2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/kernel.h>
26 #include <linux/uaccess.h>
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
35 #define MGMT_VERSION 0
36 #define MGMT_REVISION 1
38 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
40 #define SERVICE_CACHE_TIMEOUT (5 * 1000)
43 struct list_head list;
51 /* HCI to MGMT error code conversion table */
52 static u8 mgmt_status_table[] = {
54 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
55 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
56 MGMT_STATUS_FAILED, /* Hardware Failure */
57 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
58 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
59 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
60 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
61 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
62 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
63 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
64 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
65 MGMT_STATUS_BUSY, /* Command Disallowed */
66 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
67 MGMT_STATUS_REJECTED, /* Rejected Security */
68 MGMT_STATUS_REJECTED, /* Rejected Personal */
69 MGMT_STATUS_TIMEOUT, /* Host Timeout */
70 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
71 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
72 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
73 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
74 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
75 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
76 MGMT_STATUS_BUSY, /* Repeated Attempts */
77 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
78 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
79 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
80 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
81 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
82 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
83 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
84 MGMT_STATUS_FAILED, /* Unspecified Error */
85 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
86 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
87 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
88 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
89 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
90 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
91 MGMT_STATUS_FAILED, /* Unit Link Key Used */
92 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
93 MGMT_STATUS_TIMEOUT, /* Instant Passed */
94 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
95 MGMT_STATUS_FAILED, /* Transaction Collision */
96 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
97 MGMT_STATUS_REJECTED, /* QoS Rejected */
98 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
99 MGMT_STATUS_REJECTED, /* Insufficient Security */
100 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
101 MGMT_STATUS_BUSY, /* Role Switch Pending */
102 MGMT_STATUS_FAILED, /* Slot Violation */
103 MGMT_STATUS_FAILED, /* Role Switch Failed */
104 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
105 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
106 MGMT_STATUS_BUSY, /* Host Busy Pairing */
107 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
108 MGMT_STATUS_BUSY, /* Controller Busy */
109 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
110 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
111 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
112 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
113 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
116 static u8 mgmt_status(u8 hci_status)
118 if (hci_status < ARRAY_SIZE(mgmt_status_table))
119 return mgmt_status_table[hci_status];
121 return MGMT_STATUS_FAILED;
124 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
127 struct mgmt_hdr *hdr;
128 struct mgmt_ev_cmd_status *ev;
131 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
133 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
137 hdr = (void *) skb_put(skb, sizeof(*hdr));
139 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
140 hdr->index = cpu_to_le16(index);
141 hdr->len = cpu_to_le16(sizeof(*ev));
143 ev = (void *) skb_put(skb, sizeof(*ev));
145 put_unaligned_le16(cmd, &ev->opcode);
147 err = sock_queue_rcv_skb(sk, skb);
154 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
158 struct mgmt_hdr *hdr;
159 struct mgmt_ev_cmd_complete *ev;
162 BT_DBG("sock %p", sk);
164 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
168 hdr = (void *) skb_put(skb, sizeof(*hdr));
170 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
171 hdr->index = cpu_to_le16(index);
172 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
174 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
175 put_unaligned_le16(cmd, &ev->opcode);
178 memcpy(ev->data, rp, rp_len);
180 err = sock_queue_rcv_skb(sk, skb);
187 static int read_version(struct sock *sk)
189 struct mgmt_rp_read_version rp;
191 BT_DBG("sock %p", sk);
193 rp.version = MGMT_VERSION;
194 put_unaligned_le16(MGMT_REVISION, &rp.revision);
196 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
200 static int read_index_list(struct sock *sk)
202 struct mgmt_rp_read_index_list *rp;
209 BT_DBG("sock %p", sk);
211 read_lock(&hci_dev_list_lock);
214 list_for_each(p, &hci_dev_list) {
218 rp_len = sizeof(*rp) + (2 * count);
219 rp = kmalloc(rp_len, GFP_ATOMIC);
221 read_unlock(&hci_dev_list_lock);
225 put_unaligned_le16(count, &rp->num_controllers);
228 list_for_each_entry(d, &hci_dev_list, list) {
229 if (test_and_clear_bit(HCI_AUTO_OFF, &d->dev_flags))
230 cancel_delayed_work(&d->power_off);
232 if (test_bit(HCI_SETUP, &d->dev_flags))
235 put_unaligned_le16(d->id, &rp->index[i++]);
236 BT_DBG("Added hci%u", d->id);
239 read_unlock(&hci_dev_list_lock);
241 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
249 static u32 get_supported_settings(struct hci_dev *hdev)
253 settings |= MGMT_SETTING_POWERED;
254 settings |= MGMT_SETTING_CONNECTABLE;
255 settings |= MGMT_SETTING_FAST_CONNECTABLE;
256 settings |= MGMT_SETTING_DISCOVERABLE;
257 settings |= MGMT_SETTING_PAIRABLE;
259 if (hdev->features[6] & LMP_SIMPLE_PAIR)
260 settings |= MGMT_SETTING_SSP;
262 if (!(hdev->features[4] & LMP_NO_BREDR)) {
263 settings |= MGMT_SETTING_BREDR;
264 settings |= MGMT_SETTING_LINK_SECURITY;
267 if (hdev->features[4] & LMP_LE)
268 settings |= MGMT_SETTING_LE;
273 static u32 get_current_settings(struct hci_dev *hdev)
277 if (test_bit(HCI_UP, &hdev->flags))
278 settings |= MGMT_SETTING_POWERED;
282 if (test_bit(HCI_PSCAN, &hdev->flags))
283 settings |= MGMT_SETTING_CONNECTABLE;
285 if (test_bit(HCI_ISCAN, &hdev->flags))
286 settings |= MGMT_SETTING_DISCOVERABLE;
288 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
289 settings |= MGMT_SETTING_PAIRABLE;
291 if (!(hdev->features[4] & LMP_NO_BREDR))
292 settings |= MGMT_SETTING_BREDR;
294 if (hdev->host_features[0] & LMP_HOST_LE)
295 settings |= MGMT_SETTING_LE;
297 if (test_bit(HCI_AUTH, &hdev->flags))
298 settings |= MGMT_SETTING_LINK_SECURITY;
