delayed_work_sync(&hdev
->service_cache
);
1434 err
= update_class(hdev
);
1438 if (!test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1439 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
1440 hdev
->dev_class
, 3);
1444 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DEV_CLASS
, hdev
, data
, len
);
1449 hci_dev_unlock(hdev
);
1453 static int load_link_keys(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1456 struct mgmt_cp_load_link_keys
*cp
= data
;
1457 u16 key_count
, expected_len
;
1460 key_count
= __le16_to_cpu(cp
->key_count
);
1462 expected_len
= sizeof(*cp
) + key_count
*
1463 sizeof(struct mgmt_link_key_info
);
1464 if (expected_len
!= len
) {
1465 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1467 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
1468 MGMT_STATUS_INVALID_PARAMS
);
1471 BT_DBG("%s debug_keys %u key_count %u", hdev
->name
, cp
->debug_keys
,
1476 hci_link_keys_clear(hdev
);
1478 set_bit(HCI_LINK_KEYS
, &hdev
->dev_flags
);
1481 set_bit(HCI_DEBUG_KEYS
, &hdev
->dev_flags
);
1483 clear_bit(HCI_DEBUG_KEYS
, &hdev
->dev_flags
);
1485 for (i
= 0; i
< key_count
; i
++) {
1486 struct mgmt_link_key_info
*key
= &cp
->keys
[i
];
1488 hci_add_link_key(hdev
, NULL
, 0, &key
->addr
.bdaddr
, key
->val
,
1489 key
->type
, key
->pin_len
);
1492 cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
, 0, NULL
, 0);
1494 hci_dev_unlock(hdev
);
1499 static int device_unpaired(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
1500 u8 addr_type
, struct sock
*skip_sk
)
1502 struct mgmt_ev_device_unpaired ev
;
1504 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
1505 ev
.addr
.type
= addr_type
;
1507 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED
, hdev
, &ev
, sizeof(ev
),
1511 static int unpair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1514 struct mgmt_cp_unpair_device
*cp
= data
;
1515 struct mgmt_rp_unpair_device rp
;
1516 struct hci_cp_disconnect dc
;
1517 struct pending_cmd
*cmd
;
1518 struct hci_conn
*conn
;
1523 memset(&rp
, 0, sizeof(rp
));
1524 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
1525 rp
.addr
.type
= cp
->addr
.type
;
1527 if (!hdev_is_powered(hdev
)) {
1528 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1529 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
1533 if (cp
->addr
.type
== BDADDR_BREDR
)
1534 err
= hci_remove_link_key(hdev
, &cp
->addr
.bdaddr
);
1536 err
= hci_remove_ltk(hdev
, &cp
->addr
.bdaddr
);
1539 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1540 MGMT_STATUS_NOT_PAIRED
, &rp
, sizeof(rp
));
1544 if (cp
->disconnect
) {
1545 if (cp
->addr
.type
== BDADDR_BREDR
)
1546 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
1549 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
,
1556 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
, 0,
1558 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, sk
);
1562 cmd
= mgmt_pending_add(sk
, MGMT_OP_UNPAIR_DEVICE
, hdev
, cp
,
1569 dc
.handle
= cpu_to_le16(conn
->handle
);
1570 dc
.reason
= 0x13; /* Remote User Terminated Connection */
1571 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
1573 mgmt_pending_remove(cmd
);
1576 hci_dev_unlock(hdev
);
1580 static int disconnect(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1583 struct mgmt_cp_disconnect
*cp
= data
;
1584 struct hci_cp_disconnect dc
;
1585 struct pending_cmd
*cmd
;
1586 struct hci_conn
*conn
;
1593 if (!test_bit(HCI_UP
, &hdev
->flags
)) {
1594 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1595 MGMT_STATUS_NOT_POWERED
);
1599 if (mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
)) {
1600 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1605 if (cp
->addr
.type
== BDADDR_BREDR
)
1606 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
1609 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->addr
.bdaddr
);
1611 if (!conn
|| conn
->state
== BT_OPEN
|| conn
->state
== BT_CLOSED
) {
1612 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1613 MGMT_STATUS_NOT_CONNECTED
);
1617 cmd
= mgmt_pending_add(sk
, MGMT_OP_DISCONNECT
, hdev
, data
, len
);
1623 dc
.handle
= cpu_to_le16(conn
->handle
);
1624 dc
.reason
= HCI_ERROR_REMOTE_USER_TERM
;
1626 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
1628 mgmt_pending_remove(cmd
);
1631 hci_dev_unlock(hdev
);
1635 static u8
link_to_bdaddr(u8 link_type
, u8 addr_type
)
1637 switch (link_type
) {
1639 switch (addr_type
) {
1640 case ADDR_LE_DEV_PUBLIC
:
1641 return BDADDR_LE_PUBLIC
;
1644 /* Fallback to LE Random address type */
1645 return BDADDR_LE_RANDOM
;
1649 /* Fallback to BR/EDR type */
1650 return BDADDR_BREDR
;
1654 static int get_connections(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1657 struct mgmt_rp_get_connections
*rp
;
1667 if (!hdev_is_powered(hdev
)) {
1668 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
,
1669 MGMT_STATUS_NOT_POWERED
);
1674 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
1675 if (test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
1679 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
1680 rp
= kmalloc(rp_len
, GFP_KERNEL
);
1687 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
1688 if (!test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
1690 bacpy(&rp
->addr
[i
].bdaddr
, &c
->dst
);
1691 rp
->addr
[i
].type
= link_to_bdaddr(c
->type
, c
->dst_type
);
1692 if (c
->type
== SCO_LINK
|| c
->type
== ESCO_LINK
)
1697 rp
->conn_count
= cpu_to_le16(i
);
1699 /* Recalculate length in case of filtered SCO connections, etc */
1700 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
1702 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
, 0, rp
,
1708 hci_dev_unlock(hdev
);
1712 static int send_pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
1713 struct mgmt_cp_pin_code_neg_reply
*cp
)
1715 struct pending_cmd
*cmd
;
1718 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
, cp
,
1723 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
1724 sizeof(cp
->addr
.bdaddr
), &cp
->addr
.bdaddr
);
1726 mgmt_pending_remove(cmd
);
1731 static int pin_code_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1734 struct hci_conn
