2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/kernel.h>
28 #include <linux/uaccess.h>
29 #include <linux/module.h>
30 #include <asm/unaligned.h>
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/mgmt.h>
35 #include <net/bluetooth/smp.h>
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 0
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
83 static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
110 #define LE_SCAN_TYPE 0x01
111 #define LE_SCAN_WIN 0x12
112 #define LE_SCAN_INT 0x12
113 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
114 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
116 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
117 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
119 #define SERVICE_CACHE_TIMEOUT (5 * 1000)
121 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
125 struct list_head list;
133 /* HCI to MGMT error code conversion table */
134 static u8 mgmt_status_table[] = {
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
198 static u8 mgmt_status(u8 hci_status)
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
203 return MGMT_STATUS_FAILED;
206 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
222 hdr->index = cpu_to_le16(index);
223 hdr->len = cpu_to_le16(sizeof(*ev));
225 ev = (void *) skb_put(skb, sizeof(*ev));
227 put_unaligned_le16(cmd, &ev->opcode);
229 err = sock_queue_rcv_skb(sk, skb);
236 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237 void *rp, size_t rp_len)
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
244 BT_DBG("sock %p", sk);
246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
253 hdr->index = cpu_to_le16(index);
254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
261 memcpy(ev->data, rp, rp_len);
263 err = sock_queue_rcv_skb(sk, skb);
270 static int read_version(struct sock *sk)
272 struct mgmt_rp_read_version rp;
274 BT_DBG("sock %p", sk);
276 rp.version = MGMT_VERSION;
277 put_unaligned_le16(MGMT_REVISION, &rp.revision);
279 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
283 static int read_commands(struct sock *sk)
285 struct mgmt_rp_read_commands *rp;
286 u16 num_commands = ARRAY_SIZE(mgmt_commands);
287 u16 num_events = ARRAY_SIZE(mgmt_events);
292 BT_DBG("sock %p", sk);
294 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
296 rp = kmalloc(rp_size, GFP_KERNEL);
300 put_unaligned_le16(num_commands, &rp->num_commands);
301 put_unaligned_le16(num_events, &rp->num_events);
303 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
304 put_unaligned_le16(mgmt_commands[i], opcode);
306 for (i = 0; i < num_events; i++, opcode++)
307 put_unaligned_le16(mgmt_events[i], opcode);
309 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
316 static int read_index_list(struct sock *sk)
318 struct mgmt_rp_read_index_list *rp;
325 BT_DBG("sock %p", sk);
327 read_lock(&hci_dev_list_lock);
330 list_for_each(p, &hci_dev_list) {
334 rp_len = sizeof(*rp) + (2 * count);
335 rp = kmalloc(rp_len, GFP_ATOMIC);
337 read_unlock(&hci_dev_list_lock);
341 put_unaligned_le16(count, &rp->num_controllers);
344 list_for_each_entry(d, &hci_dev_list, list) {
345 if (test_bit(HCI_SETUP, &d->dev_flags))
348 put_unaligned_le16(d->id, &rp->index[i++]);
349 BT_DBG("Added hci%u", d->id);
352 read_unlock(&hci_dev_list_lock);
354 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
362 static u32 get_supported_settings(struct hci_dev *hdev)
366 settings |= MGMT_SETTING_POWERED;
367 settings |= MGMT_SETTING_CONNECTABLE;
368 settings |= MGMT_SETTING_FAST_CONNECTABLE;
369 settings |= MGMT_SETTING_DISCOVERABLE;
370 settings |= MGMT_SETTING_PAIRABLE;
372 if (hdev->features[6] & LMP_SIMPLE_PAIR)
373 settings |= MGMT_SETTING_SSP;
375 if (!(hdev->features[4] & LMP_NO_BREDR)) {
376 settings |= MGMT_SETTING_BREDR;
377 settings |= MGMT_SETTING_LINK_SECURITY;
381 settings |= MGMT_SETTING_HS;
384 if (hdev->features[4] & LMP_LE)
385 settings |= MGMT_SETTING_LE;
391 static u32 get_current_settings(struct hci_dev *hdev)
395 if (hdev_is_powered(hdev))
396 settings |= MGMT_SETTING_POWERED;
398 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
399 settings |= MGMT_SETTING_CONNECTABLE;
401 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
402 settings |= MGMT_SETTING_DISCOVERABLE;
404 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_PAIRABLE;
407 if (!(hdev->features[4] & LMP_NO_BREDR))
408 settings |= MGMT_SETTING_BREDR;
410 if (hdev->host_features[0] & LMP_HOST_LE)
411 settings |= MGMT_SETTING_LE;
413 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
414 settings |= MGMT_SETTING_LINK_SECURITY;
416 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
417 settings |= MGMT_SETTING_SSP;
419 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
420 settings |= MGMT_SETTING_HS;
425 #define PNP_INFO_SVCLASS_ID 0x1200
427 static u8 bluetooth_base_uuid[] = {
428 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
429 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
432 static u16 get_uuid16(u8 *uuid128)
437 for (i = 0; i < 12; i++) {
438 if (bluetooth_base_uuid[i] != uuid128[i])
442 memcpy(&val, &uuid128[12], 4);
444 val = le32_to_cpu(val);
451 static void create_eir(struct hci_dev *hdev, u8 *data)
455 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
456 int i, truncated = 0;
457 struct bt_uuid *uuid;
460 name_len = strlen(hdev->dev_name);
466 ptr[1] = EIR_NAME_SHORT;
468 ptr[1] = EIR_NAME_COMPLETE;
470 /* EIR Data length */
471 ptr[0] = name_len + 1;
473 memcpy(ptr + 2, hdev->dev_name, name_len);
475 eir_len += (name_len + 2);
476 ptr += (name_len + 2);
479 memset(uuid16_list, 0, sizeof(uuid16_list));
481 /* Group all UUID16 types */
482 list_for_each_entry(uuid, &hdev->uuids, list) {
485 uuid16 = get_uuid16(uuid->uuid);
492 if (uuid16 == PNP_INFO_SVCLASS_ID)
495 /* Stop if not enough space to put next UUID */
496 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
501 /* Check for duplicates */
502 for (i = 0; uuid16_list[i] != 0; i++)
503 if (uuid16_list[i] == uuid16)
506 if (uuid16_list[i] == 0) {
507 uuid16_list[i] = uuid16;
508 eir_len += sizeof(u16);
512 if (uuid16_list[0] != 0) {
516 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
521 for (i = 0; uuid16_list[i] != 0; i++) {
522 *ptr++ = (uuid16_list[i] & 0x00ff);
523 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
526 /* EIR Data length */
527 *length = (i * sizeof(u16)) + 1;
531 static int update_eir(struct hci_dev *hdev)
533 struct hci_cp_write_eir cp;
535 if (!(hdev->features[6] & LMP_EXT_INQ))
538 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
541 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
544 memset(&cp, 0, sizeof(cp));
546 create_eir(hdev, cp.data);
548 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
551 memcpy(hdev->eir, cp.data, sizeof(cp.data));
553 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
556 static u8 get_service_classes(struct hci_dev *hdev)
558 struct bt_uuid *uuid;
561 list_for_each_entry(uuid, &hdev->uuids, list)
562 val |= uuid->svc_hint;
567 static int update_class(struct hci_dev *hdev)
571 BT_DBG("%s", hdev->name);
573 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
576 cod[0] = hdev->minor_class;
577 cod[1] = hdev->major_class;
578 cod[2] = get_service_classes(hdev);
580 if (memcmp(cod, hdev->dev_class, 3) == 0)
583 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
586 static void service_cache_off(struct work_struct *work)
588 struct hci_dev *hdev = container_of(work, struct hci_dev,
591 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
599 hci_dev_unlock(hdev);
602 static void mgmt_init_hdev(struct hci_dev *hdev)
604 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) {
605 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
607 /* Non-mgmt controlled devices get this bit set
608 * implicitly so that pairing works for them, however
609 * for mgmt we require user-space to explicitly enable
612 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
615 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
616 schedule_delayed_work(&hdev->service_cache,
617 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
620 static int read_controller_info(struct sock *sk, u16 index)
622 struct mgmt_rp_read_info rp;
623 struct hci_dev *hdev;
625 BT_DBG("sock %p hci%u", sk, index);
627 hdev = hci_dev_get(index);