300 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
301 settings |= MGMT_SETTING_SSP;
306 #define PNP_INFO_SVCLASS_ID 0x1200
308 static u8 bluetooth_base_uuid[] = {
309 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
310 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
313 static u16 get_uuid16(u8 *uuid128)
318 for (i = 0; i < 12; i++) {
319 if (bluetooth_base_uuid[i] != uuid128[i])
323 memcpy(&val, &uuid128[12], 4);
325 val = le32_to_cpu(val);
332 static void create_eir(struct hci_dev *hdev, u8 *data)
336 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
337 int i, truncated = 0;
338 struct bt_uuid *uuid;
341 name_len = strlen(hdev->dev_name);
347 ptr[1] = EIR_NAME_SHORT;
349 ptr[1] = EIR_NAME_COMPLETE;
351 /* EIR Data length */
352 ptr[0] = name_len + 1;
354 memcpy(ptr + 2, hdev->dev_name, name_len);
356 eir_len += (name_len + 2);
357 ptr += (name_len + 2);
360 memset(uuid16_list, 0, sizeof(uuid16_list));
362 /* Group all UUID16 types */
363 list_for_each_entry(uuid, &hdev->uuids, list) {
366 uuid16 = get_uuid16(uuid->uuid);
373 if (uuid16 == PNP_INFO_SVCLASS_ID)
376 /* Stop if not enough space to put next UUID */
377 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
382 /* Check for duplicates */
383 for (i = 0; uuid16_list[i] != 0; i++)
384 if (uuid16_list[i] == uuid16)
387 if (uuid16_list[i] == 0) {
388 uuid16_list[i] = uuid16;
389 eir_len += sizeof(u16);
393 if (uuid16_list[0] != 0) {
397 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
402 for (i = 0; uuid16_list[i] != 0; i++) {
403 *ptr++ = (uuid16_list[i] & 0x00ff);
404 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
407 /* EIR Data length */
408 *length = (i * sizeof(u16)) + 1;
412 static int update_eir(struct hci_dev *hdev)
414 struct hci_cp_write_eir cp;
416 if (!(hdev->features[6] & LMP_EXT_INQ))
419 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
422 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
425 memset(&cp, 0, sizeof(cp));
427 create_eir(hdev, cp.data);
429 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
432 memcpy(hdev->eir, cp.data, sizeof(cp.data));
434 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
437 static u8 get_service_classes(struct hci_dev *hdev)
439 struct bt_uuid *uuid;
442 list_for_each_entry(uuid, &hdev->uuids, list)
443 val |= uuid->svc_hint;
448 static int update_class(struct hci_dev *hdev)
452 BT_DBG("%s", hdev->name);
454 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
457 cod[0] = hdev->minor_class;
458 cod[1] = hdev->major_class;
459 cod[2] = get_service_classes(hdev);
461 if (memcmp(cod, hdev->dev_class, 3) == 0)
464 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
467 static void service_cache_off(struct work_struct *work)
469 struct hci_dev *hdev = container_of(work, struct hci_dev,
472 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
480 hci_dev_unlock(hdev);
483 static void mgmt_init_hdev(struct hci_dev *hdev)
485 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
486 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
488 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
489 schedule_delayed_work(&hdev->service_cache,
490 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
493 static int read_controller_info(struct sock *sk, u16 index)
495 struct mgmt_rp_read_info rp;
496 struct hci_dev *hdev;
498 BT_DBG("sock %p hci%u", sk, index);
500 hdev = hci_dev_get(index);
502 return cmd_status(sk, index, MGMT_OP_READ_INFO,
503 MGMT_STATUS_INVALID_PARAMS);
505 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
506 cancel_delayed_work_sync(&hdev->power_off);
510 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
511 mgmt_init_hdev(hdev);
513 memset(&rp, 0, sizeof(rp));
515 bacpy(&rp.bdaddr, &hdev->bdaddr);
517 rp.version = hdev->hci_ver;
519 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
521 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
522 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
524 memcpy(rp.dev_class, hdev->dev_class, 3);
526 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
528 hci_dev_unlock(hdev);
531 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
534 static void mgmt_pending_free(struct pending_cmd *cmd)
541 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
542 struct hci_dev *hdev,
545 struct pending_cmd *cmd;
547 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
551 cmd->opcode = opcode;
552 cmd->index = hdev->id;
554 cmd->param = kmalloc(len, GFP_ATOMIC);
561 memcpy(cmd->param, data, len);
566 list_add(&cmd->list, &hdev->mgmt_pending);
571 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
572 void (*cb)(struct pending_cmd *cmd, void *data),
575 struct list_head *p, *n;
577 list_for_each_safe(p, n, &hdev->mgmt_pending) {
578 struct pending_cmd *cmd;
580 cmd = list_entry(p, struct pending_cmd, list);
582 if (opcode > 0 && cmd->opcode != opcode)
589 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
591 struct pending_cmd *cmd;
593 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
594 if (cmd->opcode == opcode)
601 static void mgmt_pending_remove(struct pending_cmd *cmd)
603 list_del(&cmd->list);
604 mgmt_pending_free(cmd);
607 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
609 __le32 settings = cpu_to_le32(get_current_settings(hdev));
611 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings));
614 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
616 struct mgmt_mode *cp;
617 struct hci_dev *hdev;
618 struct pending_cmd *cmd;
623 BT_DBG("request for hci%u", index);
625 if (len != sizeof(*cp))
626 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
627 MGMT_STATUS_INVALID_PARAMS);
629 hdev = hci_dev_get(index);
631 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
632 MGMT_STATUS_INVALID_PARAMS);
636 up = test_bit(HCI_UP, &hdev->flags);
637 if ((cp->val && up) || (!cp->val && !up)) {
638 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
642 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
643 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
648 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
655 schedule_work(&hdev->power_on);
657 schedule_work(&hdev->power_off.work);
662 hci_dev_unlock(hdev);
667 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
670 struct mgmt_cp_set_discoverable *cp;
671 struct hci_dev *hdev;
672 struct pending_cmd *cmd;
678 BT_DBG("request for hci%u", index);
680 if (len != sizeof(*cp))
681 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
682 MGMT_STATUS_INVALID_PARAMS);
684 hdev = hci_dev_get(index);
686 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
687 MGMT_STATUS_INVALID_PARAMS);
691 if (!test_bit(HCI_UP, &hdev->flags)) {
692 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
693 MGMT_STATUS_NOT_POWERED);
697 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
698 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
699 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
704 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
705 test_bit(HCI_PSCAN, &hdev->flags)) {
706 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
710 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
719 scan |= SCAN_INQUIRY;