*conn
;
1735 struct mgmt_cp_pin_code_reply
*cp
= data
;
1736 struct hci_cp_pin_code_reply reply
;
1737 struct pending_cmd
*cmd
;
1744 if (!hdev_is_powered(hdev
)) {
1745 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
1746 MGMT_STATUS_NOT_POWERED
);
1750 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
);
1752 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
1753 MGMT_STATUS_NOT_CONNECTED
);
1757 if (conn
->pending_sec_level
== BT_SECURITY_HIGH
&& cp
->pin_len
!= 16) {
1758 struct mgmt_cp_pin_code_neg_reply ncp
;
1760 memcpy(&ncp
.addr
, &cp
->addr
, sizeof(ncp
.addr
));
1762 BT_ERR("PIN code is not 16 bytes long");
1764 err
= send_pin_code_neg_reply(sk
, hdev
, &ncp
);
1766 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
1767 MGMT_STATUS_INVALID_PARAMS
);
1772 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_REPLY
, hdev
, data
, len
);
1778 bacpy(&reply
.bdaddr
, &cp
->addr
.bdaddr
);
1779 reply
.pin_len
= cp
->pin_len
;
1780 memcpy(reply
.pin_code
, cp
->pin_code
, sizeof(reply
.pin_code
));
1782 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_REPLY
, sizeof(reply
), &reply
);
1784 mgmt_pending_remove(cmd
);
1787 hci_dev_unlock(hdev
);
1791 static int set_io_capability(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1794 struct mgmt_cp_set_io_capability
*cp
= data
;
1800 hdev
->io_capability
= cp
->io_capability
;
1802 BT_DBG("%s IO capability set to 0x%02x", hdev
->name
,
1803 hdev
->io_capability
);
1805 hci_dev_unlock(hdev
);
1807 return cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_IO_CAPABILITY
, 0, NULL
,
1811 static struct pending_cmd
*find_pairing(struct hci_conn
*conn
)
1813 struct hci_dev
*hdev
= conn
->hdev
;
1814 struct pending_cmd
*cmd
;
1816 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
1817 if (cmd
->opcode
!= MGMT_OP_PAIR_DEVICE
)
1820 if (cmd
->user_data
!= conn
)
1829 static void pairing_complete(struct pending_cmd
*cmd
, u8 status
)
1831 struct mgmt_rp_pair_device rp
;
1832 struct hci_conn
*conn
= cmd
->user_data
;
1834 bacpy(&rp
.addr
.bdaddr
, &conn
->dst
);
1835 rp
.addr
.type
= link_to_bdaddr(conn
->type
, conn
->dst_type
);
1837 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_PAIR_DEVICE
, status
,
1840 /* So we don't get further callbacks for this connection */
1841 conn
->connect_cfm_cb
= NULL
;
1842 conn
->security_cfm_cb
= NULL
;
1843 conn
->disconn_cfm_cb
= NULL
;
1847 mgmt_pending_remove(cmd
);
1850 static void pairing_complete_cb(struct hci_conn
*conn
, u8 status
)
1852 struct pending_cmd
*cmd
;
1854 BT_DBG("status %u", status
);
1856 cmd
= find_pairing(conn
);
1858 BT_DBG("Unable to find a pending command");
1860 pairing_complete(cmd
, mgmt_status(status
));
1863 static void le_connect_complete_cb(struct hci_conn
*conn
, u8 status
)
1865 struct pending_cmd
*cmd
;
1867 BT_DBG("status %u", status
);
1872 cmd
= find_pairing(conn
);
1874 BT_DBG("Unable to find a pending command");
1876 pairing_complete(cmd
, mgmt_status(status
));
1879 static int pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1882 struct mgmt_cp_pair_device
*cp
= data
;
1883 struct mgmt_rp_pair_device rp
;
1884 struct pending_cmd
*cmd
;
1885 u8 sec_level
, auth_type
;
1886 struct hci_conn
*conn
;
1893 if (!hdev_is_powered(hdev
)) {
1894 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
1895 MGMT_STATUS_NOT_POWERED
);
1899 sec_level
= BT_SECURITY_MEDIUM
;
1900 if (cp
->io_cap
== 0x03)
1901 auth_type
= HCI_AT_DEDICATED_BONDING
;
1903 auth_type
= HCI_AT_DEDICATED_BONDING_MITM
;
1905 if (cp
->addr
.type
== BDADDR_BREDR
)
1906 conn
= hci_connect(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
,
1907 cp
->addr
.type
, sec_level
, auth_type
);
1909 conn
= hci_connect(hdev
, LE_LINK
, &cp
->addr
.bdaddr
,
1910 cp
->addr
.type
, sec_level
, auth_type
);
1912 memset(&rp
, 0, sizeof(rp
));
1913 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
1914 rp
.addr
.type
= cp
->addr
.type
;
1919 if (PTR_ERR(conn
) == -EBUSY
)
1920 status
= MGMT_STATUS_BUSY
;
1922 status
= MGMT_STATUS_CONNECT_FAILED
;
1924 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
1930 if (conn
->connect_cfm_cb
) {
1932 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
1933 MGMT_STATUS_BUSY
, &rp
, sizeof(rp
));
1937 cmd
= mgmt_pending_add(sk
, MGMT_OP_PAIR_DEVICE
, hdev
, data
, len
);
1944 /* For LE, just connecting isn't a proof that the pairing finished */
1945 if (cp
->addr
.type
== BDADDR_BREDR
)
1946 conn
->connect_cfm_cb
= pairing_complete_cb
;
1948 conn
->connect_cfm_cb
= le_connect_complete_cb
;
1950 conn
->security_cfm_cb
= pairing_complete_cb
;
1951 conn
->disconn_cfm_cb
= pairing_complete_cb
;
1952 conn
->io_capability
= cp
->io_cap
;
1953 cmd
->user_data
= conn
;
1955 if (conn
->state
== BT_CONNECTED
&&
1956 hci_conn_security(conn
, sec_level
, auth_type
))
1957 pairing_complete(cmd
, 0);
1962 hci_dev_unlock(hdev
);
1966 static int cancel_pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1969 struct mgmt_addr_info
*addr
= data
;
1970 struct pending_cmd
*cmd
;
1971 struct hci_conn
*conn
;
1978 if (!hdev_is_powered(hdev
)) {
1979 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
1980 MGMT_STATUS_NOT_POWERED
);
1984 cmd
= mgmt_pending_find(MGMT_OP_PAIR_DEVICE
, hdev
);
1986 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
1987 MGMT_STATUS_INVALID_PARAMS
);
1991 conn
= cmd
->user_data
;
1993 if (bacmp(&addr
->bdaddr
, &conn
->dst
) != 0) {
1994 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
1995 MGMT_STATUS_INVALID_PARAMS
);
1999 pairing_complete(cmd
, MGMT_STATUS_CANCELLED
);
2001 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
, 0,
2002 addr
, sizeof(*addr
));
2004 hci_dev_unlock(hdev
);
2008 static int user_pairing_resp(struct sock
*sk
, struct hci_dev
*hdev
,
2009 bdaddr_t
*bdaddr
, u8 type
, u16 mgmt_op
,
2010 u16 hci_op
, __le32 passkey
)
2012 struct pending_cmd
*cmd
;
2013 struct hci_conn
*conn
;
2018 if (!hdev_is_powered(hdev
)) {
2019 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2020 MGMT_STATUS_NOT_POWERED
);
2024 if (type
== BDADDR_BREDR
)
2025 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, bdaddr
);
