2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/kernel.h>
28 #include <linux/uaccess.h>
29 #include <linux/module.h>
30 #include <asm/unaligned.h>
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/mgmt.h>
35 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 0
38 #define MGMT_REVISION 1
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_UNBLOCK_DEVICE,
80 static const u16 mgmt_events[] = {
81 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_CLASS_OF_DEV_CHANGED,
86 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LONG_TERM_KEY,
89 MGMT_EV_DEVICE_CONNECTED,
90 MGMT_EV_DEVICE_DISCONNECTED,
91 MGMT_EV_CONNECT_FAILED,
92 MGMT_EV_PIN_CODE_REQUEST,
93 MGMT_EV_USER_CONFIRM_REQUEST,
94 MGMT_EV_USER_PASSKEY_REQUEST,
98 MGMT_EV_DEVICE_BLOCKED,
99 MGMT_EV_DEVICE_UNBLOCKED,
100 MGMT_EV_DEVICE_UNPAIRED,
104 * These LE scan and inquiry parameters were chosen according to LE General
105 * Discovery Procedure specification.
107 #define LE_SCAN_TYPE 0x01
108 #define LE_SCAN_WIN 0x12
109 #define LE_SCAN_INT 0x12
110 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
111 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
113 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
114 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
116 #define SERVICE_CACHE_TIMEOUT (5 * 1000)
119 struct list_head list;
127 /* HCI to MGMT error code conversion table */
128 static u8 mgmt_status_table[] = {
130 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
131 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
132 MGMT_STATUS_FAILED, /* Hardware Failure */
133 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
134 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
135 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
136 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
137 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
138 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
139 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
140 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
141 MGMT_STATUS_BUSY, /* Command Disallowed */
142 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
143 MGMT_STATUS_REJECTED, /* Rejected Security */
144 MGMT_STATUS_REJECTED, /* Rejected Personal */
145 MGMT_STATUS_TIMEOUT, /* Host Timeout */
146 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
147 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
148 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
149 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
150 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
151 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
152 MGMT_STATUS_BUSY, /* Repeated Attempts */
153 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
154 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
155 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
156 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
157 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
158 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
159 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
160 MGMT_STATUS_FAILED, /* Unspecified Error */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
162 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
163 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
164 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
165 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
166 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
167 MGMT_STATUS_FAILED, /* Unit Link Key Used */
168 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
169 MGMT_STATUS_TIMEOUT, /* Instant Passed */
170 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
171 MGMT_STATUS_FAILED, /* Transaction Collision */
172 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
173 MGMT_STATUS_REJECTED, /* QoS Rejected */
174 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
175 MGMT_STATUS_REJECTED, /* Insufficient Security */
176 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
177 MGMT_STATUS_BUSY, /* Role Switch Pending */
178 MGMT_STATUS_FAILED, /* Slot Violation */
179 MGMT_STATUS_FAILED, /* Role Switch Failed */
180 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
181 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
182 MGMT_STATUS_BUSY, /* Host Busy Pairing */
183 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
184 MGMT_STATUS_BUSY, /* Controller Busy */
185 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
186 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
187 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
188 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
189 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
192 static u8 mgmt_status(u8 hci_status)
194 if (hci_status < ARRAY_SIZE(mgmt_status_table))
195 return mgmt_status_table[hci_status];
197 return MGMT_STATUS_FAILED;
200 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
203 struct mgmt_hdr *hdr;
204 struct mgmt_ev_cmd_status *ev;
207 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
209 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
213 hdr = (void *) skb_put(skb, sizeof(*hdr));
215 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
216 hdr->index = cpu_to_le16(index);
217 hdr->len = cpu_to_le16(sizeof(*ev));
219 ev = (void *) skb_put(skb, sizeof(*ev));
221 put_unaligned_le16(cmd, &ev->opcode);
223 err = sock_queue_rcv_skb(sk, skb);
230 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
231 void *rp, size_t rp_len)
234 struct mgmt_hdr *hdr;
235 struct mgmt_ev_cmd_complete *ev;
238 BT_DBG("sock %p", sk);
240 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
244 hdr = (void *) skb_put(skb, sizeof(*hdr));
246 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
247 hdr->index = cpu_to_le16(index);
248 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
250 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
251 put_unaligned_le16(cmd, &ev->opcode);
255 memcpy(ev->data, rp, rp_len);
257 err = sock_queue_rcv_skb(sk, skb);
264 static int read_version(struct sock *sk)
266 struct mgmt_rp_read_version rp;
268 BT_DBG("sock %p", sk);
270 rp.version = MGMT_VERSION;
271 put_unaligned_le16(MGMT_REVISION, &rp.revision);
273 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
277 static int read_commands(struct sock *sk)
279 struct mgmt_rp_read_commands *rp;
280 u16 num_commands = ARRAY_SIZE(mgmt_commands);
281 u16 num_events = ARRAY_SIZE(mgmt_events);
286 BT_DBG("sock %p", sk);
288 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
290 rp = kmalloc(rp_size, GFP_KERNEL);
294 put_unaligned_le16(num_commands, &rp->num_commands);
295 put_unaligned_le16(num_events, &rp->num_events);
297 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
298 put_unaligned_le16(mgmt_commands[i], opcode);
300 for (i = 0; i < num_events; i++, opcode++)
301 put_unaligned_le16(mgmt_events[i], opcode);
303 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
310 static int read_index_list(struct sock *sk)
312 struct mgmt_rp_read_index_list *rp;
319 BT_DBG("sock %p", sk);
321 read_lock(&hci_dev_list_lock);
324 list_for_each(p, &hci_dev_list) {
328 rp_len = sizeof(*rp) + (2 * count);
329 rp = kmalloc(rp_len, GFP_ATOMIC);
331 read_unlock(&hci_dev_list_lock);
335 put_unaligned_le16(count, &rp->num_controllers);
338 list_for_each_entry(d, &hci_dev_list, list) {
339 if (test_and_clear_bit(HCI_AUTO_OFF, &d->dev_flags))
340 cancel_delayed_work(&d->power_off);
342 if (test_bit(HCI_SETUP, &d->dev_flags))
345 put_unaligned_le16(d->id, &rp->index[i++]);
346 BT_DBG("Added hci%u", d->id);
349 read_unlock(&hci_dev_list_lock);
351 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
359 static u32 get_supported_settings(struct hci_dev *hdev)
363 settings |= MGMT_SETTING_POWERED;
364 settings |= MGMT_SETTING_CONNECTABLE;
365 settings |= MGMT_SETTING_FAST_CONNECTABLE;
366 settings |= MGMT_SETTING_DISCOVERABLE;
367 settings |= MGMT_SETTING_PAIRABLE;
369 if (hdev->features[6] & LMP_SIMPLE_PAIR)
370 settings |= MGMT_SETTING_SSP;
372 if (!(hdev->features[4] & LMP_NO_BREDR)) {
373 settings |= MGMT_SETTING_BREDR;
374 settings |= MGMT_SETTING_LINK_SECURITY;
377 if (hdev->features[4] & LMP_LE)
378 settings |= MGMT_SETTING_LE;
383 static u32 get_current_settings(struct hci_dev *hdev)
387 if (test_bit(HCI_UP, &hdev->flags))