629 return cmd_status(sk, index, MGMT_OP_READ_INFO,
630 MGMT_STATUS_INVALID_PARAMS);
634 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
635 mgmt_init_hdev(hdev);
637 memset(&rp, 0, sizeof(rp));
639 bacpy(&rp.bdaddr, &hdev->bdaddr);
641 rp.version = hdev->hci_ver;
643 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
645 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
646 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
648 memcpy(rp.dev_class, hdev->dev_class, 3);
650 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
652 hci_dev_unlock(hdev);
655 return cmd_complete(sk, index, MGMT_OP_READ_INFO, 0, &rp, sizeof(rp));
658 static void mgmt_pending_free(struct pending_cmd *cmd)
665 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
666 struct hci_dev *hdev,
669 struct pending_cmd *cmd;
671 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
675 cmd->opcode = opcode;
676 cmd->index = hdev->id;
678 cmd->param = kmalloc(len, GFP_ATOMIC);
685 memcpy(cmd->param, data, len);
690 list_add(&cmd->list, &hdev->mgmt_pending);
695 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
696 void (*cb)(struct pending_cmd *cmd, void *data),
699 struct list_head *p, *n;
701 list_for_each_safe(p, n, &hdev->mgmt_pending) {
702 struct pending_cmd *cmd;
704 cmd = list_entry(p, struct pending_cmd, list);
706 if (opcode > 0 && cmd->opcode != opcode)
713 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
715 struct pending_cmd *cmd;
717 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
718 if (cmd->opcode == opcode)
725 static void mgmt_pending_remove(struct pending_cmd *cmd)
727 list_del(&cmd->list);
728 mgmt_pending_free(cmd);
731 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
733 __le32 settings = cpu_to_le32(get_current_settings(hdev));
735 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
739 static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
741 struct mgmt_mode *cp = data;
742 struct hci_dev *hdev;
743 struct pending_cmd *cmd;
746 BT_DBG("request for hci%u", index);
748 if (len != sizeof(*cp))
749 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
750 MGMT_STATUS_INVALID_PARAMS);
752 hdev = hci_dev_get(index);
754 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
755 MGMT_STATUS_INVALID_PARAMS);
759 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
760 cancel_delayed_work(&hdev->power_off);
763 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
764 mgmt_powered(hdev, 1);
769 if (!!cp->val == hdev_is_powered(hdev)) {
770 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
774 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
775 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
787 schedule_work(&hdev->power_on);
789 schedule_work(&hdev->power_off.work);
794 hci_dev_unlock(hdev);
799 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
800 u16 data_len, struct sock *skip_sk)
803 struct mgmt_hdr *hdr;
805 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
809 hdr = (void *) skb_put(skb, sizeof(*hdr));
810 hdr->opcode = cpu_to_le16(event);
812 hdr->index = cpu_to_le16(hdev->id);
814 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
815 hdr->len = cpu_to_le16(data_len);
818 memcpy(skb_put(skb, data_len), data, data_len);
820 hci_send_to_control(skb, skip_sk);
826 static int new_settings(struct hci_dev *hdev, struct sock *skip)
830 ev = cpu_to_le32(get_current_settings(hdev));
832 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
835 static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
837 struct mgmt_cp_set_discoverable *cp = data;
838 struct hci_dev *hdev;
839 struct pending_cmd *cmd;
844 BT_DBG("request for hci%u", index);
846 if (len != sizeof(*cp))
847 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
848 MGMT_STATUS_INVALID_PARAMS);
850 hdev = hci_dev_get(index);
852 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
853 MGMT_STATUS_INVALID_PARAMS);
855 timeout = get_unaligned_le16(&cp->timeout);
859 if (!hdev_is_powered(hdev) && timeout > 0) {
860 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
861 MGMT_STATUS_NOT_POWERED);
865 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
866 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
867 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
872 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
873 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
874 MGMT_STATUS_REJECTED);
878 if (!hdev_is_powered(hdev)) {
879 bool changed = false;
881 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
882 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
886 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
891 err = new_settings(hdev, sk);
896 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
897 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
901 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
910 scan |= SCAN_INQUIRY;
912 cancel_delayed_work(&hdev->discov_off);
914 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
916 mgmt_pending_remove(cmd);
919 hdev->discov_timeout = timeout;
922 hci_dev_unlock(hdev);
928 static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
930 struct mgmt_mode *cp = data;
931 struct hci_dev *hdev;
932 struct pending_cmd *cmd;
936 BT_DBG("request for hci%u", index);
938 if (len != sizeof(*cp))
939 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
940 MGMT_STATUS_INVALID_PARAMS);
942 hdev = hci_dev_get(index);
944 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
945 MGMT_STATUS_INVALID_PARAMS);
949 if (!hdev_is_powered(hdev)) {
950 bool changed = false;
952 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
956 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
958 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
959 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
962 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
967 err = new_settings(hdev, sk);
972 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
973 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
974 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
979 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
980 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
984 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
995 if (test_bit(HCI_ISCAN, &hdev->flags) &&
996 hdev->discov_timeout > 0)
997 cancel_delayed_work(&hdev->discov_off);
1000 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1002 mgmt_pending_remove(cmd);
1005 hci_dev_unlock(hdev);
1011 static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
1013 struct mgmt_mode *cp = data;
1014 struct hci_dev *hdev;
1017 BT_DBG("request for hci%u", index);
1019 if (len != sizeof(*cp))
1020 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1021 MGMT_STATUS_INVALID_PARAMS);
1023 hdev = hci_dev_get(index);
1025 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1026 MGMT_STATUS_INVALID_PARAMS);
1031 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1033 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1035 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1039 err = new_settings(hdev, sk);
1042 hci_dev_unlock(hdev);
1048 static int set_link_security(struct sock *sk, u16 index, void *data, u16 len)
1050 struct mgmt_mode *cp = data;
1051 struct pending_cmd *cmd;
1052 struct hci_dev *hdev;
1056 BT_DBG("request for hci%u", index);
1058 if (len != sizeof(*cp))
1059 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1060 MGMT_STATUS_INVALID_PARAMS);
1062 hdev = hci_dev_get(index);
1064 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1065 MGMT_STATUS_INVALID_PARAMS);
1069 if (!hdev_is_powered(hdev)) {
1070 bool changed = false;
1072 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1073 &hdev->dev_flags)) {
1074 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1078 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1083 err = new_settings(hdev, sk);
1088 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1089 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1096 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1097 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1101 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1107 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1109 mgmt_pending_remove(cmd);
1114 hci_dev_unlock(hdev);
1120 static int set_ssp(struct sock *sk, u16 index, void *data, u16 len)