2027 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, bdaddr
);
2030 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2031 MGMT_STATUS_NOT_CONNECTED
);
2035 if (type
== BDADDR_LE_PUBLIC
|| type
== BDADDR_LE_RANDOM
) {
2036 /* Continue with pairing via SMP */
2037 err
= smp_user_confirm_reply(conn
, mgmt_op
, passkey
);
2040 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2041 MGMT_STATUS_SUCCESS
);
2043 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2044 MGMT_STATUS_FAILED
);
2049 cmd
= mgmt_pending_add(sk
, mgmt_op
, hdev
, bdaddr
, sizeof(*bdaddr
));
2055 /* Continue with pairing via HCI */
2056 if (hci_op
== HCI_OP_USER_PASSKEY_REPLY
) {
2057 struct hci_cp_user_passkey_reply cp
;
2059 bacpy(&cp
.bdaddr
, bdaddr
);
2060 cp
.passkey
= passkey
;
2061 err
= hci_send_cmd(hdev
, hci_op
, sizeof(cp
), &cp
);
2063 err
= hci_send_cmd(hdev
, hci_op
, sizeof(*bdaddr
), bdaddr
);
2066 mgmt_pending_remove(cmd
);
2069 hci_dev_unlock(hdev
);
2073 static int pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2074 void *data
, u16 len
)
2076 struct mgmt_cp_pin_code_neg_reply
*cp
= data
;
2080 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2081 MGMT_OP_PIN_CODE_NEG_REPLY
,
2082 HCI_OP_PIN_CODE_NEG_REPLY
, 0);
2085 static int user_confirm_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2088 struct mgmt_cp_user_confirm_reply
*cp
= data
;
2092 if (len
!= sizeof(*cp
))
2093 return cmd_status(sk
, hdev
->id
, MGMT_OP_USER_CONFIRM_REPLY
,
2094 MGMT_STATUS_INVALID_PARAMS
);
2096 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2097 MGMT_OP_USER_CONFIRM_REPLY
,
2098 HCI_OP_USER_CONFIRM_REPLY
, 0);
2101 static int user_confirm_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2102 void *data
, u16 len
)
2104 struct mgmt_cp_user_confirm_neg_reply
*cp
= data
;
2108 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2109 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
2110 HCI_OP_USER_CONFIRM_NEG_REPLY
, 0);
2113 static int user_passkey_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2116 struct mgmt_cp_user_passkey_reply
*cp
= data
;
2120 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2121 MGMT_OP_USER_PASSKEY_REPLY
,
2122 HCI_OP_USER_PASSKEY_REPLY
, cp
->passkey
);
2125 static int user_passkey_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2126 void *data
, u16 len
)
2128 struct mgmt_cp_user_passkey_neg_reply
*cp
= data
;
2132 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2133 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
2134 HCI_OP_USER_PASSKEY_NEG_REPLY
, 0);
2137 static int update_name(struct hci_dev
*hdev
, const char *name
)
2139 struct hci_cp_write_local_name cp
;
2141 memcpy(cp
.name
, name
, sizeof(cp
.name
));
2143 return hci_send_cmd(hdev
, HCI_OP_WRITE_LOCAL_NAME
, sizeof(cp
), &cp
);
2146 static int set_local_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2149 struct mgmt_cp_set_local_name
*cp
= data
;
2150 struct pending_cmd
*cmd
;
2157 memcpy(hdev
->short_name
, cp
->short_name
, sizeof(hdev
->short_name
));
2159 if (!hdev_is_powered(hdev
)) {
2160 memcpy(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
));
2162 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
2167 err
= mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, data
, len
,
2173 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LOCAL_NAME
, hdev
, data
, len
);
2179 err
= update_name(hdev
, cp
->name
);
2181 mgmt_pending_remove(cmd
);
2184 hci_dev_unlock(hdev
);
2188 static int read_local_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2189 void *data
, u16 data_len
)
2191 struct pending_cmd
*cmd
;
2194 BT_DBG("%s", hdev
->name
);
2198 if (!hdev_is_powered(hdev
)) {
2199 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2200 MGMT_STATUS_NOT_POWERED
);
2204 if (!lmp_ssp_capable(hdev
)) {
2205 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2206 MGMT_STATUS_NOT_SUPPORTED
);
2210 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
)) {
2211 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2216 cmd
= mgmt_pending_add(sk
, MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
, NULL
, 0);
2222 err
= hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_OOB_DATA
, 0, NULL
);
2224 mgmt_pending_remove(cmd
);
2227 hci_dev_unlock(hdev
);
2231 static int add_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2232 void *data
, u16 len
)
2234 struct mgmt_cp_add_remote_oob_data
*cp
= data
;
2238 BT_DBG("%s ", hdev
->name
);
2242 if (!hdev_is_powered(hdev
)) {
2243 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
,
2244 MGMT_STATUS_NOT_POWERED
, &cp
->addr
,
2249 err
= hci_add_remote_oob_data(hdev
, &cp
->addr
.bdaddr
, cp
->hash
,
2252 status
= MGMT_STATUS_FAILED
;
2256 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
, status
,
2257 &cp
->addr
, sizeof(cp
->addr
));
2260 hci_dev_unlock(hdev
);
2264 static int remove_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2265 void *data
, u16 len
)
2267 struct mgmt_cp_remove_remote_oob_data
*cp
= data
;
2271 BT_DBG("%s", hdev
->name
);
2275 if (!hdev_is_powered(hdev
)) {
2276 err
= cmd_complete(sk
, hdev
->id
,
2277 MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
2278 MGMT_STATUS_NOT_POWERED
, &cp
->addr
,
2283 err
= hci_remove_remote_oob_data(hdev
, &cp
->addr
.bdaddr
);
2285 status
= MGMT_STATUS_INVALID_PARAMS
;
2289 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
2290 status
, &cp
->addr
, sizeof(cp
->addr
));
2293 hci_dev_unlock(hdev
);
2297 int mgmt_interleaved_discovery(struct hci_dev
*hdev
)
2301 BT_DBG("%s", hdev
->name
);
2305 err
= hci_do_inquiry(hdev
, INQUIRY_LEN_BREDR_LE
);
2307 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2309 hci_dev_unlock(hdev
);
2314 static int start_discovery(struct sock
*sk
, struct hci_dev
*hdev
,
2315 void *data
, u16 len
)
2317 struct mgmt_cp_start_discovery
*cp
= data
;
2318 struct pending_cmd
*cmd
;
2321 BT_DBG("%s", hdev
->name
);
2325 if (!hdev_is_powered(hdev
)) {
2326 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2327 MGMT_STATUS_NOT_POWERED
);
2331 if (test_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
)) {