388 settings |= MGMT_SETTING_POWERED;
392 if (test_bit(HCI_PSCAN, &hdev->flags))
393 settings |= MGMT_SETTING_CONNECTABLE;
395 if (test_bit(HCI_ISCAN, &hdev->flags))
396 settings |= MGMT_SETTING_DISCOVERABLE;
398 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
399 settings |= MGMT_SETTING_PAIRABLE;
401 if (!(hdev->features[4] & LMP_NO_BREDR))
402 settings |= MGMT_SETTING_BREDR;
404 if (hdev->host_features[0] & LMP_HOST_LE)
405 settings |= MGMT_SETTING_LE;
407 if (test_bit(HCI_AUTH, &hdev->flags))
408 settings |= MGMT_SETTING_LINK_SECURITY;
410 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
411 settings |= MGMT_SETTING_SSP;
416 #define PNP_INFO_SVCLASS_ID 0x1200
418 static u8 bluetooth_base_uuid[] = {
419 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
420 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
423 static u16 get_uuid16(u8 *uuid128)
428 for (i = 0; i < 12; i++) {
429 if (bluetooth_base_uuid[i] != uuid128[i])
433 memcpy(&val, &uuid128[12], 4);
435 val = le32_to_cpu(val);
442 static void create_eir(struct hci_dev *hdev, u8 *data)
446 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
447 int i, truncated = 0;
448 struct bt_uuid *uuid;
451 name_len = strlen(hdev->dev_name);
457 ptr[1] = EIR_NAME_SHORT;
459 ptr[1] = EIR_NAME_COMPLETE;
461 /* EIR Data length */
462 ptr[0] = name_len + 1;
464 memcpy(ptr + 2, hdev->dev_name, name_len);
466 eir_len += (name_len + 2);
467 ptr += (name_len + 2);
470 memset(uuid16_list, 0, sizeof(uuid16_list));
472 /* Group all UUID16 types */
473 list_for_each_entry(uuid, &hdev->uuids, list) {
476 uuid16 = get_uuid16(uuid->uuid);
483 if (uuid16 == PNP_INFO_SVCLASS_ID)
486 /* Stop if not enough space to put next UUID */
487 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
492 /* Check for duplicates */
493 for (i = 0; uuid16_list[i] != 0; i++)
494 if (uuid16_list[i] == uuid16)
497 if (uuid16_list[i] == 0) {
498 uuid16_list[i] = uuid16;
499 eir_len += sizeof(u16);
503 if (uuid16_list[0] != 0) {
507 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
512 for (i = 0; uuid16_list[i] != 0; i++) {
513 *ptr++ = (uuid16_list[i] & 0x00ff);
514 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
517 /* EIR Data length */
518 *length = (i * sizeof(u16)) + 1;
522 static int update_eir(struct hci_dev *hdev)
524 struct hci_cp_write_eir cp;
526 if (!(hdev->features[6] & LMP_EXT_INQ))
529 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
532 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
535 memset(&cp, 0, sizeof(cp));
537 create_eir(hdev, cp.data);
539 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
542 memcpy(hdev->eir, cp.data, sizeof(cp.data));
544 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
547 static u8 get_service_classes(struct hci_dev *hdev)
549 struct bt_uuid *uuid;
552 list_for_each_entry(uuid, &hdev->uuids, list)
553 val |= uuid->svc_hint;
558 static int update_class(struct hci_dev *hdev)
562 BT_DBG("%s", hdev->name);
564 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
567 cod[0] = hdev->minor_class;
568 cod[1] = hdev->major_class;
569 cod[2] = get_service_classes(hdev);
571 if (memcmp(cod, hdev->dev_class, 3) == 0)
574 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
577 static void service_cache_off(struct work_struct *work)
579 struct hci_dev *hdev = container_of(work, struct hci_dev,
582 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
590 hci_dev_unlock(hdev);
593 static void mgmt_init_hdev(struct hci_dev *hdev)
595 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
596 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
598 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
599 schedule_delayed_work(&hdev->service_cache,
600 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
603 static int read_controller_info(struct sock *sk, u16 index)
605 struct mgmt_rp_read_info rp;
606 struct hci_dev *hdev;
608 BT_DBG("sock %p hci%u", sk, index);
610 hdev = hci_dev_get(index);
612 return cmd_status(sk, index, MGMT_OP_READ_INFO,
613 MGMT_STATUS_INVALID_PARAMS);
615 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
616 cancel_delayed_work_sync(&hdev->power_off);
620 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
621 mgmt_init_hdev(hdev);
623 memset(&rp, 0, sizeof(rp));
625 bacpy(&rp.bdaddr, &hdev->bdaddr);
627 rp.version = hdev->hci_ver;
629 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
631 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
632 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
634 memcpy(rp.dev_class, hdev->dev_class, 3);
636 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
638 hci_dev_unlock(hdev);
641 return cmd_complete(sk, index, MGMT_OP_READ_INFO, 0, &rp, sizeof(rp));
644 static void mgmt_pending_free(struct pending_cmd *cmd)
651 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
652 struct hci_dev *hdev,
655 struct pending_cmd *cmd;
657 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
661 cmd->opcode = opcode;
662 cmd->index = hdev->id;
664 cmd->param = kmalloc(len, GFP_ATOMIC);
671 memcpy(cmd->param, data, len);
676 list_add(&cmd->list, &hdev->mgmt_pending);
681 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
682 void (*cb)(struct pending_cmd *cmd, void *data),
685 struct list_head *p, *n;
687 list_for_each_safe(p, n, &hdev->mgmt_pending) {
688 struct pending_cmd *cmd;
690 cmd = list_entry(p, struct pending_cmd, list);
692 if (opcode > 0 && cmd->opcode != opcode)
699 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
701 struct pending_cmd *cmd;
703 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
704 if (cmd->opcode == opcode)
711 static void mgmt_pending_remove(struct pending_cmd *cmd)
713 list_del(&cmd->list);
714 mgmt_pending_free(cmd);
717 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
719 __le32 settings = cpu_to_le32(get_current_settings(hdev));
721 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
725 static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
727 struct mgmt_mode *cp = data;
728 struct hci_dev *hdev;
729 struct pending_cmd *cmd;
732 BT_DBG("request for hci%u", index);
734 if (len != sizeof(*cp))
735 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
736 MGMT_STATUS_INVALID_PARAMS);
738 hdev = hci_dev_get(index);
740 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
741 MGMT_STATUS_INVALID_PARAMS);
745 up = test_bit(HCI_UP, &hdev->flags);
746 if ((cp->val && up) || (!cp->val && !up)) {
747 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
751 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
752 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
757 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
764 schedule_work(&hdev->power_on);
766 schedule_work(&hdev->power_off.work);
771 hci_dev_unlock(hdev);
776 static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
778 struct mgmt_cp_set_discoverable *cp = data;
779 struct hci_dev *hdev;
780 struct pending_cmd *cmd;
784 BT_DBG("request for hci%u", index);
786 if (len != sizeof(*cp))
787 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
788 MGMT_STATUS_INVALID_PARAMS);
790 hdev = hci_dev_get(index);
792 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
793 MGMT_STATUS_INVALID_PARAMS);
797 if (!test_bit(HCI_UP, &hdev->flags)) {
798 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
799 MGMT_STATUS_NOT_POWERED);
803 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
804 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
805 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
810 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
811 test_bit(HCI_PSCAN, &hdev->flags)) {
812 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
816 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
825 scan |= SCAN_INQUIRY;
827 cancel_delayed_work(&hdev->discov_off);
829 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
831 mgmt_pending_remove(cmd);
834 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
837 hci_dev_unlock(hdev);
843 static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
845 struct mgmt_mode *cp = data;
846 struct hci_dev *hdev;
847 struct pending_cmd *cmd;
851 BT_DBG("request for hci%u", index);
853 if (len != sizeof(*cp))
854 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
855 MGMT_STATUS_INVALID_PARAMS);