1122 struct mgmt_mode *cp = data;
1123 struct pending_cmd *cmd;
1124 struct hci_dev *hdev;
1128 BT_DBG("request for hci%u", index);
1130 if (len != sizeof(*cp))
1131 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1132 MGMT_STATUS_INVALID_PARAMS);
1134 hdev = hci_dev_get(index);
1136 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1137 MGMT_STATUS_INVALID_PARAMS);
1141 if (!hdev_is_powered(hdev)) {
1142 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1143 MGMT_STATUS_NOT_POWERED);
1147 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1148 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1149 MGMT_STATUS_NOT_SUPPORTED);
1153 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1154 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY);
1160 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1161 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1165 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1171 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1173 mgmt_pending_remove(cmd);
1178 hci_dev_unlock(hdev);
1184 static int set_hs(struct sock *sk, u16 index, void *data, u16 len)
1186 struct mgmt_mode *cp = data;
1187 struct hci_dev *hdev;
1190 BT_DBG("request for hci%u", index);
1192 if (len != sizeof(*cp))
1193 return cmd_status(sk, index, MGMT_OP_SET_HS,
1194 MGMT_STATUS_INVALID_PARAMS);
1196 hdev = hci_dev_get(index);
1198 return cmd_status(sk, index, MGMT_OP_SET_HS,
1199 MGMT_STATUS_INVALID_PARAMS);
1202 err = cmd_status(sk, index, MGMT_OP_SET_HS,
1203 MGMT_STATUS_NOT_SUPPORTED);
1208 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1210 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1212 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1219 static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
1221 struct mgmt_cp_add_uuid *cp = data;
1222 struct hci_dev *hdev;
1223 struct bt_uuid *uuid;
1226 BT_DBG("request for hci%u", index);
1228 if (len != sizeof(*cp))
1229 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1230 MGMT_STATUS_INVALID_PARAMS);
1232 hdev = hci_dev_get(index);
1234 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1235 MGMT_STATUS_INVALID_PARAMS);
1239 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1245 memcpy(uuid->uuid, cp->uuid, 16);
1246 uuid->svc_hint = cp->svc_hint;
1248 list_add(&uuid->list, &hdev->uuids);
1250 err = update_class(hdev);
1254 err = update_eir(hdev);
1258 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, 0, NULL, 0);
1261 hci_dev_unlock(hdev);
1267 static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
1269 struct mgmt_cp_remove_uuid *cp = data;
1270 struct list_head *p, *n;
1271 struct hci_dev *hdev;
1272 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1275 BT_DBG("request for hci%u", index);
1277 if (len != sizeof(*cp))
1278 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1279 MGMT_STATUS_INVALID_PARAMS);
1281 hdev = hci_dev_get(index);
1283 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1284 MGMT_STATUS_INVALID_PARAMS);
1288 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1289 err = hci_uuids_clear(hdev);
1295 list_for_each_safe(p, n, &hdev->uuids) {
1296 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1298 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1301 list_del(&match->list);
1306 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1307 MGMT_STATUS_INVALID_PARAMS);
1311 err = update_class(hdev);
1315 err = update_eir(hdev);
1319 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0, NULL, 0);
1322 hci_dev_unlock(hdev);
1328 static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1330 struct hci_dev *hdev;
1331 struct mgmt_cp_set_dev_class *cp = data;
1334 BT_DBG("request for hci%u", index);
1336 if (len != sizeof(*cp))
1337 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1338 MGMT_STATUS_INVALID_PARAMS);
1340 hdev = hci_dev_get(index);
1342 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1343 MGMT_STATUS_INVALID_PARAMS);
1347 if (!hdev_is_powered(hdev)) {
1348 err = cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1349 MGMT_STATUS_NOT_POWERED);
1353 hdev->major_class = cp->major;
1354 hdev->minor_class = cp->minor;
1356 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1357 hci_dev_unlock(hdev);
1358 cancel_delayed_work_sync(&hdev->service_cache);
1363 err = update_class(hdev);
1366 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
1370 hci_dev_unlock(hdev);
1376 static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
1378 struct hci_dev *hdev;
1379 struct mgmt_cp_load_link_keys *cp = data;
1380 u16 key_count, expected_len;
1383 if (len < sizeof(*cp))
1384 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1385 MGMT_STATUS_INVALID_PARAMS);
1387 key_count = get_unaligned_le16(&cp->key_count);
1389 expected_len = sizeof(*cp) + key_count *
1390 sizeof(struct mgmt_link_key_info);
1391 if (expected_len != len) {
1392 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1394 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1395 MGMT_STATUS_INVALID_PARAMS);
1398 hdev = hci_dev_get(index);
1400 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1401 MGMT_STATUS_INVALID_PARAMS);
1403 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1408 hci_link_keys_clear(hdev);
1410 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1413 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1415 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1417 for (i = 0; i < key_count; i++) {
1418 struct mgmt_link_key_info *key = &cp->keys[i];
1420 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1421 key->type, key->pin_len);
1424 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1426 hci_dev_unlock(hdev);
1432 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1433 u8 addr_type, struct sock *skip_sk)
1435 struct mgmt_ev_device_unpaired ev;
1437 bacpy(&ev.addr.bdaddr, bdaddr);
1438 ev.addr.type = addr_type;
1440 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1444 static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
1446 struct hci_dev *hdev;
1447 struct mgmt_cp_unpair_device *cp = data;
1448 struct mgmt_rp_unpair_device rp;
1449 struct hci_cp_disconnect dc;
1450 struct pending_cmd *cmd;
1451 struct hci_conn *conn;
1455 if (len != sizeof(*cp))
1456 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1457 MGMT_STATUS_INVALID_PARAMS);
1459 hdev = hci_dev_get(index);
1461 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1462 MGMT_STATUS_INVALID_PARAMS);
1466 memset(&rp, 0, sizeof(rp));
1467 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1468 rp.addr.type = cp->addr.type;
1470 if (cp->addr.type == MGMT_ADDR_BREDR)
1471 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1473 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1476 status = MGMT_STATUS_NOT_PAIRED;
1480 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1481 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1483 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1487 if (cp->addr.type == MGMT_ADDR_BREDR)
1488 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1491 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1495 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1497 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1501 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1508 put_unaligned_le16(conn->handle, &dc.handle);
1509 dc.reason = 0x13; /* Remote User Terminated Connection */
1510 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1512 mgmt_pending_remove(cmd);
1516 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1518 hci_dev_unlock(hdev);
1524 static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
1526 struct hci_dev *hdev;
1527 struct mgmt_cp_disconnect *cp = data;
1528 struct hci_cp_disconnect dc;
1529 struct pending_cmd *cmd;
1530 struct hci_conn *conn;
1535 if (len != sizeof(*cp))
1536 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1537 MGMT_STATUS_INVALID_PARAMS);
1539 hdev = hci_dev_get(index);
1541 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1542 MGMT_STATUS_INVALID_PARAMS);
1546 if (!test_bit(HCI_UP, &hdev->flags)) {
1547 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1548 MGMT_STATUS_NOT_POWERED);
1552 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1553 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1558 if (cp->addr.type == MGMT_ADDR_BREDR)