721 cancel_delayed_work(&hdev->discov_off);
723 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
725 mgmt_pending_remove(cmd);
728 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
731 hci_dev_unlock(hdev);
737 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
740 struct mgmt_mode *cp;
741 struct hci_dev *hdev;
742 struct pending_cmd *cmd;
748 BT_DBG("request for hci%u", index);
750 if (len != sizeof(*cp))
751 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
752 MGMT_STATUS_INVALID_PARAMS);
754 hdev = hci_dev_get(index);
756 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
757 MGMT_STATUS_INVALID_PARAMS);
761 if (!test_bit(HCI_UP, &hdev->flags)) {
762 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
763 MGMT_STATUS_NOT_POWERED);
767 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
768 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
769 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
774 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
775 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
779 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
790 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
792 mgmt_pending_remove(cmd);
795 hci_dev_unlock(hdev);
801 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
802 u16 data_len, struct sock *skip_sk)
805 struct mgmt_hdr *hdr;
807 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
811 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
813 hdr = (void *) skb_put(skb, sizeof(*hdr));
814 hdr->opcode = cpu_to_le16(event);
816 hdr->index = cpu_to_le16(hdev->id);
818 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
819 hdr->len = cpu_to_le16(data_len);
822 memcpy(skb_put(skb, data_len), data, data_len);
824 hci_send_to_sock(NULL, skb, skip_sk);
830 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
833 struct mgmt_mode *cp;
834 struct hci_dev *hdev;
840 BT_DBG("request for hci%u", index);
842 if (len != sizeof(*cp))
843 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
844 MGMT_STATUS_INVALID_PARAMS);
846 hdev = hci_dev_get(index);
848 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
849 MGMT_STATUS_INVALID_PARAMS);
854 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
856 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
858 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
862 ev = cpu_to_le32(get_current_settings(hdev));
864 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
867 hci_dev_unlock(hdev);
873 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
875 struct mgmt_cp_add_uuid *cp;
876 struct hci_dev *hdev;
877 struct bt_uuid *uuid;
882 BT_DBG("request for hci%u", index);
884 if (len != sizeof(*cp))
885 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
886 MGMT_STATUS_INVALID_PARAMS);
888 hdev = hci_dev_get(index);
890 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
891 MGMT_STATUS_INVALID_PARAMS);
895 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
901 memcpy(uuid->uuid, cp->uuid, 16);
902 uuid->svc_hint = cp->svc_hint;
904 list_add(&uuid->list, &hdev->uuids);
906 err = update_class(hdev);
910 err = update_eir(hdev);
914 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
917 hci_dev_unlock(hdev);
923 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
925 struct list_head *p, *n;
926 struct mgmt_cp_remove_uuid *cp;
927 struct hci_dev *hdev;
928 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
933 BT_DBG("request for hci%u", index);
935 if (len != sizeof(*cp))
936 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
937 MGMT_STATUS_INVALID_PARAMS);
939 hdev = hci_dev_get(index);
941 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
942 MGMT_STATUS_INVALID_PARAMS);
946 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
947 err = hci_uuids_clear(hdev);
953 list_for_each_safe(p, n, &hdev->uuids) {
954 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
956 if (memcmp(match->uuid, cp->uuid, 16) != 0)
959 list_del(&match->list);
964 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
965 MGMT_STATUS_INVALID_PARAMS);
969 err = update_class(hdev);
973 err = update_eir(hdev);
977 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
980 hci_dev_unlock(hdev);
986 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
989 struct hci_dev *hdev;
990 struct mgmt_cp_set_dev_class *cp;
995 BT_DBG("request for hci%u", index);
997 if (len != sizeof(*cp))
998 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
999 MGMT_STATUS_INVALID_PARAMS);
1001 hdev = hci_dev_get(index);
1003 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1004 MGMT_STATUS_INVALID_PARAMS);
1008 hdev->major_class = cp->major;
1009 hdev->minor_class = cp->minor;
1011 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1012 hci_dev_unlock(hdev);
1013 cancel_delayed_work_sync(&hdev->service_cache);
1018 err = update_class(hdev);
1021 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1023 hci_dev_unlock(hdev);
1029 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
1032 struct hci_dev *hdev;
1033 struct mgmt_cp_load_link_keys *cp;
1034 u16 key_count, expected_len;
1039 if (len < sizeof(*cp))
1040 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1041 MGMT_STATUS_INVALID_PARAMS);
1043 key_count = get_unaligned_le16(&cp->key_count);
1045 expected_len = sizeof(*cp) + key_count *
1046 sizeof(struct mgmt_link_key_info);
1047 if (expected_len != len) {
1048 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1050 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1051 MGMT_STATUS_INVALID_PARAMS);
1054 hdev = hci_dev_get(index);
1056 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1057 MGMT_STATUS_INVALID_PARAMS);
1059 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1064 hci_link_keys_clear(hdev);
1066 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1069 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1071 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1073 for (i = 0; i < key_count; i++) {
1074 struct mgmt_link_key_info *key = &cp->keys[i];
1076 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
1080 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0);
1082 hci_dev_unlock(hdev);
1088 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
1091 struct hci_dev *hdev;
1092 struct mgmt_cp_remove_keys *cp;
1093 struct mgmt_rp_remove_keys rp;
1094 struct hci_cp_disconnect dc;
1095 struct pending_cmd *cmd;
1096 struct hci_conn *conn;
1101 if (len != sizeof(*cp))
1102 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1103 MGMT_STATUS_INVALID_PARAMS);
1105 hdev = hci_dev_get(index);
1107 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1108 MGMT_STATUS_INVALID_PARAMS);
1112 memset(&rp, 0, sizeof(rp));
1113 bacpy(&rp.bdaddr, &cp->bdaddr);
1114 rp.status = MGMT_STATUS_FAILED;
1116 err = hci_remove_link_key(hdev, &cp->bdaddr);
1118 rp.status = MGMT_STATUS_NOT_PAIRED;
1122 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1123 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1128 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1130 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1135 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp));