2332 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2337 if (hdev
->discovery
.state
!= DISCOVERY_STOPPED
) {
2338 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2343 cmd
= mgmt_pending_add(sk
, MGMT_OP_START_DISCOVERY
, hdev
, NULL
, 0);
2349 hdev
->discovery
.type
= cp
->type
;
2351 switch (hdev
->discovery
.type
) {
2352 case DISCOV_TYPE_BREDR
:
2353 if (lmp_bredr_capable(hdev
))
2354 err
= hci_do_inquiry(hdev
, INQUIRY_LEN_BREDR
);
2359 case DISCOV_TYPE_LE
:
2360 if (lmp_host_le_capable(hdev
))
2361 err
= hci_le_scan(hdev
, LE_SCAN_TYPE
, LE_SCAN_INT
,
2362 LE_SCAN_WIN
, LE_SCAN_TIMEOUT_LE_ONLY
);
2367 case DISCOV_TYPE_INTERLEAVED
:
2368 if (lmp_host_le_capable(hdev
) && lmp_bredr_capable(hdev
))
2369 err
= hci_le_scan(hdev
, LE_SCAN_TYPE
, LE_SCAN_INT
,
2371 LE_SCAN_TIMEOUT_BREDR_LE
);
2381 mgmt_pending_remove(cmd
);
2383 hci_discovery_set_state(hdev
, DISCOVERY_STARTING
);
2386 hci_dev_unlock(hdev
);
2390 static int stop_discovery(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2393 struct mgmt_cp_stop_discovery
*mgmt_cp
= data
;
2394 struct pending_cmd
*cmd
;
2395 struct hci_cp_remote_name_req_cancel cp
;
2396 struct inquiry_entry
*e
;
2399 BT_DBG("%s", hdev
->name
);
2403 if (!hci_discovery_active(hdev
)) {
2404 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
2405 MGMT_STATUS_REJECTED
, &mgmt_cp
->type
,
2406 sizeof(mgmt_cp
->type
));
2410 if (hdev
->discovery
.type
!= mgmt_cp
->type
) {
2411 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
2412 MGMT_STATUS_INVALID_PARAMS
, &mgmt_cp
->type
,
2413 sizeof(mgmt_cp
->type
));
2417 cmd
= mgmt_pending_add(sk
, MGMT_OP_STOP_DISCOVERY
, hdev
, NULL
, 0);
2423 switch (hdev
->discovery
.state
) {
2424 case DISCOVERY_FINDING
:
2425 if (test_bit(HCI_INQUIRY
, &hdev
->flags
))
2426 err
= hci_cancel_inquiry(hdev
);
2428 err
= hci_cancel_le_scan(hdev
);
2432 case DISCOVERY_RESOLVING
:
2433 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
,
2436 mgmt_pending_remove(cmd
);
2437 err
= cmd_complete(sk
, hdev
->id
,
2438 MGMT_OP_STOP_DISCOVERY
, 0,
2440 sizeof(mgmt_cp
->type
));
2441 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2445 bacpy(&cp
.bdaddr
, &e
->data
.bdaddr
);
2446 err
= hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ_CANCEL
,
2452 BT_DBG("unknown discovery state %u", hdev
->discovery
.state
);
2457 mgmt_pending_remove(cmd
);
2459 hci_discovery_set_state(hdev
, DISCOVERY_STOPPING
);
2462 hci_dev_unlock(hdev
);
2466 static int confirm_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2469 struct mgmt_cp_confirm_name
*cp
= data
;
2470 struct inquiry_entry
*e
;
2473 BT_DBG("%s", hdev
->name
);
2477 if (!hci_discovery_active(hdev
)) {
2478 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
2479 MGMT_STATUS_FAILED
);
2483 e
= hci_inquiry_cache_lookup_unknown(hdev
, &cp
->addr
.bdaddr
);
2485 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
2486 MGMT_STATUS_INVALID_PARAMS
);
2490 if (cp
->name_known
) {
2491 e
->name_state
= NAME_KNOWN
;
2494 e
->name_state
= NAME_NEEDED
;
2495 hci_inquiry_cache_update_resolve(hdev
, e
);
2501 hci_dev_unlock(hdev
);
2505 static int block_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2508 struct mgmt_cp_block_device
*cp
= data
;
2512 BT_DBG("%s", hdev
->name
);
2516 err
= hci_blacklist_add(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
2518 status
= MGMT_STATUS_FAILED
;
2522 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_BLOCK_DEVICE
, status
,
2523 &cp
->addr
, sizeof(cp
->addr
));
2525 hci_dev_unlock(hdev
);
2530 static int unblock_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2533 struct mgmt_cp_unblock_device
*cp
= data
;
2537 BT_DBG("%s", hdev
->name
);
2541 err
= hci_blacklist_del(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
2543 status
= MGMT_STATUS_INVALID_PARAMS
;
2547 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNBLOCK_DEVICE
, status
,
2548 &cp
->addr
, sizeof(cp
->addr
));
2550 hci_dev_unlock(hdev
);
2555 static int set_device_id(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2558 struct mgmt_cp_set_device_id
*cp
= data
;
2562 BT_DBG("%s", hdev
->name
);
2564 source
= __le16_to_cpu(cp
->source
);
2566 if (source
> 0x0002)
2567 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEVICE_ID
,
2568 MGMT_STATUS_INVALID_PARAMS
);
2572 hdev
->devid_source
= source
;
2573 hdev
->devid_vendor
= __le16_to_cpu(cp
->vendor
);
2574 hdev
->devid_product
= __le16_to_cpu(cp
->product
);
2575 hdev
->devid_version
= __le16_to_cpu(cp
->version
);
2577 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEVICE_ID
, 0, NULL
, 0);
2581 hci_dev_unlock(hdev
);
2586 static int set_fast_connectable(struct sock
*sk
, struct hci_dev
*hdev
,
2587 void *data
, u16 len
)
2589 struct mgmt_mode
*cp
= data
;
2590 struct hci_cp_write_page_scan_activity acp
;
2594 BT_DBG("%s", hdev
->name
);
2596 if (!hdev_is_powered(hdev
))
2597 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2598 MGMT_STATUS_NOT_POWERED
);
2600 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2601 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2602 MGMT_STATUS_REJECTED
);
2607 type
= PAGE_SCAN_TYPE_INTERLACED
;
2609 /* 160 msec page scan interval */
2610 acp
.interval
= __constant_cpu_to_le16(0x0100);
2612 type
= PAGE_SCAN_TYPE_STANDARD
; /* default */
2614 /* default 1.28 sec page scan */
2615 acp
.interval
= __constant_cpu_to_le16(0x0800);
2618 /* default 11.25 msec page scan window */
2619 acp
.window
= __constant_cpu_to_le16(0x0012);
2621 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY
, sizeof(acp
),
2624 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2625 MGMT_STATUS_FAILED
);
2629 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_PAGE_SCAN_TYPE
, 1, &type
);
2631 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2632 MGMT_STATUS_FAILED
);
2636 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
, 0,
2639 hci_dev_unlock(hdev
);
2643 static int load_long_term_keys(struct sock
*sk
, struct hci_dev
*hdev
,
2644 void *cp_data
, u16 len
)
2646 struct mgmt_cp_load_long_term_keys
*cp
= cp_data
;
2647 u16 key_count
, expected_len
;
2650 key_count