857 hdev = hci_dev_get(index);
859 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
860 MGMT_STATUS_INVALID_PARAMS);
864 if (!test_bit(HCI_UP, &hdev->flags)) {
865 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
866 MGMT_STATUS_NOT_POWERED);
870 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
871 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
872 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
877 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
878 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
882 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
893 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
895 mgmt_pending_remove(cmd);
898 hci_dev_unlock(hdev);
904 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
905 u16 data_len, struct sock *skip_sk)
908 struct mgmt_hdr *hdr;
910 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
914 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
916 hdr = (void *) skb_put(skb, sizeof(*hdr));
917 hdr->opcode = cpu_to_le16(event);
919 hdr->index = cpu_to_le16(hdev->id);
921 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
922 hdr->len = cpu_to_le16(data_len);
925 memcpy(skb_put(skb, data_len), data, data_len);
927 hci_send_to_sock(NULL, skb, skip_sk);
933 static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
935 struct mgmt_mode *cp = data;
936 struct hci_dev *hdev;
940 BT_DBG("request for hci%u", index);
942 if (len != sizeof(*cp))
943 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
944 MGMT_STATUS_INVALID_PARAMS);
946 hdev = hci_dev_get(index);
948 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
949 MGMT_STATUS_INVALID_PARAMS);
954 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
956 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
958 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
962 ev = cpu_to_le32(get_current_settings(hdev));
964 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
967 hci_dev_unlock(hdev);
973 static int set_link_security(struct sock *sk, u16 index, void *data, u16 len)
975 struct mgmt_mode *cp = data;
976 struct pending_cmd *cmd;
977 struct hci_dev *hdev;
981 BT_DBG("request for hci%u", index);
983 if (len != sizeof(*cp))
984 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
985 MGMT_STATUS_INVALID_PARAMS);
987 hdev = hci_dev_get(index);
989 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
990 MGMT_STATUS_INVALID_PARAMS);
994 if (!test_bit(HCI_UP, &hdev->flags)) {
995 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
996 MGMT_STATUS_NOT_POWERED);
1000 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1001 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1008 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1009 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1013 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1019 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1021 mgmt_pending_remove(cmd);
1026 hci_dev_unlock(hdev);
1032 static int set_ssp(struct sock *sk, u16 index, void *data, u16 len)
1034 struct mgmt_mode *cp = data;
1035 struct pending_cmd *cmd;
1036 struct hci_dev *hdev;
1040 BT_DBG("request for hci%u", index);
1042 if (len != sizeof(*cp))
1043 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1044 MGMT_STATUS_INVALID_PARAMS);
1046 hdev = hci_dev_get(index);
1048 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1049 MGMT_STATUS_INVALID_PARAMS);
1053 if (!test_bit(HCI_UP, &hdev->flags)) {
1054 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1055 MGMT_STATUS_NOT_POWERED);
1059 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1060 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY);
1066 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1067 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1071 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1077 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1079 mgmt_pending_remove(cmd);
1084 hci_dev_unlock(hdev);
1090 static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
1092 struct mgmt_cp_add_uuid *cp = data;
1093 struct hci_dev *hdev;
1094 struct bt_uuid *uuid;
1097 BT_DBG("request for hci%u", index);
1099 if (len != sizeof(*cp))
1100 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1101 MGMT_STATUS_INVALID_PARAMS);
1103 hdev = hci_dev_get(index);
1105 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1106 MGMT_STATUS_INVALID_PARAMS);
1110 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1116 memcpy(uuid->uuid, cp->uuid, 16);
1117 uuid->svc_hint = cp->svc_hint;
1119 list_add(&uuid->list, &hdev->uuids);
1121 err = update_class(hdev);
1125 err = update_eir(hdev);
1129 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, 0, NULL, 0);
1132 hci_dev_unlock(hdev);
1138 static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
1140 struct mgmt_cp_remove_uuid *cp = data;
1141 struct list_head *p, *n;
1142 struct hci_dev *hdev;
1143 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1146 BT_DBG("request for hci%u", index);
1148 if (len != sizeof(*cp))
1149 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1150 MGMT_STATUS_INVALID_PARAMS);
1152 hdev = hci_dev_get(index);
1154 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1155 MGMT_STATUS_INVALID_PARAMS);
1159 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1160 err = hci_uuids_clear(hdev);
1166 list_for_each_safe(p, n, &hdev->uuids) {
1167 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1169 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1172 list_del(&match->list);
1177 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1178 MGMT_STATUS_INVALID_PARAMS);
1182 err = update_class(hdev);
1186 err = update_eir(hdev);
1190 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0, NULL, 0);
1193 hci_dev_unlock(hdev);
1199 static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1201 struct hci_dev *hdev;
1202 struct mgmt_cp_set_dev_class *cp = data;
1205 BT_DBG("request for hci%u", index);
1207 if (len != sizeof(*cp))
1208 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1209 MGMT_STATUS_INVALID_PARAMS);
1211 hdev = hci_dev_get(index);
1213 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1214 MGMT_STATUS_INVALID_PARAMS);
1218 hdev->major_class = cp->major;
1219 hdev->minor_class = cp->minor;
1221 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1222 hci_dev_unlock(hdev);
1223 cancel_delayed_work_sync(&hdev->service_cache);
1228 err = update_class(hdev);
1231 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
1234 hci_dev_unlock(hdev);
1240 static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
1242 struct hci_dev *hdev;
1243 struct mgmt_cp_load_link_keys *cp = data;
1244 u16 key_count, expected_len;
1247 if (len < sizeof(*cp))
1248 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1249 MGMT_STATUS_INVALID_PARAMS);
1251 key_count = get_unaligned_le16(&cp->key_count);
1253 expected_len = sizeof(*cp) + key_count *
1254 sizeof(struct mgmt_link_key_info);
1255 if (expected_len != len) {
1256 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1258 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1259 MGMT_STATUS_INVALID_PARAMS);
1262 hdev = hci_dev_get(index);
1264 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1265 MGMT_STATUS_INVALID_PARAMS);
1267 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1272 hci_link_keys_clear(hdev);
1274 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1277 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1279 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1281 for (i = 0; i < key_count; i++) {
1282 struct mgmt_link_key_info *key = &cp->keys[i];
1284 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1285 key->type, key->pin_len);
1288 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1290 hci_dev_unlock(hdev);
1296 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1297 u8 addr_type, struct sock *skip_sk)
1299 struct mgmt_ev_device_unpaired ev;
1301 bacpy(&ev.addr.bdaddr, bdaddr);
1302 ev.addr.type = addr_type;
1304 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1308 static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
1310 struct hci_dev *hdev;
1311 struct mgmt_cp_unpair_device *cp = data;
1312 struct mgmt_rp_unpair_device rp;
1313 struct hci_cp_disconnect dc;
1314 struct pending_cmd *cmd;
1315 struct hci_conn *conn;