1559 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1561 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1564 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1565 MGMT_STATUS_NOT_CONNECTED);
1569 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1575 put_unaligned_le16(conn->handle, &dc.handle);
1576 dc.reason = 0x13; /* Remote User Terminated Connection */
1578 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1580 mgmt_pending_remove(cmd);
1583 hci_dev_unlock(hdev);
1589 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1591 switch (link_type) {
1593 switch (addr_type) {
1594 case ADDR_LE_DEV_PUBLIC:
1595 return MGMT_ADDR_LE_PUBLIC;
1596 case ADDR_LE_DEV_RANDOM:
1597 return MGMT_ADDR_LE_RANDOM;
1599 return MGMT_ADDR_INVALID;
1602 return MGMT_ADDR_BREDR;
1604 return MGMT_ADDR_INVALID;
1608 static int get_connections(struct sock *sk, u16 index)
1610 struct mgmt_rp_get_connections *rp;
1611 struct hci_dev *hdev;
1619 hdev = hci_dev_get(index);
1621 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1622 MGMT_STATUS_INVALID_PARAMS);
1627 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1628 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1632 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1633 rp = kmalloc(rp_len, GFP_ATOMIC);
1639 put_unaligned_le16(count, &rp->conn_count);
1642 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1643 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1645 bacpy(&rp->addr[i].bdaddr, &c->dst);
1646 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1647 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1652 /* Recalculate length in case of filtered SCO connections, etc */
1653 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1655 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, 0, rp, rp_len);
1659 hci_dev_unlock(hdev);
1664 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1665 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1667 struct pending_cmd *cmd;
1670 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1675 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1676 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1678 mgmt_pending_remove(cmd);
1683 static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
1685 struct hci_dev *hdev;
1686 struct hci_conn *conn;
1687 struct mgmt_cp_pin_code_reply *cp = data;
1688 struct hci_cp_pin_code_reply reply;
1689 struct pending_cmd *cmd;
1694 if (len != sizeof(*cp))
1695 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1696 MGMT_STATUS_INVALID_PARAMS);
1698 hdev = hci_dev_get(index);
1700 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1701 MGMT_STATUS_INVALID_PARAMS);
1705 if (!hdev_is_powered(hdev)) {
1706 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1707 MGMT_STATUS_NOT_POWERED);
1711 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1713 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1714 MGMT_STATUS_NOT_CONNECTED);
1718 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1719 struct mgmt_cp_pin_code_neg_reply ncp;
1721 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1723 BT_ERR("PIN code is not 16 bytes long");
1725 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1727 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1728 MGMT_STATUS_INVALID_PARAMS);
1733 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1740 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1741 reply.pin_len = cp->pin_len;
1742 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1744 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1746 mgmt_pending_remove(cmd);
1749 hci_dev_unlock(hdev);
1755 static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
1757 struct hci_dev *hdev;
1758 struct mgmt_cp_pin_code_neg_reply *cp = data;
1763 if (len != sizeof(*cp))
1764 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1765 MGMT_STATUS_INVALID_PARAMS);
1767 hdev = hci_dev_get(index);
1769 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1770 MGMT_STATUS_INVALID_PARAMS);
1774 if (!hdev_is_powered(hdev)) {
1775 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1776 MGMT_STATUS_NOT_POWERED);
1780 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1783 hci_dev_unlock(hdev);
1789 static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
1791 struct hci_dev *hdev;
1792 struct mgmt_cp_set_io_capability *cp = data;
1796 if (len != sizeof(*cp))
1797 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1798 MGMT_STATUS_INVALID_PARAMS);
1800 hdev = hci_dev_get(index);
1802 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1803 MGMT_STATUS_INVALID_PARAMS);
1807 hdev->io_capability = cp->io_capability;
1809 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1810 hdev->io_capability);
1812 hci_dev_unlock(hdev);
1815 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 0);
1818 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1820 struct hci_dev *hdev = conn->hdev;
1821 struct pending_cmd *cmd;
1823 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1824 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1827 if (cmd->user_data != conn)
1836 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1838 struct mgmt_rp_pair_device rp;
1839 struct hci_conn *conn = cmd->user_data;
1841 bacpy(&rp.addr.bdaddr, &conn->dst);
1842 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1844 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1847 /* So we don't get further callbacks for this connection */
1848 conn->connect_cfm_cb = NULL;
1849 conn->security_cfm_cb = NULL;
1850 conn->disconn_cfm_cb = NULL;
1854 mgmt_pending_remove(cmd);
1857 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1859 struct pending_cmd *cmd;
1861 BT_DBG("status %u", status);
1863 cmd = find_pairing(conn);
1865 BT_DBG("Unable to find a pending command");
1867 pairing_complete(cmd, mgmt_status(status));
1870 static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
1872 struct hci_dev *hdev;
1873 struct mgmt_cp_pair_device *cp = data;
1874 struct mgmt_rp_pair_device rp;
1875 struct pending_cmd *cmd;
1876 u8 sec_level, auth_type;
1877 struct hci_conn *conn;
1882 if (len != sizeof(*cp))
1883 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1884 MGMT_STATUS_INVALID_PARAMS);
1886 hdev = hci_dev_get(index);
1888 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1889 MGMT_STATUS_INVALID_PARAMS);
1893 sec_level = BT_SECURITY_MEDIUM;
1894 if (cp->io_cap == 0x03)
1895 auth_type = HCI_AT_DEDICATED_BONDING;
1897 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1899 if (cp->addr.type == MGMT_ADDR_BREDR)
1900 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1903 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1906 memset(&rp, 0, sizeof(rp));
1907 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1908 rp.addr.type = cp->addr.type;
1911 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1912 MGMT_STATUS_CONNECT_FAILED,
1917 if (conn->connect_cfm_cb) {
1919 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1920 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1924 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1931 /* For LE, just connecting isn't a proof that the pairing finished */
1932 if (cp->addr.type == MGMT_ADDR_BREDR)
1933 conn->connect_cfm_cb = pairing_complete_cb;
1935 conn->security_cfm_cb = pairing_complete_cb;
1936 conn->disconn_cfm_cb = pairing_complete_cb;
1937 conn->io_capability = cp->io_cap;
1938 cmd->user_data = conn;
1940 if (conn->state == BT_CONNECTED &&
1941 hci_conn_security(conn, sec_level, auth_type))
1942 pairing_complete(cmd, 0);
1947 hci_dev_unlock(hdev);
1953 static int cancel_pair_device(struct sock *sk, u16 index,
1954 unsigned char *data, u16 len)
1956 struct mgmt_addr_info *addr = (void *) data;
1957 struct hci_dev *hdev;
1958 struct pending_cmd *cmd;
1959 struct hci_conn *conn;
1964 if (len != sizeof(*addr))
1965 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1966 MGMT_STATUS_INVALID_PARAMS);
1968 hdev = hci_dev_get(index);
1970 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1971 MGMT_STATUS_INVALID_PARAMS);
1975 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1977 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1978 MGMT_STATUS_INVALID_PARAMS);
1982 conn = cmd->user_data;