1141 put_unaligned_le16(conn->handle, &dc.handle);
1142 dc.reason = 0x13; /* Remote User Terminated Connection */
1143 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1145 mgmt_pending_remove(cmd);
1149 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1151 hci_dev_unlock(hdev);
1157 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1159 struct hci_dev *hdev;
1160 struct mgmt_cp_disconnect *cp;
1161 struct hci_cp_disconnect dc;
1162 struct pending_cmd *cmd;
1163 struct hci_conn *conn;
1170 if (len != sizeof(*cp))
1171 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1172 MGMT_STATUS_INVALID_PARAMS);
1174 hdev = hci_dev_get(index);
1176 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1177 MGMT_STATUS_INVALID_PARAMS);
1181 if (!test_bit(HCI_UP, &hdev->flags)) {
1182 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1183 MGMT_STATUS_NOT_POWERED);
1187 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1188 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1193 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1195 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1198 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1199 MGMT_STATUS_NOT_CONNECTED);
1203 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1209 put_unaligned_le16(conn->handle, &dc.handle);
1210 dc.reason = 0x13; /* Remote User Terminated Connection */
1212 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1214 mgmt_pending_remove(cmd);
1217 hci_dev_unlock(hdev);
1223 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1225 switch (link_type) {
1227 switch (addr_type) {
1228 case ADDR_LE_DEV_PUBLIC:
1229 return MGMT_ADDR_LE_PUBLIC;
1230 case ADDR_LE_DEV_RANDOM:
1231 return MGMT_ADDR_LE_RANDOM;
1233 return MGMT_ADDR_INVALID;
1236 return MGMT_ADDR_BREDR;
1238 return MGMT_ADDR_INVALID;
1242 static int get_connections(struct sock *sk, u16 index)
1244 struct mgmt_rp_get_connections *rp;
1245 struct hci_dev *hdev;
1253 hdev = hci_dev_get(index);
1255 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1256 MGMT_STATUS_INVALID_PARAMS);
1261 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1262 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1266 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1267 rp = kmalloc(rp_len, GFP_ATOMIC);
1273 put_unaligned_le16(count, &rp->conn_count);
1276 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1277 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1279 bacpy(&rp->addr[i].bdaddr, &c->dst);
1280 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1281 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1286 /* Recalculate length in case of filtered SCO connections, etc */
1287 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1289 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1293 hci_dev_unlock(hdev);
1298 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1299 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1301 struct pending_cmd *cmd;
1304 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1309 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1312 mgmt_pending_remove(cmd);
1317 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1320 struct hci_dev *hdev;
1321 struct hci_conn *conn;
1322 struct mgmt_cp_pin_code_reply *cp;
1323 struct mgmt_cp_pin_code_neg_reply ncp;
1324 struct hci_cp_pin_code_reply reply;
1325 struct pending_cmd *cmd;
1332 if (len != sizeof(*cp))
1333 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1334 MGMT_STATUS_INVALID_PARAMS);
1336 hdev = hci_dev_get(index);
1338 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1339 MGMT_STATUS_INVALID_PARAMS);
1343 if (!test_bit(HCI_UP, &hdev->flags)) {
1344 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1345 MGMT_STATUS_NOT_POWERED);
1349 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1351 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1352 MGMT_STATUS_NOT_CONNECTED);
1356 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1357 bacpy(&ncp.bdaddr, &cp->bdaddr);
1359 BT_ERR("PIN code is not 16 bytes long");
1361 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1363 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1364 MGMT_STATUS_INVALID_PARAMS);
1369 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1375 bacpy(&reply.bdaddr, &cp->bdaddr);
1376 reply.pin_len = cp->pin_len;
1377 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1379 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1381 mgmt_pending_remove(cmd);
1384 hci_dev_unlock(hdev);
1390 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1393 struct hci_dev *hdev;
1394 struct mgmt_cp_pin_code_neg_reply *cp;
1401 if (len != sizeof(*cp))
1402 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1403 MGMT_STATUS_INVALID_PARAMS);
1405 hdev = hci_dev_get(index);
1407 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1408 MGMT_STATUS_INVALID_PARAMS);
1412 if (!test_bit(HCI_UP, &hdev->flags)) {
1413 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1414 MGMT_STATUS_NOT_POWERED);
1418 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1421 hci_dev_unlock(hdev);
1427 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1430 struct hci_dev *hdev;
1431 struct mgmt_cp_set_io_capability *cp;
1437 if (len != sizeof(*cp))
1438 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1439 MGMT_STATUS_INVALID_PARAMS);
1441 hdev = hci_dev_get(index);
1443 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1444 MGMT_STATUS_INVALID_PARAMS);
1448 hdev->io_capability = cp->io_capability;
1450 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1451 hdev->io_capability);
1453 hci_dev_unlock(hdev);
1456 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1459 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1461 struct hci_dev *hdev = conn->hdev;
1462 struct pending_cmd *cmd;
1464 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1465 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1468 if (cmd->user_data != conn)
1477 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1479 struct mgmt_rp_pair_device rp;
1480 struct hci_conn *conn = cmd->user_data;
1482 bacpy(&rp.addr.bdaddr, &conn->dst);
1483 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1486 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1488 /* So we don't get further callbacks for this connection */
1489 conn->connect_cfm_cb = NULL;
1490 conn->security_cfm_cb = NULL;
1491 conn->disconn_cfm_cb = NULL;
1495 mgmt_pending_remove(cmd);
1498 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1500 struct pending_cmd *cmd;
1502 BT_DBG("status %u", status);
1504 cmd = find_pairing(conn);
1506 BT_DBG("Unable to find a pending command");
1508 pairing_complete(cmd, status);
1511 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1513 struct hci_dev *hdev;
1514 struct mgmt_cp_pair_device *cp;
1515 struct mgmt_rp_pair_device rp;
1516 struct pending_cmd *cmd;
1517 u8 sec_level, auth_type;
1518 struct hci_conn *conn;
1525 if (len != sizeof(*cp))
1526 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1527 MGMT_STATUS_INVALID_PARAMS);
1529 hdev = hci_dev_get(index);
1531 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1532 MGMT_STATUS_INVALID_PARAMS);