= __le16_to_cpu(cp
->key_count
);
2652 expected_len
= sizeof(*cp
) + key_count
*
2653 sizeof(struct mgmt_ltk_info
);
2654 if (expected_len
!= len
) {
2655 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2657 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
,
2661 BT_DBG("%s key_count %u", hdev
->name
, key_count
);
2665 hci_smp_ltks_clear(hdev
);
2667 for (i
= 0; i
< key_count
; i
++) {
2668 struct mgmt_ltk_info
*key
= &cp
->keys
[i
];
2674 type
= HCI_SMP_LTK_SLAVE
;
2676 hci_add_ltk(hdev
, &key
->addr
.bdaddr
,
2677 bdaddr_to_le(key
->addr
.type
),
2678 type
, 0, key
->authenticated
, key
->val
,
2679 key
->enc_size
, key
->ediv
, key
->rand
);
2682 hci_dev_unlock(hdev
);
2687 static const struct mgmt_handler
{
2688 int (*func
) (struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2692 } mgmt_handlers
[] = {
2693 { NULL
}, /* 0x0000 (no command) */
2694 { read_version
, false, MGMT_READ_VERSION_SIZE
},
2695 { read_commands
, false, MGMT_READ_COMMANDS_SIZE
},
2696 { read_index_list
, false, MGMT_READ_INDEX_LIST_SIZE
},
2697 { read_controller_info
, false, MGMT_READ_INFO_SIZE
},
2698 { set_powered
, false, MGMT_SETTING_SIZE
},
2699 { set_discoverable
, false, MGMT_SET_DISCOVERABLE_SIZE
},
2700 { set_connectable
, false, MGMT_SETTING_SIZE
},
2701 { set_fast_connectable
, false, MGMT_SETTING_SIZE
},
2702 { set_pairable
, false, MGMT_SETTING_SIZE
},
2703 { set_link_security
, false, MGMT_SETTING_SIZE
},
2704 { set_ssp
, false, MGMT_SETTING_SIZE
},
2705 { set_hs
, false, MGMT_SETTING_SIZE
},
2706 { set_le
, false, MGMT_SETTING_SIZE
},
2707 { set_dev_class
, false, MGMT_SET_DEV_CLASS_SIZE
},
2708 { set_local_name
, false, MGMT_SET_LOCAL_NAME_SIZE
},
2709 { add_uuid
, false, MGMT_ADD_UUID_SIZE
},
2710 { remove_uuid
, false, MGMT_REMOVE_UUID_SIZE
},
2711 { load_link_keys
, true, MGMT_LOAD_LINK_KEYS_SIZE
},
2712 { load_long_term_keys
, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE
},
2713 { disconnect
, false, MGMT_DISCONNECT_SIZE
},
2714 { get_connections
, false, MGMT_GET_CONNECTIONS_SIZE
},
2715 { pin_code_reply
, false, MGMT_PIN_CODE_REPLY_SIZE
},
2716 { pin_code_neg_reply
, false, MGMT_PIN_CODE_NEG_REPLY_SIZE
},
2717 { set_io_capability
, false, MGMT_SET_IO_CAPABILITY_SIZE
},
2718 { pair_device
, false, MGMT_PAIR_DEVICE_SIZE
},
2719 { cancel_pair_device
, false, MGMT_CANCEL_PAIR_DEVICE_SIZE
},
2720 { unpair_device
, false, MGMT_UNPAIR_DEVICE_SIZE
},
2721 { user_confirm_reply
, false, MGMT_USER_CONFIRM_REPLY_SIZE
},
2722 { user_confirm_neg_reply
, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE
},
2723 { user_passkey_reply
, false, MGMT_USER_PASSKEY_REPLY_SIZE
},
2724 { user_passkey_neg_reply
, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE
},
2725 { read_local_oob_data
, false, MGMT_READ_LOCAL_OOB_DATA_SIZE
},
2726 { add_remote_oob_data
, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE
},
2727 { remove_remote_oob_data
, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE
},
2728 { start_discovery
, false, MGMT_START_DISCOVERY_SIZE
},
2729 { stop_discovery
, false, MGMT_STOP_DISCOVERY_SIZE
},
2730 { confirm_name
, false, MGMT_CONFIRM_NAME_SIZE
},
2731 { block_device
, false, MGMT_BLOCK_DEVICE_SIZE
},
2732 { unblock_device
, false, MGMT_UNBLOCK_DEVICE_SIZE
},
2733 { set_device_id
, false, MGMT_SET_DEVICE_ID_SIZE
},
2737 int mgmt_control(struct sock
*sk
, struct msghdr
*msg
, size_t msglen
)
2741 struct mgmt_hdr
*hdr
;
2742 u16 opcode
, index
, len
;
2743 struct hci_dev
*hdev
= NULL
;
2744 const struct mgmt_handler
*handler
;
2747 BT_DBG("got %zu bytes", msglen
);
2749 if (msglen
< sizeof(*hdr
))
2752 buf
= kmalloc(msglen
, GFP_KERNEL
);
2756 if (memcpy_fromiovec(buf
, msg
->msg_iov
, msglen
)) {
2762 opcode
= __le16_to_cpu(hdr
->opcode
);
2763 index
= __le16_to_cpu(hdr
->index
);
2764 len
= __le16_to_cpu(hdr
->len
);
2766 if (len
!= msglen
- sizeof(*hdr
)) {
2771 if (index
!= MGMT_INDEX_NONE
) {
2772 hdev
= hci_dev_get(index
);
2774 err
= cmd_status(sk
, index
, opcode
,
2775 MGMT_STATUS_INVALID_INDEX
);
2780 if (opcode
>= ARRAY_SIZE(mgmt_handlers
) ||
2781 mgmt_handlers
[opcode
].func
== NULL
) {
2782 BT_DBG("Unknown op %u", opcode
);
2783 err
= cmd_status(sk
, index
, opcode
,
2784 MGMT_STATUS_UNKNOWN_COMMAND
);
2788 if ((hdev
&& opcode
< MGMT_OP_READ_INFO
) ||
2789 (!hdev
&& opcode
>= MGMT_OP_READ_INFO
)) {
2790 err
= cmd_status(sk
, index
, opcode
,
2791 MGMT_STATUS_INVALID_INDEX
);
2795 handler
= &mgmt_handlers
[opcode
];
2797 if ((handler
->var_len
&& len
< handler
->data_len
) ||
2798 (!handler
->var_len
&& len
!= handler
->data_len
)) {
2799 err
= cmd_status(sk
, index
, opcode
,
2800 MGMT_STATUS_INVALID_PARAMS
);
2805 mgmt_init_hdev(sk
, hdev
);
2807 cp
= buf
+ sizeof(*hdr
);
2809 err
= handler
->func(sk
, hdev
, cp
, len
);
2823 static void cmd_status_rsp(struct pending_cmd
*cmd
, void *data
)
2827 cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, *status
);
2828 mgmt_pending_remove(cmd
);
2831 int mgmt_index_added(struct hci_dev
*hdev
)
2833 if (!mgmt_valid_hdev(hdev
))
2836 return mgmt_event(MGMT_EV_INDEX_ADDED
, hdev
, NULL
, 0, NULL
);
2839 int mgmt_index_removed(struct hci_dev
*hdev
)
2841 u8 status
= MGMT_STATUS_INVALID_INDEX
;
2843 if (!mgmt_valid_hdev(hdev
))
2846 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status
);
2848 return mgmt_event(MGMT_EV_INDEX_REMOVED
, hdev
, NULL
, 0, NULL
);
2853 struct hci_dev
*hdev
;
2857 static void settings_rsp(struct pending_cmd
*cmd
, void *data
)
2859 struct cmd_lookup
*match
= data
;
2861 send_settings_rsp(cmd
->sk
, cmd
->opcode
, match
->hdev
);
2863 list_del(&cmd
->list
);
2865 if (match
->sk
== NULL
) {
2866 match
->sk
= cmd
->sk
;
2867 sock_hold(match
->sk
);
2870 mgmt_pending_free(cmd
);
2873 int mgmt_powered(struct hci_dev
*hdev
, u8 powered
)
2875 struct cmd_lookup match
= { NULL
, hdev
};
2878 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
2881 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
, &match
);
2886 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2888 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
2889 scan
|= SCAN_INQUIRY
;
2892 hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