1984 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1985 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1986 MGMT_STATUS_INVALID_PARAMS);
1990 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1992 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 0, addr,
1995 hci_dev_unlock(hdev);
2001 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
2002 u8 type, u16 mgmt_op, u16 hci_op,
2005 struct pending_cmd *cmd;
2006 struct hci_dev *hdev;
2007 struct hci_conn *conn;
2010 hdev = hci_dev_get(index);
2012 return cmd_status(sk, index, mgmt_op,
2013 MGMT_STATUS_INVALID_PARAMS);
2017 if (!hdev_is_powered(hdev)) {
2018 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
2022 if (type == MGMT_ADDR_BREDR)
2023 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2025 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2028 err = cmd_status(sk, index, mgmt_op,
2029 MGMT_STATUS_NOT_CONNECTED);
2033 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
2034 /* Continue with pairing via SMP */
2035 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2038 err = cmd_status(sk, index, mgmt_op,
2039 MGMT_STATUS_SUCCESS);
2041 err = cmd_status(sk, index, mgmt_op,
2042 MGMT_STATUS_FAILED);
2047 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2053 /* Continue with pairing via HCI */
2054 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2055 struct hci_cp_user_passkey_reply cp;
2057 bacpy(&cp.bdaddr, bdaddr);
2058 cp.passkey = passkey;
2059 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2061 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2064 mgmt_pending_remove(cmd);
2067 hci_dev_unlock(hdev);
2073 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
2075 struct mgmt_cp_user_confirm_reply *cp = data;
2079 if (len != sizeof(*cp))
2080 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
2081 MGMT_STATUS_INVALID_PARAMS);
2083 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2084 MGMT_OP_USER_CONFIRM_REPLY,
2085 HCI_OP_USER_CONFIRM_REPLY, 0);
2088 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
2091 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2095 if (len != sizeof(*cp))
2096 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
2097 MGMT_STATUS_INVALID_PARAMS);
2099 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2100 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2101 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2104 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
2106 struct mgmt_cp_user_passkey_reply *cp = data;
2110 if (len != sizeof(*cp))
2111 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
2114 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2115 MGMT_OP_USER_PASSKEY_REPLY,
2116 HCI_OP_USER_PASSKEY_REPLY,
2120 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
2123 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2127 if (len != sizeof(*cp))
2128 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
2131 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2132 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2133 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2136 static int set_local_name(struct sock *sk, u16 index, void *data,
2139 struct mgmt_cp_set_local_name *mgmt_cp = data;
2140 struct hci_cp_write_local_name hci_cp;
2141 struct hci_dev *hdev;
2142 struct pending_cmd *cmd;
2147 if (len != sizeof(*mgmt_cp))
2148 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2149 MGMT_STATUS_INVALID_PARAMS);
2151 hdev = hci_dev_get(index);
2153 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2154 MGMT_STATUS_INVALID_PARAMS);
2158 if (!hdev_is_powered(hdev)) {
2159 err = cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2160 MGMT_STATUS_NOT_POWERED);
2164 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
2171 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2172 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2175 mgmt_pending_remove(cmd);
2178 hci_dev_unlock(hdev);
2184 static int read_local_oob_data(struct sock *sk, u16 index)
2186 struct hci_dev *hdev;
2187 struct pending_cmd *cmd;
2190 BT_DBG("hci%u", index);
2192 hdev = hci_dev_get(index);
2194 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2195 MGMT_STATUS_INVALID_PARAMS);
2199 if (!hdev_is_powered(hdev)) {
2200 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2201 MGMT_STATUS_NOT_POWERED);
2205 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2206 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2207 MGMT_STATUS_NOT_SUPPORTED);
2211 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2212 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2217 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2223 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2225 mgmt_pending_remove(cmd);
2228 hci_dev_unlock(hdev);
2234 static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
2237 struct hci_dev *hdev;
2238 struct mgmt_cp_add_remote_oob_data *cp = data;
2242 BT_DBG("hci%u ", index);
2244 if (len != sizeof(*cp))
2245 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2246 MGMT_STATUS_INVALID_PARAMS);
2248 hdev = hci_dev_get(index);
2250 return cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2251 MGMT_STATUS_INVALID_PARAMS,
2252 &cp->addr, sizeof(cp->addr));
2256 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2259 status = MGMT_STATUS_FAILED;
2263 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2264 &cp->addr, sizeof(cp->addr));
2266 hci_dev_unlock(hdev);
2272 static int remove_remote_oob_data(struct sock *sk, u16 index,
2273 void *data, u16 len)
2275 struct hci_dev *hdev;
2276 struct mgmt_cp_remove_remote_oob_data *cp = data;
2280 BT_DBG("hci%u ", index);
2282 if (len != sizeof(*cp))
2283 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2284 MGMT_STATUS_INVALID_PARAMS);
2286 hdev = hci_dev_get(index);
2288 return cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2289 MGMT_STATUS_INVALID_PARAMS,
2290 &cp->addr, sizeof(cp->addr));
2294 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2296 status = MGMT_STATUS_INVALID_PARAMS;
2300 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, status,
2301 &cp->addr, sizeof(cp->addr));
2303 hci_dev_unlock(hdev);
2309 static int discovery(struct hci_dev *hdev)
2313 if (lmp_host_le_capable(hdev)) {
2314 if (lmp_bredr_capable(hdev)) {
2315 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2316 LE_SCAN_INT, LE_SCAN_WIN,
2317 LE_SCAN_TIMEOUT_BREDR_LE);
2319 hdev->discovery.type = DISCOV_TYPE_LE;
2320 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2321 LE_SCAN_INT, LE_SCAN_WIN,
2322 LE_SCAN_TIMEOUT_LE_ONLY);
2325 hdev->discovery.type = DISCOV_TYPE_BREDR;
2326 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2332 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2336 BT_DBG("%s", hdev->name);
2340 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2342 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2344 hci_dev_unlock(hdev);
2349 static int start_discovery(struct sock *sk, u16 index,
2350 void *data, u16 len)
2352 struct mgmt_cp_start_discovery *cp = data;
2353 struct pending_cmd *cmd;
2354 struct hci_dev *hdev;
2357 BT_DBG("hci%u", index);
2359 if (len != sizeof(*cp))
2360 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2361 MGMT_STATUS_INVALID_PARAMS);
2363 hdev = hci_dev_get(index);
2365 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2366 MGMT_STATUS_INVALID_PARAMS);
2370 if (!hdev_is_powered(hdev)) {
2371 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2372 MGMT_STATUS_NOT_POWERED);
2376 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2377 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2382 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2388 hdev->discovery.type = cp->type;
2390 switch (hdev->discovery.type) {
2391 case DISCOV_TYPE_BREDR:
2392 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2395 case DISCOV_TYPE_LE:
2396 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2397 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2400 case DISCOV_TYPE_INTERLEAVED:
2401 err = discovery(hdev);
2409 mgmt_pending_remove(cmd);
2411 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2414 hci_dev_unlock(hdev);
2420 static int stop_discovery(struct sock *sk, u16 index, void *data, u16 len)
2422 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2423 struct hci_dev *hdev;
2424 struct pending_cmd *cmd;