1319 if (len != sizeof(*cp))
1320 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1321 MGMT_STATUS_INVALID_PARAMS);
1323 hdev = hci_dev_get(index);
1325 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1326 MGMT_STATUS_INVALID_PARAMS);
1330 memset(&rp, 0, sizeof(rp));
1331 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1332 rp.addr.type = cp->addr.type;
1334 if (cp->addr.type == MGMT_ADDR_BREDR)
1335 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1337 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1340 status = MGMT_STATUS_NOT_PAIRED;
1344 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1345 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1347 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1351 if (cp->addr.type == MGMT_ADDR_BREDR)
1352 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1355 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1359 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1361 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1365 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1372 put_unaligned_le16(conn->handle, &dc.handle);
1373 dc.reason = 0x13; /* Remote User Terminated Connection */
1374 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1376 mgmt_pending_remove(cmd);
1380 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1382 hci_dev_unlock(hdev);
1388 static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
1390 struct hci_dev *hdev;
1391 struct mgmt_cp_disconnect *cp = data;
1392 struct hci_cp_disconnect dc;
1393 struct pending_cmd *cmd;
1394 struct hci_conn *conn;
1399 if (len != sizeof(*cp))
1400 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1401 MGMT_STATUS_INVALID_PARAMS);
1403 hdev = hci_dev_get(index);
1405 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1406 MGMT_STATUS_INVALID_PARAMS);
1410 if (!test_bit(HCI_UP, &hdev->flags)) {
1411 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1412 MGMT_STATUS_NOT_POWERED);
1416 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1417 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1422 if (cp->addr.type == MGMT_ADDR_BREDR)
1423 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1425 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1428 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1429 MGMT_STATUS_NOT_CONNECTED);
1433 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1439 put_unaligned_le16(conn->handle, &dc.handle);
1440 dc.reason = 0x13; /* Remote User Terminated Connection */
1442 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1444 mgmt_pending_remove(cmd);
1447 hci_dev_unlock(hdev);
1453 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1455 switch (link_type) {
1457 switch (addr_type) {
1458 case ADDR_LE_DEV_PUBLIC:
1459 return MGMT_ADDR_LE_PUBLIC;
1460 case ADDR_LE_DEV_RANDOM:
1461 return MGMT_ADDR_LE_RANDOM;
1463 return MGMT_ADDR_INVALID;
1466 return MGMT_ADDR_BREDR;
1468 return MGMT_ADDR_INVALID;
1472 static int get_connections(struct sock *sk, u16 index)
1474 struct mgmt_rp_get_connections *rp;
1475 struct hci_dev *hdev;
1483 hdev = hci_dev_get(index);
1485 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1486 MGMT_STATUS_INVALID_PARAMS);
1491 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1492 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1496 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1497 rp = kmalloc(rp_len, GFP_ATOMIC);
1503 put_unaligned_le16(count, &rp->conn_count);
1506 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1507 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1509 bacpy(&rp->addr[i].bdaddr, &c->dst);
1510 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1511 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1516 /* Recalculate length in case of filtered SCO connections, etc */
1517 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1519 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, 0, rp, rp_len);
1523 hci_dev_unlock(hdev);
1528 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1529 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1531 struct pending_cmd *cmd;
1534 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1539 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1540 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1542 mgmt_pending_remove(cmd);
1547 static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
1549 struct hci_dev *hdev;
1550 struct hci_conn *conn;
1551 struct mgmt_cp_pin_code_reply *cp = data;
1552 struct hci_cp_pin_code_reply reply;
1553 struct pending_cmd *cmd;
1558 if (len != sizeof(*cp))
1559 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1560 MGMT_STATUS_INVALID_PARAMS);
1562 hdev = hci_dev_get(index);
1564 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1565 MGMT_STATUS_INVALID_PARAMS);
1569 if (!test_bit(HCI_UP, &hdev->flags)) {
1570 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1571 MGMT_STATUS_NOT_POWERED);
1575 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1577 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1578 MGMT_STATUS_NOT_CONNECTED);
1582 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1583 struct mgmt_cp_pin_code_neg_reply ncp;
1585 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1587 BT_ERR("PIN code is not 16 bytes long");
1589 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1591 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1592 MGMT_STATUS_INVALID_PARAMS);
1597 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1604 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1605 reply.pin_len = cp->pin_len;
1606 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1608 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1610 mgmt_pending_remove(cmd);
1613 hci_dev_unlock(hdev);
1619 static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
1621 struct hci_dev *hdev;
1622 struct mgmt_cp_pin_code_neg_reply *cp = data;
1627 if (len != sizeof(*cp))
1628 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1629 MGMT_STATUS_INVALID_PARAMS);
1631 hdev = hci_dev_get(index);
1633 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1634 MGMT_STATUS_INVALID_PARAMS);
1638 if (!test_bit(HCI_UP, &hdev->flags)) {
1639 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1640 MGMT_STATUS_NOT_POWERED);
1644 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1647 hci_dev_unlock(hdev);
1653 static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
1655 struct hci_dev *hdev;
1656 struct mgmt_cp_set_io_capability *cp = data;
1660 if (len != sizeof(*cp))
1661 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1662 MGMT_STATUS_INVALID_PARAMS);
1664 hdev = hci_dev_get(index);
1666 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1667 MGMT_STATUS_INVALID_PARAMS);
1671 hdev->io_capability = cp->io_capability;
1673 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1674 hdev->io_capability);
1676 hci_dev_unlock(hdev);
1679 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 0);
1682 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1684 struct hci_dev *hdev = conn->hdev;
1685 struct pending_cmd *cmd;
1687 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1688 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1691 if (cmd->user_data != conn)
1700 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1702 struct mgmt_rp_pair_device rp;
1703 struct hci_conn *conn = cmd->user_data;
1705 bacpy(&rp.addr.bdaddr, &conn->dst);
1706 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1708 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1711 /* So we don't get further callbacks for this connection */
1712 conn->connect_cfm_cb = NULL;
1713 conn->security_cfm_cb = NULL;
1714 conn->disconn_cfm_cb = NULL;
1718 mgmt_pending_remove(cmd);
1721 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1723 struct pending_cmd *cmd;
1725 BT_DBG("status %u", status);
1727 cmd = find_pairing(conn);
1729 BT_DBG("Unable to find a pending command");
1731 pairing_complete(cmd, mgmt_status(status));
1734 static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
1736 struct hci_dev *hdev;
1737 struct mgmt_cp_pair_device *cp = data;
1738 struct mgmt_rp_pair_device rp;
1739 struct pending_cmd *cmd;
1740 u8 sec_level, auth_type;
1741 struct hci_conn *conn;
1746 if (len != sizeof(*cp))