2895 update_name(hdev
, hdev
->dev_name
);
2898 u8 status
= MGMT_STATUS_NOT_POWERED
;
2899 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status
);
2902 err
= new_settings(hdev
, match
.sk
);
2910 int mgmt_discoverable(struct hci_dev
*hdev
, u8 discoverable
)
2912 struct cmd_lookup match
= { NULL
, hdev
};
2913 bool changed
= false;
2917 if (!test_and_set_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
2920 if (test_and_clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
2924 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE
, hdev
, settings_rsp
,
2928 err
= new_settings(hdev
, match
.sk
);
2936 int mgmt_connectable(struct hci_dev
*hdev
, u8 connectable
)
2938 struct cmd_lookup match
= { NULL
, hdev
};
2939 bool changed
= false;
2943 if (!test_and_set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2946 if (test_and_clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2950 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE
, hdev
, settings_rsp
,
2954 err
= new_settings(hdev
, match
.sk
);
2962 int mgmt_write_scan_failed(struct hci_dev
*hdev
, u8 scan
, u8 status
)
2964 u8 mgmt_err
= mgmt_status(status
);
2966 if (scan
& SCAN_PAGE
)
2967 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE
, hdev
,
2968 cmd_status_rsp
, &mgmt_err
);
2970 if (scan
& SCAN_INQUIRY
)
2971 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE
, hdev
,
2972 cmd_status_rsp
, &mgmt_err
);
2977 int mgmt_new_link_key(struct hci_dev
*hdev
, struct link_key
*key
,
2980 struct mgmt_ev_new_link_key ev
;
2982 memset(&ev
, 0, sizeof(ev
));
2984 ev
.store_hint
= persistent
;
2985 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
2986 ev
.key
.addr
.type
= BDADDR_BREDR
;
2987 ev
.key
.type
= key
->type
;
2988 memcpy(ev
.key
.val
, key
->val
, HCI_LINK_KEY_SIZE
);
2989 ev
.key
.pin_len
= key
->pin_len
;
2991 return mgmt_event(MGMT_EV_NEW_LINK_KEY
, hdev
, &ev
, sizeof(ev
), NULL
);
2994 int mgmt_new_ltk(struct hci_dev
*hdev
, struct smp_ltk
*key
, u8 persistent
)
2996 struct mgmt_ev_new_long_term_key ev
;
2998 memset(&ev
, 0, sizeof(ev
));
3000 ev
.store_hint
= persistent
;
3001 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
3002 ev
.key
.addr
.type
= link_to_bdaddr(LE_LINK
, key
->bdaddr_type
);
3003 ev
.key
.authenticated
= key
->authenticated
;
3004 ev
.key
.enc_size
= key
->enc_size
;
3005 ev
.key
.ediv
= key
->ediv
;
3007 if (key
->type
== HCI_SMP_LTK
)
3010 memcpy(ev
.key
.rand
, key
->rand
, sizeof(key
->rand
));
3011 memcpy(ev
.key
.val
, key
->val
, sizeof(key
->val
));
3013 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY
, hdev
, &ev
, sizeof(ev
),
3017 int mgmt_device_connected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3018 u8 addr_type
, u32 flags
, u8
*name
, u8 name_len
,
3022 struct mgmt_ev_device_connected
*ev
= (void *) buf
;
3025 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
3026 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3028 ev
->flags
= __cpu_to_le32(flags
);
3031 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
,
3034 if (dev_class
&& memcmp(dev_class
, "\0\0\0", 3) != 0)
3035 eir_len
= eir_append_data(ev
->eir
, eir_len
,
3036 EIR_CLASS_OF_DEV
, dev_class
, 3);
3038 ev
->eir_len
= cpu_to_le16(eir_len
);
3040 return mgmt_event(MGMT_EV_DEVICE_CONNECTED
, hdev
, buf
,
3041 sizeof(*ev
) + eir_len
, NULL
);
3044 static void disconnect_rsp(struct pending_cmd
*cmd
, void *data
)
3046 struct mgmt_cp_disconnect
*cp
= cmd
->param
;
3047 struct sock
**sk
= data
;
3048 struct mgmt_rp_disconnect rp
;
3050 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
3051 rp
.addr
.type
= cp
->addr
.type
;
3053 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
, 0, &rp
,
3059 mgmt_pending_remove(cmd
);
3062 static void unpair_device_rsp(struct pending_cmd
*cmd
, void *data
)
3064 struct hci_dev
*hdev
= data
;
3065 struct mgmt_cp_unpair_device
*cp
= cmd
->param
;
3066 struct mgmt_rp_unpair_device rp
;
3068 memset(&rp
, 0, sizeof(rp
));
3069 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
3070 rp
.addr
.type
= cp
->addr
.type
;
3072 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, cmd
->sk
);
3074 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, 0, &rp
, sizeof(rp
));
3076 mgmt_pending_remove(cmd
);
3079 int mgmt_device_disconnected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3080 u8 link_type
, u8 addr_type
)
3082 struct mgmt_addr_info ev
;
3083 struct sock
*sk
= NULL
;
3086 mgmt_pending_foreach(MGMT_OP_DISCONNECT
, hdev
, disconnect_rsp
, &sk
);
3088 bacpy(&ev
.bdaddr
, bdaddr
);
3089 ev
.type
= link_to_bdaddr(link_type
, addr_type
);
3091 err
= mgmt_event(MGMT_EV_DEVICE_DISCONNECTED
, hdev
, &ev
, sizeof(ev
),
3097 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
3103 int mgmt_disconnect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3104 u8 link_type
, u8 addr_type
, u8 status
)
3106 struct mgmt_rp_disconnect rp
;
3107 struct pending_cmd
*cmd
;
3110 cmd
= mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
);
3114 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3115 rp
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3117 err
= cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
,
3118 mgmt_status(status
), &rp
, sizeof(rp
));
3120 mgmt_pending_remove(cmd
);
3122 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
3127 int mgmt_connect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3128 u8 addr_type
, u8 status
)
3130 struct mgmt_ev_connect_failed ev
;
3132 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3133 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3134 ev
.status
= mgmt_status(status
);
3136 return mgmt_event(MGMT_EV_CONNECT_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
3139 int mgmt_pin_code_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 secure
)
3141 struct mgmt_ev_pin_code_request ev
;
3143 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3144 ev
.addr
.type
= BDADDR_BREDR
;
3147 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST
, hdev
, &ev
, sizeof(ev
),
3151 int mgmt_pin_code_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3154 struct pending_cmd