1536 sec_level = BT_SECURITY_MEDIUM;
1537 if (cp->io_cap == 0x03)
1538 auth_type = HCI_AT_DEDICATED_BONDING;
1540 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1542 if (cp->addr.type == MGMT_ADDR_BREDR)
1543 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1546 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1549 memset(&rp, 0, sizeof(rp));
1550 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1551 rp.addr.type = cp->addr.type;
1554 rp.status = -PTR_ERR(conn);
1555 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1560 if (conn->connect_cfm_cb) {
1563 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1568 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1575 /* For LE, just connecting isn't a proof that the pairing finished */
1576 if (cp->addr.type == MGMT_ADDR_BREDR)
1577 conn->connect_cfm_cb = pairing_complete_cb;
1579 conn->security_cfm_cb = pairing_complete_cb;
1580 conn->disconn_cfm_cb = pairing_complete_cb;
1581 conn->io_capability = cp->io_cap;
1582 cmd->user_data = conn;
1584 if (conn->state == BT_CONNECTED &&
1585 hci_conn_security(conn, sec_level, auth_type))
1586 pairing_complete(cmd, 0);
1591 hci_dev_unlock(hdev);
1597 static int cancel_pair_device(struct sock *sk, u16 index,
1598 unsigned char *data, u16 len)
1600 struct mgmt_addr_info *addr = (void *) data;
1601 struct hci_dev *hdev;
1602 struct pending_cmd *cmd;
1603 struct hci_conn *conn;
1608 if (len != sizeof(*addr))
1609 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1610 MGMT_STATUS_INVALID_PARAMS);
1612 hdev = hci_dev_get(index);
1614 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1615 MGMT_STATUS_INVALID_PARAMS);
1619 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1621 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1622 MGMT_STATUS_INVALID_PARAMS);
1626 conn = cmd->user_data;
1628 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1629 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1630 MGMT_STATUS_INVALID_PARAMS);
1634 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1636 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, addr,
1639 hci_dev_unlock(hdev);
1645 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1646 u16 mgmt_op, u16 hci_op, __le32 passkey)
1648 struct pending_cmd *cmd;
1649 struct hci_dev *hdev;
1650 struct hci_conn *conn;
1653 hdev = hci_dev_get(index);
1655 return cmd_status(sk, index, mgmt_op,
1656 MGMT_STATUS_INVALID_PARAMS);
1660 if (!test_bit(HCI_UP, &hdev->flags)) {
1661 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1666 * Check for an existing ACL link, if present pair via
1669 * If no ACL link is present, check for an LE link and if
1670 * present, pair via the SMP engine.
1672 * If neither ACL nor LE links are present, fail with error.
1674 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1676 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1678 err = cmd_status(sk, index, mgmt_op,
1679 MGMT_STATUS_NOT_CONNECTED);
1683 /* Continue with pairing via SMP */
1684 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1687 err = cmd_status(sk, index, mgmt_op,
1688 MGMT_STATUS_SUCCESS);
1690 err = cmd_status(sk, index, mgmt_op,
1691 MGMT_STATUS_FAILED);
1696 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
1702 /* Continue with pairing via HCI */
1703 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1704 struct hci_cp_user_passkey_reply cp;
1706 bacpy(&cp.bdaddr, bdaddr);
1707 cp.passkey = passkey;
1708 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1710 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1713 mgmt_pending_remove(cmd);
1716 hci_dev_unlock(hdev);
1722 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1724 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1728 if (len != sizeof(*cp))
1729 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1730 MGMT_STATUS_INVALID_PARAMS);
1732 return user_pairing_resp(sk, index, &cp->bdaddr,
1733 MGMT_OP_USER_CONFIRM_REPLY,
1734 HCI_OP_USER_CONFIRM_REPLY, 0);
1737 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1740 struct mgmt_cp_user_confirm_neg_reply *cp = data;
1744 if (len != sizeof(*cp))
1745 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1746 MGMT_STATUS_INVALID_PARAMS);
1748 return user_pairing_resp(sk, index, &cp->bdaddr,
1749 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1750 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1753 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1755 struct mgmt_cp_user_passkey_reply *cp = (void *) data;
1759 if (len != sizeof(*cp))
1760 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1763 return user_pairing_resp(sk, index, &cp->bdaddr,
1764 MGMT_OP_USER_PASSKEY_REPLY,
1765 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
1768 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1771 struct mgmt_cp_user_passkey_neg_reply *cp = (void *) data;
1775 if (len != sizeof(*cp))
1776 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1779 return user_pairing_resp(sk, index, &cp->bdaddr,
1780 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1781 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
1784 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1787 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1788 struct hci_cp_write_local_name hci_cp;
1789 struct hci_dev *hdev;
1790 struct pending_cmd *cmd;
1795 if (len != sizeof(*mgmt_cp))
1796 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1797 MGMT_STATUS_INVALID_PARAMS);
1799 hdev = hci_dev_get(index);
1801 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1802 MGMT_STATUS_INVALID_PARAMS);
1806 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
1812 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1813 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1816 mgmt_pending_remove(cmd);
1819 hci_dev_unlock(hdev);
1825 static int read_local_oob_data(struct sock *sk, u16 index)
1827 struct hci_dev *hdev;
1828 struct pending_cmd *cmd;
1831 BT_DBG("hci%u", index);
1833 hdev = hci_dev_get(index);
1835 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1836 MGMT_STATUS_INVALID_PARAMS);
1840 if (!test_bit(HCI_UP, &hdev->flags)) {
1841 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1842 MGMT_STATUS_NOT_POWERED);
1846 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1847 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1848 MGMT_STATUS_NOT_SUPPORTED);
1852 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1853 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1858 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1864 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1866 mgmt_pending_remove(cmd);
1869 hci_dev_unlock(hdev);
1875 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1878 struct hci_dev *hdev;
1879 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1882 BT_DBG("hci%u ", index);
1884 if (len != sizeof(*cp))
1885 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1886 MGMT_STATUS_INVALID_PARAMS);
1888 hdev = hci_dev_get(index);
1890 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1891 MGMT_STATUS_INVALID_PARAMS);