1747 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1748 MGMT_STATUS_INVALID_PARAMS);
1750 hdev = hci_dev_get(index);
1752 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1753 MGMT_STATUS_INVALID_PARAMS);
1757 sec_level = BT_SECURITY_MEDIUM;
1758 if (cp->io_cap == 0x03)
1759 auth_type = HCI_AT_DEDICATED_BONDING;
1761 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1763 if (cp->addr.type == MGMT_ADDR_BREDR)
1764 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1767 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1770 memset(&rp, 0, sizeof(rp));
1771 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1772 rp.addr.type = cp->addr.type;
1775 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1776 MGMT_STATUS_CONNECT_FAILED,
1781 if (conn->connect_cfm_cb) {
1783 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1784 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1788 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1795 /* For LE, just connecting isn't a proof that the pairing finished */
1796 if (cp->addr.type == MGMT_ADDR_BREDR)
1797 conn->connect_cfm_cb = pairing_complete_cb;
1799 conn->security_cfm_cb = pairing_complete_cb;
1800 conn->disconn_cfm_cb = pairing_complete_cb;
1801 conn->io_capability = cp->io_cap;
1802 cmd->user_data = conn;
1804 if (conn->state == BT_CONNECTED &&
1805 hci_conn_security(conn, sec_level, auth_type))
1806 pairing_complete(cmd, 0);
1811 hci_dev_unlock(hdev);
1817 static int cancel_pair_device(struct sock *sk, u16 index,
1818 unsigned char *data, u16 len)
1820 struct mgmt_addr_info *addr = (void *) data;
1821 struct hci_dev *hdev;
1822 struct pending_cmd *cmd;
1823 struct hci_conn *conn;
1828 if (len != sizeof(*addr))
1829 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1830 MGMT_STATUS_INVALID_PARAMS);
1832 hdev = hci_dev_get(index);
1834 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1835 MGMT_STATUS_INVALID_PARAMS);
1839 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1841 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1842 MGMT_STATUS_INVALID_PARAMS);
1846 conn = cmd->user_data;
1848 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1849 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1850 MGMT_STATUS_INVALID_PARAMS);
1854 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1856 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 0, addr,
1859 hci_dev_unlock(hdev);
1865 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1866 u8 type, u16 mgmt_op, u16 hci_op,
1869 struct pending_cmd *cmd;
1870 struct hci_dev *hdev;
1871 struct hci_conn *conn;
1874 hdev = hci_dev_get(index);
1876 return cmd_status(sk, index, mgmt_op,
1877 MGMT_STATUS_INVALID_PARAMS);
1881 if (!test_bit(HCI_UP, &hdev->flags)) {
1882 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1886 if (type == MGMT_ADDR_BREDR)
1887 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1889 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1892 err = cmd_status(sk, index, mgmt_op,
1893 MGMT_STATUS_NOT_CONNECTED);
1897 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
1898 /* Continue with pairing via SMP */
1899 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1902 err = cmd_status(sk, index, mgmt_op,
1903 MGMT_STATUS_SUCCESS);
1905 err = cmd_status(sk, index, mgmt_op,
1906 MGMT_STATUS_FAILED);
1911 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
1917 /* Continue with pairing via HCI */
1918 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1919 struct hci_cp_user_passkey_reply cp;
1921 bacpy(&cp.bdaddr, bdaddr);
1922 cp.passkey = passkey;
1923 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1925 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1928 mgmt_pending_remove(cmd);
1931 hci_dev_unlock(hdev);
1937 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1939 struct mgmt_cp_user_confirm_reply *cp = data;
1943 if (len != sizeof(*cp))
1944 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1945 MGMT_STATUS_INVALID_PARAMS);
1947 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1948 MGMT_OP_USER_CONFIRM_REPLY,
1949 HCI_OP_USER_CONFIRM_REPLY, 0);
1952 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1955 struct mgmt_cp_user_confirm_neg_reply *cp = data;
1959 if (len != sizeof(*cp))
1960 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1961 MGMT_STATUS_INVALID_PARAMS);
1963 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1964 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1965 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1968 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1970 struct mgmt_cp_user_passkey_reply *cp = data;
1974 if (len != sizeof(*cp))
1975 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1978 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1979 MGMT_OP_USER_PASSKEY_REPLY,
1980 HCI_OP_USER_PASSKEY_REPLY,
1984 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1987 struct mgmt_cp_user_passkey_neg_reply *cp = data;
1991 if (len != sizeof(*cp))
1992 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1995 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1996 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1997 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2000 static int set_local_name(struct sock *sk, u16 index, void *data,
2003 struct mgmt_cp_set_local_name *mgmt_cp = data;
2004 struct hci_cp_write_local_name hci_cp;
2005 struct hci_dev *hdev;
2006 struct pending_cmd *cmd;
2011 if (len != sizeof(*mgmt_cp))
2012 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2013 MGMT_STATUS_INVALID_PARAMS);
2015 hdev = hci_dev_get(index);
2017 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2018 MGMT_STATUS_INVALID_PARAMS);
2022 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
2029 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2030 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2033 mgmt_pending_remove(cmd);
2036 hci_dev_unlock(hdev);
2042 static int read_local_oob_data(struct sock *sk, u16 index)
2044 struct hci_dev *hdev;
2045 struct pending_cmd *cmd;
2048 BT_DBG("hci%u", index);
2050 hdev = hci_dev_get(index);
2052 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2053 MGMT_STATUS_INVALID_PARAMS);
2057 if (!test_bit(HCI_UP, &hdev->flags)) {
2058 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2059 MGMT_STATUS_NOT_POWERED);
2063 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2064 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2065 MGMT_STATUS_NOT_SUPPORTED);
2069 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2070 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2075 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2081 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2083 mgmt_pending_remove(cmd);
2086 hci_dev_unlock(hdev);
2092 static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
2095 struct hci_dev *hdev;
2096 struct mgmt_cp_add_remote_oob_data *cp = data;
2099 BT_DBG("hci%u ", index);
2101 if (len != sizeof(*cp))
2102 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2103 MGMT_STATUS_INVALID_PARAMS);
2105 hdev = hci_dev_get(index);
2107 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2108 MGMT_STATUS_INVALID_PARAMS);
2112 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2115 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2116 MGMT_STATUS_FAILED);
2118 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, 0,
2121 hci_dev_unlock(hdev);
2127 static int remove_remote_oob_data(struct sock *sk, u16 index,
2128 void *data, u16 len)
2130 struct hci_dev *hdev;
2131 struct mgmt_cp_remove_remote_oob_data *cp = data;
2134 BT_DBG("hci%u ", index);
2136 if (len != sizeof(*cp))
2137 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2138 MGMT_STATUS_INVALID_PARAMS);
2140 hdev = hci_dev_get(index);
2142 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2143 MGMT_STATUS_INVALID_PARAMS);
2147 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2149 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2150 MGMT_STATUS_INVALID_PARAMS);
2152 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2155 hci_dev_unlock(hdev);
2161 static int discovery(struct hci_dev *hdev)
2165 if (lmp_host_le_capable(hdev)) {
2166 if (lmp_bredr_capable(hdev)) {
2167 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2168 LE_SCAN_INT, LE_SCAN_WIN,