*cmd
;
3155 struct mgmt_rp_pin_code_reply rp
;
3158 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY
, hdev
);
3162 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3163 rp
.addr
.type
= BDADDR_BREDR
;
3165 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
3166 mgmt_status(status
), &rp
, sizeof(rp
));
3168 mgmt_pending_remove(cmd
);
3173 int mgmt_pin_code_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3176 struct pending_cmd
*cmd
;
3177 struct mgmt_rp_pin_code_reply rp
;
3180 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
);
3184 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3185 rp
.addr
.type
= BDADDR_BREDR
;
3187 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_NEG_REPLY
,
3188 mgmt_status(status
), &rp
, sizeof(rp
));
3190 mgmt_pending_remove(cmd
);
3195 int mgmt_user_confirm_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3196 u8 link_type
, u8 addr_type
, __le32 value
,
3199 struct mgmt_ev_user_confirm_request ev
;
3201 BT_DBG("%s", hdev
->name
);
3203 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3204 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3205 ev
.confirm_hint
= confirm_hint
;
3208 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST
, hdev
, &ev
, sizeof(ev
),
3212 int mgmt_user_passkey_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3213 u8 link_type
, u8 addr_type
)
3215 struct mgmt_ev_user_passkey_request ev
;
3217 BT_DBG("%s", hdev
->name
);
3219 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3220 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3222 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST
, hdev
, &ev
, sizeof(ev
),
3226 static int user_pairing_resp_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3227 u8 link_type
, u8 addr_type
, u8 status
,
3230 struct pending_cmd
*cmd
;
3231 struct mgmt_rp_user_confirm_reply rp
;
3234 cmd
= mgmt_pending_find(opcode
, hdev
);
3238 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3239 rp
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3240 err
= cmd_complete(cmd
->sk
, hdev
->id
, opcode
, mgmt_status(status
),
3243 mgmt_pending_remove(cmd
);
3248 int mgmt_user_confirm_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3249 u8 link_type
, u8 addr_type
, u8 status
)
3251 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3252 status
, MGMT_OP_USER_CONFIRM_REPLY
);
3255 int mgmt_user_confirm_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3256 u8 link_type
, u8 addr_type
, u8 status
)
3258 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3260 MGMT_OP_USER_CONFIRM_NEG_REPLY
);
3263 int mgmt_user_passkey_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3264 u8 link_type
, u8 addr_type
, u8 status
)
3266 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3267 status
, MGMT_OP_USER_PASSKEY_REPLY
);
3270 int mgmt_user_passkey_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3271 u8 link_type
, u8 addr_type
, u8 status
)
3273 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3275 MGMT_OP_USER_PASSKEY_NEG_REPLY
);
3278 int mgmt_auth_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3279 u8 addr_type
, u8 status
)
3281 struct mgmt_ev_auth_failed ev
;
3283 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3284 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3285 ev
.status
= mgmt_status(status
);
3287 return mgmt_event(MGMT_EV_AUTH_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
3290 int mgmt_auth_enable_complete(struct hci_dev
*hdev
, u8 status
)
3292 struct cmd_lookup match
= { NULL
, hdev
};
3293 bool changed
= false;
3297 u8 mgmt_err
= mgmt_status(status
);
3298 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
,
3299 cmd_status_rsp
, &mgmt_err
);
3303 if (test_bit(HCI_AUTH
, &hdev
->flags
)) {
3304 if (!test_and_set_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
3307 if (test_and_clear_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
3311 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
, settings_rsp
,
3315 err
= new_settings(hdev
, match
.sk
);
3323 static int clear_eir(struct hci_dev
*hdev
)
3325 struct hci_cp_write_eir cp
;
3327 if (!(hdev
->features
[6] & LMP_EXT_INQ
))
3330 memset(hdev
->eir
, 0, sizeof(hdev
->eir
));
3332 memset(&cp
, 0, sizeof(cp
));
3334 return hci_send_cmd(hdev
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
3337 int mgmt_ssp_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
3339 struct cmd_lookup match
= { NULL
, hdev
};
3340 bool changed
= false;
3344 u8 mgmt_err
= mgmt_status(status
);
3346 if (enable
&& test_and_clear_bit(HCI_SSP_ENABLED
,
3348 err
= new_settings(hdev
, NULL
);
3350 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, cmd_status_rsp
,
3357 if (!test_and_set_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3360 if (test_and_clear_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3364 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, settings_rsp
, &match
);
3367 err
= new_settings(hdev
, match
.sk
);
3372 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3380 static void class_rsp(struct pending_cmd
*cmd
, void *data
)
3382 struct cmd_lookup
*match
= data
;
3384 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, match
->mgmt_status
,
3385 match
->hdev
->dev_class
, 3);
3387 list_del(&cmd
->list
);
3389 if (match
->sk
== NULL
) {
3390 match
->sk
= cmd
->sk
;
3391 sock_hold(match
->sk
);
3394 mgmt_pending_free(cmd
);
3397 int mgmt_set_class_of_dev_complete(struct hci_dev
*hdev
, u8
*dev_class
,
3400 struct cmd_lookup match
= { NULL
, hdev
, mgmt_status(status
) };
3403 clear_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
);
3405 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS
, hdev
, class_rsp
, &match
);
3406 mgmt_pending_foreach(MGMT_OP_ADD_UUID
, hdev
, class_rsp
, &match
);
3407 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID
, hdev
, class_rsp
, &match
);
3410 err
= mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED
, hdev
, dev_class
,
3419 int mgmt_set_local_name_complete(struct hci_dev
*hdev
, u8
*name
, u8 status
)
3421 struct pending_cmd
*cmd
;
3422 struct mgmt_cp_set_local_name ev