1895 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1898 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1899 MGMT_STATUS_FAILED);
1901 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1904 hci_dev_unlock(hdev);
1910 static int remove_remote_oob_data(struct sock *sk, u16 index,
1911 unsigned char *data, u16 len)
1913 struct hci_dev *hdev;
1914 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1917 BT_DBG("hci%u ", index);
1919 if (len != sizeof(*cp))
1920 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1921 MGMT_STATUS_INVALID_PARAMS);
1923 hdev = hci_dev_get(index);
1925 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1926 MGMT_STATUS_INVALID_PARAMS);
1930 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1932 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1933 MGMT_STATUS_INVALID_PARAMS);
1935 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1938 hci_dev_unlock(hdev);
1944 static int start_discovery(struct sock *sk, u16 index,
1945 unsigned char *data, u16 len)
1947 struct mgmt_cp_start_discovery *cp = (void *) data;
1948 struct pending_cmd *cmd;
1949 struct hci_dev *hdev;
1952 BT_DBG("hci%u", index);
1954 if (len != sizeof(*cp))
1955 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1956 MGMT_STATUS_INVALID_PARAMS);
1958 hdev = hci_dev_get(index);
1960 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1961 MGMT_STATUS_INVALID_PARAMS);
1965 if (!test_bit(HCI_UP, &hdev->flags)) {
1966 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1967 MGMT_STATUS_NOT_POWERED);
1971 if (hdev->discovery.state != DISCOVERY_STOPPED) {
1972 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1977 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1983 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1985 mgmt_pending_remove(cmd);
1987 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
1990 hci_dev_unlock(hdev);
1996 static int stop_discovery(struct sock *sk, u16 index)
1998 struct hci_dev *hdev;
1999 struct pending_cmd *cmd;
2000 struct hci_cp_remote_name_req_cancel cp;
2001 struct inquiry_entry *e;
2004 BT_DBG("hci%u", index);
2006 hdev = hci_dev_get(index);
2008 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2009 MGMT_STATUS_INVALID_PARAMS);
2013 if (!hci_discovery_active(hdev)) {
2014 err = cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2015 MGMT_STATUS_REJECTED);
2019 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2025 if (hdev->discovery.state == DISCOVERY_INQUIRY) {
2026 err = hci_cancel_inquiry(hdev);
2028 mgmt_pending_remove(cmd);
2030 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2034 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2036 mgmt_pending_remove(cmd);
2037 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, NULL, 0);
2038 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2042 bacpy(&cp.bdaddr, &e->data.bdaddr);
2043 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2046 mgmt_pending_remove(cmd);
2048 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2051 hci_dev_unlock(hdev);
2057 static int confirm_name(struct sock *sk, u16 index, unsigned char *data,
2060 struct mgmt_cp_confirm_name *cp = (void *) data;
2061 struct inquiry_entry *e;
2062 struct hci_dev *hdev;
2065 BT_DBG("hci%u", index);
2067 if (len != sizeof(*cp))
2068 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2069 MGMT_STATUS_INVALID_PARAMS);
2071 hdev = hci_dev_get(index);
2073 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2074 MGMT_STATUS_INVALID_PARAMS);
2078 if (!hci_discovery_active(hdev)) {
2079 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2080 MGMT_STATUS_FAILED);
2084 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->bdaddr);
2086 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2087 MGMT_STATUS_INVALID_PARAMS);
2091 if (cp->name_known) {
2092 e->name_state = NAME_KNOWN;
2095 e->name_state = NAME_NEEDED;
2096 hci_inquiry_cache_update_resolve(hdev, e);
2102 hci_dev_unlock(hdev);
2107 static int block_device(struct sock *sk, u16 index, unsigned char *data,
2110 struct hci_dev *hdev;
2111 struct mgmt_cp_block_device *cp = (void *) data;
2114 BT_DBG("hci%u", index);
2116 if (len != sizeof(*cp))
2117 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2118 MGMT_STATUS_INVALID_PARAMS);
2120 hdev = hci_dev_get(index);
2122 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2123 MGMT_STATUS_INVALID_PARAMS);
2127 err = hci_blacklist_add(hdev, &cp->bdaddr);
2129 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2130 MGMT_STATUS_FAILED);
2132 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2135 hci_dev_unlock(hdev);
2141 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
2144 struct hci_dev *hdev;
2145 struct mgmt_cp_unblock_device *cp = (void *) data;
2148 BT_DBG("hci%u", index);
2150 if (len != sizeof(*cp))
2151 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2152 MGMT_STATUS_INVALID_PARAMS);
2154 hdev = hci_dev_get(index);
2156 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2157 MGMT_STATUS_INVALID_PARAMS);
2161 err = hci_blacklist_del(hdev, &cp->bdaddr);
2164 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2165 MGMT_STATUS_INVALID_PARAMS);
2167 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2170 hci_dev_unlock(hdev);
2176 static int set_fast_connectable(struct sock *sk, u16 index,
2177 unsigned char *data, u16 len)
2179 struct hci_dev *hdev;
2180 struct mgmt_mode *cp = (void *) data;
2181 struct hci_cp_write_page_scan_activity acp;
2185 BT_DBG("hci%u", index);
2187 if (len != sizeof(*cp))
2188 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2189 MGMT_STATUS_INVALID_PARAMS);
2191 hdev = hci_dev_get(index);
2193 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2194 MGMT_STATUS_INVALID_PARAMS);
2199 type = PAGE_SCAN_TYPE_INTERLACED;
2200 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2202 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2203 acp.interval = 0x0800; /* default 1.28 sec page scan */
2206 acp.window = 0x0012; /* default 11.25 msec page scan window */
2208 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2211 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2212 MGMT_STATUS_FAILED);
2216 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2218 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2219 MGMT_STATUS_FAILED);
2223 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2226 hci_dev_unlock(hdev);
2232 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2235 struct mgmt_hdr *hdr;
2236 u16 opcode, index, len;
2239 BT_DBG("got %zu bytes", msglen);
2241 if (msglen < sizeof(*hdr))
2244 buf = kmalloc(msglen, GFP_KERNEL);
2248 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2253 hdr = (struct mgmt_hdr *) buf;
2254 opcode = get_unaligned_le16(&hdr->opcode);
2255 index = get_unaligned_le16(&hdr->index);
2256 len = get_unaligned_le16(&hdr->len);
2258 if (len != msglen - sizeof(*hdr)) {
2264 case MGMT_OP_READ_VERSION:
2265 err = read_version(sk);
2267 case MGMT_OP_READ_INDEX_LIST:
2268 err = read_index_list(sk);
2270 case MGMT_OP_READ_INFO:
2271 err = read_controller_info(sk, index);
2273 case MGMT_OP_SET_POWERED:
2274 err = set_powered(sk, index, buf + sizeof(*hdr), len);
2276 case MGMT_OP_SET_DISCOVERABLE:
2277 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
2279 case MGMT_OP_SET_CONNECTABLE:
2280 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
2282 case MGMT_OP_SET_FAST_CONNECTABLE:
2283 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
2286 case MGMT_OP_SET_PAIRABLE:
2287 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
2289 case MGMT_OP_ADD_UUID:
2290 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
2292 case MGMT_OP_REMOVE_UUID:
2293 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
2295 case MGMT_OP_SET_DEV_CLASS:
2296 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
2298 case MGMT_OP_LOAD_LINK_KEYS:
2299 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
2301 case MGMT_OP_REMOVE_KEYS:
2302 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
2304 case MGMT_OP_DISCONNECT:
2305 err = disconnect(sk, index, buf + sizeof(*hdr), len);
2307 case MGMT_OP_GET_CONNECTIONS:
2308 err = get_connections(sk, index);
2310 case MGMT_OP_PIN_CODE_REPLY:
2311 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
2313 case MGMT_OP_PIN_CODE_NEG_REPLY:
2314 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
2316 case MGMT_OP_SET_IO_CAPABILITY:
2317 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
2319 case MGMT_OP_PAIR_DEVICE:
2320 err = pair_device(sk, index, buf + sizeof(*hdr), len);
2322 case MGMT_OP_CANCEL_PAIR_DEVICE:
2323 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2325 case MGMT_OP_USER_CONFIRM_REPLY:
2326 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len);
2328 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2329 err = user_confirm_neg_reply(sk, index, buf + sizeof(*hdr),
2332 case MGMT_OP_USER_PASSKEY_REPLY:
2333 err = user_passkey_reply(sk, index, buf + sizeof(*hdr), len);
2335 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2336 err = user_passkey_neg_reply(sk, index, buf + sizeof(*hdr),
2339 case MGMT_OP_SET_LOCAL_NAME:
2340 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
2342 case MGMT_OP_READ_LOCAL_OOB_DATA:
2343 err = read_local_oob_data(sk, index);
2345 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2346 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
2348 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2349 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
2352 case MGMT_OP_START_DISCOVERY:
2353 err = start_discovery(sk, index, buf + sizeof(*hdr), len);
2355 case MGMT_OP_STOP_DISCOVERY:
2356 err = stop_discovery(sk, index);
2358 case MGMT_OP_CONFIRM_NAME:
2359 err = confirm_name(sk, index, buf + sizeof(*hdr), len);
2361 case MGMT_OP_BLOCK_DEVICE:
2362 err = block_device(sk, index, buf + sizeof(*hdr), len);
2364 case MGMT_OP_UNBLOCK_DEVICE:
2365 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
2368 BT_DBG("Unknown op %u", opcode);
2369 err = cmd_status(sk, index, opcode,
2370 MGMT_STATUS_UNKNOWN_COMMAND);
2384 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2388 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2389 mgmt_pending_remove(cmd);
2392 int mgmt_index_added(struct hci_dev *hdev)
2394 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2397 int mgmt_index_removed(struct hci_dev *hdev)
2401 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2403 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2409 struct hci_dev *hdev;
2412 static void settings_rsp(struct pending_cmd *cmd, void *data)
2414 struct cmd_lookup *match = data;
2416 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2418 list_del(&cmd->list);
2420 if (match->sk == NULL) {
2421 match->sk = cmd->sk;
2422 sock_hold(match->sk);
2425 mgmt_pending_free(cmd);
2428 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2430 struct cmd_lookup match = { powered, NULL, hdev };
2434 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2437 u8 status = ENETDOWN;
2438 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2441 ev = cpu_to_le32(get_current_settings(hdev));
2443 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2452 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2454 struct cmd_lookup match = { discoverable, NULL, hdev };
2458 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
2460 ev = cpu_to_le32(get_current_settings(hdev));
2462 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2470 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2473 struct cmd_lookup match = { connectable, NULL, hdev };
2476 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2479 ev = cpu_to_le32(get_current_settings(hdev));
2481 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
2489 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2491 u8 mgmt_err = mgmt_status(status);
2493 if (scan & SCAN_PAGE)
2494 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2495 cmd_status_rsp, &mgmt_err);
2497 if (scan & SCAN_INQUIRY)
2498 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2499 cmd_status_rsp, &mgmt_err);
2504 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2507 struct mgmt_ev_new_link_key ev;
2509 memset(&ev, 0, sizeof(ev));
2511 ev.store_hint = persistent;
2512 bacpy(&ev.key.bdaddr, &key->bdaddr);
2513 ev.key.type = key->type;
2514 memcpy(ev.key.val, key->val, 16);
2515 ev.key.pin_len = key->pin_len;
2517 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2520 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2521 u8 addr_type, u8 *name, u8 name_len,
2525 struct mgmt_ev_device_connected *ev = (void *) buf;
2528 bacpy(&ev->addr.bdaddr, bdaddr);
2529 ev->addr.type = link_to_mgmt(link_type, addr_type);
2532 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2535 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2536 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
2537 EIR_CLASS_OF_DEV, dev_class, 3);
2539 put_unaligned_le16(eir_len, &ev->eir_len);
2541 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
2542 sizeof(*ev) + eir_len, NULL);
2545 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2547 struct mgmt_cp_disconnect *cp = cmd->param;
2548 struct sock **sk = data;
2549 struct mgmt_rp_disconnect rp;
2551 bacpy(&rp.bdaddr, &cp->bdaddr);
2554 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2559 mgmt_pending_remove(cmd);
2562 static void remove_keys_rsp(struct pending_cmd *cmd, void *data)
2565 struct mgmt_cp_remove_keys *cp = cmd->param;
2566 struct mgmt_rp_remove_keys rp;
2568 memset(&rp, 0, sizeof(rp));
2569 bacpy(&rp.bdaddr, &cp->bdaddr);
2571 rp.status = *status;
2573 cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp,
2576 mgmt_pending_remove(cmd);
2579 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2580 u8 link_type, u8 addr_type)
2582 struct mgmt_addr_info ev;
2583 struct sock *sk = NULL;
2586 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2588 bacpy(&ev.bdaddr, bdaddr);
2589 ev.type = link_to_mgmt(link_type, addr_type);
2591 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
2597 mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL);
2602 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2604 struct pending_cmd *cmd;
2605 u8 mgmt_err = mgmt_status(status);
2608 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2613 struct mgmt_rp_disconnect rp;
2615 bacpy(&rp.bdaddr, bdaddr);