2425 struct hci_cp_remote_name_req_cancel cp;
2426 struct inquiry_entry *e;
2429 BT_DBG("hci%u", index);
2431 if (len != sizeof(*mgmt_cp))
2432 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2433 MGMT_STATUS_INVALID_PARAMS);
2435 hdev = hci_dev_get(index);
2437 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2438 MGMT_STATUS_INVALID_PARAMS);
2442 if (!hci_discovery_active(hdev)) {
2443 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2444 MGMT_STATUS_REJECTED,
2445 &mgmt_cp->type, sizeof(mgmt_cp->type));
2449 if (hdev->discovery.type != mgmt_cp->type) {
2450 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2451 MGMT_STATUS_INVALID_PARAMS,
2452 &mgmt_cp->type, sizeof(mgmt_cp->type));
2456 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2462 if (hdev->discovery.state == DISCOVERY_FINDING) {
2463 err = hci_cancel_inquiry(hdev);
2465 mgmt_pending_remove(cmd);
2467 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2471 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2473 mgmt_pending_remove(cmd);
2474 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0,
2475 &mgmt_cp->type, sizeof(mgmt_cp->type));
2476 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2480 bacpy(&cp.bdaddr, &e->data.bdaddr);
2481 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2484 mgmt_pending_remove(cmd);
2486 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2489 hci_dev_unlock(hdev);
2495 static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
2497 struct mgmt_cp_confirm_name *cp = data;
2498 struct inquiry_entry *e;
2499 struct hci_dev *hdev;
2502 BT_DBG("hci%u", index);
2504 if (len != sizeof(*cp))
2505 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2506 MGMT_STATUS_INVALID_PARAMS);
2508 hdev = hci_dev_get(index);
2510 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2511 MGMT_STATUS_INVALID_PARAMS);
2515 if (!hci_discovery_active(hdev)) {
2516 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2517 MGMT_STATUS_FAILED);
2521 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2523 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2524 MGMT_STATUS_INVALID_PARAMS);
2528 if (cp->name_known) {
2529 e->name_state = NAME_KNOWN;
2532 e->name_state = NAME_NEEDED;
2533 hci_inquiry_cache_update_resolve(hdev, e);
2539 hci_dev_unlock(hdev);
2544 static int block_device(struct sock *sk, u16 index, void *data, u16 len)
2546 struct hci_dev *hdev;
2547 struct mgmt_cp_block_device *cp = data;
2551 BT_DBG("hci%u", index);
2553 if (len != sizeof(*cp))
2554 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2555 MGMT_STATUS_INVALID_PARAMS);
2557 hdev = hci_dev_get(index);
2559 return cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2560 MGMT_STATUS_INVALID_PARAMS,
2561 &cp->addr, sizeof(cp->addr));
2565 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2567 status = MGMT_STATUS_FAILED;
2571 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, status,
2572 &cp->addr, sizeof(cp->addr));
2574 hci_dev_unlock(hdev);
2580 static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
2582 struct hci_dev *hdev;
2583 struct mgmt_cp_unblock_device *cp = data;
2587 BT_DBG("hci%u", index);
2589 if (len != sizeof(*cp))
2590 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2591 MGMT_STATUS_INVALID_PARAMS);
2593 hdev = hci_dev_get(index);
2595 return cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2596 MGMT_STATUS_INVALID_PARAMS,
2597 &cp->addr, sizeof(cp->addr));
2601 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2603 status = MGMT_STATUS_INVALID_PARAMS;
2607 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, status,
2608 &cp->addr, sizeof(cp->addr));
2610 hci_dev_unlock(hdev);
2616 static int set_fast_connectable(struct sock *sk, u16 index,
2617 void *data, u16 len)
2619 struct hci_dev *hdev;
2620 struct mgmt_mode *cp = data;
2621 struct hci_cp_write_page_scan_activity acp;
2625 BT_DBG("hci%u", index);
2627 if (len != sizeof(*cp))
2628 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2629 MGMT_STATUS_INVALID_PARAMS);
2631 hdev = hci_dev_get(index);
2633 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2634 MGMT_STATUS_INVALID_PARAMS);
2635 if (!hdev_is_powered(hdev))
2636 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2637 MGMT_STATUS_NOT_POWERED);
2639 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2640 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2641 MGMT_STATUS_REJECTED);
2646 type = PAGE_SCAN_TYPE_INTERLACED;
2647 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2649 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2650 acp.interval = 0x0800; /* default 1.28 sec page scan */
2653 acp.window = 0x0012; /* default 11.25 msec page scan window */
2655 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2658 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2659 MGMT_STATUS_FAILED);
2663 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2665 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2666 MGMT_STATUS_FAILED);
2670 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2673 hci_dev_unlock(hdev);
2679 static int load_long_term_keys(struct sock *sk, u16 index,
2680 void *cp_data, u16 len)
2682 struct hci_dev *hdev;
2683 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2684 u16 key_count, expected_len;
2687 if (len < sizeof(*cp))
2688 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2691 key_count = get_unaligned_le16(&cp->key_count);
2693 expected_len = sizeof(*cp) + key_count *
2694 sizeof(struct mgmt_ltk_info);
2695 if (expected_len != len) {
2696 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2698 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2702 hdev = hci_dev_get(index);
2704 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2707 BT_DBG("hci%u key_count %u", index, key_count);
2711 hci_smp_ltks_clear(hdev);
2713 for (i = 0; i < key_count; i++) {
2714 struct mgmt_ltk_info *key = &cp->keys[i];
2720 type = HCI_SMP_LTK_SLAVE;
2722 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2723 type, 0, key->authenticated, key->val,
2724 key->enc_size, key->ediv, key->rand);
2727 hci_dev_unlock(hdev);
2733 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2737 struct mgmt_hdr *hdr;
2738 u16 opcode, index, len;
2741 BT_DBG("got %zu bytes", msglen);
2743 if (msglen < sizeof(*hdr))
2746 buf = kmalloc(msglen, GFP_KERNEL);
2750 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2756 opcode = get_unaligned_le16(&hdr->opcode);
2757 index = get_unaligned_le16(&hdr->index);
2758 len = get_unaligned_le16(&hdr->len);
2760 if (len != msglen - sizeof(*hdr)) {
2765 cp = buf + sizeof(*hdr);
2768 case MGMT_OP_READ_VERSION:
2769 err = read_version(sk);
2771 case MGMT_OP_READ_COMMANDS:
2772 err = read_commands(sk);
2774 case MGMT_OP_READ_INDEX_LIST:
2775 err = read_index_list(sk);
2777 case MGMT_OP_READ_INFO:
2778 err = read_controller_info(sk, index);
2780 case MGMT_OP_SET_POWERED:
2781 err = set_powered(sk, index, cp, len);
2783 case MGMT_OP_SET_DISCOVERABLE:
2784 err = set_discoverable(sk, index, cp, len);
2786 case MGMT_OP_SET_CONNECTABLE:
2787 err = set_connectable(sk, index, cp, len);
2789 case MGMT_OP_SET_FAST_CONNECTABLE:
2790 err = set_fast_connectable(sk, index, cp, len);
2792 case MGMT_OP_SET_PAIRABLE:
2793 err = set_pairable(sk, index, cp, len);
2795 case MGMT_OP_SET_LINK_SECURITY:
2796 err = set_link_security(sk, index, cp, len);
2798 case MGMT_OP_SET_SSP:
2799 err = set_ssp(sk, index, cp, len);
2801 case MGMT_OP_SET_HS:
2802 err = set_hs(sk, index, cp, len);
2804 case MGMT_OP_ADD_UUID:
2805 err = add_uuid(sk, index, cp, len);
2807 case MGMT_OP_REMOVE_UUID:
2808 err = remove_uuid(sk, index, cp, len);
2810 case MGMT_OP_SET_DEV_CLASS:
2811 err = set_dev_class(sk, index, cp, len);
2813 case MGMT_OP_LOAD_LINK_KEYS:
2814 err = load_link_keys(sk, index, cp, len);
2816 case MGMT_OP_DISCONNECT:
2817 err = disconnect(sk, index, cp, len);
2819 case MGMT_OP_GET_CONNECTIONS:
2820 err = get_connections(sk, index);
2822 case MGMT_OP_PIN_CODE_REPLY:
2823 err = pin_code_reply(sk, index, cp, len);
2825 case MGMT_OP_PIN_CODE_NEG_REPLY:
2826 err = pin_code_neg_reply(sk, index, cp, len);
2828 case MGMT_OP_SET_IO_CAPABILITY:
2829 err = set_io_capability(sk, index, cp, len);
2831 case MGMT_OP_PAIR_DEVICE:
2832 err = pair_device(sk, index, cp, len);
2834 case MGMT_OP_CANCEL_PAIR_DEVICE:
2835 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2837 case MGMT_OP_UNPAIR_DEVICE:
2838 err = unpair_device(sk, index, cp, len);
2840 case MGMT_OP_USER_CONFIRM_REPLY:
2841 err = user_confirm_reply(sk, index, cp, len);
2843 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2844 err = user_confirm_neg_reply(sk, index, cp, len);
2846 case MGMT_OP_USER_PASSKEY_REPLY:
2847 err = user_passkey_reply(sk, index, cp, len);
2849 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2850 err = user_passkey_neg_reply(sk, index, cp, len);
2852 case MGMT_OP_SET_LOCAL_NAME:
2853 err = set_local_name(sk, index, cp, len);
2855 case MGMT_OP_READ_LOCAL_OOB_DATA:
2856 err = read_local_oob_data(sk, index);
2858 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2859 err = add_remote_oob_data(sk, index, cp, len);
2861 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2862 err = remove_remote_oob_data(sk, index, cp, len);
2864 case MGMT_OP_START_DISCOVERY:
2865 err = start_discovery(sk, index, cp, len);
2867 case MGMT_OP_STOP_DISCOVERY:
2868 err = stop_discovery(sk, index, cp, len);
2870 case MGMT_OP_CONFIRM_NAME:
2871 err = confirm_name(sk, index, cp, len);
2873 case MGMT_OP_BLOCK_DEVICE:
2874 err = block_device(sk, index, cp, len);
2876 case MGMT_OP_UNBLOCK_DEVICE:
2877 err = unblock_device(sk, index, cp, len);
2879 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2880 err = load_long_term_keys(sk, index, cp, len);
2883 BT_DBG("Unknown op %u", opcode);
2884 err = cmd_status(sk, index, opcode,
2885 MGMT_STATUS_UNKNOWN_COMMAND);
2899 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2903 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2904 mgmt_pending_remove(cmd);
2907 int mgmt_index_added(struct hci_dev *hdev)
2909 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2912 int mgmt_index_removed(struct hci_dev *hdev)
2916 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2918 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2923 struct hci_dev *hdev;
2926 static void settings_rsp(struct pending_cmd *cmd, void *data)
2928 struct cmd_lookup *match = data;
2930 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2932 list_del(&cmd->list);
2934 if (match->sk == NULL) {
2935 match->sk = cmd->sk;
2936 sock_hold(match->sk);
2939 mgmt_pending_free(cmd);
2942 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2944 struct cmd_lookup match = { NULL, hdev };
2947 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2950 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2955 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2957 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2958 scan |= SCAN_INQUIRY;
2961 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2963 u8 status = ENETDOWN;
2964 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2967 err = new_settings(hdev, match.sk);
2975 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2977 struct cmd_lookup match = { NULL, hdev };
2978 bool changed = false;
2982 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2985 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2989 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2993 err = new_settings(hdev, match.sk);
3001 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3003 struct cmd_lookup match = { NULL, hdev };
3004 bool changed = false;
3008 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3011 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3015 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3019 err = new_settings(hdev, match.sk);
3027 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3029 u8 mgmt_err = mgmt_status(status);
3031 if (scan & SCAN_PAGE)
3032 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3033 cmd_status_rsp, &mgmt_err);
3035 if (scan & SCAN_INQUIRY)
3036 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3037 cmd_status_rsp, &mgmt_err);
3042 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3045 struct mgmt_ev_new_link_key ev;
3047 memset(&ev, 0, sizeof(ev));
3049 ev.store_hint = persistent;
3050 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3051 ev.key.addr.type = MGMT_ADDR_BREDR;
3052 ev.key.type = key->type;
3053 memcpy(ev.key.val, key->val, 16);
3054 ev.key.pin_len = key->pin_len;
3056 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3059 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3061 struct mgmt_ev_new_long_term_key ev;
3063 memset(&ev, 0, sizeof(ev));
3065 ev.store_hint = persistent;
3066 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3067 ev.key.addr.type = key->bdaddr_type;
3068 ev.key.authenticated = key->authenticated;
3069 ev.key.enc_size = key->enc_size;
3070 ev.key.ediv = key->ediv;
3072 if (key->type == HCI_SMP_LTK)
3075 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3076 memcpy(ev.key.val, key->val, sizeof(key->val));
3078 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
3079 &ev, sizeof(ev), NULL);
3082 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3083 u8 addr_type, u8 *name, u8 name_len,
3087 struct mgmt_ev_device_connected *ev = (void *) buf;
3090 bacpy(&ev->addr.bdaddr, bdaddr);
3091 ev->addr.type = link_to_mgmt(link_type, addr_type);
3094 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3097 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3098 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
3099 EIR_CLASS_OF_DEV, dev_class, 3);
3101 put_unaligned_le16(eir_len, &ev->eir_len);
3103 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3104 sizeof(*ev) + eir_len, NULL);
3107 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3109 struct mgmt_cp_disconnect *cp = cmd->param;
3110 struct sock **sk = data;
3111 struct mgmt_rp_disconnect rp;
3113 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3114 rp.addr.type = cp->addr.type;
3116 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3122 mgmt_pending_remove(cmd);
3125 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3127 struct hci_dev *hdev = data;
3128 struct mgmt_cp_unpair_device *cp = cmd->param;
3129 struct mgmt_rp_unpair_device rp;
3131 memset(&rp, 0, sizeof(rp));
3132 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3133 rp.addr.type = cp->addr.type;
3135 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3137 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3139 mgmt_pending_remove(cmd);
3142 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3143 u8 link_type, u8 addr_type)
3145 struct mgmt_addr_info ev;
3146 struct sock *sk = NULL;
3149 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3151 bacpy(&ev.bdaddr, bdaddr);
3152 ev.type = link_to_mgmt(link_type, addr_type);
3154 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3160 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3166 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3167 u8 link_type, u8 addr_type, u8 status)
3169 struct mgmt_rp_disconnect rp;
3170 struct pending_cmd *cmd;
3173 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3177 bacpy(&rp.addr.bdaddr, bdaddr);
3178 rp.addr.type = link_to_mgmt(link_type, addr_type);
3180 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3181 mgmt_status(status), &rp, sizeof(rp));
3183 mgmt_pending_remove(cmd);
3185 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3190 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3191 u8 addr_type, u8 status)
3193 struct mgmt_ev_connect_failed ev;
3195 bacpy(&ev.addr.bdaddr, bdaddr);
3196 ev.addr.type = link_to_mgmt(link_type, addr_type);
3197 ev.status = mgmt_status(status);
3199 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3202 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3204 struct mgmt_ev_pin_code_request ev;
3206 bacpy(&ev.addr.bdaddr, bdaddr);
3207 ev.addr.type = MGMT_ADDR_BREDR;
3210 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3214 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3217 struct pending_cmd *cmd;
3218 struct mgmt_rp_pin_code_reply rp;
3221 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3225 bacpy(&rp.addr.bdaddr, bdaddr);
3226 rp.addr.type = MGMT_ADDR_BREDR;
3228 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3229 mgmt_status(status), &rp, sizeof(rp));
3231 mgmt_pending_remove(cmd);
3236 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3239 struct pending_cmd *cmd;
3240 struct mgmt_rp_pin_code_reply rp;