2169 LE_SCAN_TIMEOUT_BREDR_LE);
2171 hdev->discovery.type = DISCOV_TYPE_LE;
2172 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2173 LE_SCAN_INT, LE_SCAN_WIN,
2174 LE_SCAN_TIMEOUT_LE_ONLY);
2177 hdev->discovery.type = DISCOV_TYPE_BREDR;
2178 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2184 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2188 BT_DBG("%s", hdev->name);
2192 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2194 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2196 hci_dev_unlock(hdev);
2201 static int start_discovery(struct sock *sk, u16 index,
2202 void *data, u16 len)
2204 struct mgmt_cp_start_discovery *cp = data;
2205 struct pending_cmd *cmd;
2206 struct hci_dev *hdev;
2209 BT_DBG("hci%u", index);
2211 if (len != sizeof(*cp))
2212 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2213 MGMT_STATUS_INVALID_PARAMS);
2215 hdev = hci_dev_get(index);
2217 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2218 MGMT_STATUS_INVALID_PARAMS);
2222 if (!test_bit(HCI_UP, &hdev->flags)) {
2223 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2224 MGMT_STATUS_NOT_POWERED);
2228 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2229 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2234 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2240 hdev->discovery.type = cp->type;
2242 switch (hdev->discovery.type) {
2243 case DISCOV_TYPE_BREDR:
2244 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2247 case DISCOV_TYPE_LE:
2248 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2249 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2252 case DISCOV_TYPE_INTERLEAVED:
2253 err = discovery(hdev);
2261 mgmt_pending_remove(cmd);
2263 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2266 hci_dev_unlock(hdev);
2272 static int stop_discovery(struct sock *sk, u16 index)
2274 struct hci_dev *hdev;
2275 struct pending_cmd *cmd;
2276 struct hci_cp_remote_name_req_cancel cp;
2277 struct inquiry_entry *e;
2280 BT_DBG("hci%u", index);
2282 hdev = hci_dev_get(index);
2284 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2285 MGMT_STATUS_INVALID_PARAMS);
2289 if (!hci_discovery_active(hdev)) {
2290 err = cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2291 MGMT_STATUS_REJECTED);
2295 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2301 if (hdev->discovery.state == DISCOVERY_FINDING) {
2302 err = hci_cancel_inquiry(hdev);
2304 mgmt_pending_remove(cmd);
2306 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2310 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2312 mgmt_pending_remove(cmd);
2313 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0,
2315 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2319 bacpy(&cp.bdaddr, &e->data.bdaddr);
2320 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2323 mgmt_pending_remove(cmd);
2325 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2328 hci_dev_unlock(hdev);
2334 static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
2336 struct mgmt_cp_confirm_name *cp = data;
2337 struct inquiry_entry *e;
2338 struct hci_dev *hdev;
2341 BT_DBG("hci%u", index);
2343 if (len != sizeof(*cp))
2344 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2345 MGMT_STATUS_INVALID_PARAMS);
2347 hdev = hci_dev_get(index);
2349 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2350 MGMT_STATUS_INVALID_PARAMS);
2354 if (!hci_discovery_active(hdev)) {
2355 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2356 MGMT_STATUS_FAILED);
2360 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2362 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2363 MGMT_STATUS_INVALID_PARAMS);
2367 if (cp->name_known) {
2368 e->name_state = NAME_KNOWN;
2371 e->name_state = NAME_NEEDED;
2372 hci_inquiry_cache_update_resolve(hdev, e);
2378 hci_dev_unlock(hdev);
2383 static int block_device(struct sock *sk, u16 index, void *data, u16 len)
2385 struct hci_dev *hdev;
2386 struct mgmt_cp_block_device *cp = data;
2389 BT_DBG("hci%u", index);
2391 if (len != sizeof(*cp))
2392 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2393 MGMT_STATUS_INVALID_PARAMS);
2395 hdev = hci_dev_get(index);
2397 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2398 MGMT_STATUS_INVALID_PARAMS);
2402 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2404 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2405 MGMT_STATUS_FAILED);
2407 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, 0,
2410 hci_dev_unlock(hdev);
2416 static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
2418 struct hci_dev *hdev;
2419 struct mgmt_cp_unblock_device *cp = data;
2422 BT_DBG("hci%u", index);
2424 if (len != sizeof(*cp))
2425 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2426 MGMT_STATUS_INVALID_PARAMS);
2428 hdev = hci_dev_get(index);
2430 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2431 MGMT_STATUS_INVALID_PARAMS);
2435 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2438 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2439 MGMT_STATUS_INVALID_PARAMS);
2441 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, 0,
2444 hci_dev_unlock(hdev);
2450 static int set_fast_connectable(struct sock *sk, u16 index,
2451 void *data, u16 len)
2453 struct hci_dev *hdev;
2454 struct mgmt_mode *cp = data;
2455 struct hci_cp_write_page_scan_activity acp;
2459 BT_DBG("hci%u", index);
2461 if (len != sizeof(*cp))
2462 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2463 MGMT_STATUS_INVALID_PARAMS);
2465 hdev = hci_dev_get(index);
2467 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2468 MGMT_STATUS_INVALID_PARAMS);
2473 type = PAGE_SCAN_TYPE_INTERLACED;
2474 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2476 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2477 acp.interval = 0x0800; /* default 1.28 sec page scan */
2480 acp.window = 0x0012; /* default 11.25 msec page scan window */
2482 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2485 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2486 MGMT_STATUS_FAILED);
2490 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2492 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2493 MGMT_STATUS_FAILED);
2497 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2500 hci_dev_unlock(hdev);
2506 static int load_long_term_keys(struct sock *sk, u16 index,
2507 void *cp_data, u16 len)
2509 struct hci_dev *hdev;
2510 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2511 u16 key_count, expected_len;
2514 if (len < sizeof(*cp))
2515 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2518 key_count = get_unaligned_le16(&cp->key_count);
2520 expected_len = sizeof(*cp) + key_count *
2521 sizeof(struct mgmt_ltk_info);
2522 if (expected_len != len) {
2523 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2525 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2529 hdev = hci_dev_get(index);
2531 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2534 BT_DBG("hci%u key_count %u", index, key_count);
2538 hci_smp_ltks_clear(hdev);
2540 for (i = 0; i < key_count; i++) {
2541 struct mgmt_ltk_info *key = &cp->keys[i];
2547 type = HCI_SMP_LTK_SLAVE;
2549 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2550 type, 0, key->authenticated, key->val,
2551 key->enc_size, key->ediv, key->rand);
2554 hci_dev_unlock(hdev);
2560 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2564 struct mgmt_hdr *hdr;
2565 u16 opcode, index, len;
2568 BT_DBG("got %zu bytes", msglen);
2570 if (msglen < sizeof(*hdr))
2573 buf = kmalloc(msglen, GFP_KERNEL);
2577 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2583 opcode = get_unaligned_le16(&hdr->opcode);
2584 index = get_unaligned_le16(&hdr->index);
2585 len = get_unaligned_le16(&hdr->len);
2587 if (len != msglen - sizeof(*hdr)) {
2592 cp = buf + sizeof(*hdr);
2595 case MGMT_OP_READ_VERSION:
2596 err = read_version(sk);
2598 case MGMT_OP_READ_COMMANDS:
2599 err = read_commands(sk);
2601 case MGMT_OP_READ_INDEX_LIST:
2602 err = read_index_list(sk);
2604 case MGMT_OP_READ_INFO:
2605 err = read_controller_info(sk, index);
2607 case MGMT_OP_SET_POWERED:
2608 err = set_powered(sk, index, cp, len);
2610 case MGMT_OP_SET_DISCOVERABLE:
2611 err = set_discoverable(sk, index, cp, len);
2613 case MGMT_OP_SET_CONNECTABLE:
2614 err = set_connectable(sk, index, cp, len);
2616 case MGMT_OP_SET_FAST_CONNECTABLE:
2617 err = set_fast_connectable(sk, index, cp, len);
2619 case MGMT_OP_SET_PAIRABLE:
2620 err = set_pairable(sk, index, cp, len);
2622 case MGMT_OP_SET_LINK_SECURITY:
2623 err = set_link_security(sk, index, cp, len);
2625 case MGMT_OP_SET_SSP:
2626 err = set_ssp(sk, index, cp, len);
2628 case MGMT_OP_ADD_UUID:
2629 err = add_uuid(sk, index, cp, len);
2631 case MGMT_OP_REMOVE_UUID:
2632 err = remove_uuid(sk, index, cp, len);
2634 case MGMT_OP_SET_DEV_CLASS:
2635 err = set_dev_class(sk, index, cp, len);
2637 case MGMT_OP_LOAD_LINK_KEYS:
2638 err = load_link_keys(sk, index, cp, len);
2640 case MGMT_OP_DISCONNECT:
2641 err = disconnect(sk, index, cp, len);
2643 case MGMT_OP_GET_CONNECTIONS:
2644 err = get_connections(sk, index);
2646 case MGMT_OP_PIN_CODE_REPLY:
2647 err = pin_code_reply(sk, index, cp, len);
2649 case MGMT_OP_PIN_CODE_NEG_REPLY:
2650 err = pin_code_neg_reply(sk, index, cp, len);
2652 case MGMT_OP_SET_IO_CAPABILITY:
2653 err = set_io_capability(sk, index, cp, len);
2655 case MGMT_OP_PAIR_DEVICE:
2656 err = pair_device(sk, index, cp, len);
2658 case MGMT_OP_CANCEL_PAIR_DEVICE:
2659 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2661 case MGMT_OP_UNPAIR_DEVICE:
2662 err = unpair_device(sk, index, cp, len);
2664 case MGMT_OP_USER_CONFIRM_REPLY:
2665 err = user_confirm_reply(sk, index, cp, len);
2667 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2668 err = user_confirm_neg_reply(sk, index, cp, len);
2670 case MGMT_OP_USER_PASSKEY_REPLY:
2671 err = user_passkey_reply(sk, index, cp, len);
2673 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2674 err = user_passkey_neg_reply(sk, index, cp, len);
2676 case MGMT_OP_SET_LOCAL_NAME:
2677 err = set_local_name(sk, index, cp, len);
2679 case MGMT_OP_READ_LOCAL_OOB_DATA:
2680 err = read_local_oob_data(sk, index);
2682 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2683 err = add_remote_oob_data(sk, index, cp, len);
2685 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2686 err = remove_remote_oob_data(sk, index, cp, len);
2688 case MGMT_OP_START_DISCOVERY:
2689 err = start_discovery(sk, index, cp, len);
2691 case MGMT_OP_STOP_DISCOVERY:
2692 err = stop_discovery(sk, index);
2694 case MGMT_OP_CONFIRM_NAME:
2695 err = confirm_name(sk, index, cp, len);
2697 case MGMT_OP_BLOCK_DEVICE:
2698 err = block_device(sk, index, cp, len);
2700 case MGMT_OP_UNBLOCK_DEVICE:
2701 err = unblock_device(sk, index, cp, len);
2703 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2704 err = load_long_term_keys(sk, index, cp, len);
2707 BT_DBG("Unknown op %u", opcode);
2708 err = cmd_status(sk, index, opcode,
2709 MGMT_STATUS_UNKNOWN_COMMAND);
2723 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2727 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2728 mgmt_pending_remove(cmd);
2731 int mgmt_index_added(struct hci_dev *hdev)
2733 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2736 int mgmt_index_removed(struct hci_dev *hdev)
2740 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2742 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2747 struct hci_dev *hdev;
2750 static void settings_rsp(struct pending_cmd *cmd, void *data)
2752 struct cmd_lookup *match = data;
2754 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2756 list_del(&cmd->list);
2758 if (match->sk == NULL) {
2759 match->sk = cmd->sk;
2760 sock_hold(match->sk);
2763 mgmt_pending_free(cmd);
2766 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2768 struct cmd_lookup match = { NULL, hdev };
2772 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2775 u8 status = ENETDOWN;
2776 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2779 ev = cpu_to_le32(get_current_settings(hdev));
2781 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2790 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2792 struct cmd_lookup match = { NULL, hdev };
2796 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
2798 ev = cpu_to_le32(get_current_settings(hdev));
2800 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2808 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2811 struct cmd_lookup match = { NULL, hdev };
2814 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2817 ev = cpu_to_le32(get_current_settings(hdev));
2819 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
2827 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2829 u8 mgmt_err = mgmt_status(status);
2831 if (scan & SCAN_PAGE)
2832 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2833 cmd_status_rsp, &mgmt_err);
2835 if (scan & SCAN_INQUIRY)
2836 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2837 cmd_status_rsp, &mgmt_err);
2842 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2845 struct mgmt_ev_new_link_key ev;
2847 memset(&ev, 0, sizeof(ev));
2849 ev.store_hint = persistent;
2850 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2851 ev.key.addr.type = MGMT_ADDR_BREDR;
2852 ev.key.type = key->type;
2853 memcpy(ev.key.val, key->val, 16);
2854 ev.key.pin_len = key->pin_len;
2856 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2859 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2861 struct mgmt_ev_new_long_term_key ev;
2863 memset(&ev, 0, sizeof(ev));
2865 ev.store_hint = persistent;
2866 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2867 ev.key.addr.type = key->bdaddr_type;
2868 ev.key.authenticated = key->authenticated;
2869 ev.key.enc_size = key->enc_size;
2870 ev.key.ediv = key->ediv;
2872 if (key->type == HCI_SMP_LTK)
2875 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2876 memcpy(ev.key.val, key->val, sizeof(key->val));
2878 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
2879 &ev, sizeof(ev), NULL);
2882 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2883 u8 addr_type, u8 *name, u8 name_len,
2887 struct mgmt_ev_device_connected *ev = (void *) buf;
2890 bacpy(&ev->addr.bdaddr, bdaddr);
2891 ev->addr.type = link_to_mgmt(link_type, addr_type);
2894 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2897 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2898 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
2899 EIR_CLASS_OF_DEV, dev_class, 3);
2901 put_unaligned_le16(eir_len, &ev->eir_len);
2903 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
2904 sizeof(*ev) + eir_len, NULL);
2907 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2909 struct mgmt_cp_disconnect *cp = cmd->param;
2910 struct sock **sk = data;
2911 struct mgmt_rp_disconnect rp;
2913 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2914 rp.addr.type = cp->addr.type;
2916 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
2922 mgmt_pending_remove(cmd);
2925 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
2927 struct hci_dev *hdev = data;
2928 struct mgmt_cp_unpair_device *cp = cmd->param;
2929 struct mgmt_rp_unpair_device rp;
2931 memset(&rp, 0, sizeof(rp));
2932 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2933 rp.addr.type = cp->addr.type;
2935 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2937 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
2939 mgmt_pending_remove(cmd);
2942 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2943 u8 link_type, u8 addr_type)
2945 struct mgmt_addr_info ev;
2946 struct sock *sk = NULL;
2949 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2951 bacpy(&ev.bdaddr, bdaddr);
2952 ev.type = link_to_mgmt(link_type, addr_type);
2954 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
2960 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
2966 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
2967 u8 link_type, u8 addr_type, u8 status)
2969 struct mgmt_rp_disconnect rp;
2970 struct pending_cmd *cmd;
2973 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2977 bacpy(&rp.addr.bdaddr, bdaddr);
2978 rp.addr.type = link_to_mgmt(link_type, addr_type);
2980 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2981 mgmt_status(status), &rp, sizeof(rp));
2983 mgmt_pending_remove(cmd);
2985 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
2990 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2991 u8 addr_type, u8 status)
2993 struct mgmt_ev_connect_failed ev;
2995 bacpy(&ev.addr.bdaddr, bdaddr);
2996 ev.addr.type = link_to_mgmt(link_type, addr_type);
2997 ev.status = mgmt_status(status);