2618 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2621 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT,
2624 mgmt_pending_remove(cmd);
2629 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2630 u8 addr_type, u8 status)
2632 struct mgmt_ev_connect_failed ev;
2634 bacpy(&ev.addr.bdaddr, bdaddr);
2635 ev.addr.type = link_to_mgmt(link_type, addr_type);
2636 ev.status = mgmt_status(status);
2638 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2641 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2643 struct mgmt_ev_pin_code_request ev;
2645 bacpy(&ev.bdaddr, bdaddr);
2648 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2652 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2655 struct pending_cmd *cmd;
2656 struct mgmt_rp_pin_code_reply rp;
2659 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2663 bacpy(&rp.bdaddr, bdaddr);
2664 rp.status = mgmt_status(status);
2666 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2669 mgmt_pending_remove(cmd);
2674 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2677 struct pending_cmd *cmd;
2678 struct mgmt_rp_pin_code_reply rp;
2681 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2685 bacpy(&rp.bdaddr, bdaddr);
2686 rp.status = mgmt_status(status);
2688 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2691 mgmt_pending_remove(cmd);
2696 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2697 __le32 value, u8 confirm_hint)
2699 struct mgmt_ev_user_confirm_request ev;
2701 BT_DBG("%s", hdev->name);
2703 bacpy(&ev.bdaddr, bdaddr);
2704 ev.confirm_hint = confirm_hint;
2705 put_unaligned_le32(value, &ev.value);
2707 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2711 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr)
2713 struct mgmt_ev_user_passkey_request ev;
2715 BT_DBG("%s", hdev->name);
2717 bacpy(&ev.bdaddr, bdaddr);
2719 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
2723 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2724 u8 status, u8 opcode)
2726 struct pending_cmd *cmd;
2727 struct mgmt_rp_user_confirm_reply rp;
2730 cmd = mgmt_pending_find(opcode, hdev);
2734 bacpy(&rp.bdaddr, bdaddr);
2735 rp.status = mgmt_status(status);
2736 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2738 mgmt_pending_remove(cmd);
2743 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2746 return user_pairing_resp_complete(hdev, bdaddr, status,
2747 MGMT_OP_USER_CONFIRM_REPLY);
2750 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2751 bdaddr_t *bdaddr, u8 status)
2753 return user_pairing_resp_complete(hdev, bdaddr, status,
2754 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2757 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2760 return user_pairing_resp_complete(hdev, bdaddr, status,
2761 MGMT_OP_USER_PASSKEY_REPLY);
2764 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev,
2765 bdaddr_t *bdaddr, u8 status)
2767 return user_pairing_resp_complete(hdev, bdaddr, status,
2768 MGMT_OP_USER_PASSKEY_NEG_REPLY);
2771 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2773 struct mgmt_ev_auth_failed ev;
2775 bacpy(&ev.bdaddr, bdaddr);
2776 ev.status = mgmt_status(status);
2778 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2781 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2783 struct pending_cmd *cmd;
2784 struct mgmt_cp_set_local_name ev;
2787 memset(&ev, 0, sizeof(ev));
2788 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2790 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2795 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2796 mgmt_status(status));
2802 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2808 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2809 cmd ? cmd->sk : NULL);
2813 mgmt_pending_remove(cmd);
2817 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2818 u8 *randomizer, u8 status)
2820 struct pending_cmd *cmd;
2823 BT_DBG("%s status %u", hdev->name, status);
2825 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2830 err = cmd_status(cmd->sk, hdev->id,
2831 MGMT_OP_READ_LOCAL_OOB_DATA,
2832 mgmt_status(status));
2834 struct mgmt_rp_read_local_oob_data rp;
2836 memcpy(rp.hash, hash, sizeof(rp.hash));
2837 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2839 err = cmd_complete(cmd->sk, hdev->id,
2840 MGMT_OP_READ_LOCAL_OOB_DATA,
2844 mgmt_pending_remove(cmd);
2849 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2850 u8 addr_type, u8 *dev_class, s8 rssi,
2851 u8 cfm_name, u8 *eir, u16 eir_len)
2854 struct mgmt_ev_device_found *ev = (void *) buf;
2857 /* Leave 5 bytes for a potential CoD field */
2858 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
2861 memset(buf, 0, sizeof(buf));
2863 bacpy(&ev->addr.bdaddr, bdaddr);
2864 ev->addr.type = link_to_mgmt(link_type, addr_type);
2866 ev->confirm_name = cfm_name;
2869 memcpy(ev->eir, eir, eir_len);
2871 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
2872 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
2875 put_unaligned_le16(eir_len, &ev->eir_len);
2877 ev_size = sizeof(*ev) + eir_len;
2879 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
2882 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2883 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
2885 struct mgmt_ev_device_found *ev;
2886 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
2889 ev = (struct mgmt_ev_device_found *) buf;
2891 memset(buf, 0, sizeof(buf));
2893 bacpy(&ev->addr.bdaddr, bdaddr);
2894 ev->addr.type = link_to_mgmt(link_type, addr_type);
2897 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
2900 put_unaligned_le16(eir_len, &ev->eir_len);
2902 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
2905 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2907 struct pending_cmd *cmd;
2910 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2914 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
2915 mgmt_pending_remove(cmd);
2920 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2922 struct pending_cmd *cmd;
2925 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2929 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
2930 mgmt_pending_remove(cmd);
2935 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2937 struct pending_cmd *cmd;
2940 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2942 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2945 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
2946 mgmt_pending_remove(cmd);
2949 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
2950 sizeof(discovering), NULL);
2953 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2955 struct pending_cmd *cmd;
2956 struct mgmt_ev_device_blocked ev;
2958 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
2960 bacpy(&ev.bdaddr, bdaddr);
2962 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2963 cmd ? cmd->sk : NULL);
2966 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2968 struct pending_cmd *cmd;
2969 struct mgmt_ev_device_unblocked ev;
2971 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
2973 bacpy(&ev.bdaddr, bdaddr);
2975 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2976 cmd ? cmd->sk : NULL);
projects / linux-2.6-block.git / blob