3243 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3247 bacpy(&rp.addr.bdaddr, bdaddr);
3248 rp.addr.type = MGMT_ADDR_BREDR;
3250 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3251 mgmt_status(status), &rp, sizeof(rp));
3253 mgmt_pending_remove(cmd);
3258 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3259 u8 link_type, u8 addr_type, __le32 value,
3262 struct mgmt_ev_user_confirm_request ev;
3264 BT_DBG("%s", hdev->name);
3266 bacpy(&ev.addr.bdaddr, bdaddr);
3267 ev.addr.type = link_to_mgmt(link_type, addr_type);
3268 ev.confirm_hint = confirm_hint;
3269 put_unaligned_le32(value, &ev.value);
3271 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3275 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3276 u8 link_type, u8 addr_type)
3278 struct mgmt_ev_user_passkey_request ev;
3280 BT_DBG("%s", hdev->name);
3282 bacpy(&ev.addr.bdaddr, bdaddr);
3283 ev.addr.type = link_to_mgmt(link_type, addr_type);
3285 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3289 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3290 u8 link_type, u8 addr_type, u8 status,
3293 struct pending_cmd *cmd;
3294 struct mgmt_rp_user_confirm_reply rp;
3297 cmd = mgmt_pending_find(opcode, hdev);
3301 bacpy(&rp.addr.bdaddr, bdaddr);
3302 rp.addr.type = link_to_mgmt(link_type, addr_type);
3303 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3306 mgmt_pending_remove(cmd);
3311 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3312 u8 link_type, u8 addr_type, u8 status)
3314 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3315 status, MGMT_OP_USER_CONFIRM_REPLY);
3318 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3319 u8 link_type, u8 addr_type, u8 status)
3321 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3322 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
3325 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3326 u8 link_type, u8 addr_type, u8 status)
3328 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3329 status, MGMT_OP_USER_PASSKEY_REPLY);
3332 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3333 u8 link_type, u8 addr_type, u8 status)
3335 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3336 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
3339 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3340 u8 addr_type, u8 status)
3342 struct mgmt_ev_auth_failed ev;
3344 bacpy(&ev.addr.bdaddr, bdaddr);
3345 ev.addr.type = link_to_mgmt(link_type, addr_type);
3346 ev.status = mgmt_status(status);
3348 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3351 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3353 struct cmd_lookup match = { NULL, hdev };
3354 bool changed = false;
3358 u8 mgmt_err = mgmt_status(status);
3359 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3360 cmd_status_rsp, &mgmt_err);
3364 if (test_bit(HCI_AUTH, &hdev->flags)) {
3365 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3368 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3372 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3376 err = new_settings(hdev, match.sk);
3384 static int clear_eir(struct hci_dev *hdev)
3386 struct hci_cp_write_eir cp;
3388 if (!(hdev->features[6] & LMP_EXT_INQ))
3391 memset(&cp, 0, sizeof(cp));
3393 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3396 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 status)
3398 struct cmd_lookup match = { NULL, hdev };
3402 u8 mgmt_err = mgmt_status(status);
3403 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3404 cmd_status_rsp, &mgmt_err);
3408 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3410 err = new_settings(hdev, match.sk);
3415 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3424 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3426 struct pending_cmd *cmd;
3427 struct mgmt_cp_set_local_name ev;
3430 memset(&ev, 0, sizeof(ev));
3431 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3433 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3438 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3439 mgmt_status(status));
3445 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3451 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
3452 cmd ? cmd->sk : NULL);
3456 mgmt_pending_remove(cmd);
3460 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3461 u8 *randomizer, u8 status)
3463 struct pending_cmd *cmd;
3466 BT_DBG("%s status %u", hdev->name, status);
3468 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3473 err = cmd_status(cmd->sk, hdev->id,
3474 MGMT_OP_READ_LOCAL_OOB_DATA,
3475 mgmt_status(status));
3477 struct mgmt_rp_read_local_oob_data rp;
3479 memcpy(rp.hash, hash, sizeof(rp.hash));
3480 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3482 err = cmd_complete(cmd->sk, hdev->id,
3483 MGMT_OP_READ_LOCAL_OOB_DATA,
3484 0, &rp, sizeof(rp));
3487 mgmt_pending_remove(cmd);
3492 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3493 u8 addr_type, u8 *dev_class, s8 rssi,
3494 u8 cfm_name, u8 *eir, u16 eir_len)
3497 struct mgmt_ev_device_found *ev = (void *) buf;
3500 /* Leave 5 bytes for a potential CoD field */
3501 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3504 memset(buf, 0, sizeof(buf));
3506 bacpy(&ev->addr.bdaddr, bdaddr);
3507 ev->addr.type = link_to_mgmt(link_type, addr_type);
3509 ev->confirm_name = cfm_name;
3512 memcpy(ev->eir, eir, eir_len);
3514 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3515 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3518 put_unaligned_le16(eir_len, &ev->eir_len);
3520 ev_size = sizeof(*ev) + eir_len;
3522 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3525 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3526 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3528 struct mgmt_ev_device_found *ev;
3529 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3532 ev = (struct mgmt_ev_device_found *) buf;
3534 memset(buf, 0, sizeof(buf));
3536 bacpy(&ev->addr.bdaddr, bdaddr);
3537 ev->addr.type = link_to_mgmt(link_type, addr_type);
3540 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3543 put_unaligned_le16(eir_len, &ev->eir_len);
3545 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3546 sizeof(*ev) + eir_len, NULL);
3549 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3551 struct pending_cmd *cmd;
3555 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3557 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3561 type = hdev->discovery.type;
3563 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3564 &type, sizeof(type));
3565 mgmt_pending_remove(cmd);
3570 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3572 struct pending_cmd *cmd;
3575 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3579 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3580 &hdev->discovery.type,
3581 sizeof(hdev->discovery.type));
3582 mgmt_pending_remove(cmd);
3587 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3589 struct mgmt_ev_discovering ev;
3590 struct pending_cmd *cmd;
3592 BT_DBG("%s discovering %u", hdev->name, discovering);
3595 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3597 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3600 u8 type = hdev->discovery.type;
3602 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
3603 &type, sizeof(type));
3604 mgmt_pending_remove(cmd);
3607 memset(&ev, 0, sizeof(ev));
3608 ev.type = hdev->discovery.type;
3609 ev.discovering = discovering;
3611 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3614 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3616 struct pending_cmd *cmd;
3617 struct mgmt_ev_device_blocked ev;
3619 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3621 bacpy(&ev.addr.bdaddr, bdaddr);
3622 ev.addr.type = type;
3624 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3625 cmd ? cmd->sk : NULL);
3628 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3630 struct pending_cmd *cmd;
3631 struct mgmt_ev_device_unblocked ev;
3633 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3635 bacpy(&ev.addr.bdaddr, bdaddr);
3636 ev.addr.type = type;
3638 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3639 cmd ? cmd->sk : NULL);
3642 module_param(enable_hs, bool, 0644);
3643 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3645 module_param(enable_le, bool, 0644);
3646 MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
projects / linux-2.6-block.git / blob