;
3423 bool changed
= false;
3426 if (memcmp(name
, hdev
->dev_name
, sizeof(hdev
->dev_name
)) != 0) {
3427 memcpy(hdev
->dev_name
, name
, sizeof(hdev
->dev_name
));
3431 memset(&ev
, 0, sizeof(ev
));
3432 memcpy(ev
.name
, name
, HCI_MAX_NAME_LENGTH
);
3433 memcpy(ev
.short_name
, hdev
->short_name
, HCI_MAX_SHORT_NAME_LENGTH
);
3435 cmd
= mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME
, hdev
);
3439 /* Always assume that either the short or the complete name has
3440 * changed if there was a pending mgmt command */
3444 err
= cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
,
3445 mgmt_status(status
));
3449 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0, &ev
,
3456 err
= mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, &ev
,
3457 sizeof(ev
), cmd
? cmd
->sk
: NULL
);
3463 mgmt_pending_remove(cmd
);
3467 int mgmt_read_local_oob_data_reply_complete(struct hci_dev
*hdev
, u8
*hash
,
3468 u8
*randomizer
, u8 status
)
3470 struct pending_cmd
*cmd
;
3473 BT_DBG("%s status %u", hdev
->name
, status
);
3475 cmd
= mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
);
3480 err
= cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
3481 mgmt_status(status
));
3483 struct mgmt_rp_read_local_oob_data rp
;
3485 memcpy(rp
.hash
, hash
, sizeof(rp
.hash
));
3486 memcpy(rp
.randomizer
, randomizer
, sizeof(rp
.randomizer
));
3488 err
= cmd_complete(cmd
->sk
, hdev
->id
,
3489 MGMT_OP_READ_LOCAL_OOB_DATA
, 0, &rp
,
3493 mgmt_pending_remove(cmd
);
3498 int mgmt_le_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
3500 struct cmd_lookup match
= { NULL
, hdev
};
3501 bool changed
= false;
3505 u8 mgmt_err
= mgmt_status(status
);
3507 if (enable
&& test_and_clear_bit(HCI_LE_ENABLED
,
3509 err
= new_settings(hdev
, NULL
);
3511 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, cmd_status_rsp
,
3518 if (!test_and_set_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
3521 if (test_and_clear_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
3525 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, settings_rsp
, &match
);
3528 err
= new_settings(hdev
, match
.sk
);
3536 int mgmt_device_found(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3537 u8 addr_type
, u8
*dev_class
, s8 rssi
, u8 cfm_name
, u8
3538 ssp
, u8
*eir
, u16 eir_len
)
3541 struct mgmt_ev_device_found
*ev
= (void *) buf
;
3544 /* Leave 5 bytes for a potential CoD field */
3545 if (sizeof(*ev
) + eir_len
+ 5 > sizeof(buf
))
3548 memset(buf
, 0, sizeof(buf
));
3550 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
3551 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3554 ev
->flags
|= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME
);
3556 ev
->flags
|= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING
);
3559 memcpy(ev
->eir
, eir
, eir_len
);
3561 if (dev_class
&& !eir_has_data_type(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
))
3562 eir_len
= eir_append_data(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
,
3565 ev
->eir_len
= cpu_to_le16(eir_len
);
3566 ev_size
= sizeof(*ev
) + eir_len
;
3568 return mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
, ev_size
, NULL
);
3571 int mgmt_remote_name(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3572 u8 addr_type
, s8 rssi
, u8
*name
, u8 name_len
)
3574 struct mgmt_ev_device_found
*ev
;
3575 char buf
[sizeof(*ev
) + HCI_MAX_NAME_LENGTH
+ 2];
3578 ev
= (struct mgmt_ev_device_found
*) buf
;
3580 memset(buf
, 0, sizeof(buf
));
3582 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
3583 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3586 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
, name
,
3589 ev
->eir_len
= cpu_to_le16(eir_len
);
3591 return mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
,
3592 sizeof(*ev
) + eir_len
, NULL
);
3595 int mgmt_start_discovery_failed(struct hci_dev
*hdev
, u8 status
)
3597 struct pending_cmd
*cmd
;
3601 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
3603 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
3607 type
= hdev
->discovery
.type
;
3609 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
3610 &type
, sizeof(type
));
3611 mgmt_pending_remove(cmd
);
3616 int mgmt_stop_discovery_failed(struct hci_dev
*hdev
, u8 status
)
3618 struct pending_cmd
*cmd
;
3621 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
3625 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
3626 &hdev
->discovery
.type
, sizeof(hdev
->discovery
.type
));
3627 mgmt_pending_remove(cmd
);
3632 int mgmt_discovering(struct hci_dev
*hdev
, u8 discovering
)
3634 struct mgmt_ev_discovering ev
;
3635 struct pending_cmd
*cmd
;
3637 BT_DBG("%s discovering %u", hdev
->name
, discovering
);
3640 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
3642 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
3645 u8 type
= hdev
->discovery
.type
;
3647 cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, 0, &type
,
3649 mgmt_pending_remove(cmd
);
3652 memset(&ev
, 0, sizeof(ev
));
3653 ev
.type
= hdev
->discovery
.type
;
3654 ev
.discovering
= discovering
;
3656 return mgmt_event(MGMT_EV_DISCOVERING
, hdev
, &ev
, sizeof(ev
), NULL
);
3659 int mgmt_device_blocked(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
3661 struct pending_cmd
*cmd
;
3662 struct mgmt_ev_device_blocked ev
;
3664 cmd
= mgmt_pending_find(MGMT_OP_BLOCK_DEVICE
, hdev
);
3666 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3667 ev
.addr
.type
= type
;
3669 return mgmt_event(MGMT_EV_DEVICE_BLOCKED
, hdev
, &ev
, sizeof(ev
),
3670 cmd
? cmd
->sk
: NULL
);
3673 int mgmt_device_unblocked(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
3675 struct pending_cmd
*cmd
;
3676 struct mgmt_ev_device_unblocked ev
;
3678 cmd
= mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE
, hdev
);
3680 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3681 ev
.addr
.type
= type
;
3683 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED
, hdev
, &ev
, sizeof(ev
),
3684 cmd
? cmd
->sk
: NULL
);
3687 module_param(enable_hs
, bool, 0644);
3688 MODULE_PARM_DESC(enable_hs
, "Enable High Speed support");