2999 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3002 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3004 struct mgmt_ev_pin_code_request ev;
3006 bacpy(&ev.addr.bdaddr, bdaddr);
3007 ev.addr.type = MGMT_ADDR_BREDR;
3010 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3014 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3017 struct pending_cmd *cmd;
3018 struct mgmt_rp_pin_code_reply rp;
3021 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3025 bacpy(&rp.addr.bdaddr, bdaddr);
3026 rp.addr.type = MGMT_ADDR_BREDR;
3028 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3029 mgmt_status(status), &rp, sizeof(rp));
3031 mgmt_pending_remove(cmd);
3036 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3039 struct pending_cmd *cmd;
3040 struct mgmt_rp_pin_code_reply rp;
3043 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3047 bacpy(&rp.addr.bdaddr, bdaddr);
3048 rp.addr.type = MGMT_ADDR_BREDR;
3050 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3051 mgmt_status(status), &rp, sizeof(rp));
3053 mgmt_pending_remove(cmd);
3058 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3059 u8 link_type, u8 addr_type, __le32 value,
3062 struct mgmt_ev_user_confirm_request ev;
3064 BT_DBG("%s", hdev->name);
3066 bacpy(&ev.addr.bdaddr, bdaddr);
3067 ev.addr.type = link_to_mgmt(link_type, addr_type);
3068 ev.confirm_hint = confirm_hint;
3069 put_unaligned_le32(value, &ev.value);
3071 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3075 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3076 u8 link_type, u8 addr_type)
3078 struct mgmt_ev_user_passkey_request ev;
3080 BT_DBG("%s", hdev->name);
3082 bacpy(&ev.addr.bdaddr, bdaddr);
3083 ev.addr.type = link_to_mgmt(link_type, addr_type);
3085 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3089 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3090 u8 link_type, u8 addr_type, u8 status,
3093 struct pending_cmd *cmd;
3094 struct mgmt_rp_user_confirm_reply rp;
3097 cmd = mgmt_pending_find(opcode, hdev);
3101 bacpy(&rp.addr.bdaddr, bdaddr);
3102 rp.addr.type = link_to_mgmt(link_type, addr_type);
3103 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3106 mgmt_pending_remove(cmd);
3111 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3112 u8 link_type, u8 addr_type, u8 status)
3114 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3115 status, MGMT_OP_USER_CONFIRM_REPLY);
3118 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3119 u8 link_type, u8 addr_type, u8 status)
3121 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3122 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
3125 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3126 u8 link_type, u8 addr_type, u8 status)
3128 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3129 status, MGMT_OP_USER_PASSKEY_REPLY);
3132 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3133 u8 link_type, u8 addr_type, u8 status)
3135 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3136 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
3139 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3140 u8 addr_type, u8 status)
3142 struct mgmt_ev_auth_failed ev;
3144 bacpy(&ev.addr.bdaddr, bdaddr);
3145 ev.addr.type = link_to_mgmt(link_type, addr_type);
3146 ev.status = mgmt_status(status);
3148 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3151 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3153 struct cmd_lookup match = { NULL, hdev };
3158 u8 mgmt_err = mgmt_status(status);
3159 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3160 cmd_status_rsp, &mgmt_err);
3164 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3167 ev = cpu_to_le32(get_current_settings(hdev));
3168 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
3176 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 status)
3178 struct cmd_lookup match = { NULL, hdev };
3183 u8 mgmt_err = mgmt_status(status);
3184 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3185 cmd_status_rsp, &mgmt_err);
3189 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3191 ev = cpu_to_le32(get_current_settings(hdev));
3192 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
3200 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3202 struct pending_cmd *cmd;
3203 struct mgmt_cp_set_local_name ev;
3206 memset(&ev, 0, sizeof(ev));
3207 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3209 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3214 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3215 mgmt_status(status));
3221 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3227 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
3228 cmd ? cmd->sk : NULL);
3232 mgmt_pending_remove(cmd);
3236 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3237 u8 *randomizer, u8 status)
3239 struct pending_cmd *cmd;
3242 BT_DBG("%s status %u", hdev->name, status);
3244 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3249 err = cmd_status(cmd->sk, hdev->id,
3250 MGMT_OP_READ_LOCAL_OOB_DATA,
3251 mgmt_status(status));
3253 struct mgmt_rp_read_local_oob_data rp;
3255 memcpy(rp.hash, hash, sizeof(rp.hash));
3256 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3258 err = cmd_complete(cmd->sk, hdev->id,
3259 MGMT_OP_READ_LOCAL_OOB_DATA,
3260 0, &rp, sizeof(rp));
3263 mgmt_pending_remove(cmd);
3268 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3269 u8 addr_type, u8 *dev_class, s8 rssi,
3270 u8 cfm_name, u8 *eir, u16 eir_len)
3273 struct mgmt_ev_device_found *ev = (void *) buf;
3276 /* Leave 5 bytes for a potential CoD field */
3277 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3280 memset(buf, 0, sizeof(buf));
3282 bacpy(&ev->addr.bdaddr, bdaddr);
3283 ev->addr.type = link_to_mgmt(link_type, addr_type);
3285 ev->confirm_name = cfm_name;
3288 memcpy(ev->eir, eir, eir_len);
3290 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3291 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3294 put_unaligned_le16(eir_len, &ev->eir_len);
3296 ev_size = sizeof(*ev) + eir_len;
3298 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3301 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3302 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3304 struct mgmt_ev_device_found *ev;
3305 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3308 ev = (struct mgmt_ev_device_found *) buf;
3310 memset(buf, 0, sizeof(buf));
3312 bacpy(&ev->addr.bdaddr, bdaddr);
3313 ev->addr.type = link_to_mgmt(link_type, addr_type);
3316 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3319 put_unaligned_le16(eir_len, &ev->eir_len);
3321 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3322 sizeof(*ev) + eir_len, NULL);
3325 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3327 struct pending_cmd *cmd;
3330 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3332 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3336 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
3337 mgmt_pending_remove(cmd);
3342 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3344 struct pending_cmd *cmd;
3347 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3351 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
3352 mgmt_pending_remove(cmd);
3357 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3359 struct pending_cmd *cmd;
3361 BT_DBG("%s discovering %u", hdev->name, discovering);
3364 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3366 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3369 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, NULL, 0);
3370 mgmt_pending_remove(cmd);
3373 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
3374 sizeof(discovering), NULL);
3377 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3379 struct pending_cmd *cmd;
3380 struct mgmt_ev_device_blocked ev;
3382 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3384 bacpy(&ev.addr.bdaddr, bdaddr);
3385 ev.addr.type = type;
3387 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3388 cmd ? cmd->sk : NULL);
3391 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3393 struct pending_cmd *cmd;
3394 struct mgmt_ev_device_unblocked ev;
3396 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3398 bacpy(&ev.addr.bdaddr, bdaddr);
3399 ev.addr.type = type;
3401 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3402 cmd ? cmd->sk : NULL);
projects / linux-2.6-block.git / blob